Last week, there were 61 vulnerabilities disclosed in 54 WordPress Plugins and 1 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 28 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface and vulnerability API are completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
New Firewall Rules Deployed Last Week
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
- Booking Package <= 1.5.98 – Authorization Bypass to Arbitrary Password Reset
- Atarim – Client Interface <= 3.9.1 – Missing Authorization via AJAX actions
- HT Mega – Absolute Addons for Elementor <= 2.2.0 – Missing Authorization to Privilege Escalation
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
| Unpatched | 29 |
| Patched | 32 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
| Low Severity | 0 |
| Medium Severity | 49 |
| High Severity | 8 |
| Critical Severity | 4 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
| Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 24 |
| Cross-Site Request Forgery (CSRF) | 14 |
| Missing Authorization | 14 |
| Authorization Bypass Through User-Controlled Key | 4 |
| Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) | 2 |
| Information Exposure | 1 |
| Uncontrolled Resource Consumption (‘Resource Exhaustion’) | 1 |
| Unrestricted Upload of File with Dangerous Type | 1 |
Researchers That Contributed to WordPress Security Last Week
| Researcher Name | Number of Vulnerabilities |
| Alex Thomas (Wordfence Vulnerability Researcher) |
9 |
| LEE SE HYOUNG | 6 |
| Abdi Pranata | 6 |
| Lana Codes (Wordfence Vulnerability Researcher) |
3 |
| Rafie Muhammad | 3 |
| yuyudhn | 3 |
| Rio Darmawan | 2 |
| Muhammad Daffa | 2 |
| Elliot | 1 |
| Rafael B. | 1 |
| Bob Matyas | 1 |
| Kijam López | 1 |
| easyBug | 1 |
| Alex Sanford | 1 |
| Dipak Panchal | 1 |
| Yassir Sbai Fahim | 1 |
| Rafi Priatna Kasbiantoro | 1 |
| Pavitra Tiwari | 1 |
| Nguyen Anh Tien | 1 |
| Nithissh S | 1 |
| Friday | 1 |
| Dave Jong | 1 |
| PetiteMais | 1 |
| Yuki Haruma | 1 |
| Le Ngoc Anh | 1 |
| thiennv | 1 |
| TaeEun Lee | 1 |
| Paolo Elia | 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
| ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup | armember-membership |
| All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs – My Sticky Elements | mystickyelements |
| Animated Number Counters | animated-number-counters |
| Auto Location for WP Job Manager via Google | auto-location-for-wp-job-manager |
| BadgeOS | badgeos |
| Baidu Tongji generator | baidu-tongji-generator |
| Booking Package | booking-package |
| Bulk edit image alt tag, caption & description – WordPress Media Library Helper by Codexin | media-library-helper |
| Classified Listing – Classified ads & Business Directory Plugin | classified-listing |
| Coming Soon Page – Responsive Coming Soon & Maintenance Mode | responsive-coming-soon-page |
| Cryptocurrency Widgets – Price Ticker & Coins List | cryptocurrency-price-ticker-widget |
| FluentSMTP – WP Mail SMTP, Amazon SES, SendGrid, MailGun and Any SMTP Connector Plugin | fluent-smtp |
| Getnet Argentina para Woocommerce | integrar-getnet-con-woo |
| Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) | gift-voucher |
| HT Mega – Absolute Addons For Elementor | ht-mega-for-elementor |
| Header Footer Code Manager | header-footer-code-manager |
| Image Regenerate & Select Crop | image-regenerate-select-crop |
| Image Social Feed Plugin | add-instagram |
| Kingkong Board | kingkong-board |
| LMS by Masteriyo – WordPress Learning Management System, eLearning Platform, Online Education System & Online Course Builder | learning-management-system |
| LearnPress – WordPress LMS Plugin | learnpress |
| Livestream Notice | livestream-notice |
| Menubar | menubar |
| Mobile Call Now & Map Buttons | mobile-call-now-map-buttons |
| Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress | ninja-forms |
| Product Category Tree | product-category-tree |
| Querlo Chatbot | querlo-chatbots |
| RSVPMaker | rsvpmaker |
| Reservation.Studio widget | reservation-studio-widget |
| SMTP Mail | smtp-mail |
| Secondary Title | secondary-title |
| ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution (formerly WooLentor) | woolentor-addons |
| Simple Giveaways – Grow your business, email lists and traffic with contests | giveasap |
| Simple Light Weight Social Share (Tweet, Like, Share and Linkedin) | only-tweet-like-share-and-google-1 |
| Simple Site Verify | simple-site-verify |
| Social Share Boost | social-share-boost |
| SrbTransLatin – Serbian Latinisation | srbtranslatin |
| Sublanguage | sublanguage |
| User Registration – Custom Registration Form, Login Form And User Profile For WordPress | user-registration |
| Video Gallery – YouTube Playlist, Channel Gallery by YotuWP | yotuwp-easy-youtube-embed |
| Visibility Logic for Elementor | visibility-logic-elementor |
| Visual Website Collaboration, Feedback & Project Management – Atarim | atarim-visual-collaboration |
| WP Content Copy Protection & No Right Click | wp-content-copy-protector |
| WP Dummy Content Generator | wp-dummy-content-generator |
| WP Full Stripe Free | wp-full-stripe-free |
| WP Mail Log | wp-mail-log |
| WP RSS Images | wp-rss-images |
| WP Reroute Email | wp-reroute-email |
| WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc | wp-sms |
| WP-Cirrus | wp-cirrus |
| WP-Optimize – Cache, Clean, Compress. | wp-optimize |
| WordPress Mobile Pack – Mobile Plugin for Progressive Web Apps & Hybrid Mobile Apps | wordpress-mobile-pack |
| oAuth Twitter Feed for Developers | oauth-twitter-feed-for-developers |
| wpForo Forum | wpforo |
WordPress Themes with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
| WPLMS Learning Management System for WordPress, WordPress LMS | wplms |
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities.
User Registration <= 3.0.2 – Authenticated (Subscriber+) Arbitrary File Upload
Affected Software: User Registration – Custom Registration Form, Login Form And User Profile For WordPress
CVE ID: CVE-2023-3342
CVSS Score: 9.9 (Critical)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a979e885-f7dd-4616-a881-64f3d97c309d
CVE ID: CVE-2023-3342
CVSS Score: 9.9 (Critical)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a979e885-f7dd-4616-a881-64f3d97c309d
HT Mega – Absolute Addons for Elementor <= 2.2.0 – Missing Authorization to Privilege Escalation
Affected Software: HT Mega – Absolute Addons For Elementor
CVE ID: CVE Unknown
CVSS Score: 9.8 (Critical)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/46f3cc62-c2d8-45af-bb92-c2040789cbc0
CVE ID: CVE Unknown
CVSS Score: 9.8 (Critical)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/46f3cc62-c2d8-45af-bb92-c2040789cbc0
Booking Package <= 1.5.98 – Authorization Bypass to Arbitrary Password Reset
Affected Software: Booking Package
CVE ID: CVE-2023-37389
CVSS Score: 9.8 (Critical)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/65166432-a877-4070-94c1-cdaf7e5d7586
CVE ID: CVE-2023-37389
CVSS Score: 9.8 (Critical)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/65166432-a877-4070-94c1-cdaf7e5d7586
Atarim – Client Interface <= 3.9.1 – Missing Authorization via AJAX actions
Affected Software: Visual Website Collaboration, Feedback & Project Management – Atarim
CVE ID: CVE Unknown
CVSS Score: 9.1 (Critical)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/15f3a6e1-6126-4825-b2b1-e40dc5694f43
CVE ID: CVE Unknown
CVSS Score: 9.1 (Critical)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/15f3a6e1-6126-4825-b2b1-e40dc5694f43
Getnet Argentina para Woocommerce 0.0.1 – 0.0.4 – Authorization Bypass via webhook
Affected Software: Getnet Argentina para Woocommerce
CVE ID: CVE-2023-3525
CVSS Score: 7.5 (High)
Researcher/s: Kijam López
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/245e9117-ca63-458e-a094-60a759f5ec19
CVE ID: CVE-2023-3525
CVSS Score: 7.5 (High)
Researcher/s: Kijam López
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/245e9117-ca63-458e-a094-60a759f5ec19
LearnPress <= 4.2.3 – Missing Authorization to Information Exposure
Affected Software: LearnPress – WordPress LMS Plugin
CVE ID: CVE-2023-36515
CVSS Score: 7.3 (High)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ea136a60-aa42-4577-88b6-a49c79098954
CVE ID: CVE-2023-36515
CVSS Score: 7.3 (High)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ea136a60-aa42-4577-88b6-a49c79098954
WP Reroute Email <= 1.4.9 – Unauthenticated Stored Cross-Site Scripting via Email Subject
Affected Software: WP Reroute Email
CVE ID: CVE-2023-3168
CVSS Score: 7.2 (High)
Researcher/s: Alex Thomas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4a0e962b-b6a0-4179-91d0-5ede508a9895
CVE ID: CVE-2023-3168
CVSS Score: 7.2 (High)
Researcher/s: Alex Thomas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4a0e962b-b6a0-4179-91d0-5ede508a9895
RSVPMarker <= 10.5.4 – Authenticated (Administrator+) SQL Injection via ‘resend’
Affected Software: RSVPMaker
CVE ID: CVE-2023-29095
CVSS Score: 7.2 (High)
Researcher/s: Rafi Priatna Kasbiantoro
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6709f9b0-0915-4361-9fb0-1f2696e26c2f
CVE ID: CVE-2023-29095
CVSS Score: 7.2 (High)
Researcher/s: Rafi Priatna Kasbiantoro
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6709f9b0-0915-4361-9fb0-1f2696e26c2f
WP Mail Log <= 1.1.1 – Unauthenticated Stored Cross-Site Scripting via Email
Affected Software: WP Mail Log
CVE ID: CVE-2023-3088
CVSS Score: 7.2 (High)
Researcher/s: Alex Thomas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/86ee1acb-6f0c-40e6-80a0-fc93b61c1602
CVE ID: CVE-2023-3088
CVSS Score: 7.2 (High)
Researcher/s: Alex Thomas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/86ee1acb-6f0c-40e6-80a0-fc93b61c1602
SMTP Mail <= 1.2.16 – Unauthenticated Stored Cross-Site Scripting via Email Subject
Affected Software: SMTP Mail
CVE ID: CVE-2023-3092
CVSS Score: 7.2 (High)
Researcher/s: Alex Thomas
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8ae734d1-0cd4-4ff5-8448-828b0fb64f70
CVE ID: CVE-2023-3092
CVSS Score: 7.2 (High)
Researcher/s: Alex Thomas
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8ae734d1-0cd4-4ff5-8448-828b0fb64f70
Coming Soon <= 1.5.8 – Authenticated (Administrator+) SQL Injection
Affected Software: Coming Soon Page – Responsive Coming Soon & Maintenance Mode
CVE ID: CVE-2022-46849
CVSS Score: 7.2 (High)
Researcher/s: Le Ngoc Anh
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9a371489-031e-483e-9fde-3901b55710c6
CVE ID: CVE-2022-46849
CVSS Score: 7.2 (High)
Researcher/s: Le Ngoc Anh
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9a371489-031e-483e-9fde-3901b55710c6
FluentSMTP <= 2.2.4 – Unauthenticated Stored Cross-Site Scripting via Email Subject
Affected Software: FluentSMTP – WP Mail SMTP, Amazon SES, SendGrid, MailGun and Any SMTP Connector Plugin
CVE ID: CVE-2023-3087
CVSS Score: 7.2 (High)
Researcher/s: Alex Thomas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fa47a794-e5ce-491d-a10b-c7c5718aa853
CVE ID: CVE-2023-3087
CVSS Score: 7.2 (High)
Researcher/s: Alex Thomas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fa47a794-e5ce-491d-a10b-c7c5718aa853
ARMember <= 4.0.5 – Cross-Site Request Forgery
Affected Software: ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
CVE ID: CVE-2023-3011
CVSS Score: 6.5 (Medium)
Researcher/s: Alex Thomas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/42f5f29b-2d83-4b15-82aa-0598f8a2317b
CVE ID: CVE-2023-3011
CVSS Score: 6.5 (Medium)
Researcher/s: Alex Thomas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/42f5f29b-2d83-4b15-82aa-0598f8a2317b
Masteriyo – LMS for WordPress <= 1.6.7 – Sensitive Information Exposure
Affected Software: LMS by Masteriyo – WordPress Learning Management System, eLearning Platform, Online Education System & Online Course Builder
CVE ID: CVE-2023-3345
CVSS Score: 6.5 (Medium)
Researcher/s: Yassir Sbai Fahim
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5e8933b8-1e09-4cd7-8206-711cc0716dba
CVE ID: CVE-2023-3345
CVSS Score: 6.5 (Medium)
Researcher/s: Yassir Sbai Fahim
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5e8933b8-1e09-4cd7-8206-711cc0716dba
Simple Giveaways <= 2.46.0 – Missing Authorization
Affected Software: Simple Giveaways – Grow your business, email lists and traffic with contests
CVE ID: CVE-2023-23893
CVSS Score: 6.5 (Medium)
Researcher/s: Nguyen Anh Tien
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/721f8943-5d59-41ee-935e-999dff2e590d
CVE ID: CVE-2023-23893
CVSS Score: 6.5 (Medium)
Researcher/s: Nguyen Anh Tien
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/721f8943-5d59-41ee-935e-999dff2e590d
BadgeOS <= 3.7.1.6 – Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Deletion
Affected Software: BadgeOS
CVE ID: CVE-2023-2173
CVSS Score: 6.5 (Medium)
Researcher/s: Alex Thomas
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ebb9e37c-9e8b-429b-b4ef-cd875351852c
CVE ID: CVE-2023-2173
CVSS Score: 6.5 (Medium)
Researcher/s: Alex Thomas
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ebb9e37c-9e8b-429b-b4ef-cd875351852c
Querlo Chatbot <= 1.2.4 – Authenticated (Subscriber+) Stored Cross-Site Scripting
Affected Software: Querlo Chatbot
CVE ID: CVE-2023-3418
CVSS Score: 6.4 (Medium)
Researcher/s: Rafael B.
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/157ea849-7947-4d0d-9ecf-7705f9039c8d
CVE ID: CVE-2023-3418
CVSS Score: 6.4 (Medium)
Researcher/s: Rafael B.
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/157ea849-7947-4d0d-9ecf-7705f9039c8d
Secondary Title <= 2.0.9.1 – Authenticated (Contributor+) Stored Cross-Site Scripting
Affected Software: Secondary Title
CVE ID: CVE-2023-28773
CVSS Score: 6.4 (Medium)
Researcher/s: TaeEun Lee
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f5ab7d3e-b0c8-4e30-942b-23d91daff2ac
CVE ID: CVE-2023-28773
CVSS Score: 6.4 (Medium)
Researcher/s: TaeEun Lee
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f5ab7d3e-b0c8-4e30-942b-23d91daff2ac
WPLMS < 4.900 – Cross-Site Request Forgery
Affected Software: WPLMS Learning Management System for WordPress, WordPress LMS
CVE ID: CVE-2023-36690
CVSS Score: 6.3 (Medium)
Researcher/s: Dave Jong
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9071acdf-8d40-4e8b-8d1f-be2cabf3d66e
CVE ID: CVE-2023-36690
CVSS Score: 6.3 (Medium)
Researcher/s: Dave Jong
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9071acdf-8d40-4e8b-8d1f-be2cabf3d66e
Kingkong Board <= 2.1.0.2 – Missing Authorization
Affected Software: Kingkong Board
CVE ID: CVE-2023-36694
CVSS Score: 6.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d7b33199-d254-4d0c-88d0-ad2f7515d747
CVE ID: CVE-2023-36694
CVSS Score: 6.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d7b33199-d254-4d0c-88d0-ad2f7515d747
wpForo Forum <= 2.1.8 – Reflected Cross-Site Scripting via ‘wpforo_debug’
Affected Software: wpForo Forum
CVE ID: CVE-2023-2309
CVSS Score: 6.1 (Medium)
Researcher/s: Alex Sanford
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/35b6a26a-d7c1-4538-87f3-fcb1095797a3
CVE ID: CVE-2023-2309
CVSS Score: 6.1 (Medium)
Researcher/s: Alex Sanford
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/35b6a26a-d7c1-4538-87f3-fcb1095797a3
WP-Optimize <= 3.2.12 & SrbTransLatin <= 2.4 – Stored/Reflected Cross-Site Scripting via Third Party Library
Affected Software/s: SrbTransLatin – Serbian Latinisation, WP-Optimize – Cache, Clean, Compress.
CVE ID: CVE-2023-1119
CVSS Score: 6.1 (Medium)
Researcher/s: Paolo Elia
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fdb822e8-583e-4437-a735-b116aa8886e2
CVE ID: CVE-2023-1119
CVSS Score: 6.1 (Medium)
Researcher/s: Paolo Elia
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fdb822e8-583e-4437-a735-b116aa8886e2
Animated Number Counters <= 1.6 – Authenticated (Editor+) Stored Cross-Site Scripting
Affected Software: Animated Number Counters
CVE ID: CVE-2023-24393
CVSS Score: 5.5 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e87ea6b5-4288-4ebb-8a29-e0a179e6b584
CVE ID: CVE-2023-24393
CVSS Score: 5.5 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e87ea6b5-4288-4ebb-8a29-e0a179e6b584
WordPress Mobile Pack <= 3.4.1 – Cross-Site Request Forgery
Affected Software: WordPress Mobile Pack – Mobile Plugin for Progressive Web Apps & Hybrid Mobile Apps
CVE ID: CVE-2023-37391
CVSS Score: 5.4 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1f545c20-5be1-42bc-9268-640590ee4bf2
CVE ID: CVE-2023-37391
CVSS Score: 5.4 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1f545c20-5be1-42bc-9268-640590ee4bf2
LearnPress <= 4.2.3 – Missing Authorization
Affected Software: LearnPress – WordPress LMS Plugin
CVE ID: CVE Unknown
CVSS Score: 5.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/389277fd-e47e-42df-9305-61ceedbcfb29
CVE ID: CVE Unknown
CVSS Score: 5.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/389277fd-e47e-42df-9305-61ceedbcfb29
Sublanguage <= 2.9 – Missing Authorization
Affected Software: Sublanguage
CVE ID: CVE-2023-36695
CVSS Score: 5.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/50726c57-8d42-4143-9e75-d30513d8d0e2
CVE ID: CVE-2023-36695
CVSS Score: 5.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/50726c57-8d42-4143-9e75-d30513d8d0e2
Header Footer Code Manager <= 1.1.34 – Cross-Site Request Forgery via process_bulk_action
Affected Software: Header Footer Code Manager
CVE ID: CVE Unknown
CVSS Score: 5.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/60493635-b1b0-4e76-8f73-16c223d7b4d7
CVE ID: CVE Unknown
CVSS Score: 5.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/60493635-b1b0-4e76-8f73-16c223d7b4d7
BadgeOS <= 3.7.1.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: BadgeOS
CVE ID: CVE-2023-2171
CVSS Score: 5.4 (Medium)
Researcher/s: Alex Thomas
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/74a280e1-e4b6-4bd9-882b-d9f185332d61
CVE ID: CVE-2023-2171
CVSS Score: 5.4 (Medium)
Researcher/s: Alex Thomas
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/74a280e1-e4b6-4bd9-882b-d9f185332d61
Menubar <= 5.8.2 – Cross-Site Request Forgery in wpm-admin.php
Affected Software: Menubar
CVE ID: CVE-2023-36687
CVSS Score: 5.4 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/be10894d-2a86-4f07-8119-e6eac8c9c950
CVE ID: CVE-2023-36687
CVSS Score: 5.4 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/be10894d-2a86-4f07-8119-e6eac8c9c950
Image Regenerate & Select Crop <= 7.1.0 – Missing Authorization
Affected Software: Image Regenerate & Select Crop
CVE ID: CVE-2023-36680
CVSS Score: 5.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cb7335c0-b6ed-43bb-91b7-870093d14cb8
CVE ID: CVE-2023-36680
CVSS Score: 5.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cb7335c0-b6ed-43bb-91b7-870093d14cb8
LearnPress <= 4.2.3 – Missing Authorization
Affected Software: LearnPress – WordPress LMS Plugin
CVE ID: CVE-2023-36516
CVSS Score: 5.4 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e91e864a-20f6-48a2-ab9f-d20836207383
CVE ID: CVE-2023-36516
CVSS Score: 5.4 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e91e864a-20f6-48a2-ab9f-d20836207383
Product Category Tree <= 2.5 – Missing Authorization
Affected Software: Product Category Tree
CVE ID: CVE-2023-29173
CVSS Score: 5.3 (Medium)
Researcher/s: Friday
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/88840d66-1644-4af0-b811-41f0e9fe2c0c
CVE ID: CVE-2023-29173
CVSS Score: 5.3 (Medium)
Researcher/s: Friday
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/88840d66-1644-4af0-b811-41f0e9fe2c0c
Ninja Forms <= 3.6.25 – Denial of Service via Large Form Submissions
Affected Software: Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress
CVE ID: CVE-2023-35909
CVSS Score: 5.3 (Medium)
Researcher/s: PetiteMais
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/952a3e52-4e23-4bc4-92d3-e15ae2f3d28b
CVE ID: CVE-2023-35909
CVSS Score: 5.3 (Medium)
Researcher/s: PetiteMais
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/952a3e52-4e23-4bc4-92d3-e15ae2f3d28b
Cryptocurrency Widgets – Price Ticker & Coins List <= 2.6.2 – Missing Authorization
Affected Software: Cryptocurrency Widgets – Price Ticker & Coins List
CVE ID: CVE-2023-36681
CVSS Score: 5.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dec2855c-71a8-46b2-819a-d85cd11a1a24
CVE ID: CVE-2023-36681
CVSS Score: 5.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dec2855c-71a8-46b2-819a-d85cd11a1a24
WP Dummy Content Generator <= 2.3.0 – Missing Authorization
Affected Software: WP Dummy Content Generator
CVE ID: CVE-2023-37394
CVSS Score: 5.3 (Medium)
Researcher/s: thiennv
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f4dad030-41e4-4d67-8650-8d268c44d352
CVE ID: CVE-2023-37394
CVSS Score: 5.3 (Medium)
Researcher/s: thiennv
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f4dad030-41e4-4d67-8650-8d268c44d352
Auto Location for WP Job Manager via Google <= 1.0 – Authenticated (Administrator+) Stored Cross Site Scripting
Affected Software: Auto Location for WP Job Manager via Google
CVE ID: CVE-2023-3344
CVSS Score: 4.4 (Medium)
Researcher/s: Bob Matyas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/19a70aa0-7075-4922-8feb-25b7fbe9da42
CVE ID: CVE-2023-3344
CVSS Score: 4.4 (Medium)
Researcher/s: Bob Matyas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/19a70aa0-7075-4922-8feb-25b7fbe9da42
WP Full Stripe Free <= 1.6.1 – Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: WP Full Stripe Free
CVE ID: CVE-2023-28934
CVSS Score: 4.4 (Medium)
Researcher/s: easyBug
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2afbc0a4-32ad-4fc4-9b10-5c06784f72f3
CVE ID: CVE-2023-28934
CVSS Score: 4.4 (Medium)
Researcher/s: easyBug
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2afbc0a4-32ad-4fc4-9b10-5c06784f72f3
Social Share Boost <= 4.4 – Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Social Share Boost
CVE ID: CVE-2023-25044
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/41d09e93-8503-41e8-85d3-8550dc8f85bd
CVE ID: CVE-2023-25044
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/41d09e93-8503-41e8-85d3-8550dc8f85bd
WP-Cirrus <= 0.6.11 – Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: WP-Cirrus
CVE ID: CVE-2023-36692
CVSS Score: 4.4 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4cab3c9c-39c6-4279-9573-858b0592c3fa
CVE ID: CVE-2023-36692
CVSS Score: 4.4 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4cab3c9c-39c6-4279-9573-858b0592c3fa
All-in-one Floating Contact Form <= 2.1.1 – Authenticated(Administrator+) Stored Cross-Site Scripting via plugin settings
Affected Software: All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs – My Sticky Elements
CVE ID: CVE-2023-3248
CVSS Score: 4.4 (Medium)
Researcher/s: Dipak Panchal
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/52538617-a1d1-40ed-8321-e39d06869398
CVE ID: CVE-2023-3248
CVSS Score: 4.4 (Medium)
Researcher/s: Dipak Panchal
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/52538617-a1d1-40ed-8321-e39d06869398
Livestream Notice <= 1.2.0 – Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Livestream Notice
CVE ID: CVE-2023-27621
CVSS Score: 4.4 (Medium)
Researcher/s: Pavitra Tiwari
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/69d957d3-a0d5-44ec-a9b0-8c9b41175379
CVE ID: CVE-2023-27621
CVSS Score: 4.4 (Medium)
Researcher/s: Pavitra Tiwari
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/69d957d3-a0d5-44ec-a9b0-8c9b41175379
Reservation.Studio widget <= 1.0.9 – Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Reservation.Studio widget
CVE ID: CVE-2023-24397
CVSS Score: 4.4 (Medium)
Researcher/s: Nithissh S
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7caa4c73-cf57-4f99-8bc6-6fd02308a58f
CVE ID: CVE-2023-24397
CVSS Score: 4.4 (Medium)
Researcher/s: Nithissh S
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7caa4c73-cf57-4f99-8bc6-6fd02308a58f
Video Gallery <= 1.3.12 – Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Video Gallery – YouTube Playlist, Channel Gallery by YotuWP
CVE ID: CVE-2023-25477
CVSS Score: 4.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/93b5bc57-3bfa-4477-a9d4-f0563008cf94
CVE ID: CVE-2023-25477
CVSS Score: 4.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/93b5bc57-3bfa-4477-a9d4-f0563008cf94
WP Content Copy Protection & No Right Click <= 3.5.5 – Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: WP Content Copy Protection & No Right Click
CVE ID: CVE-2023-36678
CVSS Score: 4.4 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9589d44b-55c3-45b4-84bb-c86143de3f95
CVE ID: CVE-2023-36678
CVSS Score: 4.4 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9589d44b-55c3-45b4-84bb-c86143de3f95
Simple Light Weight Social Share (Tweet, Like, Share and Linkedin) <= 2.0 – Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Simple Light Weight Social Share (Tweet, Like, Share and Linkedin)
CVE ID: CVE-2023-37388
CVSS Score: 4.4 (Medium)
Researcher/s: Yuki Haruma
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/98780ecc-fb45-4392-955d-ddecf9f7fca1
CVE ID: CVE-2023-37388
CVSS Score: 4.4 (Medium)
Researcher/s: Yuki Haruma
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/98780ecc-fb45-4392-955d-ddecf9f7fca1
Mobile Call Now & Map Buttons <= 1.5.0 – Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Mobile Call Now & Map Buttons
CVE ID: CVE-2023-24401
CVSS Score: 4.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a10ee756-1b71-4232-817c-1ba6ead7f0f0
CVE ID: CVE-2023-24401
CVSS Score: 4.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a10ee756-1b71-4232-817c-1ba6ead7f0f0
Simple Site Verify <= 1.0.7 – Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Simple Site Verify
CVE ID: CVE-2023-36688
CVSS Score: 4.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b1ea7e04-d3b3-43fa-be9a-a2d5ac3e34c3
CVE ID: CVE-2023-36688
CVSS Score: 4.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b1ea7e04-d3b3-43fa-be9a-a2d5ac3e34c3
Image Social Feed Plugin <= 1.7.6 – Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Image Social Feed Plugin
CVE ID: CVE-2023-24412
CVSS Score: 4.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bcaa19b0-2d55-4a0c-98e7-9a38488dd922
CVE ID: CVE-2023-24412
CVSS Score: 4.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bcaa19b0-2d55-4a0c-98e7-9a38488dd922
oAuth Twitter Feed for Developers <= 2.3.0 – Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: oAuth Twitter Feed for Developers
CVE ID: CVE-2023-25042
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fa3819b1-8e7c-4e97-bac5-96d73d935845
CVE ID: CVE-2023-25042
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fa3819b1-8e7c-4e97-bac5-96d73d935845
Gift Cards (Gift Vouchers and Packages) <= 4.3.5 – Cross-Site Request Forgery in new_voucher_template.php
Affected Software: Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported)
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0007d830-2e68-4c2f-8fac-f4363bc2d73d
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0007d830-2e68-4c2f-8fac-f4363bc2d73d
WP Dummy Content Generator <= 2.3.0 – Cross-Site Request Forgery
Affected Software: WP Dummy Content Generator
CVE ID: CVE-2023-37392
CVSS Score: 4.3 (Medium)
Researcher/s: Elliot
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0576737d-8330-4a80-af70-4f0eab6657ed
CVE ID: CVE-2023-37392
CVSS Score: 4.3 (Medium)
Researcher/s: Elliot
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0576737d-8330-4a80-af70-4f0eab6657ed
Classified Listing <= 2.4.5 – Cross-Site Request Forgery via rtcl_ajax_thumbnail_delete
Affected Software: Classified Listing – Classified ads & Business Directory Plugin
CVE ID: CVE-2023-37387
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2352dce7-5302-4892-9ae2-bf814f029af4
CVE ID: CVE-2023-37387
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2352dce7-5302-4892-9ae2-bf814f029af4
WooLentor <= 2.6.2 – Cross-Site Request Forgery via process_data
Affected Software: ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution (formerly WooLentor)
CVE ID: CVE-2022-47172
CVSS Score: 4.3 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5c068079-0857-4116-8edb-1bc2fea3c6b7
CVE ID: CVE-2022-47172
CVSS Score: 4.3 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5c068079-0857-4116-8edb-1bc2fea3c6b7
BadgeOS <= 3.7.1.6 – Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Title Overwrite
Affected Software: BadgeOS
CVE ID: CVE-2023-2172
CVSS Score: 4.3 (Medium)
Researcher/s: Alex Thomas
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5dae8e82-e252-48d9-ae1f-62acfcd17e2b
CVE ID: CVE-2023-2172
CVSS Score: 4.3 (Medium)
Researcher/s: Alex Thomas
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5dae8e82-e252-48d9-ae1f-62acfcd17e2b
BadgeOS <= 3.7.1.6 – Missing Authorization in delete_badgeos_log_entries
Affected Software: BadgeOS
CVE ID: CVE-2023-2174
CVSS Score: 4.3 (Medium)
Researcher/s: Alex Thomas
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/64e0adbc-c524-4f9d-9741-ce69edf888f7
CVE ID: CVE-2023-2174
CVSS Score: 4.3 (Medium)
Researcher/s: Alex Thomas
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/64e0adbc-c524-4f9d-9741-ce69edf888f7
Visibility Logic for Elementor <= 2.3.4 – Missing Authorization via admin_post ‘toggle_option’
Affected Software: Visibility Logic for Elementor
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/72c04de6-78d2-4a45-834a-01ed879b528f
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/72c04de6-78d2-4a45-834a-01ed879b528f
WP SMS <= 6.1.5 – Cross-Site Request Forgery
Affected Software: WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/747afa58-182a-4fb3-bfe3-f15db0b1d85a
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/747afa58-182a-4fb3-bfe3-f15db0b1d85a
Baidu Tongji generator <= 1.0.2 – Cross-Site Request Forgery
Affected Software: Baidu Tongji generator
CVE ID: CVE-2023-31230
CVSS Score: 4.3 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8438ea46-9ac1-4ef5-a436-e438c35a4321
CVE ID: CVE-2023-31230
CVSS Score: 4.3 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8438ea46-9ac1-4ef5-a436-e438c35a4321
WP RSS Images <= 1.1 – Cross-Site Request Forgery
Affected Software: WP RSS Images
CVE ID: CVE-2023-36693
CVSS Score: 4.3 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/adb70798-2ef9-4384-bcca-8862afa044ed
CVE ID: CVE-2023-36693
CVSS Score: 4.3 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/adb70798-2ef9-4384-bcca-8862afa044ed
Visibility Logic for Elementor <= 2.3.4 – Cross-Site Request Forgery via toggle_option
Affected Software: Visibility Logic for Elementor
CVE ID: CVE-2022-47169
CVSS Score: 4.3 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bb8aca3a-e4f7-41d6-9ea9-d189817c2c04
CVE ID: CVE-2022-47169
CVSS Score: 4.3 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bb8aca3a-e4f7-41d6-9ea9-d189817c2c04
Media Library Helper by Codexin <= 1.2.0 – Cross-Site Request Forgery via rate_the_plugin_action
Affected Software: Bulk edit image alt tag, caption & description – WordPress Media Library Helper by Codexin
CVE ID: CVE-2023-37386
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dc2356b2-e153-4e80-bfac-c25c15cdc259
CVE ID: CVE-2023-37386
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dc2356b2-e153-4e80-bfac-c25c15cdc259
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (July 3, 2023 to July 9, 2023) appeared first on Wordfence.
