🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Vulnerabilities protected by our LFI: Local File Inclusion firewall rule

378,396

Attacks Blocked in Past 24 Hours

Showing 61-80 of 153 Vulnerabilities

All-In-One-Gallery <= 2.4.9 - Admin+ Local File Inclusion

7.2

CVE-2021-24970

Nov 15, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Images to WebP <= 1.8 - Local File Inclusion

7.5

CVE-2021-24644

Oct 19, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Two Way Chat <= 3.1.4 - Authenticated (Admin+) Local File Inclusion

7.2

CVE ID Unknown

Oct 5, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

wp-publications < 1.1 - Local File Inclusion

8.3

CVE-2021-38360

Sep 9, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Live Scores for SportsPress <= 1.9.0 - Authenticated (Admin+) Local File Inclusion

7.2

CVE ID Unknown

Aug 24, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

WOOCS – Currency Switcher for WooCommerce Professional Free <= 1.3.7 - Authenticated Local File Inclusion

8.8

CVE-2021-24566

Jul 22, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

UpdraftPlus < 1.16.59 - Authenticated (Admin+) Local File Inclusion

7.2

CVE ID Unknown

Jul 12, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

WP Image Zoom <= 1.46 - Local File Inclusion

5.3

CVE-2021-24447

Jun 23, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Motor – Cars, Parts, Service, Equipments and Accessories WooCommerce Store < 3.1.0 - Local File Inclusion

9.8

CVE-2021-24375

Jun 9, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tutor LMS <= 1.8.7 - Authenticated Local File Inclusion

5.5

CVE-2021-24242

Apr 5, 2021

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:L

Adaptive Images for WordPress <= 0.6.66 - Local File Inclusion

7.5

CVE-2019-14205

Jul 19, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Sina Extension for Elementor < 2.2.1 - Local File Inclusion

9.8

CVE-2019-15839

Jun 19, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Revamp CRM for WooCommerce < 1.0.4 - Local File Inclusion

9.8

CVE ID Unknown

Jun 10, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Photo Gallery by 10Web <= 1.5.24 - Authenticated Local File Inclusion

4.9

CVE-2019-14798

May 15, 2019

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

GraceMedia Media Player <= 1.0 - Local File Inclusion

9.8

CVE-2019-9618

Mar 13, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WordPress Core <= 5.0.3 - Path Traversal and Local File Inclusion

6.5

CVE-2019-8943

Feb 19, 2019

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Shortcode Factory <= 2.7 - Local File Inclusion

9.8

CVE-2019-15322

Jan 16, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WP Payeezy Pay < 2.98 - Local File Inclusion

9.8

CVE-2018-20985

Dec 7, 2018

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Companion Auto Update <= 3.2.0 - Local File Inclusion

9.8

CVE-2018-20973

Oct 1, 2018

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Redirection <= 2.7.3 - Local File Inclusion

7.2

CVE-2018-1000504

Jul 12, 2018

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
All-In-One-Gallery <= 2.4.9 - Admin+ Local File Inclusion	CVE-2021-24970	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	November 15, 2021
Images to WebP <= 1.8 - Local File Inclusion	CVE-2021-24644	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	October 19, 2021
Two Way Chat <= 3.1.4 - Authenticated (Admin+) Local File Inclusion		7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	October 5, 2021
wp-publications < 1.1 - Local File Inclusion	CVE-2021-38360	8.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L	September 9, 2021
Live Scores for SportsPress <= 1.9.0 - Authenticated (Admin+) Local File Inclusion		7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	August 24, 2021
WOOCS – Currency Switcher for WooCommerce Professional Free <= 1.3.7 - Authenticated Local File Inclusion	CVE-2021-24566	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	July 22, 2021
UpdraftPlus < 1.16.59 - Authenticated (Admin+) Local File Inclusion		7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	July 12, 2021
WP Image Zoom <= 1.46 - Local File Inclusion	CVE-2021-24447	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	June 23, 2021
Motor – Cars, Parts, Service, Equipments and Accessories WooCommerce Store < 3.1.0 - Local File Inclusion	CVE-2021-24375	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	June 9, 2021
Tutor LMS <= 1.8.7 - Authenticated Local File Inclusion	CVE-2021-24242	5.5	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:L	April 5, 2021
Adaptive Images for WordPress <= 0.6.66 - Local File Inclusion	CVE-2019-14205	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	July 19, 2019
Sina Extension for Elementor < 2.2.1 - Local File Inclusion	CVE-2019-15839	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	June 19, 2019
Revamp CRM for WooCommerce < 1.0.4 - Local File Inclusion		9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	June 10, 2019
Photo Gallery by 10Web <= 1.5.24 - Authenticated Local File Inclusion	CVE-2019-14798	4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N	May 15, 2019
GraceMedia Media Player <= 1.0 - Local File Inclusion	CVE-2019-9618	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	March 13, 2019
WordPress Core <= 5.0.3 - Path Traversal and Local File Inclusion	CVE-2019-8943	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N	February 19, 2019
Shortcode Factory <= 2.7 - Local File Inclusion	CVE-2019-15322	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	January 16, 2019
WP Payeezy Pay < 2.98 - Local File Inclusion	CVE-2018-20985	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 7, 2018
Companion Auto Update <= 3.2.0 - Local File Inclusion	CVE-2018-20973	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	October 1, 2018
Redirection <= 2.7.3 - Local File Inclusion	CVE-2018-1000504	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	July 12, 2018

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation