Vulnerabilities protected by our LFI: Local File Inclusion firewall rule

Title	CVE ID	CVSS	Vector	Date
WooCommerce One Page Checkout <= 2.3.0 - Authenticated (Contributor+) Local File Inclusion via `woocommerce_one_page_checkout`	CVE-2023-35881	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	August 10, 2023
ND Shortcodes <= 6.9 - Authenticated (Subscriber+) Local File Inclusion	CVE-2023-1273	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	June 12, 2023
wpForo Forum <= 2.1.7 - Authenticated (Subscriber+) Local File Include, Server-Side Request Forgery, and PHAR Deserialization via file_get_contents	CVE-2023-2249	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	June 1, 2023
WP Directory Kit <= 1.1.9 - Unauthenticated Local File Inclusion via wdk_public_action	CVE-2023-2278	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 26, 2023
Unite Gallery Lite <= 1.7.59 - Authenticated(Administrator+) Local File Inclusion via 'view' parameter	CVE-2023-33310	5.0	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N	May 22, 2023
JupiterX Theme <= 3.0.0 - Authenticated Local File Inclusion via print_pane	CVE-2023-32110	8.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N	May 3, 2023
YARPP <= 5.30.4 - Authenticated (Subscriber+) Local File Inclusion	CVE-2022-45374	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	April 18, 2023
WP Dark Mode <= 4.0.7 - Authenticated (Subscriber+) Local File Inclusion via 'style'	CVE-2023-0467	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	March 6, 2023
OceanWP <= 3.4.1 - Authenticated (Subscriber+) Local File Inclusion	CVE-2023-23700	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	February 27, 2023
Custom Content Shortcode <= 4.0.2 - Authenticated (Contributor+) Local File Inclusion via Shortcode	CVE-2023-0340	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	February 22, 2023
Extensive VC Addons for WPBakery page builder <= 1.9 - Unauthenticated Local File Inclusion	CVE-2023-0159	9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N	January 23, 2023
LearnPress <= 4.1.7.3.2 - Unauthenticated Local File Inclusion	CVE-2022-47615	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	January 20, 2023
Amazon Affiliate <= 3.12.2 - Reflected File Download	CVE-2022-4794	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	January 4, 2023
Wholesale Market for WooCommerce <= 1.0.7 - Authenticated (Administrator+) Arbitrary File Download	CVE-2022-4108	4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N	November 28, 2022
InPost Gallery <= 2.1.4.1 - Local File Inclusion	CVE-2022-4063	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	November 28, 2022
Wholesale Market for WooCommerce <= 1.0.6 - Unauthenticated Arbitrary File Download	CVE-2022-4106	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	November 28, 2022
S2W – Import Shopify to WooCommerce <= 1.1.12 - Authenticated (Admin+) Local File Inclusion	CVE-2022-44634	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	November 10, 2022
SearchWP Live Ajax Search <= 1.6.2 - Directory Traversal and Local File Inclusion	CVE-2022-3227	9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N	September 15, 2022
Multivendor Marketplace Solution for WooCommerce – WC Marketplace <= 3.8.11.8 - Local File Inclusion		8.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N	August 15, 2022
VR Calendar <= 2.4.0 - Authenticated (Administrator+) Local File Inclusion		6.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N	July 28, 2022

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation