💥 Time to wrap up this year and kick-off the new year with a bang! We’re wrapping up the year with our End of Year Holiday Extravaganza, High-Risk Bonus Blitz Challenge, and Superhero Challenge for the Wordfence Bug Bounty Program.

Through January 6th, 2025, our program has an expanded scope for all researchers with a new lower active install count threshold, automatic bonuses for in-scope submissions, an extra bonus for those focusing on high-risk vulnerabilities, a minimum bounty for all submissions, increased pending report limits, and our rewards remain as high as $31,200.

Review what's in scope for your tier and updated bounties with bonuses here!

Vulnerabilities protected by our Malicious File Upload (PHP) firewall rule

404,451

Attacks Blocked in Past 24 Hours

Showing 21-40 of 458 Vulnerabilities

Sovratec Case Management <= 1.0.0 - Unauthenticated Arbitrary File Upload

9.8

CVE-2024-49324

Oct 17, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affiliator <= 2.1.3 - Unauthenticated Arbitrary File Upload

9.8

CVE-2024-49326

Oct 17, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

photokit <= 1.0 - Unauthenticated Arbitrary File Upload

9.8

CVE-2024-49610

Oct 17, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WP Dropbox Dropins <= 1.0 - Unauthenticated Arbitrary File Upload

9.8

CVE-2024-49607

Oct 17, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Woostagram Connect <= 1.0.2 - Unauthenticated Arbitrary File Upload

9.8

CVE-2024-49327

Oct 17, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

JiangQie Free Mini Program <= 2.5.2 - Unauthenticated Arbitrary File Uplaod

9.8

CVE-2024-49314

Oct 15, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Bug Library <= 2.1 - Unauthenticated Arbitrary File Upload

9.8

CVE-2024-5450

Jun 22, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Salon Booking System <= 10.2 - Unauthenticated Arbitrary File Upload

9.8

CVE-2024-3229

Jun 18, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WooCommerce Easy Checkout Field Editor, Fees & Discounts <= 3.5.12 - Unauthenticated Arbitrary File Upload

9.8

CVE-2024-25925

Feb 14, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

MoveTo <= 6.2 - Unauthenticated Arbitrary File Upload

9.8

CVE-2024-25913

Feb 12, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

TerraClassifieds <= 2.0.3 Unauthenticated Arbitrary File Upload

9.8

CVE-2023-51473

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WappPress <= 5.0.3 - Unauthenticated Arbitrary File Upload

9.8

CVE-2023-49815

Dec 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

MW WP Form <= 5.0.1 - Unauthenticated Arbitrary File Upload

9.8

CVE-2023-6316

Dec 4, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WooCommerce Ninja Forms Product Add-ons <= 1.7.0 - Unauthenticated Arbitrary File Upload

9.8

CVE-2023-5601

Oct 16, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

User Submitted Posts <= 20230902 - Unauthenticated Arbitrary File Upload

9.8

CVE-2023-45603

Oct 10, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Forminator <= 1.24.6 - Unauthenticated Arbitrary File Upload

9.8

CVE-2023-4596

Aug 29, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

JupiterX Core <= 3.3.5 - Unauthenticated Arbitrary File Upload

9.8

CVE-2023-38388

Aug 22, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Kadence Blocks <= 3.1.10 - Unauthenticated Arbitrary File Upload

9.8

CVE ID Unknown

Aug 9, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WordPress Job Board and Recruitment Plugin – JobWP <= 2.0 - Arbitrary File Upload via 'jobwp_upload_resume'

9.8

CVE-2023-29384

Aug 1, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Bit Form <= 1.8.1 - Unauthenticated Arbitrary File Upload to Remote Code Execution

9.8

CVE-2022-4774

Apr 19, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
Sovratec Case Management <= 1.0.0 - Unauthenticated Arbitrary File Upload	CVE-2024-49324	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	October 17, 2024
Affiliator <= 2.1.3 - Unauthenticated Arbitrary File Upload	CVE-2024-49326	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	October 17, 2024
photokit <= 1.0 - Unauthenticated Arbitrary File Upload	CVE-2024-49610	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	October 17, 2024
WP Dropbox Dropins <= 1.0 - Unauthenticated Arbitrary File Upload	CVE-2024-49607	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	October 17, 2024
Woostagram Connect <= 1.0.2 - Unauthenticated Arbitrary File Upload	CVE-2024-49327	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	October 17, 2024
JiangQie Free Mini Program <= 2.5.2 - Unauthenticated Arbitrary File Uplaod	CVE-2024-49314	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	October 15, 2024
Bug Library <= 2.1 - Unauthenticated Arbitrary File Upload	CVE-2024-5450	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	June 22, 2024
Salon Booking System <= 10.2 - Unauthenticated Arbitrary File Upload	CVE-2024-3229	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	June 18, 2024
WooCommerce Easy Checkout Field Editor, Fees & Discounts <= 3.5.12 - Unauthenticated Arbitrary File Upload	CVE-2024-25925	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 14, 2024
MoveTo <= 6.2 - Unauthenticated Arbitrary File Upload	CVE-2024-25913	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 12, 2024
TerraClassifieds <= 2.0.3 Unauthenticated Arbitrary File Upload	CVE-2023-51473	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
WappPress <= 5.0.3 - Unauthenticated Arbitrary File Upload	CVE-2023-49815	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 5, 2023
MW WP Form <= 5.0.1 - Unauthenticated Arbitrary File Upload	CVE-2023-6316	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 4, 2023
WooCommerce Ninja Forms Product Add-ons <= 1.7.0 - Unauthenticated Arbitrary File Upload	CVE-2023-5601	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	October 16, 2023
User Submitted Posts <= 20230902 - Unauthenticated Arbitrary File Upload	CVE-2023-45603	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	October 10, 2023
Forminator <= 1.24.6 - Unauthenticated Arbitrary File Upload	CVE-2023-4596	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	August 29, 2023
JupiterX Core <= 3.3.5 - Unauthenticated Arbitrary File Upload	CVE-2023-38388	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	August 22, 2023
Kadence Blocks <= 3.1.10 - Unauthenticated Arbitrary File Upload		9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	August 9, 2023
WordPress Job Board and Recruitment Plugin – JobWP <= 2.0 - Arbitrary File Upload via 'jobwp_upload_resume'	CVE-2023-29384	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	August 1, 2023
Bit Form <= 1.8.1 - Unauthenticated Arbitrary File Upload to Remote Code Execution	CVE-2022-4774	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	April 19, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation