🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Vulnerabilities protected by our LFI: Local File Inclusion firewall rule

434,263

Attacks Blocked in Past 24 Hours

Showing 101-120 of 160 Vulnerabilities

Popup Builder <= 4.0.6 - Local File Inclusion and PHAR Deserialization

8.8

CVE-2021-25082

Jan 24, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

WP-Appbox <= 4.3.17 - Local File Inclusion

8.8

CVE ID Unknown

Jan 17, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Include Me <= 1.2.1 - Local File Inclusion leading to Authenticated Remote Code Execution

8.8

CVE-2021-24453

Jan 2, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

WOOCS – Currency Switcher for WooCommerce Professional Free <= 1.3.7 - Authenticated Local File Inclusion

8.8

CVE-2021-24566

Jul 22, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SAM Pro (Free Edition) < 1.9.7.69 & Simple Ads Manager <= 2.10.0.130 & SAM Pro Lite < 1.9.0.53 - Local/Remote File Inclusion

8.8

CVE ID Unknown

Oct 10, 2016

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

WP Fastest Cache <= 0.8.5.9 - Local File Inclusion

8.8

CVE ID Unknown

Jul 13, 2016

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

WP Fastest Cache <= 0.8.5.7 - Local File Inclusion

8.8

CVE ID Unknown

May 24, 2016

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

rtMedia for WordPress, BuddyPress and bbPress < 3.7.19 - Local File Inclusion

8.8

CVE ID Unknown

Nov 24, 2014

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Theme My Login <= 6.3.9 - Local File Inclusion

8.8

CVE-2014-5155

Jun 30, 2014

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

wp-publications < 1.1 - Local File Inclusion

8.3

CVE-2021-38360

Sep 9, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Multivendor Marketplace Solution for WooCommerce – WC Marketplace <= 3.8.11.8 - Local File Inclusion

8.2

CVE ID Unknown

Aug 15, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

XML Sitemap & Google News <= 5.4.8 - Unauthenticated Local File Inclusion

8.1

CVE-2024-4441

May 7, 2024

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

JupiterX Theme <= 3.0.0 - Authenticated Local File Inclusion via print_pane

8.1

CVE-2023-32110

May 3, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

JupiterX Theme <= 2.0.6 and Jupiter Theme <= 6.10.1 - Authenticated Path Traversal and Local File Inclusion

8.1

CVE-2022-1657

May 18, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Posts in Page <= 1.2.4 - Authenticated Directory Traversal leading to Local File Inclusion

8.1

CVE-2017-18585

Feb 13, 2017

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Simple Job Board <= 2.9.3 - Local File Inclusion

7.7

CVE-2020-35749

Feb 6, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

MW WP Form <= 5.0.3 - Improper Limitation of File Name to Unauthenticated Arbitrary File Deletion

7.5

CVE-2023-6559

Dec 15, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Wholesale Market for WooCommerce <= 1.0.6 - Unauthenticated Arbitrary File Download

7.5

CVE-2022-4106

Nov 28, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Cost Calculator <= 1.8 - Authenticated Local File Inclusion

7.5

CVE-2021-24820

Feb 1, 2022

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Images to WebP <= 1.8 - Local File Inclusion

7.5

CVE-2021-24644

Oct 19, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Title	CVE ID	CVSS	Vector	Date
Popup Builder <= 4.0.6 - Local File Inclusion and PHAR Deserialization	CVE-2021-25082	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	January 24, 2022
WP-Appbox <= 4.3.17 - Local File Inclusion		8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	January 17, 2022
Include Me <= 1.2.1 - Local File Inclusion leading to Authenticated Remote Code Execution	CVE-2021-24453	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	January 2, 2022
WOOCS – Currency Switcher for WooCommerce Professional Free <= 1.3.7 - Authenticated Local File Inclusion	CVE-2021-24566	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	July 22, 2021
SAM Pro (Free Edition) < 1.9.7.69 & Simple Ads Manager <= 2.10.0.130 & SAM Pro Lite < 1.9.0.53 - Local/Remote File Inclusion		8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	October 10, 2016
WP Fastest Cache <= 0.8.5.9 - Local File Inclusion		8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	July 13, 2016
WP Fastest Cache <= 0.8.5.7 - Local File Inclusion		8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	May 24, 2016
rtMedia for WordPress, BuddyPress and bbPress < 3.7.19 - Local File Inclusion		8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	November 24, 2014
Theme My Login <= 6.3.9 - Local File Inclusion	CVE-2014-5155	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	June 30, 2014
wp-publications < 1.1 - Local File Inclusion	CVE-2021-38360	8.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L	September 9, 2021
Multivendor Marketplace Solution for WooCommerce – WC Marketplace <= 3.8.11.8 - Local File Inclusion		8.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N	August 15, 2022
XML Sitemap & Google News <= 5.4.8 - Unauthenticated Local File Inclusion	CVE-2024-4441	8.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	May 7, 2024
JupiterX Theme <= 3.0.0 - Authenticated Local File Inclusion via print_pane	CVE-2023-32110	8.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N	May 3, 2023
JupiterX Theme <= 2.0.6 and Jupiter Theme <= 6.10.1 - Authenticated Path Traversal and Local File Inclusion	CVE-2022-1657	8.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N	May 18, 2022
Posts in Page <= 1.2.4 - Authenticated Directory Traversal leading to Local File Inclusion	CVE-2017-18585	8.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N	February 13, 2017
Simple Job Board <= 2.9.3 - Local File Inclusion	CVE-2020-35749	7.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N	February 6, 2022
MW WP Form <= 5.0.3 - Improper Limitation of File Name to Unauthenticated Arbitrary File Deletion	CVE-2023-6559	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	December 15, 2023
Wholesale Market for WooCommerce <= 1.0.6 - Unauthenticated Arbitrary File Download	CVE-2022-4106	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	November 28, 2022
Cost Calculator <= 1.8 - Authenticated Local File Inclusion	CVE-2021-24820	7.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	February 1, 2022
Images to WebP <= 1.8 - Local File Inclusion	CVE-2021-24644	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	October 19, 2021

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation