🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Vulnerabilities protected by our Malicious File Upload firewall rule

563,642

Attacks Blocked in Past 24 Hours

Showing 1-20 of 458 Vulnerabilities

Chauffeur Taxi Booking System for WordPress <= 6.9 - Unauthenticated Arbitrary File Upload

10.0

CVE-2024-31115

Mar 29, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Layouts for Elementor <= 1.7 - Missing Authorization to Unauthenticated Arbitrary File Upload

10.0

CVE-2024-30533

Mar 29, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Salon booking system <= 9.5 - Unauthenticated Arbitrary File Upload

10.0

CVE-2024-30510

Mar 28, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Poll Maker <= 3.4 - Authenticated (Subscriber+) Arbitrary File Upload

9.9

CVE-2024-32514

Apr 15, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

WP Photo Album Plus <= 8.6.03.004 - Authenticated (Subscriber+) Arbitrary File Upload

9.9

CVE-2024-31286

Apr 5, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CubeWP – All-in-One Dynamic Content Framework <= 1.1.12 - Authenticated (Subscriber+) Arbitrary File Upload

9.9

CVE-2024-30500

Mar 28, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

WooCommerce Follow-Up Emails <= 4.9.40 - Authenticated Arbitrary File Upload in Template Editing

9.9

CVE-2023-33318

May 22, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Elementor Pro <= 2.9.3 - Authenticated (Subscriber+) Arbitrary File Upload

9.9

CVE-2020-13126

May 6, 2020

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

WPtouch <= 3.4.2 - Arbitrary File Upload

9.9

CVE ID Unknown

Aug 1, 2014

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Forminator <= 1.28.1 - Unauthenticated Arbitrary File Upload

9.8

CVE-2024-28890

Apr 18, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Pie Register <= 3.8.3.1 - Unauthenticated Arbitrary File Upload

9.8

CVE-2024-27957

Mar 13, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WooCommerce Easy Checkout Field Editor, Fees & Discounts <= 3.5.12 - Unauthenticated Arbitrary File Upload

9.8

CVE-2024-25925

Feb 14, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

MoveTo <= 6.2 - Unauthenticated Arbitrary File Upload

9.8

CVE-2024-25913

Feb 12, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Engine: ChatGPT Chatbot <= 1.9.98 - Unauthenticated Arbitrary File Upload via rest_upload

9.8

CVE-2023-51409

Jan 9, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Barcode Scanner with Inventory & Order Manager <= 1.5.1 - Unauthenticated Arbitrary File Upload via uploadFile

9.8

CVE-2023-52221

Jan 8, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

BERTHA AI Plugin <= 1.11.10.7 - Unauthenticated Arbitrary File Upload

9.8

CVE-2023-51419

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Piotnet Forms Plugin <= 1.0.28 - Unauthenticated Arbitrary File Upload

9.8

CVE-2023-51412

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Frontend Admin by DynamiApps Plugin <= 3.18.3 - Unauthenticated Arbitrary File Upload

9.8

CVE-2023-51411

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

TerraClassifieds <= 2.0.3 Unauthenticated Arbitrary File Upload

9.8

CVE-2023-51473

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WP MLM <= 4.0 - Unauthenticated Arbitrary File Upload

9.8

CVE-2023-51475

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
Chauffeur Taxi Booking System for WordPress <= 6.9 - Unauthenticated Arbitrary File Upload	CVE-2024-31115	10.0	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H	March 29, 2024
Layouts for Elementor <= 1.7 - Missing Authorization to Unauthenticated Arbitrary File Upload	CVE-2024-30533	10.0	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H	March 29, 2024
Salon booking system <= 9.5 - Unauthenticated Arbitrary File Upload	CVE-2024-30510	10.0	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H	March 28, 2024
Poll Maker <= 3.4 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2024-32514	9.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	April 15, 2024
WP Photo Album Plus <= 8.6.03.004 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2024-31286	9.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	April 5, 2024
CubeWP – All-in-One Dynamic Content Framework <= 1.1.12 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2024-30500	9.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	March 28, 2024
WooCommerce Follow-Up Emails <= 4.9.40 - Authenticated Arbitrary File Upload in Template Editing	CVE-2023-33318	9.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	May 22, 2023
Elementor Pro <= 2.9.3 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2020-13126	9.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	May 6, 2020
WPtouch <= 3.4.2 - Arbitrary File Upload		9.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	August 1, 2014
Forminator <= 1.28.1 - Unauthenticated Arbitrary File Upload	CVE-2024-28890	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	April 18, 2024
Pie Register <= 3.8.3.1 - Unauthenticated Arbitrary File Upload	CVE-2024-27957	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	March 13, 2024
WooCommerce Easy Checkout Field Editor, Fees & Discounts <= 3.5.12 - Unauthenticated Arbitrary File Upload	CVE-2024-25925	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 14, 2024
MoveTo <= 6.2 - Unauthenticated Arbitrary File Upload	CVE-2024-25913	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 12, 2024
AI Engine: ChatGPT Chatbot <= 1.9.98 - Unauthenticated Arbitrary File Upload via rest_upload	CVE-2023-51409	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	January 9, 2024
Barcode Scanner with Inventory & Order Manager <= 1.5.1 - Unauthenticated Arbitrary File Upload via uploadFile	CVE-2023-52221	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	January 8, 2024
BERTHA AI Plugin <= 1.11.10.7 - Unauthenticated Arbitrary File Upload	CVE-2023-51419	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
Piotnet Forms Plugin <= 1.0.28 - Unauthenticated Arbitrary File Upload	CVE-2023-51412	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
Frontend Admin by DynamiApps Plugin <= 3.18.3 - Unauthenticated Arbitrary File Upload	CVE-2023-51411	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
TerraClassifieds <= 2.0.3 Unauthenticated Arbitrary File Upload	CVE-2023-51473	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
WP MLM <= 4.0 - Unauthenticated Arbitrary File Upload	CVE-2023-51475	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 27, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation