💥 Time to wrap up this year and kick-off the new year with a bang! We’re wrapping up the year with our End of Year Holiday Extravaganza, High-Risk Bonus Blitz Challenge, and Superhero Challenge for the Wordfence Bug Bounty Program.

Through January 6th, 2025, our program has an expanded scope for all researchers with a new lower active install count threshold, automatic bonuses for in-scope submissions, an extra bonus for those focusing on high-risk vulnerabilities, a minimum bounty for all submissions, increased pending report limits, and our rewards remain as high as $31,200.

Review what's in scope for your tier and updated bounties with bonuses here!

Vulnerabilities protected by our LFI: Local File Inclusion firewall rule

566,387

Attacks Blocked in Past 24 Hours

Showing 201-220 of 254 Vulnerabilities

Wholesale Market for WooCommerce <= 1.0.6 - Unauthenticated Arbitrary File Download

7.5

CVE-2022-4106

Nov 28, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Cost Calculator <= 1.8 - Authenticated Local File Inclusion

7.5

CVE-2021-24820

Feb 1, 2022

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Images to WebP <= 1.8 - Local File Inclusion

7.5

CVE-2021-24644

Oct 19, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Adaptive Images for WordPress <= 0.6.66 - Local File Inclusion

7.5

CVE-2019-14205

Jul 19, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

WP Rocket <= 2.10.3 - Local File Inclusion

7.5

CVE-2017-11658

Jun 22, 2017

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

NextGen Gallery <= 2.1.56 - Remote File Inclusion

7.5

CVE-2016-6565

Nov 15, 2016

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

IMDB Profile Widget < 1.0.9 - Local File Inclusion

7.5

CVE-2016-10991

Mar 26, 2016

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

WP AmASIN – The Amazon Affiliate Shop <= 0.9.6 - Local File Inclusion

7.5

CVE-2014-4577

Aug 1, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tinymce Thumbnail Gallery <= 1.0.7 - Local File Inclusion

7.5

CVE ID Unknown

Aug 1, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Simple Download Button Shortcode <= 1.0 - Information Disclosure via Arbitrary File Downloads

7.5

CVE-2012-10016

Sep 17, 2012

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Team Member <= 7.3 - Authenticated (Editor+) Local File Inclusion

7.2

CVE-2024-52385

Nov 11, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

WordPress Post Grid Layouts with Pagination – Sogrid <= 1.5.6 - Authenticated (Admin+) Local File Inclusion

7.2

CVE-2024-8392

Oct 25, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Cities Shipping Zones for WooCommerce <= 1.2.7 - Authenticated (Shop Manager+) Local File Inclusion

7.2

CVE-2024-47309

Sep 25, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Checkout Mestres WP <= 8.6 - Authenticated (Admin+) Local File Inclusion

7.2

CVE-2024-44030

Sep 24, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

PowerPack Lite for Beaver Builder <= 1.3.0.3 - Authenticated (Editor+) Local File Inclusion

7.2

CVE-2024-37410

Jun 28, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Woocommerce – Recent Purchases <= 1.0.1 - Authenticated (Admin+) Local File Inclusion

7.2

CVE-2024-35634

May 27, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Rehub <= 19.6.1 - Authenticated (Editor+) Local File Inclusion

7.2

CVE-2024-31232

Apr 3, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

S2W – Import Shopify to WooCommerce <= 1.1.12 - Authenticated (Admin+) Local File Inclusion

7.2

CVE-2022-44634

Nov 10, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Herd Effects <= 5.2 - Local File Inclusion

7.2

CVE-2022-29448

May 16, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

All-In-One-Gallery <= 2.4.9 - Admin+ Local File Inclusion

7.2

CVE-2021-24970

Nov 15, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
Wholesale Market for WooCommerce <= 1.0.6 - Unauthenticated Arbitrary File Download	CVE-2022-4106	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	November 28, 2022
Cost Calculator <= 1.8 - Authenticated Local File Inclusion	CVE-2021-24820	7.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	February 1, 2022
Images to WebP <= 1.8 - Local File Inclusion	CVE-2021-24644	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	October 19, 2021
Adaptive Images for WordPress <= 0.6.66 - Local File Inclusion	CVE-2019-14205	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	July 19, 2019
WP Rocket <= 2.10.3 - Local File Inclusion	CVE-2017-11658	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	June 22, 2017
NextGen Gallery <= 2.1.56 - Remote File Inclusion	CVE-2016-6565	7.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	November 15, 2016
IMDB Profile Widget < 1.0.9 - Local File Inclusion	CVE-2016-10991	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	March 26, 2016
WP AmASIN – The Amazon Affiliate Shop <= 0.9.6 - Local File Inclusion	CVE-2014-4577	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	August 1, 2014
Tinymce Thumbnail Gallery <= 1.0.7 - Local File Inclusion		7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	August 1, 2014
Simple Download Button Shortcode <= 1.0 - Information Disclosure via Arbitrary File Downloads	CVE-2012-10016	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	September 17, 2012
Team Member <= 7.3 - Authenticated (Editor+) Local File Inclusion	CVE-2024-52385	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	November 11, 2024
WordPress Post Grid Layouts with Pagination – Sogrid <= 1.5.6 - Authenticated (Admin+) Local File Inclusion	CVE-2024-8392	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	October 25, 2024
Cities Shipping Zones for WooCommerce <= 1.2.7 - Authenticated (Shop Manager+) Local File Inclusion	CVE-2024-47309	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	September 25, 2024
Checkout Mestres WP <= 8.6 - Authenticated (Admin+) Local File Inclusion	CVE-2024-44030	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	September 24, 2024
PowerPack Lite for Beaver Builder <= 1.3.0.3 - Authenticated (Editor+) Local File Inclusion	CVE-2024-37410	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	June 28, 2024
Woocommerce – Recent Purchases <= 1.0.1 - Authenticated (Admin+) Local File Inclusion	CVE-2024-35634	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	May 27, 2024
Rehub <= 19.6.1 - Authenticated (Editor+) Local File Inclusion	CVE-2024-31232	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	April 3, 2024
S2W – Import Shopify to WooCommerce <= 1.1.12 - Authenticated (Admin+) Local File Inclusion	CVE-2022-44634	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	November 10, 2022
Herd Effects <= 5.2 - Local File Inclusion	CVE-2022-29448	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	May 16, 2022
All-In-One-Gallery <= 2.4.9 - Admin+ Local File Inclusion	CVE-2021-24970	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	November 15, 2021

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation