CWE-73


External Control of File Name or Path

The product allows user input to control or influence paths or file names that are used in filesystem operations.

We have discovered 40,962 live websites that are affected by CWE-73.

Contact us to get more info







CVEs

  • Count - 22



Website Distribution by Country

Number of websites using CWE-73
United States10,936 websites


France5,331 websites
Germany3,508 websites
GB2,104 websites
Italy1,593 websites
Denmark1,233 websites
Canada1,157 websites
Poland939 websites
India874 websites
Russia848 websites

Website Distribution by TLD

Number of websites using CWE-73
.com15,657 websites
.org2,846 websites
.fr2,409 websites
.de1,940 websites
.co.uk1,221 websites
.it1,104 websites
.net1,073 websites
.dk1,016 websites
.pl694 websites
.ru666 websites

Newest CVEs

List of the most recent CVEs that are part of CWE-73
DiscoveredCVEDescriptionWebsites
Jan, 2026CVE-2025-14804 Frontend File Manager < 23.5 - Subscriber+ Arbitrary File Deletion14
Dec, 2025CVE-2025-13320 WP User Manager <= 2.9.12 - Authenticated (Subscriber+) Arbitrary File Deletion via 'current_user_avatar' Parameter967
Dec, 2025CVE-2025-12529 Cost Calculator Builder <= 3.6.3 - Unauthenticated Arbitrary File Deletion531
Nov, 2025CVE-2025-11451 Auto Amazon Links – Amazon Associates Affiliate Plugin <= 5.4.3 - Unauthenticated Arbitrary File Read2,052
Oct, 2025CVE-2025-11738 Media Library Assistant <= 3.29 - Unauthenticated Limited File Read27
Oct, 2025CVE-2025-10494 Motors – Car Dealership & Classified Listings Plugin <= 1.4.89 - Authenticated (Subscriber+) Arbitrary File Deletion219
Sep, 2025CVE-2025-8422 Propovoice <= 1.7.6.7 - Unauthenticated Arbitrary File Read2
Jul, 2025CVE-2025-5393 Alone – Charity Multipurpose Non-profit WordPress Theme <= 7.8.3 - Missing Authorization to Unauthenticated Arbitrary File Deletion887
Jul, 2025CVE-2025-6691 SureForms – Drag and Drop Form Builder for WordPress <= 1.7.3 - Unauthenticated Arbitrary File Deletion Triggered via Administrator Submission Deletion210
Jul, 2025CVE-2025-6463 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated Arbitrary File Deletion Triggered via Administrator Form Submission Deletion18,919

The most widespread CVEs

List of the most common CVEs that are part of CWE-73
DiscoveredCVEDescriptionWebsites
Jul, 2025CVE-2025-6463 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated Arbitrary File Deletion Triggered via Administrator Form Submission Deletion18,919
Jan, 2025CVE-2024-12267 Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.8.5 - Limited Arbitrary File Deletion5,064
Sep, 2024CVE-2024-8517 SPIP Bigup Multipart File Upload OS Command Injection4,508
Dec, 2024CVE-2024-12875 Easy Digital Downloads <= 3.3.2 - Authenticated (Admin+) Arbitrary File Download4,120
Sep, 2023CVE-2023-36764 Microsoft SharePoint Server Elevation of Privilege Vulnerability2,291
Nov, 2025CVE-2025-11451 Auto Amazon Links – Amazon Associates Affiliate Plugin <= 5.4.3 - Unauthenticated Arbitrary File Read2,052
Dec, 2025CVE-2025-13320 WP User Manager <= 2.9.12 - Authenticated (Subscriber+) Arbitrary File Deletion via 'current_user_avatar' Parameter967
Jul, 2025CVE-2025-5393 Alone – Charity Multipurpose Non-profit WordPress Theme <= 7.8.3 - Missing Authorization to Unauthenticated Arbitrary File Deletion887
May, 2025CVE-2025-3419 Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.26 - Unauthenticated Arbitrary File Read543
Dec, 2025CVE-2025-12529 Cost Calculator Builder <= 3.6.3 - Unauthenticated Arbitrary File Deletion531

Websites affected by CWE-73

Top websites that are affected by CWE-73. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
********.****.com United States***
********.com United States*,***
***************.eu Netherlands*,***
***.int Switzerland*,***
********.com United States*,***
*************.com United States*,***
********.org United States*,***
*********.com United States*,***
****.**.gov United States*,***
***************.org United States*,***
See full domain list