🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Vulnerabilities protected by our Malicious File Upload firewall rule

1,059,140

Attacks Blocked in Past 24 Hours

Showing 41-60 of 458 Vulnerabilities

Symbiostock Lite <= 6.0.0 - Authenticated (Shop Manager+) Arbitrary File Upload

7.2

CVE-2023-49814

Dec 5, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

WappPress <= 5.0.3 - Unauthenticated Arbitrary File Upload

9.8

CVE-2023-49815

Dec 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Piotnet Forms <= 1.0.28 - Unauthenticated Arbitrary File Upload

8.1

CVE-2023-6220

Dec 4, 2023

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

MW WP Form <= 5.0.1 - Unauthenticated Arbitrary File Upload

9.8

CVE-2023-6316

Dec 4, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

rtMedia for WordPress, BuddyPress and bbPress <= 4.6.15 - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVE-2023-5931

Nov 29, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

BookingPress <= 1.0.76 - Authenticated (Administrator+) Arbitrary File Upload

7.2

CVE-2023-6219

Nov 27, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Mollie Payments for WooCommerce <= 7.3.11 - Authenticated (Shop Manager+) Arbitrary File Upload

7.2

CVE-2023-6090

Nov 27, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

WP JobSearch <= 2.3.3 - Unauthenticated Arbitrary File Upload

9.8

CVE-2023-6585

Nov 24, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Multiple Plugins by Trustindex.io <= (Various Versions)- Authenticated (Editor+) Arbitrary File Upload

6.6

CVE-2023-48275

Nov 22, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

WP Child Theme Generator <= 1.1.0 - Authenticated (Administrator+) Arbitrary File Upload

9.1

CVE-2023-47873

Nov 20, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CataBlog <= 1.7.0 - Authenticated (Editor+) Arbitrary File Upload

7.2

CVE-2023-47842

Nov 20, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

WP Githuber MD <= 1.16.2 - Authenticated (Author+) Arbitrary File Upload

8.8

CVE-2023-47846

Nov 20, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Welcart e-Commerce <= 2.9.4 - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVE-2023-5953

Nov 14, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Slider Revolution <= 6.6.15 - Authenticated (Author+) Arbitrary File Upload

7.2

CVE-2023-47784

Nov 14, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Filr – Secure document library <= 1.2.3.5 - Authenticated (Author+) Arbitrary File Upload

8.8

CVE-2023-5762

Nov 13, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Icons Font Loader <= 1.1.2 - Authenticated (Administrator+) Arbitrary File Upload

7.2

CVE-2023-5860

Nov 1, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Drag and Drop Multiple File Upload - Contact Form 7 <= 1.3.7.3 - Unauthenticated Arbitrary File Upload

8.1

CVE-2023-5822

Nov 1, 2023

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Themify Ultra <= 7.3.5 - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVE-2023-46149

Oct 17, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

WooCommerce Ninja Forms Product Add-ons <= 1.7.0 - Unauthenticated Arbitrary File Upload

9.8

CVE-2023-5601

Oct 16, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

User Submitted Posts <= 20230902 - Unauthenticated Arbitrary File Upload

9.8

CVE-2023-45603

Oct 10, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
Symbiostock Lite <= 6.0.0 - Authenticated (Shop Manager+) Arbitrary File Upload	CVE-2023-49814	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	December 5, 2023
WappPress <= 5.0.3 - Unauthenticated Arbitrary File Upload	CVE-2023-49815	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 5, 2023
Piotnet Forms <= 1.0.28 - Unauthenticated Arbitrary File Upload	CVE-2023-6220	8.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	December 4, 2023
MW WP Form <= 5.0.1 - Unauthenticated Arbitrary File Upload	CVE-2023-6316	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 4, 2023
rtMedia for WordPress, BuddyPress and bbPress <= 4.6.15 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2023-5931	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	November 29, 2023
BookingPress <= 1.0.76 - Authenticated (Administrator+) Arbitrary File Upload	CVE-2023-6219	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	November 27, 2023
Mollie Payments for WooCommerce <= 7.3.11 - Authenticated (Shop Manager+) Arbitrary File Upload	CVE-2023-6090	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	November 27, 2023
WP JobSearch <= 2.3.3 - Unauthenticated Arbitrary File Upload	CVE-2023-6585	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	November 24, 2023
Multiple Plugins by Trustindex.io <= (Various Versions)- Authenticated (Editor+) Arbitrary File Upload	CVE-2023-48275	6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	November 22, 2023
WP Child Theme Generator <= 1.1.0 - Authenticated (Administrator+) Arbitrary File Upload	CVE-2023-47873	9.1	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H	November 20, 2023
CataBlog <= 1.7.0 - Authenticated (Editor+) Arbitrary File Upload	CVE-2023-47842	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	November 20, 2023
WP Githuber MD <= 1.16.2 - Authenticated (Author+) Arbitrary File Upload	CVE-2023-47846	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	November 20, 2023
Welcart e-Commerce <= 2.9.4 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2023-5953	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	November 14, 2023
Slider Revolution <= 6.6.15 - Authenticated (Author+) Arbitrary File Upload	CVE-2023-47784	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	November 14, 2023
Filr – Secure document library <= 1.2.3.5 - Authenticated (Author+) Arbitrary File Upload	CVE-2023-5762	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	November 13, 2023
Icons Font Loader <= 1.1.2 - Authenticated (Administrator+) Arbitrary File Upload	CVE-2023-5860	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	November 1, 2023
Drag and Drop Multiple File Upload - Contact Form 7 <= 1.3.7.3 - Unauthenticated Arbitrary File Upload	CVE-2023-5822	8.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	November 1, 2023
Themify Ultra <= 7.3.5 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2023-46149	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	October 17, 2023
WooCommerce Ninja Forms Product Add-ons <= 1.7.0 - Unauthenticated Arbitrary File Upload	CVE-2023-5601	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	October 16, 2023
User Submitted Posts <= 20230902 - Unauthenticated Arbitrary File Upload	CVE-2023-45603	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	October 10, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation