💥 Time to wrap up this year and kick-off the new year with a bang! We’re wrapping up the year with our End of Year Holiday Extravaganza, High-Risk Bonus Blitz Challenge, and Superhero Challenge for the Wordfence Bug Bounty Program.

Through January 6th, 2025, our program has an expanded scope for all researchers with a new lower active install count threshold, automatic bonuses for in-scope submissions, an extra bonus for those focusing on high-risk vulnerabilities, a minimum bounty for all submissions, increased pending report limits, and our rewards remain as high as $31,200.

Review what's in scope for your tier and updated bounties with bonuses here!

Vulnerabilities protected by our Directory Traversal firewall rule

1,742,844

Attacks Blocked in Past 24 Hours

Showing 241-260 of 315 Vulnerabilities

Easy2map-photos <= 1.0.9 - Path Traversal

5.3

CVE-2015-4617

Jun 8, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Aspose Cloud eBook Generator <= 1.0 - Directory Traversal

5.3

CVE ID Unknown

Mar 27, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tom M8te <= 1.5.3 - Directory Traversal

5.3

CVE-2014-5187

Sep 27, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Last.fm Rotation <= 1.0 - Directory Traversal

5.3

CVE-2014-5181

May 28, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Ripe HD FLV <= 1.1 - Full Path Disclosure

5.3

CVE ID Unknown

Jan 20, 2013

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Eshop Magic < 0.2 - Arbitrary File Read

5.3

CVE ID Unknown

Oct 12, 2012

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Wp-ImageZoom < 1.0.5 - Directory Traversal

5.3

CVE ID Unknown

Jun 18, 2012

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

myEASYbackup < 1.0.9 - Directory Traversal

5.3

CVE-2012-0898

Jan 16, 2012

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

DMSGuestbook <= 1.8.0 - Directory Traversal

5.3

CVE-2008-0615

Feb 2, 2008

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

secure-files <= 1.1 - Directory Traversal

5.3

CVE-2005-10002

Oct 3, 2005

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Unite Gallery Lite <= 1.7.59 - Authenticated(Administrator+) Local File Inclusion via 'view' parameter

5.0

CVE-2023-33310

May 22, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N

WordPress Shortcodes Plugin — Shortcodes Ultimate < 4.10.0 - Directory Traversal

5.0

CVE-2017-2245

Jun 23, 2017

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

CYAN Backup <= 2.5.3 - Authenticated (Admin+) Arbitrary File Download

4.9

CVE-2024-52390

Nov 11, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CSS JS Files <= 1.5.0 - Authenticated (Admin+) Arbitrary File Read

4.9

CVE-2024-9146

Sep 24, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Database Cleaner <= 1.0.5 - Authenticated (Admin+) Arbitrary File Read

4.9

CVE-2024-35712

Jun 6, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Download Plugins and Themes from Dashboard <= 1.8.5 - Authenticated (Admin+) Arbitrary File Download

4.9

CVE-2024-35162

May 17, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Ajax Load More <= 7.0.1 - Authenticated (Admin+) Directory Traversal to Arbitrary File Read

4.9

CVE-2024-1790

Mar 26, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Backuply – Backup, Restore, Migrate and Clone <= 1.2.7 - Authenticated (Admin+) Directory Traversal

4.9

CVE-2024-2294

Mar 15, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

WordPress File Upload / WordPress File Upload Pro <= 4.19.1 - Authenticated (Administrator+) Path Traversal

4.9

CVE-2023-2688

May 23, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Photo Gallery by 10Web <= 1.8.14 - Authenticated (Administrator+) Directory Traversal

4.9

CVE-2023-1427

Mar 21, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Title	CVE ID	CVSS	Vector	Date
Easy2map-photos <= 1.0.9 - Path Traversal	CVE-2015-4617	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	June 8, 2015
Aspose Cloud eBook Generator <= 1.0 - Directory Traversal		5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	March 27, 2015
Tom M8te <= 1.5.3 - Directory Traversal	CVE-2014-5187	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	September 27, 2014
Last.fm Rotation <= 1.0 - Directory Traversal	CVE-2014-5181	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	May 28, 2014
Ripe HD FLV <= 1.1 - Full Path Disclosure		5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	January 20, 2013
Eshop Magic < 0.2 - Arbitrary File Read		5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	October 12, 2012
Wp-ImageZoom < 1.0.5 - Directory Traversal		5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	June 18, 2012
myEASYbackup < 1.0.9 - Directory Traversal	CVE-2012-0898	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	January 16, 2012
DMSGuestbook <= 1.8.0 - Directory Traversal	CVE-2008-0615	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	February 2, 2008
secure-files <= 1.1 - Directory Traversal	CVE-2005-10002	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	October 3, 2005
Unite Gallery Lite <= 1.7.59 - Authenticated(Administrator+) Local File Inclusion via 'view' parameter	CVE-2023-33310	5.0	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N	May 22, 2023
WordPress Shortcodes Plugin — Shortcodes Ultimate < 4.10.0 - Directory Traversal	CVE-2017-2245	5.0	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N	June 23, 2017
CYAN Backup <= 2.5.3 - Authenticated (Admin+) Arbitrary File Download	CVE-2024-52390	4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N	November 11, 2024
CSS JS Files <= 1.5.0 - Authenticated (Admin+) Arbitrary File Read	CVE-2024-9146	4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N	September 24, 2024
Database Cleaner <= 1.0.5 - Authenticated (Admin+) Arbitrary File Read	CVE-2024-35712	4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N	June 6, 2024
Download Plugins and Themes from Dashboard <= 1.8.5 - Authenticated (Admin+) Arbitrary File Download	CVE-2024-35162	4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N	May 17, 2024
Ajax Load More <= 7.0.1 - Authenticated (Admin+) Directory Traversal to Arbitrary File Read	CVE-2024-1790	4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N	March 26, 2024
Backuply – Backup, Restore, Migrate and Clone <= 1.2.7 - Authenticated (Admin+) Directory Traversal	CVE-2024-2294	4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N	March 15, 2024
WordPress File Upload / WordPress File Upload Pro <= 4.19.1 - Authenticated (Administrator+) Path Traversal	CVE-2023-2688	4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N	May 23, 2023
Photo Gallery by 10Web <= 1.8.14 - Authenticated (Administrator+) Directory Traversal	CVE-2023-1427	4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N	March 21, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation