🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Vulnerabilities protected by our Malicious File Upload firewall rule

1,072,862

Attacks Blocked in Past 24 Hours

Showing 1-20 of 458 Vulnerabilities

FileOrganizer and FileOrganizer Pro <= 1.0.6 - Authenticated Stored Cross-Site Scripting

4.4

CVE-2024-2324

Apr 23, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Forminator <= 1.28.1 - Unauthenticated Arbitrary File Upload

9.8

CVE-2024-28890

Apr 18, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Support Genix <= 1.2.3 - Missing Authorization

5.3

CVE-2023-49742

Apr 16, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Poll Maker <= 3.4 - Authenticated (Subscriber+) Arbitrary File Upload

9.9

CVE-2024-32514

Apr 15, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

WP Photo Album Plus <= 8.6.03.004 - Authenticated (Subscriber+) Arbitrary File Upload

9.9

CVE-2024-31286

Apr 5, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Import XML and RSS Feeds <= 2.1.5 - Authenticated (Administrator+) Arbitrary File Upload

9.1

CVE-2024-31292

Apr 5, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin <= 1.0.87 - Authenticated (Admin+) Arbitrary File Upload

7.2

CVE-2024-3022

Apr 3, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Layouts for Elementor <= 1.7 - Missing Authorization to Unauthenticated Arbitrary File Upload

10.0

CVE-2024-30533

Mar 29, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Chauffeur Taxi Booking System for WordPress <= 6.9 - Unauthenticated Arbitrary File Upload

10.0

CVE-2024-31115

Mar 29, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Shortcode Addons <= 3.2.5 - Authenticated (Admin+) Arbitrary File Upload

9.1

CVE-2024-31114

Mar 29, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CubeWP – All-in-One Dynamic Content Framework <= 1.1.12 - Authenticated (Subscriber+) Arbitrary File Upload

9.9

CVE-2024-30500

Mar 28, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Salon booking system <= 9.5 - Unauthenticated Arbitrary File Upload

10.0

CVE-2024-30510

Mar 28, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Product Import Export for WooCommerce <= 2.4.1 - Authenticated(Shop Manager+) Arbitrary File Upload

7.2

CVE-2024-30231

Mar 26, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tourfic <= 2.11.15 - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVE-2024-29135

Mar 18, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Pie Register <= 3.8.3.1 - Unauthenticated Arbitrary File Upload

9.8

CVE-2024-27957

Mar 13, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Zippy <= 1.6.9 - Authenticated (Editor+) Arbitrary File Upload

7.2

CVE-2024-27964

Mar 13, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Elite Booster for WooCommerce <= 7.1.7 - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVE-2024-1986

Mar 7, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Avada | Website Builder For WordPress & WooCommerce <= 7.11.4 - Authenticated (Contributor+) Arbitrary File Upload

8.8

CVE-2024-1468

Feb 28, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

WP Media folder <= 5.7.2 - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVE-2024-25909

Feb 15, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

WooCommerce Easy Checkout Field Editor, Fees & Discounts <= 3.5.12 - Unauthenticated Arbitrary File Upload

9.8

CVE-2024-25925

Feb 14, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
FileOrganizer and FileOrganizer Pro <= 1.0.6 - Authenticated Stored Cross-Site Scripting	CVE-2024-2324	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 23, 2024
Forminator <= 1.28.1 - Unauthenticated Arbitrary File Upload	CVE-2024-28890	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	April 18, 2024
Support Genix <= 1.2.3 - Missing Authorization	CVE-2023-49742	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	April 16, 2024
Poll Maker <= 3.4 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2024-32514	9.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	April 15, 2024
WP Photo Album Plus <= 8.6.03.004 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2024-31286	9.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	April 5, 2024
Import XML and RSS Feeds <= 2.1.5 - Authenticated (Administrator+) Arbitrary File Upload	CVE-2024-31292	9.1	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H	April 5, 2024
BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin <= 1.0.87 - Authenticated (Admin+) Arbitrary File Upload	CVE-2024-3022	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	April 3, 2024
Layouts for Elementor <= 1.7 - Missing Authorization to Unauthenticated Arbitrary File Upload	CVE-2024-30533	10.0	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H	March 29, 2024
Chauffeur Taxi Booking System for WordPress <= 6.9 - Unauthenticated Arbitrary File Upload	CVE-2024-31115	10.0	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H	March 29, 2024
Shortcode Addons <= 3.2.5 - Authenticated (Admin+) Arbitrary File Upload	CVE-2024-31114	9.1	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H	March 29, 2024
CubeWP – All-in-One Dynamic Content Framework <= 1.1.12 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2024-30500	9.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	March 28, 2024
Salon booking system <= 9.5 - Unauthenticated Arbitrary File Upload	CVE-2024-30510	10.0	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H	March 28, 2024
Product Import Export for WooCommerce <= 2.4.1 - Authenticated(Shop Manager+) Arbitrary File Upload	CVE-2024-30231	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	March 26, 2024
Tourfic <= 2.11.15 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2024-29135	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	March 18, 2024
Pie Register <= 3.8.3.1 - Unauthenticated Arbitrary File Upload	CVE-2024-27957	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	March 13, 2024
Zippy <= 1.6.9 - Authenticated (Editor+) Arbitrary File Upload	CVE-2024-27964	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	March 13, 2024
Elite Booster for WooCommerce <= 7.1.7 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2024-1986	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	March 7, 2024
Avada \| Website Builder For WordPress & WooCommerce <= 7.11.4 - Authenticated (Contributor+) Arbitrary File Upload	CVE-2024-1468	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	February 28, 2024
WP Media folder <= 5.7.2 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2024-25909	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	February 15, 2024
WooCommerce Easy Checkout Field Editor, Fees & Discounts <= 3.5.12 - Unauthenticated Arbitrary File Upload	CVE-2024-25925	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 14, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation