Vulnerabilities protected by our Malicious File Upload firewall rule

606,371
Attacks Blocked in Past 24 Hours

Showing 1-20 of 568 Vulnerabilities

Title CVE ID CVSS Vector Date
WPGYM <= 67.1.0 - Unauthenticated Arbitrary File Upload CVE-2024-9942 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H November 22, 2024
School Management <= 91.5.0 - Unauthenticated Arbitrary File Upload CVE-2024-9659 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H November 22, 2024
Backup and Staging by WP Time Capsule <= 1.22.21 - Unauthenticated Arbitrary File Upload CVE-2024-8856 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H November 15, 2024
CDI <= 5.5.3 - Authenticated (Shop Manager+) Arbitrary File Upload CVE-2024-52398 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H November 13, 2024
Writer Helper <= 3.1.6 - Authenticated (Subscriber+) Arbitrary File Upload CVE-2024-52399 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H November 13, 2024
User Management <= 1.1 - Authenticated (Subscriber+) Arbitrary File Upload CVE-2024-52403 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H November 13, 2024
B-Banner Slider <= 1.1 - Authenticated (Subscriber+) Arbitrary File Upload CVE-2024-52405 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H November 13, 2024
CF7 Reply Manager <= 1.2.3 - Authenticated (Subscriber+) Arbitrary File Upload CVE-2024-52404 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H November 13, 2024
Push Notifications for WordPress by PushAssist <= 3.0.8 - Authenticated (Subscriber+) Arbitrary File Upload CVE-2024-52408 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H November 13, 2024
Convert Docx2post <= 1.4 - Authenticated (Author+) Arbitrary File Upload CVE-2024-52397 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H November 13, 2024
BasePress Migration Tools <= 1.0.0 - Authenticated (Subscriber+) Arbitrary File Upload CVE-2024-52407 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H November 13, 2024
Exclusive Content Password Protect <= 1.1.0 - Cross-Site Request Forgery to Arbitrary File Upload CVE-2024-52402 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H November 13, 2024
CSV to html <= 3.06 - Authenticated (Subscriber+) Arbitrary File Upload CVE-2024-52406 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H November 13, 2024
Hacklog DownloadManager <= 2.1.4 - Cross-Site Request Forgery to Arbitrary File Upload CVE-2024-52401 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H November 13, 2024
Gallerio <= 1.01 - Authenticated (Subscriber+) Arbitrary File Upload CVE-2024-52400 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H November 13, 2024
KBucket <= 4.1.6 - Authenticated (Subscriber+) Arbitrary File Upload CVE-2024-52369 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H November 11, 2024
Do That Task <= 1.5.5 - Unauthenticated Arbitrary File Upload CVE-2024-52374 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H November 11, 2024
Easy CSV Importer BETA <= 7.0.0 - Unauthenticated Arbitrary File Upload CVE-2024-52372 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H November 11, 2024
Hive Support – WordPress Help Desk <= 1.1.1 - Authenticated (Subscriber+) Arbitrary File Upload CVE-2024-52370 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H November 11, 2024
Instant Image Generator <= 1.5.4 - Unauthenticated Arbitrary File Upload CVE-2024-52377 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H November 11, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation