🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Vulnerabilities protected by our LFI: Local File Inclusion firewall rule

428,801

Attacks Blocked in Past 24 Hours

Showing 81-100 of 160 Vulnerabilities

Easy Forms for Mailchimp < 6.1 - Local File Inclusion

9.1

CVE ID Unknown

Jul 13, 2016

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Ultimate Member <= 1.3.64 - Local File Inclusion

9.1

CVE ID Unknown

Jul 10, 2016

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Gwolle Guestbook <= 1.5.3 - Remote File Inclusion

9.0

CVE-2015-8351

Nov 4, 2015

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Porto Theme - Functionality <= 3.0.9 - Authenticated (Contributor+) Local File Inclusion via Post Meta

8.8

CVE-2024-3809

May 8, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Stockholm Core <= 2.4.1 - Authenticated (Contributor+) Local File Inclusion

8.8

CVE-2024-34554

May 7, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Sina Extension for Elementor <= 3.5.1 - Authenticated (Contributor+) Local File Inclusion

8.8

CVE-2024-34384

May 3, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Better Elementor Addons <= 1.4.1 - Authenticated(Contributor+) Local File Inclusion

8.8

CVE-2024-33541

Apr 25, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

XforWooCommerce <= 2.0.2 - Authenticated (Subscriber+) Local File Inclusion

8.8

CVE-2024-33628

Apr 25, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

ElementsKit Pro <= 3.6.0 - Authenticated (Contributor+) Local File Inclusion via Price Menu, Hotspot, and Advanced Toggle Widgets

8.8

CVE-2024-3500

Apr 25, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

ElementsKit Elementor addons <= 3.1.0 - Authenticated (Contributor+) Local File Inclusion via Onepage Scroll Module

8.8

CVE-2024-3499

Apr 22, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Elementor <= 3.19.0 - Authenticated(Contributor+) Arbitrary File Deletion and PHAR Deserialization

8.8

CVE-2024-24934

Feb 7, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Qi Addons For Elementor <= 1.6.3 - Authenticated (Contributor+) Local File Inclusion

8.8

CVE-2023-47679

Nov 9, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

HTML filter and csv-file search <= 2.7 - Authenticated (Contributor+) Local File Inclusion via Shortcode

8.8

CVE-2023-5099

Oct 30, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Grid Plus <= 1.3.3 - Authenticated (Subscriber+) Local File Inclusion via Shortcode

8.8

CVE-2023-5250

Oct 29, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

WooCommerce One Page Checkout <= 2.3.0 - Authenticated (Contributor+) Local File Inclusion via `woocommerce_one_page_checkout`

8.8

CVE-2023-35881

Aug 10, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

wpForo Forum <= 2.1.7 - Authenticated (Subscriber+) Local File Include, Server-Side Request Forgery, and PHAR Deserialization via file_get_contents

8.8

CVE-2023-2249

Jun 1, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

YARPP <= 5.30.4 - Authenticated (Subscriber+) Local File Inclusion

8.8

CVE-2022-45374

Apr 18, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

WP Dark Mode <= 4.0.7 - Authenticated (Subscriber+) Local File Inclusion via 'style'

8.8

CVE-2023-0467

Mar 6, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

OceanWP <= 3.4.1 - Authenticated (Subscriber+) Local File Inclusion

8.8

CVE-2023-23700

Feb 27, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Custom Content Shortcode <= 4.0.2 - Authenticated (Contributor+) Local File Inclusion via Shortcode

8.8

CVE-2023-0340

Feb 22, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
Easy Forms for Mailchimp < 6.1 - Local File Inclusion		9.1	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H	July 13, 2016
Ultimate Member <= 1.3.64 - Local File Inclusion		9.1	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H	July 10, 2016
Gwolle Guestbook <= 1.5.3 - Remote File Inclusion	CVE-2015-8351	9.0	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H	November 4, 2015
Porto Theme - Functionality <= 3.0.9 - Authenticated (Contributor+) Local File Inclusion via Post Meta	CVE-2024-3809	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	May 8, 2024
Stockholm Core <= 2.4.1 - Authenticated (Contributor+) Local File Inclusion	CVE-2024-34554	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	May 7, 2024
Sina Extension for Elementor <= 3.5.1 - Authenticated (Contributor+) Local File Inclusion	CVE-2024-34384	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	May 3, 2024
Better Elementor Addons <= 1.4.1 - Authenticated(Contributor+) Local File Inclusion	CVE-2024-33541	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	April 25, 2024
XforWooCommerce <= 2.0.2 - Authenticated (Subscriber+) Local File Inclusion	CVE-2024-33628	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	April 25, 2024
ElementsKit Pro <= 3.6.0 - Authenticated (Contributor+) Local File Inclusion via Price Menu, Hotspot, and Advanced Toggle Widgets	CVE-2024-3500	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	April 25, 2024
ElementsKit Elementor addons <= 3.1.0 - Authenticated (Contributor+) Local File Inclusion via Onepage Scroll Module	CVE-2024-3499	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	April 22, 2024
Elementor <= 3.19.0 - Authenticated(Contributor+) Arbitrary File Deletion and PHAR Deserialization	CVE-2024-24934	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	February 7, 2024
Qi Addons For Elementor <= 1.6.3 - Authenticated (Contributor+) Local File Inclusion	CVE-2023-47679	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	November 9, 2023
HTML filter and csv-file search <= 2.7 - Authenticated (Contributor+) Local File Inclusion via Shortcode	CVE-2023-5099	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	October 30, 2023
Grid Plus <= 1.3.3 - Authenticated (Subscriber+) Local File Inclusion via Shortcode	CVE-2023-5250	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	October 29, 2023
WooCommerce One Page Checkout <= 2.3.0 - Authenticated (Contributor+) Local File Inclusion via `woocommerce_one_page_checkout`	CVE-2023-35881	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	August 10, 2023
wpForo Forum <= 2.1.7 - Authenticated (Subscriber+) Local File Include, Server-Side Request Forgery, and PHAR Deserialization via file_get_contents	CVE-2023-2249	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	June 1, 2023
YARPP <= 5.30.4 - Authenticated (Subscriber+) Local File Inclusion	CVE-2022-45374	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	April 18, 2023
WP Dark Mode <= 4.0.7 - Authenticated (Subscriber+) Local File Inclusion via 'style'	CVE-2023-0467	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	March 6, 2023
OceanWP <= 3.4.1 - Authenticated (Subscriber+) Local File Inclusion	CVE-2023-23700	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	February 27, 2023
Custom Content Shortcode <= 4.0.2 - Authenticated (Contributor+) Local File Inclusion via Shortcode	CVE-2023-0340	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	February 22, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation