💥 Time to wrap up this year and kick-off the new year with a bang! We’re wrapping up the year with our End of Year Holiday Extravaganza, High-Risk Bonus Blitz Challenge, and Superhero Challenge for the Wordfence Bug Bounty Program.

Through January 6th, 2025, our program has an expanded scope for all researchers with a new lower active install count threshold, automatic bonuses for in-scope submissions, an extra bonus for those focusing on high-risk vulnerabilities, a minimum bounty for all submissions, increased pending report limits, and our rewards remain as high as $31,200.

Review what's in scope for your tier and updated bounties with bonuses here!

Vulnerabilities protected by our LFI: Local File Inclusion firewall rule

577,167

Attacks Blocked in Past 24 Hours

Showing 21-40 of 254 Vulnerabilities

Meta News <= 1.1.7 - Unauthenticated Local File Inclusion

9.8

CVE-2024-50435

Oct 24, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Clean Retina <= 3.0.6 - Unauthenticated Local File Inclusion

9.8

CVE-2024-50436

Oct 24, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Qode Essential Addons <= 1.6.3 - Authenticated (Contributor+) Local File Inclusion

8.8

CVE-2024-50457

Oct 24, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

The Pack Elementor addons <= 2.0.9 - Authenticated (Contributor+) Local File Inclusion

8.8

CVE-2024-50453

Oct 24, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Qi Blocks <= 1.3.2 - Authenticated (Contributor+) Local File Inclusion

8.8

CVE-2024-49690

Oct 21, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Mags <= 1.1.6 - Unauthenticated Local File Inclusion

9.8

CVE-2024-49701

Oct 21, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Point Maker <= 0.1.4 - Authenticated (Contributor+) Local File Inclusion

8.8

CVE-2024-49317

Oct 15, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

FREE DOWNLOAD MANAGER <= 1.0.0 - Unauthenticated Arbitrary File Download

7.5

CVE-2024-49315

Oct 15, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Dynamic Elementor Addons <= 1.0.0 - Authenticated (Contributor+) Local File Inclusion

8.8

CVE-2024-49243

Oct 14, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

WordPress Gallery Plugin – Limb Image Gallery <= 1.5.7 - Authenticated (Subscriber+) Arbitrary File Download

6.5

CVE-2024-49258

Oct 14, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Maan Addons For Elementor <= 1.0.1 - Authenticated (Contributor+) Local File Inclusion

8.8

CVE-2024-49251

Oct 14, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

WordPress Comments Import & Export <= 2.3.7 - Authenticated (Author+) Arbitrary File Read via Directory Traversal

6.5

CVE-2024-7514

Oct 10, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

pretix widget <= 1.0.5 - Authenticated (Contributor+) Local File Inclusion

8.8

CVE-2024-9575

Oct 9, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Hello World <= 2.1.1 - Authenticated (Subscriber+) Arbitrary File Read

6.5

CVE-2024-9224

Sep 30, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Top Bar – PopUps – by WPOptin <= 2.0.1 - Unauthenticated Local File Inclusion

8.1

CVE-2024-47645

Sep 30, 2024

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Cities Shipping Zones for WooCommerce <= 1.2.7 - Authenticated (Shop Manager+) Local File Inclusion

7.2

CVE-2024-47309

Sep 25, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

WP Timeline – Vertical and Horizontal timeline plugin <= 3.6.7 - Unauthenticated Local File Inclusion

9.8

CVE-2024-47323

Sep 25, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WP Timeline – Vertical and Horizontal timeline plugin <= 3.6.7 - Authenticated (Contributor+) Local File Inclusion

8.8

CVE-2024-47324

Sep 25, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vmax Project Manager <= 1.0 - Unauthenticated Local File Inclusion

9.8

CVE-2024-44014

Sep 24, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WPSPX <= 1.0.2 - Unauthenticated Local File Inclusion

9.8

CVE-2024-44034

Sep 24, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
Meta News <= 1.1.7 - Unauthenticated Local File Inclusion	CVE-2024-50435	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	October 24, 2024
Clean Retina <= 3.0.6 - Unauthenticated Local File Inclusion	CVE-2024-50436	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	October 24, 2024
Qode Essential Addons <= 1.6.3 - Authenticated (Contributor+) Local File Inclusion	CVE-2024-50457	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	October 24, 2024
The Pack Elementor addons <= 2.0.9 - Authenticated (Contributor+) Local File Inclusion	CVE-2024-50453	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	October 24, 2024
Qi Blocks <= 1.3.2 - Authenticated (Contributor+) Local File Inclusion	CVE-2024-49690	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	October 21, 2024
Mags <= 1.1.6 - Unauthenticated Local File Inclusion	CVE-2024-49701	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	October 21, 2024
Point Maker <= 0.1.4 - Authenticated (Contributor+) Local File Inclusion	CVE-2024-49317	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	October 15, 2024
FREE DOWNLOAD MANAGER <= 1.0.0 - Unauthenticated Arbitrary File Download	CVE-2024-49315	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	October 15, 2024
Dynamic Elementor Addons <= 1.0.0 - Authenticated (Contributor+) Local File Inclusion	CVE-2024-49243	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	October 14, 2024
WordPress Gallery Plugin – Limb Image Gallery <= 1.5.7 - Authenticated (Subscriber+) Arbitrary File Download	CVE-2024-49258	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	October 14, 2024
Maan Addons For Elementor <= 1.0.1 - Authenticated (Contributor+) Local File Inclusion	CVE-2024-49251	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	October 14, 2024
WordPress Comments Import & Export <= 2.3.7 - Authenticated (Author+) Arbitrary File Read via Directory Traversal	CVE-2024-7514	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	October 10, 2024
pretix widget <= 1.0.5 - Authenticated (Contributor+) Local File Inclusion	CVE-2024-9575	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	October 9, 2024
Hello World <= 2.1.1 - Authenticated (Subscriber+) Arbitrary File Read	CVE-2024-9224	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	September 30, 2024
Top Bar – PopUps – by WPOptin <= 2.0.1 - Unauthenticated Local File Inclusion	CVE-2024-47645	8.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	September 30, 2024
Cities Shipping Zones for WooCommerce <= 1.2.7 - Authenticated (Shop Manager+) Local File Inclusion	CVE-2024-47309	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	September 25, 2024
WP Timeline – Vertical and Horizontal timeline plugin <= 3.6.7 - Unauthenticated Local File Inclusion	CVE-2024-47323	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	September 25, 2024
WP Timeline – Vertical and Horizontal timeline plugin <= 3.6.7 - Authenticated (Contributor+) Local File Inclusion	CVE-2024-47324	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	September 25, 2024
Vmax Project Manager <= 1.0 - Unauthenticated Local File Inclusion	CVE-2024-44014	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	September 24, 2024
WPSPX <= 1.0.2 - Unauthenticated Local File Inclusion	CVE-2024-44034	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	September 24, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation