💥 Time to wrap up this year and kick-off the new year with a bang! We’re wrapping up the year with our End of Year Holiday Extravaganza, High-Risk Bonus Blitz Challenge, and Superhero Challenge for the Wordfence Bug Bounty Program.

Through January 6th, 2025, our program has an expanded scope for all researchers with a new lower active install count threshold, automatic bonuses for in-scope submissions, an extra bonus for those focusing on high-risk vulnerabilities, a minimum bounty for all submissions, increased pending report limits, and our rewards remain as high as $31,200.

Review what's in scope for your tier and updated bounties with bonuses here!

Vulnerabilities protected by our Malicious File Upload (PHP) firewall rule

405,133

Attacks Blocked in Past 24 Hours

Showing 61-80 of 458 Vulnerabilities

Welcart e-Commerce <= 2.9.4 - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVE-2023-5953

Nov 14, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Slider Revolution <= 6.6.15 - Authenticated (Author+) Arbitrary File Upload

7.2

CVE-2023-47784

Nov 14, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Filr – Secure document library <= 1.2.3.5 - Authenticated (Author+) Arbitrary File Upload

8.8

CVE-2023-5762

Nov 13, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Drag and Drop Multiple File Upload - Contact Form 7 <= 1.3.7.3 - Unauthenticated Arbitrary File Upload

8.1

CVE-2023-5822

Nov 1, 2023

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Themify Ultra <= 7.3.5 - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVE-2023-46149

Oct 17, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

WooCommerce Ninja Forms Product Add-ons <= 1.7.0 - Unauthenticated Arbitrary File Upload

9.8

CVE-2023-5601

Oct 16, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

User Submitted Posts <= 20230902 - Unauthenticated Arbitrary File Upload

9.8

CVE-2023-45603

Oct 10, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Welcart e-Commerce <= 2.8.21 - Authenticated(Editor+) Arbitrary File Upload

8.8

CVE-2023-40219

Sep 26, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

File Manager Pro – Filester <= 1.8 - Authenticated (Admin+) Arbitrary File Upload

7.2

CVE-2023-4861

Sep 19, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

My Account Page Editor <= 1.3.1 - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVE-2023-4536

Sep 7, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Export Import Menus <= 1.8.0 - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVE-2023-34385

Sep 4, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Forminator <= 1.24.6 - Unauthenticated Arbitrary File Upload

9.8

CVE-2023-4596

Aug 29, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Import XML and RSS Feeds <= 2.1.3 - Authenticated (Admin+) Arbitrary File Upload

7.2

CVE-2023-4300

Aug 28, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Folders <= 2.9.2 - Authenticated (Author+) Arbitrary File Upload

8.8

CVE ID Unknown

Aug 25, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

JupiterX Core <= 3.3.5 - Unauthenticated Arbitrary File Upload

9.8

CVE-2023-38388

Aug 22, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

JS Help Desk – Best Help Desk & Support Plugin <= 2.7.7 - Authenticated (Administrator+) Arbitrary File Upload

7.2

CVE-2023-25444

Aug 17, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Avada <= 7.11.1 - Authenticated(Contributor+) Arbitrary File Upload via 'ajax_import_options'

7.5

CVE-2023-39307

Aug 10, 2023

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Kadence Blocks <= 3.1.10 - Unauthenticated Arbitrary File Upload

9.8

CVE ID Unknown

Aug 9, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WordPress Job Board and Recruitment Plugin – JobWP <= 2.0 - Arbitrary File Upload via 'jobwp_upload_resume'

9.8

CVE-2023-29384

Aug 1, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Download Monitor <= 4.8.3 - Authenticated(Subscriber+) Arbitrary File Upload via upload_file

8.8

CVE-2023-34007

Jun 7, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
Welcart e-Commerce <= 2.9.4 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2023-5953	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	November 14, 2023
Slider Revolution <= 6.6.15 - Authenticated (Author+) Arbitrary File Upload	CVE-2023-47784	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	November 14, 2023
Filr – Secure document library <= 1.2.3.5 - Authenticated (Author+) Arbitrary File Upload	CVE-2023-5762	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	November 13, 2023
Drag and Drop Multiple File Upload - Contact Form 7 <= 1.3.7.3 - Unauthenticated Arbitrary File Upload	CVE-2023-5822	8.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	November 1, 2023
Themify Ultra <= 7.3.5 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2023-46149	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	October 17, 2023
WooCommerce Ninja Forms Product Add-ons <= 1.7.0 - Unauthenticated Arbitrary File Upload	CVE-2023-5601	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	October 16, 2023
User Submitted Posts <= 20230902 - Unauthenticated Arbitrary File Upload	CVE-2023-45603	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	October 10, 2023
Welcart e-Commerce <= 2.8.21 - Authenticated(Editor+) Arbitrary File Upload	CVE-2023-40219	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	September 26, 2023
File Manager Pro – Filester <= 1.8 - Authenticated (Admin+) Arbitrary File Upload	CVE-2023-4861	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	September 19, 2023
My Account Page Editor <= 1.3.1 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2023-4536	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	September 7, 2023
Export Import Menus <= 1.8.0 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2023-34385	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	September 4, 2023
Forminator <= 1.24.6 - Unauthenticated Arbitrary File Upload	CVE-2023-4596	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	August 29, 2023
Import XML and RSS Feeds <= 2.1.3 - Authenticated (Admin+) Arbitrary File Upload	CVE-2023-4300	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	August 28, 2023
Folders <= 2.9.2 - Authenticated (Author+) Arbitrary File Upload		8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	August 25, 2023
JupiterX Core <= 3.3.5 - Unauthenticated Arbitrary File Upload	CVE-2023-38388	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	August 22, 2023
JS Help Desk – Best Help Desk & Support Plugin <= 2.7.7 - Authenticated (Administrator+) Arbitrary File Upload	CVE-2023-25444	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	August 17, 2023
Avada <= 7.11.1 - Authenticated(Contributor+) Arbitrary File Upload via 'ajax_import_options'	CVE-2023-39307	7.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	August 10, 2023
Kadence Blocks <= 3.1.10 - Unauthenticated Arbitrary File Upload		9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	August 9, 2023
WordPress Job Board and Recruitment Plugin – JobWP <= 2.0 - Arbitrary File Upload via 'jobwp_upload_resume'	CVE-2023-29384	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	August 1, 2023
Download Monitor <= 4.8.3 - Authenticated(Subscriber+) Arbitrary File Upload via upload_file	CVE-2023-34007	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	June 7, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation