🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Vulnerabilities protected by our Malicious File Upload firewall rule

804,289

Attacks Blocked in Past 24 Hours

Showing 61-80 of 472 Vulnerabilities

Backup Guard <= 1.5.9 - Authenticated Arbitrary File Upload

7.2

CVE-2021-24155

Feb 18, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Modern Events Calendar Lite <= 5.16.4 - Authenticated Arbitrary File Upload leading to Remote Code Execution

7.2

CVE-2021-24145

Jan 29, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

PowerPress <= 8.3.7 - Arbitrary File Upload

7.2

CVE-2021-24123

Oct 11, 2020

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Autoptimize <= 2.7.6 - Authenticated Arbitrary File Upload

7.2

CVE-2020-24948

Aug 24, 2020

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Allow SVG Files <= 1.0 - Authenticated (Admin+) Arbitrary File Upload

7.2

CVE-2022-1939

May 30, 2020

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

WooCommerce <= 3.6.4 - Missing File Type Validation

7.2

CVE ID Unknown

Jul 2, 2019

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

FoxyPress < 0.4.2.6 - Arbitrary File Upload

7.2

CVE ID Unknown

Oct 30, 2012

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds < 2.0 - Arbitrary File Upload

7.2

CVE-2012-4874

Apr 3, 2012

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

WordPress Core <= 2.5.1 - Arbitrary File Upload

7.2

CVE-2008-2392

Apr 25, 2008

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

WordPress Core < 4.5.3 - Bypass sanitize_file_name Protection

7.3

CVE-2016-5839

Jun 18, 2016

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Essential Real Estate <= 4.3.5 - Authenticated (Subscriber+) Arbitrary File Upload

7.5

CVE-2023-6827

Dec 14, 2023

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Avada <= 7.11.1 - Authenticated(Contributor+) Arbitrary File Upload via 'ajax_import_options'

7.5

CVE-2023-39307

Aug 10, 2023

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

WordPress Download Manager <= 3.1.24 - Authenticated File Upload

7.5

CVE-2021-34639

Jul 29, 2021

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

LearnDash LMS <= 2.5.3 - Arbitrary File Upload

7.5

CVE-2018-25019

Jan 6, 2018

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Advanced AJAX Page Loader < 2.7.7 - Arbitrary File Upload

7.5

CVE-2016-10929

Jul 3, 2016

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Antioch <= 1.3 - Arbitrary File Download

7.5

CVE-2014-10397

Sep 8, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Piotnet Forms <= 1.0.28 - Unauthenticated Arbitrary File Upload

8.1

CVE-2023-6220

Dec 4, 2023

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Drag and Drop Multiple File Upload - Contact Form 7 <= 1.3.7.3 - Unauthenticated Arbitrary File Upload

8.1

CVE-2023-5822

Nov 1, 2023

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Contact Form 7 <= 5.3.1 - Arbitrary File Upload via Bypass

8.1

CVE-2020-35489

Dec 17, 2020

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Ninja Forms - File Uploads <= 3.0.22 - Unauthenticated Arbitrary File Upload

8.1

CVE-2019-10869

Apr 11, 2019

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
Backup Guard <= 1.5.9 - Authenticated Arbitrary File Upload	CVE-2021-24155	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	February 18, 2021
Modern Events Calendar Lite <= 5.16.4 - Authenticated Arbitrary File Upload leading to Remote Code Execution	CVE-2021-24145	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	January 29, 2021
PowerPress <= 8.3.7 - Arbitrary File Upload	CVE-2021-24123	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	October 11, 2020
Autoptimize <= 2.7.6 - Authenticated Arbitrary File Upload	CVE-2020-24948	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	August 24, 2020
Allow SVG Files <= 1.0 - Authenticated (Admin+) Arbitrary File Upload	CVE-2022-1939	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	May 30, 2020
WooCommerce <= 3.6.4 - Missing File Type Validation		7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	July 2, 2019
FoxyPress < 0.4.2.6 - Arbitrary File Upload		7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	October 30, 2012
WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds < 2.0 - Arbitrary File Upload	CVE-2012-4874	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	April 3, 2012
WordPress Core <= 2.5.1 - Arbitrary File Upload	CVE-2008-2392	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	April 25, 2008
WordPress Core < 4.5.3 - Bypass sanitize_file_name Protection	CVE-2016-5839	7.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L	June 18, 2016
Essential Real Estate <= 4.3.5 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2023-6827	7.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	December 14, 2023
Avada <= 7.11.1 - Authenticated(Contributor+) Arbitrary File Upload via 'ajax_import_options'	CVE-2023-39307	7.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	August 10, 2023
WordPress Download Manager <= 3.1.24 - Authenticated File Upload	CVE-2021-34639	7.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	July 29, 2021
LearnDash LMS <= 2.5.3 - Arbitrary File Upload	CVE-2018-25019	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	January 6, 2018
Advanced AJAX Page Loader < 2.7.7 - Arbitrary File Upload	CVE-2016-10929	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	July 3, 2016
Antioch <= 1.3 - Arbitrary File Download	CVE-2014-10397	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	September 8, 2014
Piotnet Forms <= 1.0.28 - Unauthenticated Arbitrary File Upload	CVE-2023-6220	8.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	December 4, 2023
Drag and Drop Multiple File Upload - Contact Form 7 <= 1.3.7.3 - Unauthenticated Arbitrary File Upload	CVE-2023-5822	8.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	November 1, 2023
Contact Form 7 <= 5.3.1 - Arbitrary File Upload via Bypass	CVE-2020-35489	8.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	December 17, 2020
Ninja Forms - File Uploads <= 3.0.22 - Unauthenticated Arbitrary File Upload	CVE-2019-10869	8.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	April 11, 2019

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation