💥 Time to wrap up this year and kick-off the new year with a bang! We’re wrapping up the year with our End of Year Holiday Extravaganza, High-Risk Bonus Blitz Challenge, and Superhero Challenge for the Wordfence Bug Bounty Program.

Through January 6th, 2025, our program has an expanded scope for all researchers with a new lower active install count threshold, automatic bonuses for in-scope submissions, an extra bonus for those focusing on high-risk vulnerabilities, a minimum bounty for all submissions, increased pending report limits, and our rewards remain as high as $31,200.

Review what's in scope for your tier and updated bounties with bonuses here!

Vulnerabilities protected by our LFI: Local File Inclusion firewall rule

573,592

Attacks Blocked in Past 24 Hours

Showing 221-240 of 254 Vulnerabilities

Two Way Chat <= 3.1.4 - Authenticated (Admin+) Local File Inclusion

7.2

CVE ID Unknown

Oct 5, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Live Scores for SportsPress <= 1.9.0 - Authenticated (Admin+) Local File Inclusion

7.2

CVE ID Unknown

Aug 24, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

UpdraftPlus < 1.16.59 - Authenticated (Admin+) Local File Inclusion

7.2

CVE ID Unknown

Jul 12, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Redirection <= 2.7.3 - Local File Inclusion

7.2

CVE-2018-1000504

Jul 12, 2018

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Subscribe to Comments <= 2.1.2 - Local File Includion

7.2

CVE ID Unknown

Jul 15, 2015

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

GD bbPress Attachments < 2.3 - Directory Traversal

7.2

CVE-2015-5482

Jul 9, 2015

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Ultimate Addons for WPBakery Page Builder <= 3.19.14 - Authenticated(Contributor+) Local File Inclusion

7.1

CVE-2023-46205

Oct 19, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

VR Calendar <= 2.4.4 - Authenticated (Administrator+) Local File Inclusion

6.8

CVE ID Unknown

Jul 28, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Popup Box <= 2.1.2 - Authenticated Local File Inclusion

6.8

CVE-2022-29445

May 17, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Counter Box <= 1.1.1 - Authenticated Local File Inclusion

6.8

CVE-2022-29446

May 16, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Hover Effects – easily create any hover effect <= 2.1 - Authenticated Local File Inclusion

6.8

CVE-2022-29447

May 16, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

WordPress Gallery Plugin – Limb Image Gallery <= 1.5.7 - Authenticated (Subscriber+) Arbitrary File Download

6.5

CVE-2024-49258

Oct 14, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

WordPress Comments Import & Export <= 2.3.7 - Authenticated (Author+) Arbitrary File Read via Directory Traversal

6.5

CVE-2024-7514

Oct 10, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Hello World <= 2.1.1 - Authenticated (Subscriber+) Arbitrary File Read

6.5

CVE-2024-9224

Sep 30, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

SellKit <= 1.8.1 - Authenticated (Subscriber+) Arbitrary File Download

6.5

CVE-2024-30509

Mar 28, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Backuply – Backup, Restore, Migrate and Clone <= 1.2.3 - Authenticated (Administrator+) Directory Traversal

6.5

CVE-2024-0697

Jan 26, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Cab fare calculator <= 1.0.3 - Unauthenticated Local File Inclusion

6.5

CVE-2022-1391

Apr 20, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

WordPress Core <= 5.0.3 - Path Traversal and Local File Inclusion

6.5

CVE-2019-8943

Feb 19, 2019

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

NextGen Gallery <= 2.1.10 - Local File Inclusion

6.5

CVE-2015-9538

Aug 28, 2015

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

ND Shortcodes <= 6.9 - Authenticated (Subscriber+) Local File Inclusion

6.4

CVE-2023-1273

Jun 12, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Two Way Chat <= 3.1.4 - Authenticated (Admin+) Local File Inclusion		7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	October 5, 2021
Live Scores for SportsPress <= 1.9.0 - Authenticated (Admin+) Local File Inclusion		7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	August 24, 2021
UpdraftPlus < 1.16.59 - Authenticated (Admin+) Local File Inclusion		7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	July 12, 2021
Redirection <= 2.7.3 - Local File Inclusion	CVE-2018-1000504	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	July 12, 2018
Subscribe to Comments <= 2.1.2 - Local File Includion		7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	July 15, 2015
GD bbPress Attachments < 2.3 - Directory Traversal	CVE-2015-5482	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	July 9, 2015
Ultimate Addons for WPBakery Page Builder <= 3.19.14 - Authenticated(Contributor+) Local File Inclusion	CVE-2023-46205	7.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N	October 19, 2023
VR Calendar <= 2.4.4 - Authenticated (Administrator+) Local File Inclusion		6.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N	July 28, 2022
Popup Box <= 2.1.2 - Authenticated Local File Inclusion	CVE-2022-29445	6.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H	May 17, 2022
Counter Box <= 1.1.1 - Authenticated Local File Inclusion	CVE-2022-29446	6.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H	May 16, 2022
Hover Effects – easily create any hover effect <= 2.1 - Authenticated Local File Inclusion	CVE-2022-29447	6.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H	May 16, 2022
WordPress Gallery Plugin – Limb Image Gallery <= 1.5.7 - Authenticated (Subscriber+) Arbitrary File Download	CVE-2024-49258	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	October 14, 2024
WordPress Comments Import & Export <= 2.3.7 - Authenticated (Author+) Arbitrary File Read via Directory Traversal	CVE-2024-7514	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	October 10, 2024
Hello World <= 2.1.1 - Authenticated (Subscriber+) Arbitrary File Read	CVE-2024-9224	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	September 30, 2024
SellKit <= 1.8.1 - Authenticated (Subscriber+) Arbitrary File Download	CVE-2024-30509	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	March 28, 2024
Backuply – Backup, Restore, Migrate and Clone <= 1.2.3 - Authenticated (Administrator+) Directory Traversal	CVE-2024-0697	6.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N	January 26, 2024
Cab fare calculator <= 1.0.3 - Unauthenticated Local File Inclusion	CVE-2022-1391	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	April 20, 2022
WordPress Core <= 5.0.3 - Path Traversal and Local File Inclusion	CVE-2019-8943	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N	February 19, 2019
NextGen Gallery <= 2.1.10 - Local File Inclusion	CVE-2015-9538	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	August 28, 2015
ND Shortcodes <= 6.9 - Authenticated (Subscriber+) Local File Inclusion	CVE-2023-1273	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	June 12, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation