🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Vulnerabilities protected by our Malicious File Upload firewall rule

804,289

Attacks Blocked in Past 24 Hours

Showing 101-120 of 472 Vulnerabilities

My Account Page Editor <= 1.3.1 - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVE-2023-4536

Sep 7, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Folders <= 2.9.2 - Authenticated (Author+) Arbitrary File Upload in handle_folders_file_upload

8.8

CVE-2023-40204

Aug 28, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Folders <= 2.9.2 - Authenticated (Author+) Arbitrary File Upload

8.8

CVE ID Unknown

Aug 25, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Download Monitor <= 4.8.3 - Authenticated(Subscriber+) Arbitrary File Upload via upload_file

8.8

CVE-2023-34007

Jun 7, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Crocoblock JetEngine <= 3.1.3 - Authenticated(Author+) Arbitrary File Upload to Remote Code Execution

8.8

CVE-2023-1406

Mar 20, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Corsa Theme <= 1.5 - Authenticated Arbitrary File Upload

8.8

CVE-2023-23970

Jan 23, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Enable Media Replace <= 4.0.1 - Authenticated (Author+) Arbitrary File Upload

8.8

CVE-2023-0255

Jan 17, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

WPDating <= 7.4.1 - Arbitrary File Upload

8.8

CVE ID Unknown

Jan 9, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Return Refund and Exchange For WooCommerce <= 4.0.8 - Arbitrary File Upload

8.8

CVE-2022-4047

Nov 25, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

User Registration <= 2.2.4 - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVE-2022-3912

Nov 21, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

wpForo Forum <= 2.0.9 - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVE-2022-40200

Nov 9, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SEO Plugin by Squirrly SEO <= 12.1.10 - Authenticated (Contributor+) Arbitrary File Upload

8.8

CVE-2022-38140

Oct 25, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Role Based Pricing for WooCommerce <= 1.6.1 - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVE-2022-3537

Oct 17, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

MemberPress Downloads <= 1.2.5 - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVE ID Unknown

Sep 19, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Frontend File Manager <= 21.2 - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVE-2022-3125

Sep 7, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Frontend File Manager & Sharing – User Private Files <= 1.1.2 - Subscriber+ Arbitrary File Upload

8.8

CVE-2022-2356

Jul 11, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC <= 1.1.15 - Arbitrary File Upload

8.8

CVE-2022-1952

Jun 13, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Bit File Manager – 100% free file manager for WordPress <= 5.2.2 - Subscriber+ Arbitrary File Creation/Upload/Deletion

8.8

CVE-2022-0403

Mar 14, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Appointment and Event Booking Calendar - Amelia < 1.0.47 - Arbitrary File Upload

8.8

CVE-2022-0687

Feb 23, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AdSanity < 1.8.2 - Authenticated Arbitrary File Upload

8.8

CVE-2022-4949

Jan 25, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
My Account Page Editor <= 1.3.1 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2023-4536	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	September 7, 2023
Folders <= 2.9.2 - Authenticated (Author+) Arbitrary File Upload in handle_folders_file_upload	CVE-2023-40204	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	August 28, 2023
Folders <= 2.9.2 - Authenticated (Author+) Arbitrary File Upload		8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	August 25, 2023
Download Monitor <= 4.8.3 - Authenticated(Subscriber+) Arbitrary File Upload via upload_file	CVE-2023-34007	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	June 7, 2023
Crocoblock JetEngine <= 3.1.3 - Authenticated(Author+) Arbitrary File Upload to Remote Code Execution	CVE-2023-1406	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	March 20, 2023
Corsa Theme <= 1.5 - Authenticated Arbitrary File Upload	CVE-2023-23970	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	January 23, 2023
Enable Media Replace <= 4.0.1 - Authenticated (Author+) Arbitrary File Upload	CVE-2023-0255	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	January 17, 2023
WPDating <= 7.4.1 - Arbitrary File Upload		8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	January 9, 2023
Return Refund and Exchange For WooCommerce <= 4.0.8 - Arbitrary File Upload	CVE-2022-4047	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	November 25, 2022
User Registration <= 2.2.4 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2022-3912	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	November 21, 2022
wpForo Forum <= 2.0.9 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2022-40200	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	November 9, 2022
SEO Plugin by Squirrly SEO <= 12.1.10 - Authenticated (Contributor+) Arbitrary File Upload	CVE-2022-38140	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	October 25, 2022
Role Based Pricing for WooCommerce <= 1.6.1 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2022-3537	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	October 17, 2022
MemberPress Downloads <= 1.2.5 - Authenticated (Subscriber+) Arbitrary File Upload		8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	September 19, 2022
Frontend File Manager <= 21.2 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2022-3125	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	September 7, 2022
Frontend File Manager & Sharing – User Private Files <= 1.1.2 - Subscriber+ Arbitrary File Upload	CVE-2022-2356	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	July 11, 2022
Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC <= 1.1.15 - Arbitrary File Upload	CVE-2022-1952	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	June 13, 2022
Bit File Manager – 100% free file manager for WordPress <= 5.2.2 - Subscriber+ Arbitrary File Creation/Upload/Deletion	CVE-2022-0403	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	March 14, 2022
Appointment and Event Booking Calendar - Amelia < 1.0.47 - Arbitrary File Upload	CVE-2022-0687	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	February 23, 2022
AdSanity < 1.8.2 - Authenticated Arbitrary File Upload	CVE-2022-4949	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	January 25, 2022

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation