🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Vulnerabilities protected by our Malicious File Upload firewall rule

2,623,910

Attacks Blocked in Past 24 Hours

Showing 61-80 of 472 Vulnerabilities

Mollie Payments for WooCommerce <= 7.3.11 - Authenticated (Shop Manager+) Arbitrary File Upload

7.2

CVE-2023-6090

Nov 27, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

WP JobSearch <= 2.3.3 - Unauthenticated Arbitrary File Upload

9.8

CVE-2023-6585

Nov 24, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Multiple Plugins by Trustindex.io <= (Various Versions)- Authenticated (Editor+) Arbitrary File Upload

6.6

CVE-2023-48275

Nov 22, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

WP Child Theme Generator <= 1.1.0 - Authenticated (Administrator+) Arbitrary File Upload

9.1

CVE-2023-47873

Nov 20, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CataBlog <= 1.7.0 - Authenticated (Editor+) Arbitrary File Upload

7.2

CVE-2023-47842

Nov 20, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

WP Githuber MD <= 1.16.2 - Authenticated (Author+) Arbitrary File Upload

8.8

CVE-2023-47846

Nov 20, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Welcart e-Commerce <= 2.9.4 - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVE-2023-5953

Nov 14, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Slider Revolution <= 6.6.15 - Authenticated (Author+) Arbitrary File Upload

7.2

CVE-2023-47784

Nov 14, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Filr – Secure document library <= 1.2.3.5 - Authenticated (Author+) Arbitrary File Upload

8.8

CVE-2023-5762

Nov 13, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Icons Font Loader <= 1.1.2 - Authenticated (Administrator+) Arbitrary File Upload

7.2

CVE-2023-5860

Nov 1, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Drag and Drop Multiple File Upload - Contact Form 7 <= 1.3.7.3 - Unauthenticated Arbitrary File Upload

8.1

CVE-2023-5822

Nov 1, 2023

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Themify Ultra <= 7.3.5 - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVE-2023-46149

Oct 17, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

WooCommerce Ninja Forms Product Add-ons <= 1.7.0 - Unauthenticated Arbitrary File Upload

9.8

CVE-2023-5601

Oct 16, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

User Submitted Posts <= 20230902 - Unauthenticated Arbitrary File Upload

9.8

CVE-2023-45603

Oct 10, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CITS Support svg, webp Media and TTF,OTF File Upload <= 2.1.0 - Authenticated(Author+) Stored Cross-Site Scripting via SVG Upload

6.4

CVE-2023-5458

Oct 9, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Welcart e-Commerce <= 2.8.21 - Authenticated(Editor+) Arbitrary File Upload

8.8

CVE-2023-40219

Sep 26, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Ni Purchase Order(PO) For WooCommerce <= 1.2.1 - Authenticated (Admin+) Arbitrary File Upload

3.8

CVE-2023-5957

Sep 26, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

File Manager Pro – Filester <= 1.8 - Authenticated (Admin+) Arbitrary File Upload

7.2

CVE-2023-4861

Sep 19, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

My Account Page Editor <= 1.3.1 - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVE-2023-4536

Sep 7, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Folders <= 2.9.2 - Authenticated (Author+) Arbitrary File Upload in handle_folders_file_upload

8.8

CVE-2023-40204

Aug 28, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
Mollie Payments for WooCommerce <= 7.3.11 - Authenticated (Shop Manager+) Arbitrary File Upload	CVE-2023-6090	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	November 27, 2023
WP JobSearch <= 2.3.3 - Unauthenticated Arbitrary File Upload	CVE-2023-6585	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	November 24, 2023
Multiple Plugins by Trustindex.io <= (Various Versions)- Authenticated (Editor+) Arbitrary File Upload	CVE-2023-48275	6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	November 22, 2023
WP Child Theme Generator <= 1.1.0 - Authenticated (Administrator+) Arbitrary File Upload	CVE-2023-47873	9.1	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H	November 20, 2023
CataBlog <= 1.7.0 - Authenticated (Editor+) Arbitrary File Upload	CVE-2023-47842	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	November 20, 2023
WP Githuber MD <= 1.16.2 - Authenticated (Author+) Arbitrary File Upload	CVE-2023-47846	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	November 20, 2023
Welcart e-Commerce <= 2.9.4 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2023-5953	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	November 14, 2023
Slider Revolution <= 6.6.15 - Authenticated (Author+) Arbitrary File Upload	CVE-2023-47784	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	November 14, 2023
Filr – Secure document library <= 1.2.3.5 - Authenticated (Author+) Arbitrary File Upload	CVE-2023-5762	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	November 13, 2023
Icons Font Loader <= 1.1.2 - Authenticated (Administrator+) Arbitrary File Upload	CVE-2023-5860	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	November 1, 2023
Drag and Drop Multiple File Upload - Contact Form 7 <= 1.3.7.3 - Unauthenticated Arbitrary File Upload	CVE-2023-5822	8.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	November 1, 2023
Themify Ultra <= 7.3.5 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2023-46149	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	October 17, 2023
WooCommerce Ninja Forms Product Add-ons <= 1.7.0 - Unauthenticated Arbitrary File Upload	CVE-2023-5601	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	October 16, 2023
User Submitted Posts <= 20230902 - Unauthenticated Arbitrary File Upload	CVE-2023-45603	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	October 10, 2023
CITS Support svg, webp Media and TTF,OTF File Upload <= 2.1.0 - Authenticated(Author+) Stored Cross-Site Scripting via SVG Upload	CVE-2023-5458	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	October 9, 2023
Welcart e-Commerce <= 2.8.21 - Authenticated(Editor+) Arbitrary File Upload	CVE-2023-40219	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	September 26, 2023
Ni Purchase Order(PO) For WooCommerce <= 1.2.1 - Authenticated (Admin+) Arbitrary File Upload	CVE-2023-5957	3.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N	September 26, 2023
File Manager Pro – Filester <= 1.8 - Authenticated (Admin+) Arbitrary File Upload	CVE-2023-4861	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	September 19, 2023
My Account Page Editor <= 1.3.1 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2023-4536	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	September 7, 2023
Folders <= 2.9.2 - Authenticated (Author+) Arbitrary File Upload in handle_folders_file_upload	CVE-2023-40204	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	August 28, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation