🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Vulnerabilities protected by our Malicious File Upload firewall rule

194,107

Attacks Blocked in Past 24 Hours

Showing 81-100 of 464 Vulnerabilities

Ninja Forms - File Uploads Extension <= 3.3.0 - Arbitrary File Upload

9.8

CVE-2022-0888

Mar 20, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WP Live Chat Support Pro <= 8.0.26 - Arbitrary File Upload

9.8

CVE-2019-11185

May 7, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

User Submitted Posts <= 20190312 - Unauthenticated Arbitrary File Upload

9.8

CVE-2019-25138

May 2, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SupportCandy – Helpdesk & Support Ticket System <= 2.0.0 - Arbitrary File Upload

9.8

CVE-2019-11223

Apr 17, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WP Live Chat Support Pro <= 8.0.06 - Remote Code Execution via unrestricted file upload

9.8

CVE-2018-12426

Mar 11, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Indeed Membership Pro <= 7.5 - Arbitrary File Upload

9.8

CVE ID Unknown

Feb 26, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WP Cost Estimation <= 9.642 - Missing Authorization to Arbitrary File Upload/Delete

9.8

CVE ID Unknown

Feb 14, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Baggage Freight Shipping Australia <= 0.1.0 - Arbitrary File Upload

9.8

CVE ID Unknown

Jan 8, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Audio Record <= 1.0 - Arbitrary File Upload

9.8

CVE ID Unknown

Jan 7, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership <= 1.4.13 - Arbitrary File Upload

9.8

CVE-2019-1010209

Oct 31, 2018

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Arigato Autoresponder and Newsletter <= 2.7 - Arbitrary File Upload

9.8

CVE-2018-18461

Oct 17, 2018

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tajer <= 1.0.5 - Arbitrary File Upload

9.8

CVE-2018-9206

Oct 15, 2018

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Wp-Insert <= 2.4.2 - Arbitrary File Upload

9.8

CVE-2018-17573

Sep 27, 2018

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Deep Blue <= 1.9.2 - Arbitrary File Upload

9.8

CVE ID Unknown

Feb 19, 2018

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AccessPress Anonymous Post Pro <= 3.1.9 - Unauthenticated Arbitrary File Upload

9.8

CVE-2017-16949

Dec 19, 2017

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

RegistrationMagic - Custom Registration Forms <= 3.7.9.2 - PHP Object Injection

9.8

CVE ID Unknown

Oct 2, 2017

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

flickr-picture-backup <= 0.7 - Arbitrary file upload

9.8

CVE-2017-1002016

Apr 26, 2017

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WC Catalog Enquiry <= 3.0.5 - Arbitrary File Upload

9.8

CVE-2017-18592

Apr 20, 2017

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Wp2android <= 1.1.4 - Arbitrary File Upload

9.8

CVE-2017-1002003

Mar 7, 2017

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Mobile App Builder by WapPress <= 1.05 - Arbitrary File Upload

9.8

CVE-2017-1002001

Mar 7, 2017

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
Ninja Forms - File Uploads Extension <= 3.3.0 - Arbitrary File Upload	CVE-2022-0888	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	March 20, 2020
WP Live Chat Support Pro <= 8.0.26 - Arbitrary File Upload	CVE-2019-11185	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 7, 2019
User Submitted Posts <= 20190312 - Unauthenticated Arbitrary File Upload	CVE-2019-25138	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 2, 2019
SupportCandy – Helpdesk & Support Ticket System <= 2.0.0 - Arbitrary File Upload	CVE-2019-11223	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	April 17, 2019
WP Live Chat Support Pro <= 8.0.06 - Remote Code Execution via unrestricted file upload	CVE-2018-12426	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	March 11, 2019
Indeed Membership Pro <= 7.5 - Arbitrary File Upload		9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 26, 2019
WP Cost Estimation <= 9.642 - Missing Authorization to Arbitrary File Upload/Delete		9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 14, 2019
Baggage Freight Shipping Australia <= 0.1.0 - Arbitrary File Upload		9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	January 8, 2019
Audio Record <= 1.0 - Arbitrary File Upload		9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	January 7, 2019
GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership <= 1.4.13 - Arbitrary File Upload	CVE-2019-1010209	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	October 31, 2018
Arigato Autoresponder and Newsletter <= 2.7 - Arbitrary File Upload	CVE-2018-18461	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	October 17, 2018
Tajer <= 1.0.5 - Arbitrary File Upload	CVE-2018-9206	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	October 15, 2018
Wp-Insert <= 2.4.2 - Arbitrary File Upload	CVE-2018-17573	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	September 27, 2018
Deep Blue <= 1.9.2 - Arbitrary File Upload		9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 19, 2018
AccessPress Anonymous Post Pro <= 3.1.9 - Unauthenticated Arbitrary File Upload	CVE-2017-16949	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 19, 2017
RegistrationMagic - Custom Registration Forms <= 3.7.9.2 - PHP Object Injection		9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	October 2, 2017
flickr-picture-backup <= 0.7 - Arbitrary file upload	CVE-2017-1002016	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	April 26, 2017
WC Catalog Enquiry <= 3.0.5 - Arbitrary File Upload	CVE-2017-18592	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	April 20, 2017
Wp2android <= 1.1.4 - Arbitrary File Upload	CVE-2017-1002003	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	March 7, 2017
Mobile App Builder by WapPress <= 1.05 - Arbitrary File Upload	CVE-2017-1002001	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	March 7, 2017

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation