Last week, there were 82 vulnerabilities disclosed in 70 WordPress Plugins and 1 WordPress theme that have been added to the Wordfence Intelligence Vulnerability Database, and there were 34 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface and vulnerability API are completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
New Firewall Rules Deployed Last Week
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
- Elementor Pro <= 3.11.6 – Authenticated(Subscriber+) Privilege Escalation via update_page_option
- Filebird <= 5.1.4 – Missing Authorization via resAdminPermissionsCheck
- Themeflection Numbers <= 1.8.1 – Authenticated(Subscriber+) Privilege Escalation via tf_numb_save_licenses
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
| Unpatched | 21 |
| Patched | 61 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
| Low Severity | 1 |
| Medium Severity | 65 |
| High Severity | 14 |
| Critical Severity | 2 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
| Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 37 |
| Cross-Site Request Forgery (CSRF) | 23 |
| Missing Authorization | 11 |
| Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) | 7 |
| Information Exposure | 2 |
| URL Redirection to Untrusted Site (‘Open Redirect’) | 1 |
| Deserialization of Untrusted Data | 1 |
Researchers That Contributed to WordPress Security Last Week
| Researcher Name | Number of Vulnerabilities |
| Lana Codes | 9 |
| Rio Darmawan | 8 |
| thiennv | 5 |
| Erwan LR | 4 |
| yuyudhn | 4 |
| Dave Jong | 3 |
| MyungJu Kim | 3 |
| dc11 | 3 |
| Mika | 2 |
| minhtuanact | 2 |
| TEAM WEBoB of BoB 11th | 2 |
| Juampa Rodríguez | 1 |
| nlpro | 1 |
| Abdi Pranata | 1 |
| muhga | 1 |
| Shreya Pohekar | 1 |
| Muhammad Daffa | 1 |
| Cat | 1 |
| Junsu Yeo | 1 |
| Jerome Bruandet | 1 |
| Kunal Sharma | 1 |
| Daniel Krohmer | 1 |
| Le Ngoc Anh | 1 |
| Alex Sanford | 1 |
| Joshua Martinelle | 1 |
| Marco Wotschka | 1 |
| Jeong Seong Ho | 1 |
| Phd | 1 |
| qilin_99 | 1 |
| pilvar | 1 |
| Alex Thomas | 1 |
| Rafshanzani Suhada | 1 |
| Justiice | 1 |
| Yuki Haruma | 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
| AI ChatBot | chatbot |
| ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup | armember-membership |
| Advanced Local Pickup for WooCommerce | advanced-local-pickup-for-woocommerce |
| Advanced Page Visit Counter – Advanced WordPress Visit Counter | advanced-page-visit-counter |
| Advanced Shipment Tracking for WooCommerce | woo-advanced-shipment-tracking |
| Affiliates Manager | affiliates-manager |
| Albo Pretorio On line | albo-pretorio-on-line |
| Conditional cart fee / Extra charge rule for WooCommerce extra fees | conditional-extra-fees-for-woocommerce |
| Configurable Tag Cloud (CTC) | configurable-tag-cloud-widget |
| Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress | contest-gallery |
| Continuous Image Carousel With Lightbox | continuous-image-carousel-with-lightbox |
| Coupon Affiliates – WooCommerce Affiliate Plugin | woo-coupon-usage |
| Custom More Link Complete | custom-more-link-complete |
| Custom Post Type UI | custom-post-type-ui |
| Custom Post Type and Taxonomy GUI Manager | custom-post-type-cpt-cusom-taxonomy-ct-manager |
| Direct checkout, Add to cart redirect, Quick purchase button, Buy now button, Quick View button for WooCommerce | add-to-cart-direct-checkout-for-woocommerce |
| Easy Forms for Mailchimp | yikes-inc-easy-mailchimp-extender |
| Easy Media Replace | easy-media-replace |
| Easy Quiz Maker | n-media-wp-simple-quiz |
| Elementor Website Builder Pro | elementor-pro |
| Enhanced WP Contact Form | enhanced-wordpress-contactform |
| Feed Them Social – Page, Post, Video, and Photo Galleries | feed-them-social |
| FileBird – WordPress Media Library Folders & File Manager | filebird |
| Full Width Banner Slider Wp | full-width-responsive-slider-wp |
| GMAce | gmace |
| Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress | gallery-plugin |
| Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) | gift-voucher |
| HT Menu – WordPress Mega Menu Builder for Elementor | ht-menu-lite |
| Happy Addons for Elementor | happy-elementor-addons |
| HappyFiles Pro | happyfiles-pro |
| Health Check & Troubleshooting | health-check |
| JustTables – WooCommerce Product Table | just-tables |
| LionScripts: IP Blocker Lite | ip-address-blocker |
| MS-Reviews | ms-reviews |
| Maps Widget for Google Maps | google-maps-widget |
| Mega Main Menu | mega_main_menu |
| Mobile Banner | mobile-banner |
| Newsletter – Send awesome emails from WordPress | newsletter |
| Order date, Order pickup, Order date time, Pickup Location, delivery date for WooCommerce | pi-woocommerce-order-date-time-and-type |
| Pagination by BestWebSoft – Customizable WordPress Content Splitter and Navigation Plugin | pagination |
| Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | wp-user-avatar |
| PixFields | pixfields |
| Popup Anything – A Marketing Popup and Lead Generation Conversions | popup-anything-on-click |
| Premmerce Redirect Manager | premmerce-redirect-manager |
| Product Specifications for Woocommerce | product-specifications |
| Quick Paypal Payments | quick-paypal-payments |
| Really Simple Google Tag Manager | really-simple-google-tag-manager |
| Responsive Vertical Icon Menu | wpdevart-vertical-menu |
| Review Stream | review-stream |
| Simple Author Box | simple-author-box |
| Slimstat Analytics | wp-slimstat |
| Social Proof (Testimonial) Slider | social-proof-testimonials-slider |
| Swatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches) | swatchly |
| Themeflection Numbers – Number Counter and Animated Numbers | tf-numbers-number-counter-animaton |
| Trending/Popular Post Slider and Widget | wp-trending-post-slider-and-widget |
| Video Central for WordPress | video-central |
| WC Fields Factory | wc-fields-factory |
| WP Image Carousel | wp-image-carousel |
| WP Meta SEO | wp-meta-seo |
| WP VR – 360 Panorama and Virtual Tour Builder For WordPress | wpvr |
| WPMobile.App — Android and iOS Mobile Application | wpappninja |
| Weaver Show Posts | show-posts |
| Welcome Bar | intelly-welcome-bar |
| WishSuite – Wishlist for WooCommerce | wishsuite |
| Woocommerce Custom Checkout Fields Editor With Drag & Drop | woo-custom-checkout-fields |
| WordPress Contact Forms by Cimatti | contact-forms |
| Wp Ultimate Review | wp-ultimate-review |
| Zippy | zippy |
| affiliate-toolkit – WordPress Affiliate Plugin | affiliate-toolkit-starter |
| iThemes Security | better-wp-security |
WordPress Themes with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
| Viral Mag | viral-mag |
Vulnerability Details
ARMember <= 3.4.11 – Unauthenticated SQL Injection
Affected Software: ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
CVE ID: CVE-2022-46808
CVSS Score: 9.8 (Critical)
Researcher/s: Le Ngoc Anh
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7ff230b0-c186-41fc-93a5-2ed90e8aab4d
CVE ID: CVE-2022-46808
CVSS Score: 9.8 (Critical)
Researcher/s: Le Ngoc Anh
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7ff230b0-c186-41fc-93a5-2ed90e8aab4d
Gift Cards (Gift Vouchers and Packages) <= 4.3.1 – Unauthenticated SQL Injection
Affected Software: Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported)
CVE ID: CVE-2023-28662
CVSS Score: 9.8 (Critical)
Researcher/s: Joshua Martinelle
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a10a3f01-082d-4a94-89c6-b5b46891aa4d
CVE ID: CVE-2023-28662
CVSS Score: 9.8 (Critical)
Researcher/s: Joshua Martinelle
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a10a3f01-082d-4a94-89c6-b5b46891aa4d
Elementor Pro <= 3.11.6 – Authenticated(Subscriber+) Privilege Escalation via update_page_option
Affected Software: Elementor Website Builder Pro
CVE ID: CVE Unknown
CVSS Score: 8.8 (High)
Researcher/s: Jerome Bruandet
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/570474f2-c118-45e1-a237-c70b849b2d3c
CVE ID: CVE Unknown
CVSS Score: 8.8 (High)
Researcher/s: Jerome Bruandet
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/570474f2-c118-45e1-a237-c70b849b2d3c
WC Fields Factory <= 4.1.5 – Authenticated(Subscriber+) SQL Injection
Affected Software: WC Fields Factory
CVE ID: CVE Unknown
CVSS Score: 8.8 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5c51f55f-6e8c-467c-999b-4e6a1a6f7bbc
CVE ID: CVE Unknown
CVSS Score: 8.8 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5c51f55f-6e8c-467c-999b-4e6a1a6f7bbc
GMAce <= 1.5.2 – Cross-Site Request Forgery to Arbitrary File Modification (Creation/Overwrite/Deletion)
Affected Software: GMAce
CVE ID: CVE-2023-1509
CVSS Score: 8.8 (High)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/826b3913-9a37-4e15-80fd-b35cefb51af8
CVE ID: CVE-2023-1509
CVSS Score: 8.8 (High)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/826b3913-9a37-4e15-80fd-b35cefb51af8
Advanced Page Visit Counter <= 6.4.2 – Authenticated (Contributor+) SQL Injection
Affected Software: Advanced Page Visit Counter – Advanced WordPress Visit Counter
CVE ID: CVE-2023-28788
CVSS Score: 8.8 (High)
Researcher/s: minhtuanact
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/871e5091-bb20-4a53-83e2-85ed6f26247a
CVE ID: CVE-2023-28788
CVSS Score: 8.8 (High)
Researcher/s: minhtuanact
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/871e5091-bb20-4a53-83e2-85ed6f26247a
WP Meta SEO <= 4.5.4 – Authenticated (Author+) PHAR Deserialization
Affected Software: WP Meta SEO
CVE ID: CVE-2023-1381
CVSS Score: 8.8 (High)
Researcher/s: Alex Sanford
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9f07d76e-1973-4ea7-b448-666466cd688f
CVE ID: CVE-2023-1381
CVSS Score: 8.8 (High)
Researcher/s: Alex Sanford
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9f07d76e-1973-4ea7-b448-666466cd688f
Slimstat Analytics <= 4.9.3.3 – Authenticated (Subscriber+) SQL Injection via Shortcode
Affected Software: Slimstat Analytics
CVE ID: CVE Unknown
CVSS Score: 8.8 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/af075ffe-553a-4351-a696-5c678788f3b9
CVE ID: CVE Unknown
CVSS Score: 8.8 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/af075ffe-553a-4351-a696-5c678788f3b9
Gallery by BestWebSoft <= 4.6.9 – Authenticated (Author+) SQL Injection
Affected Software: Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress
CVE ID: CVE-2023-0765
CVSS Score: 8.8 (High)
Researcher/s: dc11
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cbfbb06c-f048-4912-9ff7-59aa10bc96bd
CVE ID: CVE-2023-0765
CVSS Score: 8.8 (High)
Researcher/s: dc11
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cbfbb06c-f048-4912-9ff7-59aa10bc96bd
Themeflection Numbers <= 1.8.1 – Authenticated(Subscriber+) Privilege Escalation via tf_numb_save_licenses
Affected Software: Themeflection Numbers – Number Counter and Animated Numbers
CVE ID: CVE-2023-0889
CVSS Score: 8.8 (High)
Researcher/s: dc11
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/db6616b5-4c4e-4cc7-83eb-22fac94f47f2
CVE ID: CVE-2023-0889
CVSS Score: 8.8 (High)
Researcher/s: dc11
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/db6616b5-4c4e-4cc7-83eb-22fac94f47f2
Easy Media Replace <= 0.1.3 – Authenticated (Author+) Arbitrary File Deletion
Affected Software: Easy Media Replace
CVE ID: CVE-2022-46850
CVSS Score: 8.1 (High)
Researcher/s: Jeong Seong Ho
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/abb4af63-37fe-49b7-8f70-ac9c7e47e939
CVE ID: CVE-2022-46850
CVSS Score: 8.1 (High)
Researcher/s: Jeong Seong Ho
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/abb4af63-37fe-49b7-8f70-ac9c7e47e939
WC Fields Factory <= 4.1.5 – Authenticated (Administrator+) SQL Injection
Affected Software: WC Fields Factory
CVE ID: CVE-2023-0277
CVSS Score: 7.2 (High)
Researcher/s: Kunal Sharma, Daniel Krohmer
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/70ca7ad4-6848-4f87-ae2d-4b9c2ffa668e
CVE ID: CVE-2023-0277
CVSS Score: 7.2 (High)
Researcher/s: Kunal Sharma, Daniel Krohmer
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/70ca7ad4-6848-4f87-ae2d-4b9c2ffa668e
Easy Quiz Maker <= 1.5 – Unauthenticated Stored Cross-Site Scripting
Affected Software: Easy Quiz Maker
CVE ID: CVE Unknown
CVSS Score: 7.2 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8566a5ad-df8a-4843-82c9-05da9d44582d
CVE ID: CVE Unknown
CVSS Score: 7.2 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8566a5ad-df8a-4843-82c9-05da9d44582d
Coupon Affiliates <= 5.4.3 – Unauthenticated Stored Cross-Site Scripting
Affected Software: Coupon Affiliates – WooCommerce Affiliate Plugin
CVE ID: CVE-2023-28992
CVSS Score: 7.2 (High)
Researcher/s: thiennv
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a0d93ee4-63e1-4fa7-9346-f56354124b9a
CVE ID: CVE-2023-28992
CVSS Score: 7.2 (High)
Researcher/s: thiennv
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a0d93ee4-63e1-4fa7-9346-f56354124b9a
WordPress Contact Forms by Cimatti <= 1.5.4 – Unauthenticated Stored Cross-Site Scripting
Affected Software: WordPress Contact Forms by Cimatti
CVE ID: CVE-2023-28781
CVSS Score: 7.2 (High)
Researcher/s: thiennv
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b4b2587a-e84e-4149-b9ac-ecf36451f815
CVE ID: CVE-2023-28781
CVSS Score: 7.2 (High)
Researcher/s: thiennv
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b4b2587a-e84e-4149-b9ac-ecf36451f815
ProfilePress <= 4.5.3 – Unauthenticated Cross-Site Scripting
Affected Software: Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
CVE ID: CVE-2022-47444
CVSS Score: 7.2 (High)
Researcher/s: pilvar
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c8416840-c022-40a1-bcd3-17b34df11d95
CVE ID: CVE-2022-47444
CVSS Score: 7.2 (High)
Researcher/s: pilvar
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c8416840-c022-40a1-bcd3-17b34df11d95
WP Image Carousel WordPress – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: WP Image Carousel
CVE ID: CVE-2023-0589
CVSS Score: 6.5 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0f4bb514-80bd-4d66-a60f-0a6a287af5de
CVE ID: CVE-2023-0589
CVSS Score: 6.5 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0f4bb514-80bd-4d66-a60f-0a6a287af5de
Easy Forms for MailChimp <= 6.8.6 – Authenticated (Contributor+) Stored Cross-Site Scripting
Affected Software: Easy Forms for Mailchimp
CVE ID: CVE-2023-1325
CVSS Score: 6.4 (Medium)
Researcher/s: Erwan LR
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1be5da88-723a-4386-a73e-3fe90eefb6ba
CVE ID: CVE-2023-1325
CVSS Score: 6.4 (Medium)
Researcher/s: Erwan LR
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1be5da88-723a-4386-a73e-3fe90eefb6ba
MS-Reviews <= 1.5 – Authenticated (Subscriber+) Stored Cross-Site Scripting
Affected Software: MS-Reviews
CVE ID: CVE-2023-0424
CVSS Score: 6.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/68fd5e6f-9883-4e8f-9c4f-5905b487629a
CVE ID: CVE-2023-0424
CVSS Score: 6.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/68fd5e6f-9883-4e8f-9c4f-5905b487629a
Video Central for WordPress <= 1.3.0 – Authenticated (Contributor+) Stored Cross-Site Scripting
Affected Software: Video Central for WordPress
CVE ID: CVE-2023-0418
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/87eb6644-fd70-42a1-b05d-b166cb89c45c
CVE ID: CVE-2023-0418
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/87eb6644-fd70-42a1-b05d-b166cb89c45c
Gallery by BestWebSoft <= 4.6.9 – Authenticated (Author+) Stored Cross-Site Scripting
Affected Software: Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress
CVE ID: CVE-2023-0764
CVSS Score: 6.4 (Medium)
Researcher/s: dc11
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/94868d48-2d36-49f1-9da1-7965ecaeae3c
CVE ID: CVE-2023-0764
CVSS Score: 6.4 (Medium)
Researcher/s: dc11
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/94868d48-2d36-49f1-9da1-7965ecaeae3c
Weaver Show Posts <= 1.6 – Authenticated(Contributor+) Stored Cross-Site Scripting via Display Name
Affected Software: Weaver Show Posts
CVE ID: CVE-2023-1404
CVSS Score: 6.4 (Medium)
Researcher/s: Alex Thomas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c8647c44-4879-4895-bd07-19f7d62a7326
CVE ID: CVE-2023-1404
CVSS Score: 6.4 (Medium)
Researcher/s: Alex Thomas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c8647c44-4879-4895-bd07-19f7d62a7326
PixFields <= 0.7.0 – Authenticated (Contributor+) Stored Cross-Site Scripting
Affected Software: PixFields
CVE ID: CVE-2022-46844
CVSS Score: 6.4 (Medium)
Researcher/s: Justiice
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e7f86396-2f3f-4cd6-b3d4-e518b074a579
CVE ID: CVE-2022-46844
CVSS Score: 6.4 (Medium)
Researcher/s: Justiice
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e7f86396-2f3f-4cd6-b3d4-e518b074a579
HappyFiles Pro <= 1.8.1 – Missing Authorization to Arbitrary File Deletion
Affected Software: HappyFiles Pro
CVE ID: CVE-2023-25446
CVSS Score: 6.3 (Medium)
Researcher/s: Dave Jong
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7bfabeb4-c57d-412a-b27b-a6387d30081f
CVE ID: CVE-2023-25446
CVSS Score: 6.3 (Medium)
Researcher/s: Dave Jong
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7bfabeb4-c57d-412a-b27b-a6387d30081f
HappyFiles Pro <= 1.8.1 – Missing Authorization
Affected Software: HappyFiles Pro
CVE ID: CVE-2023-25445
CVSS Score: 6.3 (Medium)
Researcher/s: Dave Jong
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d293f35a-a42f-441f-b521-da0ba9887c45
CVE ID: CVE-2023-25445
CVSS Score: 6.3 (Medium)
Researcher/s: Dave Jong
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d293f35a-a42f-441f-b521-da0ba9887c45
Health Check & Troubleshooting <= 1.5.1 – Cross-Site Request Forgery via health_check_troubleshoot_get_captures
Affected Software: Health Check & Troubleshooting
CVE ID: CVE Unknown
CVSS Score: 6.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e8d75eb6-2a9f-4c33-9e15-db7db037b67e
CVE ID: CVE Unknown
CVSS Score: 6.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e8d75eb6-2a9f-4c33-9e15-db7db037b67e
Continuous Image Carousel With Lightbox <= 1.0.15 – Reflected Cross-Site Scripting via search_term, order_by and order_pos
Affected Software: Continuous Image Carousel With Lightbox
CVE ID: CVE-2023-28792
CVSS Score: 6.1 (Medium)
Researcher/s: thiennv
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0b4651d8-dad7-4f6f-a47d-2095b9d2bdca
CVE ID: CVE-2023-28792
CVSS Score: 6.1 (Medium)
Researcher/s: thiennv
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0b4651d8-dad7-4f6f-a47d-2095b9d2bdca
Custom Post Type and Taxonomy GUI Manager <= 1.1 – Cross-Site Request Forgery to Cross-Site Scripting
Affected Software: Custom Post Type and Taxonomy GUI Manager
CVE ID: CVE-2023-0420
CVSS Score: 6.1 (Medium)
Researcher/s: Shreya Pohekar
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/26c75a0a-8590-4ac7-814e-29e0c2d0822e
CVE ID: CVE-2023-0420
CVSS Score: 6.1 (Medium)
Researcher/s: Shreya Pohekar
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/26c75a0a-8590-4ac7-814e-29e0c2d0822e
Contest Gallery <= 21.1.2 – Reflected Cross-Site Scripting
Affected Software: Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress
CVE ID: CVE-2023-28784
CVSS Score: 6.1 (Medium)
Researcher/s: thiennv
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7dbd3b23-cebc-4212-bcae-c6f23031c040
CVE ID: CVE-2023-28784
CVSS Score: 6.1 (Medium)
Researcher/s: thiennv
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7dbd3b23-cebc-4212-bcae-c6f23031c040
Product Specifications for Woocommerce <= 0.6.0 – Unauthenticated Reflected Cross-Site Scripting via Arbitrary Query String Parameter
Affected Software: Product Specifications for Woocommerce
CVE ID: CVE-2022-46858
CVSS Score: 6.1 (Medium)
Researcher/s: TEAM WEBoB of BoB 11th
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/916d4f2f-769b-4902-9464-f55d8f64c9d2
CVE ID: CVE-2022-46858
CVSS Score: 6.1 (Medium)
Researcher/s: TEAM WEBoB of BoB 11th
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/916d4f2f-769b-4902-9464-f55d8f64c9d2
Responsive Vertical Icon Menu <= 1.5.8 – Reflected Cross-Site Scripting via ‘id’
Affected Software: Responsive Vertical Icon Menu
CVE ID: CVE Unknown
CVSS Score: 6.1 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9a999044-5d4a-4415-a3b9-28c564e63a25
CVE ID: CVE Unknown
CVSS Score: 6.1 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9a999044-5d4a-4415-a3b9-28c564e63a25
Woocommerce Custom Checkout Fields Editor With Drag & Drop <= 0.1 – Reflected Cross-Site Scripting via ‘tab’
Affected Software: Woocommerce Custom Checkout Fields Editor With Drag & Drop
CVE ID: CVE-2022-46864
CVSS Score: 6.1 (Medium)
Researcher/s: TEAM WEBoB of BoB 11th
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9e3899d8-170e-481f-8c80-90addc66eb41
CVE ID: CVE-2022-46864
CVSS Score: 6.1 (Medium)
Researcher/s: TEAM WEBoB of BoB 11th
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9e3899d8-170e-481f-8c80-90addc66eb41
Albo Pretorio Online <= 4.6 – Reflected Cross-Site Scripting via ‘Errore’
Affected Software: Albo Pretorio On line
CVE ID: CVE-2023-28750
CVSS Score: 6.1 (Medium)
Researcher/s: Phd
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ad8f8c41-a3b9-4287-b6b2-489fb77b7553
CVE ID: CVE-2023-28750
CVSS Score: 6.1 (Medium)
Researcher/s: Phd
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ad8f8c41-a3b9-4287-b6b2-489fb77b7553
Contact Forms by Cimatti <= 1.5.4 – Reflected Cross-Site Scripting via ‘form-field-id’, ‘edit-fid’, ‘id’, ‘name’, ‘type’, ‘description’ Parameters
Affected Software: WordPress Contact Forms by Cimatti
CVE ID: CVE-2023-28789
CVSS Score: 6.1 (Medium)
Researcher/s: thiennv
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b512f9a9-6c83-416c-bacc-ee3bba8dfe29
CVE ID: CVE-2023-28789
CVSS Score: 6.1 (Medium)
Researcher/s: thiennv
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b512f9a9-6c83-416c-bacc-ee3bba8dfe29
Easy Forms for MailChimp <= 6.8.7 – Reflected Cross-Site Scripting
Affected Software: Easy Forms for Mailchimp
CVE ID: CVE-2023-1324
CVSS Score: 6.1 (Medium)
Researcher/s: Erwan LR
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c30d517b-e051-408c-a022-4399c3d62390
CVE ID: CVE-2023-1324
CVSS Score: 6.1 (Medium)
Researcher/s: Erwan LR
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c30d517b-e051-408c-a022-4399c3d62390
Full Width Banner Slider Wp <= 1.1.7 – Reflected Cross-Site Scripting via search_term and setacrionpage
Affected Software: Full Width Banner Slider Wp
CVE ID: CVE-2023-24392
CVSS Score: 6.1 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cb4bb127-360d-4f17-9da9-f7be17140ff3
CVE ID: CVE-2023-24392
CVSS Score: 6.1 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cb4bb127-360d-4f17-9da9-f7be17140ff3
affiliate-toolkit – WordPress Affiliate Plugin <= 3.3.3 – Authenticated (Editor+) Stored Cross-Site Scripting
Affected Software: affiliate-toolkit – WordPress Affiliate Plugin
CVE ID: CVE-2023-23786
CVSS Score: 5.5 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8dda7b14-c341-434b-85f1-029f384c65d6
CVE ID: CVE-2023-23786
CVSS Score: 5.5 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8dda7b14-c341-434b-85f1-029f384c65d6
Mega Main Menu <= 2.2.2 – Authenticated (Administrator+) Cross-Site Scripting
Affected Software: Mega Main Menu
CVE ID: CVE-2023-1575
CVSS Score: 5.5 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a44ce6a3-0a9d-4bce-9251-f3a38b000645
CVE ID: CVE-2023-1575
CVSS Score: 5.5 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a44ce6a3-0a9d-4bce-9251-f3a38b000645
Continuous Image Carousel With Lightbox <= 1.0.15 – Reflected Cross-Site Scripting via search_term, order_by and order_pos
Affected Software: Continuous Image Carousel With Lightbox
CVE ID: CVE-2023-28776
CVSS Score: 5.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3a196177-2786-4f6d-8076-f0232e4d5a5d
CVE ID: CVE-2023-28776
CVSS Score: 5.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3a196177-2786-4f6d-8076-f0232e4d5a5d
IP Blocker Lite <= 11.1.1 – Cross-Site Request Forgery
Affected Software: LionScripts: IP Blocker Lite
CVE ID: CVE-2023-23993
CVSS Score: 5.4 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/45d3f82b-9e19-4678-8995-7fe265606fd2
CVE ID: CVE-2023-23993
CVSS Score: 5.4 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/45d3f82b-9e19-4678-8995-7fe265606fd2
AI ChatBot <= 4.4.7 – Missing Authorization on openai_settings_option_callback
Affected Software: AI ChatBot
CVE ID: CVE Unknown
CVSS Score: 5.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b33bf55c-0397-44a2-8c18-ea5f8f1e2ec9
CVE ID: CVE Unknown
CVSS Score: 5.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b33bf55c-0397-44a2-8c18-ea5f8f1e2ec9
Filebird <= 5.1.4 – Missing Authorization via resAdminPermissionsCheck
Affected Software: FileBird – WordPress Media Library Folders & File Manager
CVE ID: CVE-2023-25966
CVSS Score: 5.4 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d5a6e9f4-dbc3-4af0-b9e4-4c9ad7b5fe9f
CVE ID: CVE-2023-25966
CVSS Score: 5.4 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d5a6e9f4-dbc3-4af0-b9e4-4c9ad7b5fe9f
Custom Post Type UI <= 1.13.4 – Cross-Site Request Forgery to Sensitive Information Exposure
Affected Software: Custom Post Type UI
CVE ID: CVE-2023-1623
CVSS Score: 5.4 (Medium)
Researcher/s: Erwan LR
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f28afb93-b72a-4a56-994b-144124202147
CVE ID: CVE-2023-1623
CVSS Score: 5.4 (Medium)
Researcher/s: Erwan LR
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f28afb93-b72a-4a56-994b-144124202147
JustTables – WooCommerce Product Table <= 1.4.9 – Cross-Site Request Forgery via plugin_activation()
Affected Software: JustTables – WooCommerce Product Table
CVE ID: CVE-2023-23803
CVSS Score: 5.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c2b795d8-3cab-4d81-a016-b4498315ddf4
CVE ID: CVE-2023-23803
CVSS Score: 5.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c2b795d8-3cab-4d81-a016-b4498315ddf4
iThemes Security <= 8.1.4 – Open Redirection via redirect_to_https
Affected Software: iThemes Security
CVE ID: CVE-2023-28786
CVSS Score: 4.7 (Medium)
Researcher/s: nlpro
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/047cd34e-f2a1-4643-a1c5-3ead926b83ca
CVE ID: CVE-2023-28786
CVSS Score: 4.7 (Medium)
Researcher/s: nlpro
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/047cd34e-f2a1-4643-a1c5-3ead926b83ca
Newsletter <= 7.6.8 – Reflected Cross-Site Scripting
Affected Software: Newsletter – Send awesome emails from WordPress
CVE ID: CVE Unknown
CVSS Score: 4.7 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fa49346c-726e-41f9-8a74-adaa4a8fa5d9
CVE ID: CVE Unknown
CVSS Score: 4.7 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fa49346c-726e-41f9-8a74-adaa4a8fa5d9
WPMobile.App <= 11.20 – Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: WPMobile.App — Android and iOS Mobile Application
CVE ID: CVE-2023-28932
CVSS Score: 4.4 (Medium)
Researcher/s: Juampa Rodríguez
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/02b5aefe-ba27-4273-927c-7779df83eb18
CVE ID: CVE-2023-28932
CVSS Score: 4.4 (Medium)
Researcher/s: Juampa Rodríguez
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/02b5aefe-ba27-4273-927c-7779df83eb18
Quick Paypal Payments <= 5.7.26.3 – Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Quick Paypal Payments
CVE ID: CVE Unknown
CVSS Score: 4.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1a507489-f337-4b47-9506-daea1b426798
CVE ID: CVE Unknown
CVSS Score: 4.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1a507489-f337-4b47-9506-daea1b426798
Review Stream <= 1.6.5 – Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Review Stream
CVE ID: CVE-2023-28774
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1b645d0e-daee-4926-af47-05cacf811fbf
CVE ID: CVE-2023-28774
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1b645d0e-daee-4926-af47-05cacf811fbf
Conditional cart fee / Extra charge rule for WooCommerce extra fees <= 1.0.96 – Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Conditional cart fee / Extra charge rule for WooCommerce extra fees
CVE ID: CVE-2023-29093
CVSS Score: 4.4 (Medium)
Researcher/s: MyungJu Kim
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/797840ba-5589-42d6-9d50-52bf8c131d6e
CVE ID: CVE-2023-29093
CVSS Score: 4.4 (Medium)
Researcher/s: MyungJu Kim
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/797840ba-5589-42d6-9d50-52bf8c131d6e
Enhanced WP Contact Form <= 2.2.3 – Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Enhanced WP Contact Form
CVE ID: CVE-2023-23812
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5e91a6bd-05ae-4088-8c1f-bc5598545606
CVE ID: CVE-2023-23812
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5e91a6bd-05ae-4088-8c1f-bc5598545606
Custom More Link Complete <= 1.4.1 – Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Custom More Link Complete
CVE ID: CVE-2023-23788
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/698079d0-b539-431c-98c3-c69d0352d214
CVE ID: CVE-2023-23788
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/698079d0-b539-431c-98c3-c69d0352d214
Direct checkout, Add to cart redirect for Woocommerce <= 2.1.48 – Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Direct checkout, Add to cart redirect, Quick purchase button, Buy now button, Quick View button for WooCommerce
CVE ID: CVE-2023-28988
CVSS Score: 4.4 (Medium)
Researcher/s: MyungJu Kim
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6cc218fb-6c2a-4676-b2d7-86abe01c1530
CVE ID: CVE-2023-28988
CVSS Score: 4.4 (Medium)
Researcher/s: MyungJu Kim
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6cc218fb-6c2a-4676-b2d7-86abe01c1530
Enhanced WP Contact Form <= 2.2.3 – Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Enhanced WP Contact Form
CVE ID: CVE Unknown
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/71548a7f-43a5-4f71-8add-45f675e8aa66
CVE ID: CVE Unknown
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/71548a7f-43a5-4f71-8add-45f675e8aa66
Premmerce Redirect Manager <= 1.0.9 – Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Premmerce Redirect Manager
CVE ID: CVE-2023-23789
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b2e8f9b7-1fce-46be-8198-eeff58a563c6
CVE ID: CVE-2023-23789
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b2e8f9b7-1fce-46be-8198-eeff58a563c6
Wp Ultimate Review <= 2.0.3 – Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Wp Ultimate Review
CVE ID: CVE-2023-28751
CVSS Score: 4.4 (Medium)
Researcher/s: qilin_99
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c198008f-271e-431e-beb9-3a9f93cbbf8e
CVE ID: CVE-2023-28751
CVSS Score: 4.4 (Medium)
Researcher/s: qilin_99
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c198008f-271e-431e-beb9-3a9f93cbbf8e
Social Proof (Testimonial) Slider <= 2.2.3 – Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Social Proof (Testimonial) Slider
CVE ID: CVE-2023-24389
CVSS Score: 4.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e324cd49-beaf-44bf-8890-5377731f0cc5
CVE ID: CVE-2023-24389
CVSS Score: 4.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e324cd49-beaf-44bf-8890-5377731f0cc5
Order date time for WooCommerce <= 3.0.19 – Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Order date, Order pickup, Order date time, Pickup Location, delivery date for WooCommerce
CVE ID: CVE-2023-28991
CVSS Score: 4.4 (Medium)
Researcher/s: MyungJu Kim
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f19006a0-6848-467b-90ed-33b3ebd2c7ba
CVE ID: CVE-2023-28991
CVSS Score: 4.4 (Medium)
Researcher/s: MyungJu Kim
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f19006a0-6848-467b-90ed-33b3ebd2c7ba
Pagination by BestWebSoft <= 1.2.2 – Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Pagination by BestWebSoft – Customizable WordPress Content Splitter and Navigation Plugin
CVE ID: CVE-2023-28778
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ffbb85c5-e949-4c0f-8c02-2c022b802e05
CVE ID: CVE-2023-28778
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ffbb85c5-e949-4c0f-8c02-2c022b802e05
Maps Widget for Google Maps <= 4.23 – Cross-Site Request Forgery via dismiss_notice
Affected Software: Maps Widget for Google Maps
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0472804e-00cc-4c4c-97aa-86f433f65782
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0472804e-00cc-4c4c-97aa-86f433f65782
Feed Them Social <= 4.0.7 – Cross-Site Request Forgery
Affected Software: Feed Them Social – Page, Post, Video, and Photo Galleries
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/057ab824-8071-4c3c-9a57-f9a0043a9ad5
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/057ab824-8071-4c3c-9a57-f9a0043a9ad5
Advanced Local Pickup for WooCommerce <= 1.5.2 – Missing Authorization
Affected Software: Advanced Local Pickup for WooCommerce
CVE ID: CVE-2022-40702
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/05ff8080-59e5-4d48-a69b-275a89eef758
CVE ID: CVE-2022-40702
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/05ff8080-59e5-4d48-a69b-275a89eef758
Configurable Tag Cloud <= 5.2 – Cross-Site Request Forgery via ctc_options_page()
Affected Software: Configurable Tag Cloud (CTC)
CVE ID: CVE-2023-28995
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0775b36b-d543-41f9-a20d-f629b40c70d7
CVE ID: CVE-2023-28995
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0775b36b-d543-41f9-a20d-f629b40c70d7
Advanced Local Pickup for WooCommerce <= 1.5.2 – Cross-Site Request Forgery
Affected Software: Advanced Local Pickup for WooCommerce
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0b3fa78c-d97f-43bf-b3e9-47d6aa41b458
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0b3fa78c-d97f-43bf-b3e9-47d6aa41b458
WP OnlineSupport, Essential Plugin Popup Anything <= 2.2.1 – Cross Site Request Forgery
Affected Software: Popup Anything – A Marketing Popup and Lead Generation Conversions
CVE ID: CVE-2022-38077
CVSS Score: 4.3 (Medium)
Researcher/s: muhga
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/11ea3e40-8802-43ea-9816-973a15d7904d
CVE ID: CVE-2022-38077
CVSS Score: 4.3 (Medium)
Researcher/s: muhga
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/11ea3e40-8802-43ea-9816-973a15d7904d
Happy Addons for Elementor <= 3.8.2 – Cross-Site Request Forgery via handle_optin_optout()
Affected Software: Happy Addons for Elementor
CVE ID: CVE-2023-28989
CVSS Score: 4.3 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/27439d44-f2ff-4c20-965f-25d12c83781c
CVE ID: CVE-2023-28989
CVSS Score: 4.3 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/27439d44-f2ff-4c20-965f-25d12c83781c
Viral Mag <= 1.0.9 – Missing Authorization to Arbitrary Plugin Activation
Affected Software: Viral Mag
CVE ID: CVE-2023-28990
CVSS Score: 4.3 (Medium)
Researcher/s: Dave Jong
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/48aa5be8-a5d9-4f5e-ba30-d6afb3f0fee0
CVE ID: CVE-2023-28990
CVSS Score: 4.3 (Medium)
Researcher/s: Dave Jong
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/48aa5be8-a5d9-4f5e-ba30-d6afb3f0fee0
Trending/Popular Post Slider and Widget <= 1.5.7 – Cross-Site Request Forgery via wtpsw_post_view_count
Affected Software: Trending/Popular Post Slider and Widget
CVE ID: CVE-2022-46846
CVSS Score: 4.3 (Medium)
Researcher/s: Cat
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4a0cffca-94d8-46b8-8b84-57e76a5bfd94
CVE ID: CVE-2022-46846
CVSS Score: 4.3 (Medium)
Researcher/s: Cat
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4a0cffca-94d8-46b8-8b84-57e76a5bfd94
Zippy <= 1.6.1 – Authenticated (Contributor+) Sensitive Information Disclosure
Affected Software: Zippy
CVE ID: CVE-2023-26533
CVSS Score: 4.3 (Medium)
Researcher/s: Junsu Yeo
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4c306428-8880-483f-be3a-6f6b87e55eef
CVE ID: CVE-2023-26533
CVSS Score: 4.3 (Medium)
Researcher/s: Junsu Yeo
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4c306428-8880-483f-be3a-6f6b87e55eef
WP VR <= 8.2.9 – Missing Authorization
Affected Software: WP VR – 360 Panorama and Virtual Tour Builder For WordPress
CVE ID: CVE-2023-1414
CVSS Score: 4.3 (Medium)
Researcher/s: Erwan LR
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/54b495e8-f641-444d-a3d4-a54bb0836c40
CVE ID: CVE-2023-1414
CVSS Score: 4.3 (Medium)
Researcher/s: Erwan LR
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/54b495e8-f641-444d-a3d4-a54bb0836c40
Premmerce Redirect Manager <= 1.0.9 – Cross-Site Request Forgery via deleteRedirect()
Affected Software: Premmerce Redirect Manager
CVE ID: CVE-2023-23787
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6d84fa60-f780-41e2-96dc-57057c646e01
CVE ID: CVE-2023-23787
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6d84fa60-f780-41e2-96dc-57057c646e01
Welcome Bar <= 2.0.3 – Cross-Site Request Forgery
Affected Software: Welcome Bar
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/82a26836-44fc-47cf-ad09-bd3d264e8635
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/82a26836-44fc-47cf-ad09-bd3d264e8635
Wp Ultimate Review <= 2.0.3 – Cross-Site Request Forgery
Affected Software: Wp Ultimate Review
CVE ID: CVE-2023-28987
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/892372c9-380c-43b2-b928-b5964574c414
CVE ID: CVE-2023-28987
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/892372c9-380c-43b2-b928-b5964574c414
Welcome Bar <= 2.0.3 – Missing Authorization
Affected Software: Welcome Bar
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/98730677-200b-4b1a-8568-7af8b2b0e94b
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/98730677-200b-4b1a-8568-7af8b2b0e94b
WishSuite <= 1.3.3 – Cross-Site Request Forgery via plugin_activation()
Affected Software: WishSuite – Wishlist for WooCommerce
CVE ID: CVE-2023-23731
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a2f3fcd1-6dff-409b-b8c1-46c5485980ee
CVE ID: CVE-2023-23731
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a2f3fcd1-6dff-409b-b8c1-46c5485980ee
Advanced Shipment Tracking for WooCommerce <= 3.5.2 – Cross-Site Request Forgery via paginate_shipping_provider_list and filter_shipping_provider_list
Affected Software: Advanced Shipment Tracking for WooCommerce
CVE ID: CVE-2022-41635
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b55a80ed-5e27-4087-a792-e78066a41399
CVE ID: CVE-2022-41635
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b55a80ed-5e27-4087-a792-e78066a41399
Really Simple Google Tag Manager <= 1.0.6 – Cross-Site Request Forgery via plugin_activation
Affected Software: Really Simple Google Tag Manager
CVE ID: CVE-2023-23801
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c579825b-e92e-48d2-925e-d1fc81374c4a
CVE ID: CVE-2023-23801
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c579825b-e92e-48d2-925e-d1fc81374c4a
Affiliates Manager <= 2.9.20 – Cross-Site Request Forgery via process_bulk_action()
Affected Software: Affiliates Manager
CVE ID: CVE-2023-28986
CVSS Score: 4.3 (Medium)
Researcher/s: minhtuanact
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d1a6bdc8-ae74-4d0b-9c47-f4bf69158a44
CVE ID: CVE-2023-28986
CVSS Score: 4.3 (Medium)
Researcher/s: minhtuanact
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d1a6bdc8-ae74-4d0b-9c47-f4bf69158a44
HT Menu <= 1.2.1 – Cross-Site Request Forgery via plugin_activation
Affected Software: HT Menu – WordPress Mega Menu Builder for Elementor
CVE ID: CVE-2023-23791
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/deb2544f-75ac-4d6c-bec7-9f35cfe0028d
CVE ID: CVE-2023-23791
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/deb2544f-75ac-4d6c-bec7-9f35cfe0028d
Mobile Banner <= 1.5 – Cross-Site Request Forgery leading to Plugin Settings Changes
Affected Software: Mobile Banner
CVE ID: CVE-2023-28930
CVSS Score: 4.3 (Medium)
Researcher/s: Yuki Haruma
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e98aa389-9113-4997-8b96-1ca03cdfc235
CVE ID: CVE-2023-28930
CVSS Score: 4.3 (Medium)
Researcher/s: Yuki Haruma
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e98aa389-9113-4997-8b96-1ca03cdfc235
Simple Author Box <= 2.50 – Cross-Site Request Forgery via save_user_profile
Affected Software: Simple Author Box
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f670b93e-da2e-43e7-a28a-6cacba4df3a1
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f670b93e-da2e-43e7-a28a-6cacba4df3a1
Swatchly – WooCommerce Variation Swatches for Products <= 1.1.9 – Cross-Site Request Forgery via plugin_activation
Affected Software: Swatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches)
CVE ID: CVE-2023-23792
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fa73c2a0-a692-47db-99ca-7e7159fc96aa
CVE ID: CVE-2023-23792
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fa73c2a0-a692-47db-99ca-7e7159fc96aa
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (Mar 27, 2023 to Apr 2, 2023) appeared first on Wordfence.
