🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Vulnerabilities protected by our LFI: Local File Inclusion firewall rule

428,801

Attacks Blocked in Past 24 Hours

Showing 21-40 of 160 Vulnerabilities

Elementor <= 3.19.0 - Authenticated(Contributor+) Arbitrary File Deletion and PHAR Deserialization

8.8

CVE-2024-24934

Feb 7, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Shield Security – Smart Bot Blocking & Intrusion Prevention Security <= 18.5.9 - Unauthenticated Local File Inclusion

9.8

CVE-2023-6989

Feb 5, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Backuply – Backup, Restore, Migrate and Clone <= 1.2.3 - Authenticated (Administrator+) Directory Traversal

6.5

CVE-2024-0697

Jan 26, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Essential Blocks <= 4.4.2 - Unauthenticated Local File Inclusion

9.8

CVE-2023-6623

Dec 21, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

MW WP Form <= 5.0.3 - Improper Limitation of File Name to Unauthenticated Arbitrary File Deletion

7.5

CVE-2023-6559

Dec 15, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Adifier System < 3.1.4 - Unauthenticated Local File Inclusion

9.8

CVE-2023-49753

Dec 4, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Qi Addons For Elementor <= 1.6.3 - Authenticated (Contributor+) Local File Inclusion

8.8

CVE-2023-47679

Nov 9, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

HTML filter and csv-file search <= 2.7 - Authenticated (Contributor+) Local File Inclusion via Shortcode

8.8

CVE-2023-5099

Oct 30, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

PHP to Page <= 0.3 - Authenticated (Subscriber+) Local File Inclusion to Remote Code Execution via Shortcode

9.9

CVE-2023-5199

Oct 29, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Grid Plus <= 1.3.3 - Authenticated (Subscriber+) Local File Inclusion via Shortcode

8.8

CVE-2023-5250

Oct 29, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Ultimate Addons for WPBakery Page Builder <= 3.19.14 - Authenticated(Contributor+) Local File Inclusion

7.1

CVE-2023-46205

Oct 19, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Remote Content Shortcode <= 1.5 - Authenticated(Contributor+) Local File Inclusion via shortcode

6.3

CVE-2023-45652

Oct 12, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

WordPress Gallery Plugin – NextGEN Gallery <= 3.38 - Authenticated (Admin+) Local File Inclusion

4.9

CVE-2023-3279

Sep 25, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

WooCommerce One Page Checkout <= 2.3.0 - Authenticated (Contributor+) Local File Inclusion via `woocommerce_one_page_checkout`

8.8

CVE-2023-35881

Aug 10, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

ND Shortcodes <= 6.9 - Authenticated (Subscriber+) Local File Inclusion

6.4

CVE-2023-1273

Jun 12, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

wpForo Forum <= 2.1.7 - Authenticated (Subscriber+) Local File Include, Server-Side Request Forgery, and PHAR Deserialization via file_get_contents

8.8

CVE-2023-2249

Jun 1, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

WP Directory Kit <= 1.1.9 - Unauthenticated Local File Inclusion via wdk_public_action

9.8

CVE-2023-2278

May 26, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Unite Gallery Lite <= 1.7.59 - Authenticated(Administrator+) Local File Inclusion via 'view' parameter

5.0

CVE-2023-33310

May 22, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N

JupiterX Theme <= 3.0.0 - Authenticated Local File Inclusion via print_pane

8.1

CVE-2023-32110

May 3, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

YARPP <= 5.30.4 - Authenticated (Subscriber+) Local File Inclusion

8.8

CVE-2022-45374

Apr 18, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
Elementor <= 3.19.0 - Authenticated(Contributor+) Arbitrary File Deletion and PHAR Deserialization	CVE-2024-24934	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	February 7, 2024
Shield Security – Smart Bot Blocking & Intrusion Prevention Security <= 18.5.9 - Unauthenticated Local File Inclusion	CVE-2023-6989	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 5, 2024
Backuply – Backup, Restore, Migrate and Clone <= 1.2.3 - Authenticated (Administrator+) Directory Traversal	CVE-2024-0697	6.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N	January 26, 2024
Essential Blocks <= 4.4.2 - Unauthenticated Local File Inclusion	CVE-2023-6623	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 21, 2023
MW WP Form <= 5.0.3 - Improper Limitation of File Name to Unauthenticated Arbitrary File Deletion	CVE-2023-6559	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	December 15, 2023
Adifier System < 3.1.4 - Unauthenticated Local File Inclusion	CVE-2023-49753	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 4, 2023
Qi Addons For Elementor <= 1.6.3 - Authenticated (Contributor+) Local File Inclusion	CVE-2023-47679	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	November 9, 2023
HTML filter and csv-file search <= 2.7 - Authenticated (Contributor+) Local File Inclusion via Shortcode	CVE-2023-5099	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	October 30, 2023
PHP to Page <= 0.3 - Authenticated (Subscriber+) Local File Inclusion to Remote Code Execution via Shortcode	CVE-2023-5199	9.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	October 29, 2023
Grid Plus <= 1.3.3 - Authenticated (Subscriber+) Local File Inclusion via Shortcode	CVE-2023-5250	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	October 29, 2023
Ultimate Addons for WPBakery Page Builder <= 3.19.14 - Authenticated(Contributor+) Local File Inclusion	CVE-2023-46205	7.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N	October 19, 2023
Remote Content Shortcode <= 1.5 - Authenticated(Contributor+) Local File Inclusion via shortcode	CVE-2023-45652	6.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L	October 12, 2023
WordPress Gallery Plugin – NextGEN Gallery <= 3.38 - Authenticated (Admin+) Local File Inclusion	CVE-2023-3279	4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N	September 25, 2023
WooCommerce One Page Checkout <= 2.3.0 - Authenticated (Contributor+) Local File Inclusion via `woocommerce_one_page_checkout`	CVE-2023-35881	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	August 10, 2023
ND Shortcodes <= 6.9 - Authenticated (Subscriber+) Local File Inclusion	CVE-2023-1273	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	June 12, 2023
wpForo Forum <= 2.1.7 - Authenticated (Subscriber+) Local File Include, Server-Side Request Forgery, and PHAR Deserialization via file_get_contents	CVE-2023-2249	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	June 1, 2023
WP Directory Kit <= 1.1.9 - Unauthenticated Local File Inclusion via wdk_public_action	CVE-2023-2278	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 26, 2023
Unite Gallery Lite <= 1.7.59 - Authenticated(Administrator+) Local File Inclusion via 'view' parameter	CVE-2023-33310	5.0	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N	May 22, 2023
JupiterX Theme <= 3.0.0 - Authenticated Local File Inclusion via print_pane	CVE-2023-32110	8.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N	May 3, 2023
YARPP <= 5.30.4 - Authenticated (Subscriber+) Local File Inclusion	CVE-2022-45374	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	April 18, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation