Wordfence Intelligence Weekly WordPress Vulnerability Report (October 2, 2023 to October 8, 2023)

Last week, there were 92 vulnerabilities disclosed in 88 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 37 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API and webhook integration are completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Individuals and Enterprises can use the vulnerability Database API to receive a complete dump of our database of over 12,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:

Dropshipping & Affiliation with Amazon <= 2.1.2 – Authenticated (Subscriber+) Arbitrary File Upload

Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.

Total Unpatched & Patched Vulnerabilities Last Week

Patch Status	Number of Vulnerabilities
Unpatched	57
Patched	35

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating	Number of Vulnerabilities
Low Severity	1
Medium Severity	80
High Severity	11
Critical Severity	0

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE	Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)	37
Cross-Site Request Forgery (CSRF)	30
Missing Authorization	11
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)	7
Information Exposure	3
URL Redirection to Untrusted Site (‘Open Redirect’)	1
Unrestricted Upload of File with Dangerous Type	1
Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’)	1
Guessable CAPTCHA	1

Researchers That Contributed to WordPress Security Last Week

Researcher Name	Number of Vulnerabilities
Mika	19
Rio Darmawan	7
yuyudhn	5
Lana Codes (Wordfence Vulnerability Researcher)	5
Abdi Pranata	5
Rafie Muhammad	3
Vladislav Pokrovsky	2
Taihei Shimamine	2
minhtuanact	2
spacecroupier	2
Prasanna V Balaji	2
Le Ngoc Anh	2
deokhunKim	2
Alex Thomas (Wordfence Vulnerability Researcher)	2
LEE SE HYOUNG	2
BuShiYue	1
Phd	1
TomS	1
OZ1NG (TOOR, LISA)	1
thiennv	1
konagash	1
Robert DeVore	1
qilin_99	1
Jonas Höbenreich	1
NeginNrb	1
emad	1
Joshua Chan	1
An Đặng	1
Emili Castells	1
resecured.io	1
Marco Wotschka (Wordfence Vulnerability Researcher)	1
Nguyen Anh Tien	1
n0paew	1
Ravi Dharmawan	1
Truoc Phan	1
Yebin Lee	1
Nithissh S	1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.

WordPress Plugins with Reported Vulnerabilities Last Week

Software Name	Software Slug
AI ChatBot	chatbot
AI Content Writing Assistant (Content Writer, GPT 3 & 4, ChatGPT, Image Generator) All in One	ai-content-writing-assistant
Abandoned Cart Lite for WooCommerce	woocommerce-abandoned-cart
Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress	advanced-page-visit-counter
AmpedSense – AdSense Split Tester	ampedsense-adsense-split-tester
Automated Editor	automated-editor
Blog Filter – Advanced Post Filtering with Categories Or Tags, Post Portfolio Gallery, Blog Design Template, Post Layout	blog-filter
Blog Manager Light	blog-manager-light
Bold Timeline Lite	bold-timeline-lite
Booster for WooCommerce	woocommerce-jetpack
Bulk NoIndex & NoFollow Toolkit	bulk-noindex-nofollow-toolkit-by-mad-fish
Captcha/Honeypot (CF7, Avada, Elementor, Comments, WPForms) – GDPR ready	captcha-for-contact-form-7
Category Meta plugin	wp-category-meta
Comment Reply Email	comment-reply-email
Complete Open Graph	complete-open-graph
Connect to external APIs – WPGetAPI	wpgetapi
Contact Form by Supsystic	contact-form-by-supsystic
Contact form Form For All – Easy to use, fast, 37 languages.	formforall
Copy or Move Comments	copy-or-move-comments
Customer Reviews for WooCommerce	customer-reviews-woocommerce
Dropshipping & Affiliation with Amazon	wp-amazon-shop
Export All Posts, Products, Orders, Refunds & Users	wp-ultimate-exporter
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder	form-maker
Fotomoto	fotomoto
Geo Controller	cf-geoplugin
GoodBarber	goodbarber
Gumroad	gumroad
Hitsteps Web Analytics	hitsteps-visitor-manager
Hotjar	hotjar
IRivYou – Add reviews from AliExpress and Amazon to woocommerce	wooreviews-importer
Image vertical reel scroll slideshow	image-vertical-reel-scroll-slideshow
Instagram for WordPress	instagram-for-wordpress
Interactive World Map	interactive-world-map
LeadSquared Suite	leadsquared-suite
MStore API	mstore-api
Mailrelay	mailrelay
Marker.io – Visual Website Feedback	marker-io
Media Library Assistant	media-library-assistant
Mendeley Plugin	mendeleyplugin
OPcache Dashboard	opcache
Open User Map	open-user-map
Optimize Database after Deleting Revisions	rvg-optimize-database
Order auto complete for WooCommerce	order-auto-complete-for-woocommerce
POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress	post-smtp
Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress	wp-user-avatar
Permalinks Customizer	permalinks-customizer
Pinpoint Booking System – #1 WordPress Booking Plugin	booking-system
Podcast Subscribe Buttons	podcast-subscribe-buttons
Post View Count	wp-simple-post-view
Pressference Exporter	pressference-exporter
Product Category Tree	product-category-tree
Profile Extra Fields by BestWebSoft	profile-extra-fields
Publish Confirm Message	publish-confirm-message
Redirection for Contact Form 7	wpcf7-redirect
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login	custom-registration-form-builder-with-submission-manager
SendPulse Free Web Push	sendpulse-web-push
Seriously Simple Stats	seriously-simple-stats
Sharkdropship for AliExpress Dropship and Affiliate	wooshark-aliexpress-importer
Short URL	shorten-url
ShortCodes UI	shortcodes-ui
Simple SEO	cds-simple-seo
Smart Cookie Kit	smart-cookie-kit
Social Feed \| Custom Feed for Social Media Networks	wp-social-feed
Social Metrics	social-metrics
Social proof testimonials and reviews by Repuso	social-testimonials-and-reviews-widget
Sp*tify Play Button for WordPress	spotify-play-button-for-wordpress
Stout Google Calendar	stout-google-calendar
Timely Booking Button	timely-booking-button
Urvanov Syntax Highlighter	urvanov-syntax-highlighter
User Location and IP	user-location-and-ip
Video Gallery – Best WordPress YouTube Gallery Plugin	gallery-videos
WOLF – WordPress Posts Bulk Editor and Manager Professional	bulk-editor
WP Bing Map Pro	api-bing-map-2018
WP Content Pilot – Autoblogging & Affiliate Marketing Plugin	wp-content-pilot
WP Custom Widget area	wp-custom-widget-area
WP Forms Puzzle Captcha	wp-forms-puzzle-captcha
WP Mail SMTP Pro	wp-mail-smtp-pro
WP Power Stats	wp-power-stats
WP Responsive header image slider	responsive-header-image-slider
WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission Plugin	wp-user-frontend
WhitePage	white-page-publication
WooCommerce Login Redirect	woo-login-redirect
WooODT Lite – WooCommerce Order Delivery or Pickup with Date Time Location	byconsole-woo-order-delivery-time
WordPress Popular Posts	wordpress-popular-posts
WordPress Simple HTML Sitemap	wp-simple-html-sitemap
YouTube Playlist Player	youtube-playlist-player
affiliate-toolkit – WordPress Affiliate Plugin	affiliate-toolkit-starter
canvasio3D Light	canvasio3d-light

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

Dropshipping & Affiliation with Amazon <= 2.1.2 – Authenticated (Subscriber+) Arbitrary File Upload

Affected Software: Dropshipping & Affiliation with Amazon
CVE ID: CVE-2023-31215
CVSS Score: 8.8 (High)
Researcher/s: spacecroupier
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/17240c75-4e2a-45d2-8114-414c7e81af87

Advanced Page Visit Counter <= 7.1.1 – Authenticated (Contributor+) SQL Injection

Affected Software: Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress
CVE ID: CVE-2023-45074
CVSS Score: 8.8 (High)
Researcher/s: TomS
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1810cea5-cfca-4699-bf09-0e474d04acb6

MStore API <= 4.0.6 – Authenticated (Subscriber+) SQL Injection

Affected Software: MStore API
CVE ID: CVE-2023-45055
CVSS Score: 8.8 (High)
Researcher/s: Truoc Phan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a8b10d0c-e2fc-47a3-9df9-8df58eee964c

Copy Or Move Comments <= 5.0.4 – Authenticated (Subscriber+) SQL Injection

Affected Software: Copy or Move Comments
CVE ID: CVE-2023-28748
CVSS Score: 8.8 (High)
Researcher/s: minhtuanact
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e2b020c3-0eb9-4ff1-b94e-e32452695b5d

Sharkdropship for AliExpress Dropship and Affiliate <= 2.2.3 – Missing Authorization

Affected Software: Sharkdropship for AliExpress Dropship and Affiliate
CVE ID: CVE-2023-30870
CVSS Score: 7.3 (High)
Researcher/s: spacecroupier
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f8812cfe-4bbe-44ba-9513-7f81bad68d11

Form Maker by 10Web <= 1.15.18 – Unauthenticated Stored Cross-Site Scripting

Affected Software: Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
CVE ID: CVE-2023-45071
CVSS Score: 7.2 (High)
Researcher/s: Vladislav Pokrovsky
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/05b434f7-6bce-4ad0-bd12-db5b01f14953

AmpedSense – AdSense Split Tester <= 4.68 – Unauthenticated Cross-Site Scripting

Affected Software: AmpedSense – AdSense Split Tester
CVE ID: CVE-2023-25476
CVSS Score: 7.2 (High)
Researcher/s: Prasanna V Balaji
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/266bbcab-7d41-4c38-b136-24da61728977

Post SMTP <= 2.6.0 – Authenticated (Administrator+) SQL Injection

Affected Software: POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress
CVE ID: CVE Unknown
CVSS Score: 7.2 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3816a6cf-8157-4ad9-83f6-93c9b6c6275f

Seriously Simple Stats <= 1.5.0 – Authenticated (Podcast manager+) SQL Injection via order_by

Affected Software: Seriously Simple Stats
CVE ID: CVE-2023-45001
CVSS Score: 7.2 (High)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/46150f65-e662-4539-ae99-eaee297a2608

Video Gallery – YouTube Gallery <= 2.0.2 – Authenticated (Administrator+) SQL Injection

Affected Software: Video Gallery – Best WordPress YouTube Gallery Plugin
CVE ID: CVE-2023-45069
CVSS Score: 7.2 (High)
Researcher/s: Ravi Dharmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a8382051-ae17-4719-94b5-3cfb0b5e82b1

Pressference Exporter <= 1.0.3 – Authenticated (Administrator+) SQL Injection

Affected Software: Pressference Exporter
CVE ID: CVE-2023-45046
CVSS Score: 7.2 (High)
Researcher/s: Nithissh S
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c12ba39f-03bc-4a45-b2f4-368f48c0a57b

YouTube Playlist Player <= 4.6.7 – Authenticated (Contributor+) Stored Cross-Site Scripting

Affected Software: YouTube Playlist Player
CVE ID: CVE-2023-45049
CVSS Score: 6.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/02cffe63-dad2-4f6b-9530-7f494e3071d7

Podcast Subscribe Buttons <= 1.4.8 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Affected Software: Podcast Subscribe Buttons
CVE ID: CVE-2023-5308
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/17dbfb82-e380-464a-bfaf-2d0f6bf07f25

Instagram for WordPress <= 2.1.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Affected Software: Instagram for WordPress
CVE ID: CVE-2023-5357
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3991d8d0-57a8-42e7-a53c-97508f7e137f

WP Responsive header image slider <= 3.2.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Affected Software: WP Responsive header image slider
CVE ID: CVE-2023-5334
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6953dea2-ca2d-4283-97c2-45c3420d9390

User Location and IP <= 1.6 – Authenticated (Contributor+) Stored Cross-Site Scripting

Affected Software: User Location and IP
CVE ID: CVE-2023-31217
CVSS Score: 6.4 (Medium)
Researcher/s: deokhunKim
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7e501592-4411-4c0a-aa67-e2d0a29d5d35

Smart Cookie Kit <= 2.3.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

Affected Software: Smart Cookie Kit
CVE ID: CVE-2023-45608
CVSS Score: 6.4 (Medium)
Researcher/s: resecured.io
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9b726e21-ff76-43ea-beb1-f68e94d3b7a4

Media Library Assistant <= 3.11 – Authenticated (Author+) Stored Cross-Site Scripting

Affected Software: Media Library Assistant
CVE ID: CVE-2023-24385
CVSS Score: 6.4 (Medium)
Researcher/s: n0paew
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a1603dc9-7f5e-47e1-8a81-27bb4df1aa4f

WordPress Popular Posts <= 6.3.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Affected Software: WordPress Popular Posts
CVE ID: CVE-2023-45607
CVSS Score: 6.4 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a91e8713-a760-4acd-9987-2a6b11dbdd56

Contact form Form For All <= 1.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Affected Software: Contact form Form For All – Easy to use, fast, 37 languages.
CVE ID: CVE-2023-5337
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/abe2f596-b2c3-49d3-b646-0f4b64f15674

Blog Filter <= 1.5.3 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Affected Software: Blog Filter – Advanced Post Filtering with Categories Or Tags, Post Portfolio Gallery, Blog Design Template, Post Layout
CVE ID: CVE-2023-5291
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b95c1bf7-bb05-44d3-a185-7e38e62b7201

Gumroad <= 3.1.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

Affected Software: Gumroad
CVE ID: CVE-2023-45059
CVSS Score: 6.4 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cd2abab4-f93c-454d-928d-128a490da0e2

WP Simple HTML Sitemap <= 2.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

Affected Software: WordPress Simple HTML Sitemap
CVE ID: CVE-2023-45067
CVSS Score: 6.4 (Medium)
Researcher/s: deokhunKim
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fca6d469-60e7-4866-a53c-d207817c9204

WPGetAPI 2.1.0 – 2.2.1 – Authenticated (Subscriber+) Arbitrary Options Update

Affected Software: Connect to external APIs – WPGetAPI
CVE ID: CVE Unknown
CVSS Score: 6.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/39003835-80df-49c7-982a-346bf328565c

Bulk NoIndex & NoFollow Toolkit <= 1.42 – Reflected Cross-Site Scripting via ‘s’

Affected Software: Bulk NoIndex & NoFollow Toolkit
CVE ID: CVE-2023-45065
CVSS Score: 6.1 (Medium)
Researcher/s: Phd
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0e4f6305-d003-478e-a8ef-0b254084f56f

Form Maker by 10Web <= 1.15.18 – Reflected Cross-Site Scripting

Affected Software: Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
CVE ID: CVE-2023-45070
CVSS Score: 6.1 (Medium)
Researcher/s: Vladislav Pokrovsky
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1b1db6b8-f005-488f-b2cc-667acc700b0a

RegistrationMagic <= 5.2.4.1 – Reflected Cross-Site Scripting via section_id

Affected Software: RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login
CVE ID: CVE Unknown
CVSS Score: 6.1 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2d010e55-d57a-49f7-a991-76b676b88f1e

Fotomoto <= 1.2.8 – Reflected Cross-Site Scripting

Affected Software: Fotomoto
CVE ID: CVE-2023-45007
CVSS Score: 6.1 (Medium)
Researcher/s: OZ1NG (TOOR, LISA)
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2fbeee6b-cbc0-462e-96ba-2fd4f54786b0

Download canvasio3D Light <= 2.4.6 – Reflected Cross-Site Scripting

Affected Software: canvasio3D Light
CVE ID: CVE-2023-45062
CVSS Score: 6.1 (Medium)
Researcher/s: thiennv
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/39b8f6d8-bca2-4bf2-93ab-868270df8752

Product Category Tree <= 2.5 – Reflected Cross-Site Scripting

Affected Software: Product Category Tree
CVE ID: CVE-2023-45054
CVSS Score: 6.1 (Medium)
Researcher/s: Le Ngoc Anh
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3e03ecc0-5ca1-4d64-a6d7-257325bcc5cb

Seriously Simple Stats <= 1.5.1 – Reflected Cross-Site Scripting

Affected Software: Seriously Simple Stats
CVE ID: CVE-2023-45005
CVSS Score: 6.1 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/92734acf-2021-4217-8cdd-a9d269198db3

OPcache Dashboard <= 0.3.1 – Reflected Cross-Site Scripting via ‘page’

Affected Software: OPcache Dashboard
CVE ID: CVE-2023-45064
CVSS Score: 6.1 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d3d6104b-eb2d-4e7e-98bd-6a46bd69ef5c

WooODT Lite <= 2.4.6 – Reflected Cross-Site Scripting

Affected Software: WooODT Lite – WooCommerce Order Delivery or Pickup with Date Time Location
CVE ID: CVE-2023-45006
CVSS Score: 6.1 (Medium)
Researcher/s: Le Ngoc Anh
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ede4b8ad-3c12-4ed8-9eda-806afa580bad

Social Feed <= 2.2.0 – Reflected Cross-Site Scripting

Affected Software: Social Feed | Custom Feed for Social Media Networks
CVE ID: CVE-2023-45003
CVSS Score: 6.1 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f124b5a0-b58b-45ff-bd22-7a09a9abd9bd

Simple SEO <= 2.0.23 – Cross-Site Request Forgery via multiple admin_post functions

Affected Software: Simple SEO
CVE ID: CVE-2023-45269
CVSS Score: 5.4 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/053b72c6-07bb-4e9f-ae25-da4bce91ae6e

Post View Count <= 1.8.2 – Cross-Site Request Forgery

Affected Software: Post View Count
CVE ID: CVE-2023-44996
CVSS Score: 5.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/114cf149-e923-4e21-9eb0-e38941799304

WP Forms Puzzle Captcha <= 4.1 – Cross-Site Request Forgery

Affected Software: WP Forms Puzzle Captcha
CVE ID: CVE-2023-44997
CVSS Score: 5.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1c75edd2-fc38-48b1-b58c-1d19c95c3db8

Urvanov Syntax Highlighter <= 2.8.33 – Cross-Site Request Forgery via init_ajax

Affected Software: Urvanov Syntax Highlighter
CVE ID: CVE-2023-45106
CVSS Score: 5.4 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3c85fa64-4761-4b92-bd4f-7c220cf18288

Social proof testimonials and reviews by Repuso <= 5.00 – Cross-Site Request Forgery

Affected Software: Social proof testimonials and reviews by Repuso
CVE ID: CVE-2023-45048
CVSS Score: 5.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/526aa2e5-06bd-4b4c-a331-315f8ab37858

LeadSquared Suite <= 0.7.4 – Cross-Site Request Forgery

Affected Software: LeadSquared Suite
CVE ID: CVE-2023-45047
CVSS Score: 5.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8da42003-f2d8-4837-84b2-e0e7171fa3fe

Customer Reviews for WooCommerce <= 5.36.0 – Missing Authorization in Reviews Exporter

Affected Software: Customer Reviews for WooCommerce
CVE ID: CVE-2023-45101
CVSS Score: 5.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d60f3da1-1184-4629-880c-ce3893fb55a5

Pinpoint Booking System <= 2.9.9.4.0 – Cross-Site Request Forgery via initBackEndAJAX

Affected Software: Pinpoint Booking System – #1 WordPress Booking Plugin
CVE ID: CVE-2023-45270
CVSS Score: 5.4 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f4dfb4b5-b2a5-40bd-9dfb-863baa563d06

Optimize Database after Deleting Revisions <= 5.0.110 – Missing Authorization via ‘odb_csv_download’

Affected Software: Optimize Database after Deleting Revisions
CVE ID: CVE Unknown
CVSS Score: 5.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/09050c1e-26e0-46e7-b5f0-ebaff4066b0a

Profile Extra Fields by BestWebSoft <= 1.2.7 – Missing Authorization to Sensitive Information Exposure

Affected Software: Profile Extra Fields by BestWebSoft
CVE ID: CVE-2023-4469
CVSS Score: 5.3 (Medium)
Researcher/s: Alex Thomas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/916c73e8-a150-4b35-8773-ea0ec29f7fd1

Redirection for Contact Form 7 <= 2.9.2 – Missing Authorization

Affected Software: Redirection for Contact Form 7
CVE ID: CVE-2023-39920
CVSS Score: 5.3 (Medium)
Researcher/s: Nguyen Anh Tien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9cf17c08-25b7-450d-acd9-963a1f79e495

WP Mail SMTP Pro <= 3.8.0 – Missing Authorization to Information Dislcosure via is_print_page

Affected Software: WP Mail SMTP Pro
CVE ID: CVE-2023-3213
CVSS Score: 5.3 (Medium)
Researcher/s: Alex Thomas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a813251b-a4c1-4b23-ad03-dcc1f4f19eb9

ChatBot <= 4.7.8 – Cross-Site Request Forgery via qc_wp_latest_update_check

Affected Software: AI ChatBot
CVE ID: CVE-2023-44993
CVSS Score: 5.3 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/be9522c8-3561-48fe-89ef-62e0fcb085b0

Open User Map | Everybody can add locations <= 1.3.26 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Open User Map
CVE ID: CVE-2023-45056
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/08593415-bbc9-4159-b5d5-84e4dde6c2c9

Complete Open Graph <= 3.4.5 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Complete Open Graph
CVE ID: CVE-2023-45010
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0f3303db-9ba6-4638-ba96-151cf91db85b

Timely Booking Button <= 2.0.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Timely Booking Button
CVE ID: CVE-2023-44987
CVSS Score: 4.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2eb3b568-8689-4184-8091-0b84aa6b472d

Abandoned Cart Lite for WooCommerce <= 5.15.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Abandoned Cart Lite for WooCommerce
CVE ID: CVE-2023-44986
CVSS Score: 4.4 (Medium)
Researcher/s: Robert DeVore
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/524e9ec1-9c7c-4b06-915c-8122ea6c3601

Geo Controller <= 8.5.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Geo Controller
CVE ID: CVE Unknown
CVSS Score: 4.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6faf7e36-52d7-4578-bb71-2b64a761692b

Mendeley <= 1.3.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Mendeley Plugin
CVE ID: CVE-2023-45073
CVSS Score: 4.4 (Medium)
Researcher/s: NeginNrb
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7b56c684-90f6-4e8b-86fc-355a13b5368c

WOLF <= 1.0.7.1 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: WOLF – WordPress Posts Bulk Editor and Manager Professional
CVE ID: CVE-2023-44990
CVSS Score: 4.4 (Medium)
Researcher/s: emad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/85b439ea-08f9-4b4e-80da-7c5f80bc2818

Image vertical reel scroll slideshow <= 9.0 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Image vertical reel scroll slideshow
CVE ID: CVE-2023-45051
CVSS Score: 4.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/91b06d7d-7e92-49f0-b161-9b25318edfeb

Order auto complete for WooCommerce <= 1.2.0 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Order auto complete for WooCommerce
CVE ID: CVE-2023-45072
CVSS Score: 4.4 (Medium)
Researcher/s: Emili Castells
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9521ad5b-83c3-487e-a69e-ca057777bc9e

Hotjar <= 1.0.15 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Hotjar
CVE ID: CVE-2023-1259
CVSS Score: 4.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9c640bcb-b6bf-4865-b713-32ca846e4ed9

Social Metrics <= 2.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Social Metrics
CVE ID: CVE-2023-44263
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b3267339-2f28-40b9-b6ff-fdfe0d67bdc8

Comment Reply Email <= 1.0.3 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Comment Reply Email
CVE ID: CVE-2023-45008
CVSS Score: 4.4 (Medium)
Researcher/s: Yebin Lee
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ba7d0ab4-55a5-47f4-b66e-27e963ab2268

Hitsteps Web Analytics <= 5.86 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Hitsteps Web Analytics
CVE ID: CVE-2023-45057
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f68a386b-544f-4aa2-8ae5-4d57ddd07b63

Publish Confirm Message <= 1.3.1 – Cross-Site Request Forgery

Affected Software: Publish Confirm Message
CVE ID: CVE-2023-32124
CVSS Score: 4.3 (Medium)
Researcher/s: Taihei Shimamine
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/05c2707c-c737-4f95-83e0-b0a4e0883d4b

Sp*tify Play Button for WordPress <= 2.10 – Cross-Site Request Forgery

Affected Software: Sp*tify Play Button for WordPress
CVE ID: CVE-2023-41131
CVSS Score: 4.3 (Medium)
Researcher/s: BuShiYue
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0b82fae0-4eec-41ea-90e2-9d08258805b3

Contact Form by Supsystic <= 1.7.27 – Cross-Site Request Forgery

Affected Software: Contact Form by Supsystic
CVE ID: CVE-2023-45068
CVSS Score: 4.3 (Medium)
Researcher/s: Taihei Shimamine
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/16dc1927-2171-4234-805b-6e4eed99fa90

WhitePage <= 1.1.5 – Cross-Site Request Forgery via params_api_form.php

Affected Software: WhitePage
CVE ID: CVE-2023-45109
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1b377236-bb56-4d31-837a-c5064d46a6c6

Automated Editor <= 1.3 – Cross-Site Request Forgery via admin menu pages

Affected Software: Automated Editor
CVE ID: CVE-2023-45276
CVSS Score: 4.3 (Medium)
Researcher/s: Prasanna V Balaji
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/27799988-cb2b-41c7-ad9a-aade59d31fa3

Stout Google Calendar <= 1.2.3 – Cross-Site Request Forgery via sgc_plugin_options

Affected Software: Stout Google Calendar
CVE ID: CVE-2023-45273
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/33efcbb4-2bb9-4414-bc95-55bedb92c551

WP Content Pilot – Autoblogging & Affiliate Marketing Plugin <= 1.3.3 – Authenticated (Contributor+) Content Injection

Affected Software: WP Content Pilot – Autoblogging & Affiliate Marketing Plugin
CVE ID: CVE-2023-45053
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/373c10df-0d9c-4f76-8d1f-cad6bcfed141

Blog Manager Light <= 1.20 – Cross-Site Request Forgery via bml_settings

Affected Software: Blog Manager Light
CVE ID: CVE-2023-45102
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/38307432-399e-4887-867c-9eb2a0d90d70

Mailrelay <= 2.1.1 – Cross-Site Request Forgery via render_admin_page

Affected Software: Mailrelay
CVE ID: CVE-2023-45108
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3c07a2fe-97b1-45ec-bbd9-9353d679ed49

AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One <= 1.1.5 – Cross-Site Request Forgery

Affected Software: AI Content Writing Assistant (Content Writer, GPT 3 & 4, ChatGPT, Image Generator) All in One
CVE ID: CVE-2023-45063
CVSS Score: 4.3 (Medium)
Researcher/s: konagash
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3de1bcd7-24a8-4566-819b-d6653344e132

IRivYou <= 2.2.1 – Cross-Site Request Forgery via saveOptionsReviewsPlugin

Affected Software: IRivYou – Add reviews from AliExpress and Amazon to woocommerce
CVE ID: CVE-2023-45267
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5607cc07-5104-45d0-8279-ba0ef3ebcbe9

GoodBarber <= 1.0.22 – Cross-Site Request Forgery via admin_options

Affected Software: GoodBarber
CVE ID: CVE-2023-45107
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/57774f93-e6c0-46e6-8019-eab00b2b48ff

WP Bing Map Pro <= 4.1.4 – Cross-Site Request Forgery via AJAX actions

Affected Software: WP Bing Map Pro
CVE ID: CVE-2023-45052
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5abc627d-2d8e-44e6-8e8e-ad9f55cbb0d8

Interactive World Map <= 3.2.0 – Cross-Site Request Forgery

Affected Software: Interactive World Map
CVE ID: CVE-2023-45060
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5b559a48-3c8b-4f8a-9627-c4f838d20af3

WP Custom Widget area <= 1.2.5 – Missing Authorization

Affected Software: WP Custom Widget area
CVE ID: CVE-2023-45045
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/64559d37-0c6b-45f5-8a2a-6e70cb5e423c

SendPulse Free Web Push <= 1.3.1 – Cross-Site Request Forgery via sendpulse_config

Affected Software: SendPulse Free Web Push
CVE ID: CVE-2023-45274
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/654727e0-6129-47c7-94f3-10567b1a42d4

Hitsteps Web Analytics <= 5.86 – Cross-Site Request Forgery via hst_optionpage

Affected Software: Hitsteps Web Analytics
CVE ID: CVE-2023-45268
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7252075f-9326-4f04-bdd9-b244609c9cd3

WP User Frontend <= 3.6.8 – Missing Authorization via AJAX actions

Affected Software: WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission Plugin
CVE ID: CVE-2023-45002
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8e8e967f-f627-4c0c-ac0f-0a66ae25c602

ShortCodes UI <= 1.9.8 – Cross-Site Request Forgery

Affected Software: ShortCodes UI
CVE ID: CVE-2023-44994
CVSS Score: 4.3 (Medium)
Researcher/s: An Đặng
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/90e69e43-597c-4c18-b581-d99dacefb9b8

Short URL <= 1.6.8 – Cross-Site Request Forgery

Affected Software: Short URL
CVE ID: CVE-2023-45058
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/95c5a219-0b04-424c-a3dd-d705b1b41ddc

Bold Timeline Lite <= 1.1.9 – Missing Authorization to Admin Notice Dismissal

Affected Software: Bold Timeline Lite
CVE ID: CVE-2023-45110
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9bbabf5e-dbfc-4b01-94ae-0e8fd6b3cc26

Booster for WooCommerce <= 7.1.1 – Authenticated (Subscriber+) Information Disclosure via Shortcode

Affected Software: Booster for WooCommerce
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a1426809-b245-4868-be87-c96b3c5c05f9

WP Power Stats <= 2.2.3 – Cross-Site Request Forgery

Affected Software: WP Power Stats
CVE ID: CVE-2023-45011
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a86a694b-5e45-4e94-a22c-2c5faa7172a2

WooCommerce Login Redirect <= 2.2.4 – Cross-Site Request Forgery

Affected Software: WooCommerce Login Redirect
CVE ID: CVE-2023-44995
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a8b0d708-4f74-4e6d-9581-f65caf976d45

Permalinks Customizer <= 2.8.2 – Cross-Site Request Forgery via post_settings

Affected Software: Permalinks Customizer
CVE ID: CVE-2023-45103
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bf1f402d-98d7-42d7-8d8d-ff74a65e5293

Category Meta <= 1.2.8 – Cross-Site Request Forgery

Affected Software: Category Meta plugin
CVE ID: CVE-2023-44998
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bf2ddc42-9910-40e5-9546-89f229b852da

Marker.io <= 1.1.6 – Cross-Site Request Forgery

Affected Software: Marker.io – Visual Website Feedback
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c49b3841-370b-42ed-9545-e69c2544642d

Customer Reviews for WooCommerce <= 5.36.0 – Missing Authorization

Affected Software: Customer Reviews for WooCommerce
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c5429fb1-7072-4a00-8fb3-48d4f876417f

affiliate-toolkit – WordPress Affiliate Plugin <= 3.3.9 – Open Redirect via atkpout.php

Affected Software: affiliate-toolkit – WordPress Affiliate Plugin
CVE ID: CVE-2023-45105
CVSS Score: 3.4 (Low)
Researcher/s: minhtuanact
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/06b332de-4f94-47dc-a573-53514adaf5c0

As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (October 2, 2023 to October 8, 2023) appeared first on Wordfence.