🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Vulnerabilities protected by our Malicious File Upload firewall rule

712,447

Attacks Blocked in Past 24 Hours

Showing 81-100 of 472 Vulnerabilities

WordPress File Upload < 2.7.1 - Arbitrary File Upload

8.2

CVE-2015-9339

May 9, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

Homepage SlideShow <= 2.3 - Arbitrary File Upload

8.3

CVE ID Unknown

Jan 30, 2013

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Authenticated (Author+) Arbitrary File Upload to Remote Code Execution

8.8

CVE-2024-0757

May 14, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Xserver Migrator <= 1.6.2 - Cross-Site Request Forgery to Arbitrary File Upload

8.8

CVE-2024-33913

Apr 29, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tumult Hype Animations <= 1.9.12 - Authenticated (Author+) Arbitrary File Upload

8.8

CVE-2024-2890

Mar 26, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tourfic <= 2.11.15 - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVE-2024-29135

Mar 18, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Elite Booster for WooCommerce <= 7.1.7 - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVE-2024-1986

Mar 7, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Avada | Website Builder For WordPress & WooCommerce <= 7.11.4 - Authenticated (Contributor+) Arbitrary File Upload

8.8

CVE-2024-1468

Feb 28, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

WP Media folder <= 5.7.2 - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVE-2024-25909

Feb 15, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

File Manager Pro <= 8.3.4 - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVE-2023-6846

Jan 24, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Customer Reviews for WooCommerce <= 5.38.9 - Authenticated (Author+) Arbitrary File Upload

8.8

CVE-2023-6979

Jan 9, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

WP Mail Log Plugin <= 1.1.2 - Authenticated(Contributor+) Arbitrary File Upload

8.8

CVE-2023-51410

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Verge3D <= 4.5.2 - Authenticated(Subscriber+) Arbitrary File Upload

8.8

CVE-2023-51421

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

JVM rich text icons <= 1.2.3 - Authenticated(Subscriber+) Arbitrary File Upload

8.8

CVE-2023-51417

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

rtMedia for WordPress, BuddyPress and bbPress <= 4.6.15 - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVE-2023-5931

Nov 29, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

WP Githuber MD <= 1.16.2 - Authenticated (Author+) Arbitrary File Upload

8.8

CVE-2023-47846

Nov 20, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Welcart e-Commerce <= 2.9.4 - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVE-2023-5953

Nov 14, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Filr – Secure document library <= 1.2.3.5 - Authenticated (Author+) Arbitrary File Upload

8.8

CVE-2023-5762

Nov 13, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Themify Ultra <= 7.3.5 - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVE-2023-46149

Oct 17, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Welcart e-Commerce <= 2.8.21 - Authenticated(Editor+) Arbitrary File Upload

8.8

CVE-2023-40219

Sep 26, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
WordPress File Upload < 2.7.1 - Arbitrary File Upload	CVE-2015-9339	8.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N	May 9, 2015
Homepage SlideShow <= 2.3 - Arbitrary File Upload		8.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L	January 30, 2013
Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Authenticated (Author+) Arbitrary File Upload to Remote Code Execution	CVE-2024-0757	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	May 14, 2024
Xserver Migrator <= 1.6.2 - Cross-Site Request Forgery to Arbitrary File Upload	CVE-2024-33913	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	April 29, 2024
Tumult Hype Animations <= 1.9.12 - Authenticated (Author+) Arbitrary File Upload	CVE-2024-2890	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	March 26, 2024
Tourfic <= 2.11.15 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2024-29135	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	March 18, 2024
Elite Booster for WooCommerce <= 7.1.7 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2024-1986	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	March 7, 2024
Avada \| Website Builder For WordPress & WooCommerce <= 7.11.4 - Authenticated (Contributor+) Arbitrary File Upload	CVE-2024-1468	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	February 28, 2024
WP Media folder <= 5.7.2 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2024-25909	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	February 15, 2024
File Manager Pro <= 8.3.4 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2023-6846	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	January 24, 2024
Customer Reviews for WooCommerce <= 5.38.9 - Authenticated (Author+) Arbitrary File Upload	CVE-2023-6979	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	January 9, 2024
WP Mail Log Plugin <= 1.1.2 - Authenticated(Contributor+) Arbitrary File Upload	CVE-2023-51410	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
Verge3D <= 4.5.2 - Authenticated(Subscriber+) Arbitrary File Upload	CVE-2023-51421	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
JVM rich text icons <= 1.2.3 - Authenticated(Subscriber+) Arbitrary File Upload	CVE-2023-51417	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
rtMedia for WordPress, BuddyPress and bbPress <= 4.6.15 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2023-5931	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	November 29, 2023
WP Githuber MD <= 1.16.2 - Authenticated (Author+) Arbitrary File Upload	CVE-2023-47846	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	November 20, 2023
Welcart e-Commerce <= 2.9.4 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2023-5953	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	November 14, 2023
Filr – Secure document library <= 1.2.3.5 - Authenticated (Author+) Arbitrary File Upload	CVE-2023-5762	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	November 13, 2023
Themify Ultra <= 7.3.5 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2023-46149	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	October 17, 2023
Welcart e-Commerce <= 2.8.21 - Authenticated(Editor+) Arbitrary File Upload	CVE-2023-40219	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	September 26, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation