In case you missed it, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence Community Edition.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Our mission with Wordfence Intelligence Community Edition is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence Community Edition user interface and vulnerability API are completely free to access and utilize both personally and commercially.
Last week, there were 71 vulnerabilities disclosed in WordPress based software that have been added to the Wordfence Intelligence Community Edition Vulnerability Database. You can find those vulnerabilities below.
ImageMagick Engine <= 1.7.5 – Cross-Site Request Forgery to PHAR Deserialization
CVE ID: CVE-2022-3568
CVSS Score: 8.8 (High)
Researcher/s: Rasoul Jahanshahi
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4a2ca2f0-1d4a-4614-86ba-a46e765f4a9f
CVSS Score: 8.8 (High)
Researcher/s: Rasoul Jahanshahi
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4a2ca2f0-1d4a-4614-86ba-a46e765f4a9f
Plugin for Google Reviews <= 2.2.3 – Authenticated (Subscriber+) SQL Injection
CVE ID: CVE-2022-44580
CVSS Score: 8.8 (High)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/75aa7541-d9d4-4526-9831-238327d0f3ae
CVSS Score: 8.8 (High)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/75aa7541-d9d4-4526-9831-238327d0f3ae
GigPress <= 2.3.28 – Authenticated (Subscriber+) SQL Injection
CVE ID: CVE-2023-0381
CVSS Score: 8.8 (High)
Researcher/s: Erwan LR
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cb1dc7e4-a339-4760-9f63-aaa6590bd5e0
CVSS Score: 8.8 (High)
Researcher/s: Erwan LR
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cb1dc7e4-a339-4760-9f63-aaa6590bd5e0
Auto Featured Image (Auto Post Thumbnail) <= 3.9.15 – Authenticated (Author+) Arbitrary File Upload
CVE ID: CVE-2023-0477
CVSS Score: 7.2 (High)
Researcher/s: dc11
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/18ff2556-9e20-42f6-a8fb-b81473c42576
CVSS Score: 7.2 (High)
Researcher/s: dc11
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/18ff2556-9e20-42f6-a8fb-b81473c42576
My Sticky Elements <= 2.0.8 – Authenticated (Admin+) SQL Injection
CVE ID: CVE-2023-0487
CVSS Score: 7.2 (High)
Researcher/s: qerogram
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2b1933a5-48f3-4707-8e3d-824b60ce2635
CVSS Score: 7.2 (High)
Researcher/s: qerogram
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2b1933a5-48f3-4707-8e3d-824b60ce2635
Redirection for Contact Form 7 <= 2.7.0 – Authenticated(Editor+) Privilege Escalation
CVE ID: CVE-2023-23990
CVSS Score: 7.2 (High)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/527c344e-870e-4bd9-b111-86cc2821367d
CVSS Score: 7.2 (High)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/527c344e-870e-4bd9-b111-86cc2821367d
Monolit <= 2.0.6 – Unauthenticated Stored Cross-Site Scripting
CVE ID: CVE-2023-25041
CVSS Score: 7.2 (High)
Researcher/s: FearZzZz
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/60a574c7-47de-4427-8d38-d510ea996f75
CVSS Score: 7.2 (High)
Researcher/s: FearZzZz
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/60a574c7-47de-4427-8d38-d510ea996f75
Gutenberg Forms <= 2.2.8.3 – Authenticated(Subscriber+) Sensitive Information Disclosure
CVE ID: CVE-2022-45803
CVSS Score: 6.5 (Medium)
Researcher/s: Nguyen Anh Tien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5964dd2a-e388-4454-89f6-aa71e1734d35
CVSS Score: 6.5 (Medium)
Researcher/s: Nguyen Anh Tien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5964dd2a-e388-4454-89f6-aa71e1734d35
Shortcodes Ultimate <= 5.12.6 – Authenticated (Subscriber+) Arbitrary File Read via Shortcode
CVE ID: CVE-2023-25050
CVSS Score: 6.5 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5dad7348-39ba-4163-a5eb-939601645edb
CVSS Score: 6.5 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5dad7348-39ba-4163-a5eb-939601645edb
Shortcodes Ultimate <= 5.12.6 – Authenticated (Subscriber+) Server-Side Request Forgery
CVE ID: CVE-2023-25050
CVSS Score: 6.5 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7bb6caf6-5676-49cd-8577-5a41b44b00c0
CVSS Score: 6.5 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7bb6caf6-5676-49cd-8577-5a41b44b00c0
Cost of Goods for WooCommerce <= 2.8.6 – Missing Authorization in save_costs
CVE ID: CVE-2023-23868
CVSS Score: 6.5 (Medium)
Researcher/s: Cat
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/984ca0d3-26c3-40cf-8e77-2ec1e3b89ce2
CVSS Score: 6.5 (Medium)
Researcher/s: Cat
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/984ca0d3-26c3-40cf-8e77-2ec1e3b89ce2
Icegram Express <= 5.5.2 – Unauthenticated CSV Injection
CVE ID: CVE-2022-45810
CVSS Score: 6.5 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a8077d07-acaf-40f2-bc0f-e28a44ead94c
CVSS Score: 6.5 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a8077d07-acaf-40f2-bc0f-e28a44ead94c
Quick Contact Form <= 8.0.3.1 – Cross-Site Request Forgery to Sensitive Information Disclosure
CVE ID: CVE-2023-25035
CVSS Score: 6.5 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b930ddd7-a2a3-4b83-a1a6-ea08bbcb07a3
CVSS Score: 6.5 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b930ddd7-a2a3-4b83-a1a6-ea08bbcb07a3
WP-Optimize <= 3.2.11 – Cross-Site Request Forgery
CVE ID: CVE Unknown
CVSS Score: 6.5 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c3190f9f-8b2f-4251-8804-f386e2c5678f
CVSS Score: 6.5 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c3190f9f-8b2f-4251-8804-f386e2c5678f
Cost of Goods for WooCommerce <= 2.8.6 – Cross-Site Request Forgery in save_costs
CVE ID: CVE Unknown
CVSS Score: 6.5 (Medium)
Researcher/s: Cat
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ee50731f-696f-4e9f-a930-05b2b23752de
CVSS Score: 6.5 (Medium)
Researcher/s: Cat
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ee50731f-696f-4e9f-a930-05b2b23752de
Scriptless Social Sharing <= 3.2.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Block Options
CVE ID: CVE-2023-0377
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/84c79b0e-01d2-4710-9a02-edceab8db22d
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/84c79b0e-01d2-4710-9a02-edceab8db22d
Quick Contact Form <= 8.0.3.1 – Authenticated (Contributor+) Stored Cross-Site Scripting
CVE ID: CVE-2023-23885
CVSS Score: 6.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/90654fac-b9c7-422f-8472-2a7c7fd0de0d
CVSS Score: 6.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/90654fac-b9c7-422f-8472-2a7c7fd0de0d
Icegram Collect <= 1.3.8 – Authenticated(Contributor+) Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-25024
CVSS Score: 6.4 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/93920201-fd53-45ad-983a-a2b04b96db77
CVSS Score: 6.4 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/93920201-fd53-45ad-983a-a2b04b96db77
Interactive Geo Maps <= 1.5.9 – Authenticated (Editor+) Stored Cross-Site Scripting
CVE ID: CVE-2023-0731
CVSS Score: 6.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/95ce515a-377c-49b4-8d1b-7ac22769c759
CVSS Score: 6.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/95ce515a-377c-49b4-8d1b-7ac22769c759
Quebely <= 1.8.4 – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘className’ Block Option
CVE ID: CVE-2023-0376
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/991aefb4-2e6b-48e6-bd19-98b21a57f6db
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/991aefb4-2e6b-48e6-bd19-98b21a57f6db
Visualizer <= 3.9.1 – Authenticated(Contributor+) Stored Cross-Site Scripting
CVE ID: CVE-2022-46848
CVSS Score: 6.4 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d32ceb67-8ad1-4f59-b4a8-63c9c3e8b90c
CVSS Score: 6.4 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d32ceb67-8ad1-4f59-b4a8-63c9c3e8b90c
Shortcodes Ultimate <= 5.12.6 – Authenticated (Contributor+) Stored Cross Site Scripting
CVE ID: CVE-2023-25040
CVSS Score: 6.4 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d449466d-e78a-48a3-8eff-90b56646dd6b
CVSS Score: 6.4 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d449466d-e78a-48a3-8eff-90b56646dd6b
WordPress Comments Import & Export <= 2.3.1 – CSV Injection
CVE ID: CVE-2022-45370
CVSS Score: 6.1 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5196a9f2-177d-48e1-b0dc-72e0727132d6
CVSS Score: 6.1 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5196a9f2-177d-48e1-b0dc-72e0727132d6
Pie Register <= 3.8.2.2 – Open Redirect
CVE ID: CVE-2023-0552
CVSS Score: 6.1 (Medium)
Researcher/s: Omar Amin
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8bbcbefa-f38d-4752-acca-3545976cc59f
CVSS Score: 6.1 (Medium)
Researcher/s: Omar Amin
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8bbcbefa-f38d-4752-acca-3545976cc59f
微信机器人高级版 <= 6.0.1 – Reflectedite Scripting
CVE ID: CVE-2022-45837
CVSS Score: 6.1 (Medium)
Researcher/s: minhtuanact
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9d2a238f-7192-49f0-be2e-3a35fca651d9
CVSS Score: 6.1 (Medium)
Researcher/s: minhtuanact
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9d2a238f-7192-49f0-be2e-3a35fca651d9
Link Juice Keeper <= 2.0.2 – Authenticated(Admin+) Stored Cross-Site Scripting
CVE ID: CVE Unknown
CVSS Score: 5.5 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/06511129-fb43-4ac1-9f5d-c637c9577293
CVSS Score: 5.5 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/06511129-fb43-4ac1-9f5d-c637c9577293
Chained Quiz <= 1.3.2.5 – Authenticated(Admin+) Stored Cross-Site Scripting
CVE ID: CVE-2023-25027
CVSS Score: 5.5 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/68ec28e8-345c-4017-ab0d-04ac4facd60c
CVSS Score: 5.5 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/68ec28e8-345c-4017-ab0d-04ac4facd60c
Quick Paypal Payments <= 5.7.25 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE Unknown
CVSS Score: 5.5 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/99e61ed1-df56-4e95-b4f9-3027ee7b7793
CVSS Score: 5.5 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/99e61ed1-df56-4e95-b4f9-3027ee7b7793
Arigato Autoresponder and Newsletter <= 2.7.1 – Authenticated(Admin+) Stored Cross-Site Scripting
CVE ID: CVE-2023-25031
CVSS Score: 5.5 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b1db421d-d935-4441-ae5e-cc01123e80e8
CVSS Score: 5.5 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b1db421d-d935-4441-ae5e-cc01123e80e8
Wicked Folders <= 2.18.16 – Cross-Site Request Forgery via ajax_add_folder
CVE ID: CVE-2023-0724
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/08c0ea6c-7e2f-482f-b30c-0e3bcd992159
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/08c0ea6c-7e2f-482f-b30c-0e3bcd992159
0mk Shortener <= 0.2 – Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE ID: CVE-2022-2933
CVSS Score: 5.4 (Medium)
Researcher/s: Juampa Rodríguez
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3b798c64-3434-427d-b578-5abbdac8cd0e
CVSS Score: 5.4 (Medium)
Researcher/s: Juampa Rodríguez
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3b798c64-3434-427d-b578-5abbdac8cd0e
Wicked Folders <= 2.18.16 – Missing Authorization on ajax_move_object
CVE ID: CVE-2023-0712
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0be428ae-40ae-4cc0-82ad-d121b6d2d27e
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0be428ae-40ae-4cc0-82ad-d121b6d2d27e
Wicked Folders <= 2.18.16 – Cross-Site Request Forgery via ajax_save_state
CVE ID: CVE-2023-0722
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/261a1bf0-a147-48c8-878e-f9b725ac74d8
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/261a1bf0-a147-48c8-878e-f9b725ac74d8
Wicked Folders <= 2.18.16 – Missing Authorization on ajax_add_folder
CVE ID: CVE-2023-0713
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2764b360-228d-48c1-8a29-d3764e532799
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2764b360-228d-48c1-8a29-d3764e532799
Wicked Folders <= 2.18.16 – Missing Authorization via ajax_unassign_folders
CVE ID: CVE-2023-0684
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/29358ea9-21b7-4294-8fc9-0d38e689cf53
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/29358ea9-21b7-4294-8fc9-0d38e689cf53
Wicked Folders <= 2.18.16 – Missing Authorization on ajax_save_folder
CVE ID: CVE-2023-0718
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2c26d6de-5653-4be8-9526-39b30cb61625
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2c26d6de-5653-4be8-9526-39b30cb61625
Wicked Folders <= 2.18.16 – Missing Authorization via ajax_delete_folder
CVE ID: CVE-2023-0717
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/35fb658f-6ffa-4df7-bfcd-25307d89fc26
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/35fb658f-6ffa-4df7-bfcd-25307d89fc26
Wicked Folders <= 2.18.16 – Missing Authorization on ajax_edit_folder
CVE ID: CVE-2023-0716
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3ad60a11-e307-4ec9-9099-091a87ff1d3b
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3ad60a11-e307-4ec9-9099-091a87ff1d3b
Wicked Folders <= 2.18.16 – Cross-Site Request Forgery via ajax_save_folder_order
CVE ID: CVE-2023-0730
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4104f69f-b185-498a-aabf-2126ffb94ab3
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4104f69f-b185-498a-aabf-2126ffb94ab3
Wicked Folders <= 2.18.16 – Cross-Site Request Forgery on ajax_save_folder
CVE ID: CVE-2023-0728
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/43b43802-f301-4748-98b9-eea78a249355
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/43b43802-f301-4748-98b9-eea78a249355
Wicked Folders <= 2.18.16 – Cross-Site Request Forgery via ajax_edit_folder
CVE ID: CVE-2023-0726
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/51b88442-3961-42e2-8ff4-7726819a7f0f
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/51b88442-3961-42e2-8ff4-7726819a7f0f
Wicked Folders <= 2.18.16 – Cross-Site Request Forgery via ajax_delete_folder
CVE ID: CVE-2023-0727
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/62b56928-7125-4211-b233-07b5b51881c1
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/62b56928-7125-4211-b233-07b5b51881c1
Auto Affiliate Links <= 6.2.1.5 – Authenticated(Subscriber+) Plugin Settings Change
CVE ID: CVE-2022-45840
CVSS Score: 5.4 (Medium)
Researcher/s: Nguyen Anh Tien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7f787c75-7b27-4256-ac0c-abc2988ea7c8
CVSS Score: 5.4 (Medium)
Researcher/s: Nguyen Anh Tien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7f787c75-7b27-4256-ac0c-abc2988ea7c8
Wicked Folders <= 2.18.16 – Cross-Site Request Forgery via ajax_clone_folder
CVE ID: CVE-2023-0725
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/80797183-c69f-4dce-a2e0-52a395ceffaa
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/80797183-c69f-4dce-a2e0-52a395ceffaa
Wicked Folders <= 2.18.16 – Missing Authorization on ajax_save_folder_order
CVE ID: CVE-2023-0720
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8d392d0b-f286-44da-aa32-a08d0279baed
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8d392d0b-f286-44da-aa32-a08d0279baed
Wicked Folders <= 2.18.16 – Missing Authorization on ajax_save_sort_order
CVE ID: CVE-2023-0719
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9b26604b-2423-4130-b0ef-8f63a392c760
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9b26604b-2423-4130-b0ef-8f63a392c760
Wicked Folders <= 2.18.16 – Cross-Site Request Forgery via ajax_save_sort_order
CVE ID: CVE-2023-0729
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ae8dbf54-ea62-4901-b34f-079b708ca0b5
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ae8dbf54-ea62-4901-b34f-079b708ca0b5
Wicked Folders <= 2.18.16 – Missing Authorization on ajax_clone_folder
CVE ID: CVE-2023-0715
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c3728280-3487-4cb2-8e37-f33811bc0a22
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c3728280-3487-4cb2-8e37-f33811bc0a22
WPCode <= 2.0.6 – Missing Authorization to Sensitive Key Disclosure/Update
CVE ID: CVE-2023-0328
CVSS Score: 5.4 (Medium)
Researcher/s: Sanjay Das
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c4b1cae3-dc08-43b1-9a20-62b7263efeba
CVSS Score: 5.4 (Medium)
Researcher/s: Sanjay Das
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c4b1cae3-dc08-43b1-9a20-62b7263efeba
Quiz And Survey Master <= 8.0.8 – Cross-Site Request Forgery to Arbitrary Media Deletion
CVE ID: CVE-2023-0292
CVSS Score: 5.4 (Medium)
Researcher/s: Julien Ahrens
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c75e6d27-7f6b-4bec-b653-c2024504f427
CVSS Score: 5.4 (Medium)
Researcher/s: Julien Ahrens
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c75e6d27-7f6b-4bec-b653-c2024504f427
Wicked Folders <= 2.18.16 – Missing Authorization via ajax_save_state
CVE ID: CVE-2023-0711
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d1c43e93-69a3-407e-860e-ab25af5d7177
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d1c43e93-69a3-407e-860e-ab25af5d7177
ShopLentor <= 2.5.1 – Cross-Site Request Forgery to Post Updates
CVE ID: CVE-2022-46798
CVSS Score: 5.4 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/db952443-2588-4da0-87d8-5bd2d3be039c
CVSS Score: 5.4 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/db952443-2588-4da0-87d8-5bd2d3be039c
Wicked Folders <= 2.18.16 – Cross-Site Request Forgery on ajax_move_object
CVE ID: CVE-2023-0723
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dc01108f-e781-484b-997a-c1d4e218a3f4
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dc01108f-e781-484b-997a-c1d4e218a3f4
Wicked Folders <= 2.18.16 – Cross-Site Request Forgery via ajax_unassign_folders
CVE ID: CVE-2023-0685
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e52b27fa-10e8-43d0-be29-774c2f5487ae
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e52b27fa-10e8-43d0-be29-774c2f5487ae
CURCY <= 2.1.25 – Missing Authorization to Currency Exchange Retrieval
CVE ID: CVE-2022-46796
CVSS Score: 5.3 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ca24aa2f-5d31-4128-af75-68bd24637ee7
CVSS Score: 5.3 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ca24aa2f-5d31-4128-af75-68bd24637ee7
Vulnerability: eCommerce Product Catalog plugin for WordPress <= 3.3.4 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-25049
CVSS Score: 4.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/46db2d07-66a6-4d9e-b0fd-ddf6119ba5be
CVSS Score: 4.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/46db2d07-66a6-4d9e-b0fd-ddf6119ba5be
Under Construction <= 3.96 – Cross-Site Request Forgery via admin_action_ucp_dismiss_notice
CVE ID: CVE-2023-0831
CVSS Score: 4.3 (Medium)
Researcher/s: Ramuel Gall, Alex Thomas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/031a1203-6b0d-453b-be8a-12e7f55cb401
CVSS Score: 4.3 (Medium)
Researcher/s: Ramuel Gall, Alex Thomas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/031a1203-6b0d-453b-be8a-12e7f55cb401
Booking Calendar Contact Form <= 1.2.34 – Missing Authorization to Authenticated (Subscriber+) Feedback Form Submission
CVE ID: CVE-2023-25037
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0563d2f0-fb29-4030-8d01-c257dda78241
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0563d2f0-fb29-4030-8d01-c257dda78241
Booking Calendar Contact Form <= 1.2.34 – Cross-Site Request Forgery via cpdexbccf_feedback
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/09932277-8af3-4790-96f0-fe5af0a0ed29
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/09932277-8af3-4790-96f0-fe5af0a0ed29
Podlove Podcast Publisher <= 3.8.3 – Cross-Site Request Forgery
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/17f2b07d-82de-4e25-9b17-ef4a1132e6c0
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/17f2b07d-82de-4e25-9b17-ef4a1132e6c0
A2 Optimized WP <= 3.0.4 – Cross Site Request Forgery
CVE ID: CVE-2023-23711
CVSS Score: 4.3 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/463fdbde-1d98-4f52-b835-cba1ae567f4f
CVSS Score: 4.3 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/463fdbde-1d98-4f52-b835-cba1ae567f4f
Under Construction <= 3.96 – Cross-Site Request Forgery via admin_action_install_weglot
CVE ID: CVE-2023-0832
CVSS Score: 4.3 (Medium)
Researcher/s: Ramuel Gall, Alex Thomas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4fa84388-3597-4a54-9ae8-d6e04afe9061
CVSS Score: 4.3 (Medium)
Researcher/s: Ramuel Gall, Alex Thomas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4fa84388-3597-4a54-9ae8-d6e04afe9061
Void Contact Form 7 Widget For Elementor Page Builder <= 2.1.1 – Cross-Site Request Forgery in void_cf7_opt_in_user_data_track
CVE ID: CVE-2022-47166
CVSS Score: 4.3 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/56a2084c-5120-4115-a027-625900d23ebc
CVSS Score: 4.3 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/56a2084c-5120-4115-a027-625900d23ebc
Ajax Search Lite <= 4.10.3 – Missing Authorization leading to Authenticated (Subscriber+) Sensitive Information Disclosure
CVE ID: CVE-2022-38456
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5f2c157b-cd5a-459d-8e26-859e686148dc
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5f2c157b-cd5a-459d-8e26-859e686148dc
Google Maps CP <= 1.0.43 – Cross-Site Request Forgery via feedback_action
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a4aed6ba-23a2-46b6-b7e1-7b7e462b1f5b
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a4aed6ba-23a2-46b6-b7e1-7b7e462b1f5b
All-in-one Google Analytics, Pixels and Product Feed Manager for WooCommerce <= 5.2.3 – Cross-Site Request Forgery
CVE ID: CVE-2022-46797
CVSS Score: 4.3 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/aae70da2-fcd8-4e33-8f38-5e19e0c14733
CVSS Score: 4.3 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/aae70da2-fcd8-4e33-8f38-5e19e0c14733
PayPal Brasil para WooCommerce <= 1.4.2 – Cross-Site Request Forgery
CVE ID: CVE-2023-25026
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b4a44a8a-740b-45dd-962c-945238f6ddee
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b4a44a8a-740b-45dd-962c-945238f6ddee
Google Maps CP <= 1.0.43 – Missing Authorization to Authenticated (Subscriber+) Feedback Form Submission
CVE ID: CVE-2023-25039
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bc9a2639-cec8-408e-9ba2-ffb6c8c7da21
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bc9a2639-cec8-408e-9ba2-ffb6c8c7da21
Mercado Pago payments for WooCommerce <= 6.3.1 – Cross-Site Request Forgery
CVE ID: CVE-2022-45068
CVSS Score: 4.3 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ce30649a-c1a0-42d5-b2e7-1ebe7989efa3
CVSS Score: 4.3 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ce30649a-c1a0-42d5-b2e7-1ebe7989efa3
Album and Image Gallery plus Lightbox <= 1.6.2 – Cross-Site Request Forgery
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/df1a3425-b1d7-4914-ab19-c215d4e845ea
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/df1a3425-b1d7-4914-ab19-c215d4e845ea
ColorWay <= 4.2.3 – Cross Site Request Forgery
CVE ID: CVE-2023-25447
CVSS Score: 4.3 (Medium)
Researcher/s: Dave Jong
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ecfa530c-a164-4215-b68a-7be81be3fd48
CVSS Score: 4.3 (Medium)
Researcher/s: Dave Jong
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ecfa530c-a164-4215-b68a-7be81be3fd48
If you’d like to receive this weekly vulnerability report by email, along with Wordfence Intelligence CE product updates, sign up to the Wordfence Intelligence Community Edition Newsletter by filling out this form below.
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence Community Edition leaderboard along with being mentioned in our weekly vulnerability report.
The post Wordfence Intelligence CE Weekly Vulnerability Report (Feb 6, 2023 to Feb 12, 2023) appeared first on Wordfence.
