💥 Time to wrap up this year and kick-off the new year with a bang! We’re wrapping up the year with our End of Year Holiday Extravaganza, High-Risk Bonus Blitz Challenge, and Superhero Challenge for the Wordfence Bug Bounty Program.

Through January 6th, 2025, our program has an expanded scope for all researchers with a new lower active install count threshold, automatic bonuses for in-scope submissions, an extra bonus for those focusing on high-risk vulnerabilities, a minimum bounty for all submissions, increased pending report limits, and our rewards remain as high as $31,200.

Review what's in scope for your tier and updated bounties with bonuses here!

Vulnerabilities protected by our Directory Traversal firewall rule

1,742,844

Attacks Blocked in Past 24 Hours

Showing 221-240 of 315 Vulnerabilities

Cart66 Lite - WordPress Ecommerce < 1.5.4 - Directory Traversal to Arbitrary File Disclosure

6.5

CVE-2014-9461

Jan 1, 2015

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

WP DB Manager < 2.7.2 - Arbitrary File Read

6.5

CVE-2014-8336

Oct 13, 2014

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

WordPress Core < 2.1 - Directory Traversal

6.5

CVE-2007-0541

Jan 24, 2007

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

WordPress Core <= 2.0.4 - Directory Traversal

6.5

CVE-2006-5705

Oct 27, 2006

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Remote Content Shortcode <= 1.5 - Authenticated(Contributor+) Local File Inclusion via shortcode

6.3

CVE-2023-45652

Oct 12, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Urban City (All Versions) - Arbitrary File Download

6.2

CVE ID Unknown

Sep 8, 2014

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Backup and Restore plugin – WordPress <= 1.0.3 - Authenticated (Admin+) Arbitrary File Deletion

5.5

CVE ID Unknown

Nov 8, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

Skippy WP-DB Backup (Legacy Plugin) <= 1.7 - Authenticated (Admin+) Directory Traversal

5.5

CVE-2006-4208

Aug 14, 2006

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N

WP Recipe Maker <= 9.1.0 - Directory Traversal

5.4

CVE-2024-0380

Jan 17, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

WordPress Core < 6.2.1 - Directory Traversal

5.4

CVE-2023-2745

May 16, 2023

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Product Configurator for WooCommerce <= 1.2.31 - Arbitrary File Deletion

5.4

CVE-2022-1953

Jun 1, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

BP Group Documents <= 1.2.1 - Path Traversal

5.4

CVE ID Unknown

Oct 4, 2013

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Snow Monkey Forms <= 5.1.1 - Directory Traversal via 'view' REST endpiont

5.3

CVE-2023-28413

May 8, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

MW WP Form <= 4.4.2 - Directory Traversal via _file_upload

5.3

CVE-2023-28409

May 8, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Hummingbird <= 3.4.1 - Unauthenticated Path Traversal

5.3

CVE-2023-1478

Mar 20, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Media File Manager <= 1.4.2 - Directory Traversal to Directory Listing

5.3

CVE-2018-19040

May 11, 2018

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Media File Manager <= 1.4.2 - Directory Traversal to Arbitrary File Read

5.3

CVE-2018-19043

May 11, 2018

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Smush – Lazy Load Images, Optimize & Compress Images <= 2.7.5 - Directory Traversal

5.3

CVE-2017-15079

Sep 21, 2017

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Swim Team < 1.45.1085 - Directory Traversal

5.3

CVE-2015-5471

Jul 8, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

PayPal Currency Converter BASIC for WooCommerce <= 1.3 - Path Traversal to Arbitrary File Read

5.3

CVE-2015-5065

Jun 10, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Title	CVE ID	CVSS	Vector	Date
Cart66 Lite - WordPress Ecommerce < 1.5.4 - Directory Traversal to Arbitrary File Disclosure	CVE-2014-9461	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	January 1, 2015
WP DB Manager < 2.7.2 - Arbitrary File Read	CVE-2014-8336	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	October 13, 2014
WordPress Core < 2.1 - Directory Traversal	CVE-2007-0541	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	January 24, 2007
WordPress Core <= 2.0.4 - Directory Traversal	CVE-2006-5705	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	October 27, 2006
Remote Content Shortcode <= 1.5 - Authenticated(Contributor+) Local File Inclusion via shortcode	CVE-2023-45652	6.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L	October 12, 2023
Urban City (All Versions) - Arbitrary File Download		6.2	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	September 8, 2014
Backup and Restore plugin – WordPress <= 1.0.3 - Authenticated (Admin+) Arbitrary File Deletion		5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H	November 8, 2021
Skippy WP-DB Backup (Legacy Plugin) <= 1.7 - Authenticated (Admin+) Directory Traversal	CVE-2006-4208	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N	August 14, 2006
WP Recipe Maker <= 9.1.0 - Directory Traversal	CVE-2024-0380	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N	January 17, 2024
WordPress Core < 6.2.1 - Directory Traversal	CVE-2023-2745	5.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N	May 16, 2023
Product Configurator for WooCommerce <= 1.2.31 - Arbitrary File Deletion	CVE-2022-1953	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L	June 1, 2022
BP Group Documents <= 1.2.1 - Path Traversal		5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	October 4, 2013
Snow Monkey Forms <= 5.1.1 - Directory Traversal via 'view' REST endpiont	CVE-2023-28413	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	May 8, 2023
MW WP Form <= 4.4.2 - Directory Traversal via _file_upload	CVE-2023-28409	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	May 8, 2023
Hummingbird <= 3.4.1 - Unauthenticated Path Traversal	CVE-2023-1478	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	March 20, 2023
Media File Manager <= 1.4.2 - Directory Traversal to Directory Listing	CVE-2018-19040	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	May 11, 2018
Media File Manager <= 1.4.2 - Directory Traversal to Arbitrary File Read	CVE-2018-19043	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	May 11, 2018
Smush – Lazy Load Images, Optimize & Compress Images <= 2.7.5 - Directory Traversal	CVE-2017-15079	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	September 21, 2017
Swim Team < 1.45.1085 - Directory Traversal	CVE-2015-5471	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	July 8, 2015
PayPal Currency Converter BASIC for WooCommerce <= 1.3 - Path Traversal to Arbitrary File Read	CVE-2015-5065	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	June 10, 2015

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation