🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Vulnerabilities protected by our Malicious File Upload firewall rule

452,953

Attacks Blocked in Past 24 Hours

Showing 1-20 of 472 Vulnerabilities

Kognetiks Chatbot for WordPress <= 2.0.0 - Unauthenticated Arbitrary File Upload

10.0

CVE-2024-32700

May 13, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

ActiveDEMAND <= 0.2.41 - Unauthenticated Arbitrary File Upload

10.0

CVE-2024-32809

Apr 22, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Chauffeur Taxi Booking System for WordPress <= 6.9 - Unauthenticated Arbitrary File Upload

10.0

CVE-2024-31115

Mar 29, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Layouts for Elementor <= 1.7 - Missing Authorization to Unauthenticated Arbitrary File Upload

10.0

CVE-2024-30533

Mar 29, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Salon booking system <= 9.5 - Unauthenticated Arbitrary File Upload

10.0

CVE-2024-30510

Mar 28, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

canvasio3D Light <= 2.5.0 - Authenticated (Subscriber+) Arbitrary File Upload

9.9

CVE-2024-34411

May 6, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

XStore Core <= 5.3.5 - Authenticated (Subscriber+) Limited Arbitrary File Upload

9.9

CVE-2024-33556

Apr 25, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Poll Maker <= 3.4 - Authenticated (Subscriber+) Arbitrary File Upload

9.9

CVE-2024-32514

Apr 15, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

WP Photo Album Plus <= 8.6.03.004 - Authenticated (Subscriber+) Arbitrary File Upload

9.9

CVE-2024-31286

Apr 5, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CubeWP – All-in-One Dynamic Content Framework <= 1.1.12 - Authenticated (Subscriber+) Arbitrary File Upload

9.9

CVE-2024-30500

Mar 28, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

WooCommerce Follow-Up Emails <= 4.9.40 - Authenticated Arbitrary File Upload in Template Editing

9.9

CVE-2023-33318

May 22, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Elementor Pro <= 2.9.3 - Authenticated (Subscriber+) Arbitrary File Upload

9.9

CVE-2020-13126

May 6, 2020

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

WPtouch <= 3.4.2 - Arbitrary File Upload

9.9

CVE ID Unknown

Aug 1, 2014

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Startklar Elementor Addons <= 1.7.13 - Unauthenticated Arbitrary File Upload

9.8

CVE-2024-4345

May 6, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

OrderConvo <= 12.4 - Missing Authorization to Arbitrary File Upload

9.8

CVE-2024-33566

Apr 25, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Forminator <= 1.28.1 - Unauthenticated Arbitrary File Upload

9.8

CVE-2024-28890

Apr 18, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Pie Register <= 3.8.3.1 - Unauthenticated Arbitrary File Upload

9.8

CVE-2024-27957

Mar 13, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WooCommerce Easy Checkout Field Editor, Fees & Discounts <= 3.5.12 - Unauthenticated Arbitrary File Upload

9.8

CVE-2024-25925

Feb 14, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

MoveTo <= 6.2 - Unauthenticated Arbitrary File Upload

9.8

CVE-2024-25913

Feb 12, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Engine: ChatGPT Chatbot <= 1.9.98 - Unauthenticated Arbitrary File Upload via rest_upload

9.8

CVE-2023-51409

Jan 9, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
Kognetiks Chatbot for WordPress <= 2.0.0 - Unauthenticated Arbitrary File Upload	CVE-2024-32700	10.0	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H	May 13, 2024
ActiveDEMAND <= 0.2.41 - Unauthenticated Arbitrary File Upload	CVE-2024-32809	10.0	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H	April 22, 2024
Chauffeur Taxi Booking System for WordPress <= 6.9 - Unauthenticated Arbitrary File Upload	CVE-2024-31115	10.0	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H	March 29, 2024
Layouts for Elementor <= 1.7 - Missing Authorization to Unauthenticated Arbitrary File Upload	CVE-2024-30533	10.0	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H	March 29, 2024
Salon booking system <= 9.5 - Unauthenticated Arbitrary File Upload	CVE-2024-30510	10.0	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H	March 28, 2024
canvasio3D Light <= 2.5.0 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2024-34411	9.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	May 6, 2024
XStore Core <= 5.3.5 - Authenticated (Subscriber+) Limited Arbitrary File Upload	CVE-2024-33556	9.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	April 25, 2024
Poll Maker <= 3.4 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2024-32514	9.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	April 15, 2024
WP Photo Album Plus <= 8.6.03.004 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2024-31286	9.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	April 5, 2024
CubeWP – All-in-One Dynamic Content Framework <= 1.1.12 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2024-30500	9.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	March 28, 2024
WooCommerce Follow-Up Emails <= 4.9.40 - Authenticated Arbitrary File Upload in Template Editing	CVE-2023-33318	9.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	May 22, 2023
Elementor Pro <= 2.9.3 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2020-13126	9.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	May 6, 2020
WPtouch <= 3.4.2 - Arbitrary File Upload		9.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	August 1, 2014
Startklar Elementor Addons <= 1.7.13 - Unauthenticated Arbitrary File Upload	CVE-2024-4345	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 6, 2024
OrderConvo <= 12.4 - Missing Authorization to Arbitrary File Upload	CVE-2024-33566	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	April 25, 2024
Forminator <= 1.28.1 - Unauthenticated Arbitrary File Upload	CVE-2024-28890	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	April 18, 2024
Pie Register <= 3.8.3.1 - Unauthenticated Arbitrary File Upload	CVE-2024-27957	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	March 13, 2024
WooCommerce Easy Checkout Field Editor, Fees & Discounts <= 3.5.12 - Unauthenticated Arbitrary File Upload	CVE-2024-25925	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 14, 2024
MoveTo <= 6.2 - Unauthenticated Arbitrary File Upload	CVE-2024-25913	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 12, 2024
AI Engine: ChatGPT Chatbot <= 1.9.98 - Unauthenticated Arbitrary File Upload via rest_upload	CVE-2023-51409	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	January 9, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation