🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Vulnerabilities protected by our LFI: Local File Inclusion firewall rule

435,250

Attacks Blocked in Past 24 Hours

Showing 121-140 of 160 Vulnerabilities

Adaptive Images for WordPress <= 0.6.66 - Local File Inclusion

7.5

CVE-2019-14205

Jul 19, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

WP Rocket <= 2.10.3 - Local File Inclusion

7.5

CVE-2017-11658

Jun 22, 2017

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

NextGen Gallery <= 2.1.56 - Remote File Inclusion

7.5

CVE-2016-6565

Nov 15, 2016

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

IMDB Profile Widget < 1.0.9 - Local File Inclusion

7.5

CVE-2016-10991

Mar 26, 2016

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

WP AmASIN – The Amazon Affiliate Shop <= 0.9.6 - Local File Inclusion

7.5

CVE-2014-4577

Aug 1, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tinymce Thumbnail Gallery <= 1.0.7 - Local File Inclusion

7.5

CVE ID Unknown

Aug 1, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Simple Download Button Shortcode <= 1.0 - Information Disclosure via Arbitrary File Downloads

7.5

CVE-2012-10016

Sep 17, 2012

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Rehub <= 19.6.1 - Authenticated (Editor+) Local File Inclusion

7.2

CVE-2024-31232

Apr 3, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

S2W – Import Shopify to WooCommerce <= 1.1.12 - Authenticated (Admin+) Local File Inclusion

7.2

CVE-2022-44634

Nov 10, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Herd Effects <= 5.2 - Local File Inclusion

7.2

CVE-2022-29448

May 16, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

All-In-One-Gallery <= 2.4.9 - Admin+ Local File Inclusion

7.2

CVE-2021-24970

Nov 15, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Two Way Chat <= 3.1.4 - Authenticated (Admin+) Local File Inclusion

7.2

CVE ID Unknown

Oct 5, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Live Scores for SportsPress <= 1.9.0 - Authenticated (Admin+) Local File Inclusion

7.2

CVE ID Unknown

Aug 24, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

UpdraftPlus < 1.16.59 - Authenticated (Admin+) Local File Inclusion

7.2

CVE ID Unknown

Jul 12, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Redirection <= 2.7.3 - Local File Inclusion

7.2

CVE-2018-1000504

Jul 12, 2018

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Subscribe to Comments <= 2.1.2 - Local File Includion

7.2

CVE ID Unknown

Jul 15, 2015

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

GD bbPress Attachments < 2.3 - Directory Traversal

7.2

CVE-2015-5482

Jul 9, 2015

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Ultimate Addons for WPBakery Page Builder <= 3.19.14 - Authenticated(Contributor+) Local File Inclusion

7.1

CVE-2023-46205

Oct 19, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

VR Calendar <= 2.4.0 - Authenticated (Administrator+) Local File Inclusion

6.8

CVE ID Unknown

Jul 28, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Popup Box <= 2.1.2 - Authenticated Local File Inclusion

6.8

CVE-2022-29445

May 17, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
Adaptive Images for WordPress <= 0.6.66 - Local File Inclusion	CVE-2019-14205	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	July 19, 2019
WP Rocket <= 2.10.3 - Local File Inclusion	CVE-2017-11658	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	June 22, 2017
NextGen Gallery <= 2.1.56 - Remote File Inclusion	CVE-2016-6565	7.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	November 15, 2016
IMDB Profile Widget < 1.0.9 - Local File Inclusion	CVE-2016-10991	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	March 26, 2016
WP AmASIN – The Amazon Affiliate Shop <= 0.9.6 - Local File Inclusion	CVE-2014-4577	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	August 1, 2014
Tinymce Thumbnail Gallery <= 1.0.7 - Local File Inclusion		7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	August 1, 2014
Simple Download Button Shortcode <= 1.0 - Information Disclosure via Arbitrary File Downloads	CVE-2012-10016	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	September 17, 2012
Rehub <= 19.6.1 - Authenticated (Editor+) Local File Inclusion	CVE-2024-31232	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	April 3, 2024
S2W – Import Shopify to WooCommerce <= 1.1.12 - Authenticated (Admin+) Local File Inclusion	CVE-2022-44634	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	November 10, 2022
Herd Effects <= 5.2 - Local File Inclusion	CVE-2022-29448	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	May 16, 2022
All-In-One-Gallery <= 2.4.9 - Admin+ Local File Inclusion	CVE-2021-24970	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	November 15, 2021
Two Way Chat <= 3.1.4 - Authenticated (Admin+) Local File Inclusion		7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	October 5, 2021
Live Scores for SportsPress <= 1.9.0 - Authenticated (Admin+) Local File Inclusion		7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	August 24, 2021
UpdraftPlus < 1.16.59 - Authenticated (Admin+) Local File Inclusion		7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	July 12, 2021
Redirection <= 2.7.3 - Local File Inclusion	CVE-2018-1000504	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	July 12, 2018
Subscribe to Comments <= 2.1.2 - Local File Includion		7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	July 15, 2015
GD bbPress Attachments < 2.3 - Directory Traversal	CVE-2015-5482	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	July 9, 2015
Ultimate Addons for WPBakery Page Builder <= 3.19.14 - Authenticated(Contributor+) Local File Inclusion	CVE-2023-46205	7.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N	October 19, 2023
VR Calendar <= 2.4.0 - Authenticated (Administrator+) Local File Inclusion		6.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N	July 28, 2022
Popup Box <= 2.1.2 - Authenticated Local File Inclusion	CVE-2022-29445	6.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H	May 17, 2022

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation