Vulnerabilities protected by our Malicious File Upload (PHP) firewall rule

451,306
Attacks Blocked in Past 24 Hours

Showing 181-200 of 458 Vulnerabilities

Title CVE ID CVSS Vector Date
Contact Form 7 <= 5.3.1 - Arbitrary File Upload via Bypass CVE-2020-35489 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H December 17, 2020
AIT CSV import/export <= 3.0.3 - Arbitrary File Upload 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H November 13, 2020
Simple File List < 4.2.3 - Remote Code Execution 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H November 2, 2020
Super Store Finder <= 6.1, Super Interactive Maps <= 1.9, Super Logo Showcase <= 2.2 - Arbitrary File Upload 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H October 21, 2020
PowerPress <= 8.3.7 - Arbitrary File Upload CVE-2021-24123 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H October 11, 2020
Autoptimize <= 2.7.7 - Arbitrary File Upload (and Remote Code Execution) via Import Settings CVE-2021-24376 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H October 9, 2020
Simple:Press – WordPress Forum Plugin <= 6.6.0 - Arbitrary File Upload CVE-2020-36706 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H September 25, 2020
Augmented reality plugin <= 1.2.0 - Arbitrary File Upload 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H September 3, 2020
File Manager <= 6.8 - Arbitrary File Upload/Remote Code Execution CVE-2020-25213 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H September 1, 2020
Quiz and Survey Master <= 7.0.1 - Arbitrary File Upload 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H August 29, 2020
Autoptimize <= 2.7.6 - Authenticated Arbitrary File Upload CVE-2020-24948 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H August 24, 2020
Elegant Themes (Multiple Versions) - Arbitrary File Upload CVE-2020-35945 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H August 3, 2020
Quiz and Survey Master <= 7.0.0 - Arbitrary File Upload CVE-2020-35949 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H August 3, 2020
Adning Advertising <= 1.5.5 - Arbitrary File Upload CVE-2020-36705 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H July 7, 2020
Page Builder: KingComposer < 2.9.4 - Arbitrary File Upload CVE-2020-36701 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H June 15, 2020
Drag and Drop Multiple File Upload - Contact Form 7 <= 1.3.3.2 - Arbitrary File Upload CVE-2020-12800 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H June 4, 2020
Allow SVG Files <= 1.0 - Authenticated (Admin+) Arbitrary File Upload CVE-2022-1939 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H May 30, 2020
MapPress Maps <= 2.54.5 - Remote Code Execution via Improper Capability Checks in AJAX Calls CVE-2020-12675 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H May 28, 2020
Elementor Pro <= 2.9.3 - Authenticated (Subscriber+) Arbitrary File Upload CVE-2020-13126 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H May 6, 2020
Ninja Forms - File Uploads Extension <= 3.3.0 - Arbitrary File Upload CVE-2022-0888 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H March 20, 2020

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation