Wordfence just launched its bug bounty program. Over the next 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now!
Last week, there were 79 vulnerabilities disclosed in 64 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 22 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Enterprises, Hosting Providers, and even Indivudals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 12,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
New Firewall Rules Deployed Last Week
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
- 10Web Booster <= 2.24.14 – Unauthenticated Arbitrary Option Deletion
- WooODT Lite <= 2.4.6 – Missing Authorization to Arbitrary Options Update
- MStore API <= 4.10.7 – Unauthorized Account Access and Privilege Escalation
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
| Unpatched | 15 |
| Patched | 64 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
| Low Severity | 0 |
| Medium Severity | 54 |
| High Severity | 23 |
| Critical Severity | 2 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
| Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 23 |
| Missing Authorization | 19 |
| Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) | 16 |
| Cross-Site Request Forgery (CSRF) | 13 |
| Unrestricted Upload of File with Dangerous Type | 2 |
| Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) | 2 |
| Protection Mechanism Failure | 2 |
| Improper Control of Generation of Code (‘Code Injection’) | 1 |
| Authorization Bypass Through User-Controlled Key | 1 |
Researchers That Contributed to WordPress Security Last Week
| Researcher Name | Number of Vulnerabilities |
| Lana Codes (Wordfence Vulnerability Researcher) |
22 |
| Alex Thomas (Wordfence Vulnerability Researcher) |
14 |
| Abdi Pranata | 7 |
| Marco Wotschka (Wordfence Vulnerability Researcher) |
4 |
| yuyudhn | 4 |
| Duc Manh | 4 |
| Naveen Muthusamy | 2 |
| Mika | 2 |
| Ala Arfaoui | 2 |
| Vladislav Pokrovsky | 1 |
| DoYeon Park (p6rkdoye0n) | 1 |
| Emili Castells | 1 |
| Rachit Arora | 1 |
| Revan Arifio | 1 |
| dc11 | 1 |
| NGÔ THIÊN AN (ancorn_) | 1 |
| Rafie Muhammad | 1 |
| Brandon James Roldan | 1 |
| lttn | 1 |
| thiennv | 1 |
| Cat | 1 |
| Huynh Tien Si | 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
| AI ChatBot | chatbot |
| Admin Bar & Dashboard Access Control | admin-bar-dashboard-control |
| Ads by datafeedr.com | ads-by-datafeedrcom |
| Advance Menu Manager | advance-menu-manager |
| Animated Rotating Words (Interchanging Random Words in a Sentence) | css3-rotating-words |
| Apollo13 Framework Extensions | apollo13-framework-extensions |
| Auto Publish for Google My Business | wp-google-my-business-auto-publish |
| Basic Interactive World Map | basic-interactive-world-map |
| Comments Ratings | comments-ratings |
| Comments – wpDiscuz | wpdiscuz |
| Decorator – WooCommerce Email Customizer | decorator-woocommerce-email-customizer |
| Defender Security – Malware Scanner, Login Security & Firewall | defender-security |
| Digirisk | digirisk |
| Drag and Drop Multiple File Upload – Contact Form 7 | drag-and-drop-multiple-file-upload-contact-form-7 |
| Easy PayPal Shopping Cart | easy-paypal-shopping-cart |
| Email Templates Customizer and Designer for WordPress and WooCommerce | email-templates |
| Finale Lite – Sales Countdown Timer & Discount for WooCommerce | finale-woocommerce-sales-countdown-timer-discount |
| Gift Up Gift Cards for WordPress and WooCommerce | gift-up |
| GiveWP – Donation Plugin and Fundraising Platform | give |
| HTML filter and csv-file search | hk-filter-and-search |
| Icons Font Loader | icons-font-loader |
| IdeaPush | ideapush |
| Image horizontal reel scroll slideshow | image-horizontal-reel-scroll-slideshow |
| Image vertical reel scroll slideshow | image-vertical-reel-scroll-slideshow |
| Information Reel | information-reel |
| Interact: Embed A Quiz On Your Site | interact-quiz-embed |
| Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free | funnelforms-free |
| Jquery accordion slideshow | jquery-accordion-slideshow |
| Jquery news ticker | jquery-news-ticker |
| Kadence WooCommerce Email Designer | kadence-woocommerce-email-designer |
| Layer Slider | slider-slideshow |
| Left right image slideshow gallery | left-right-image-slideshow-gallery |
| Linker | linker |
| Live updates from Excel | ipushpull |
| Message ticker | message-ticker |
| Popup with fancybox | popup-with-fancybox |
| Post Sliders & Post Grids | post-slider-carousel |
| Product Catalog Mode For Woocommerce | woocommerce-catalog-enquiry |
| SEO Slider | seo-slider |
| Short URL | shorten-url |
| ShortCodes UI | shortcodes-ui |
| Social Feed | All social media in one place | add-facebook |
| Solid Security – Password, Two Factor Authentication, and Brute Force Protection | better-wp-security |
| Superb slideshow gallery | superb-slideshow-gallery |
| The Plus Addons for Elementor Page Builder | theplus_elementor_addon |
| Top 10 – WordPress Popular posts by WebberZone | top-10 |
| Top 25 Social Icons | top-25-social-icons |
| Up down image slideshow gallery | up-down-image-slideshow-gallery |
| UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress | userswp |
| Vertical marquee plugin | vertical-marquee-plugin |
| WP Affiliate Disclosure | wp-affiliate-disclosure |
| WP Customer Reviews | wp-customer-reviews |
| WP Meta and Date Remover | wp-meta-and-date-remover |
| WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine | wp-travel |
| WP fade in text news | wp-fade-in-text-news |
| WooODT Lite – WooCommerce Order Delivery or Pickup with Date Time Location | byconsole-woo-order-delivery-time |
| Wp anything slider | wp-anything-slider |
| Wp photo text slider 50 | wp-photo-text-slider-50 |
| Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress | youzify |
| iPages Flipbook For WordPress | ipages-flipbook |
| idbbee | idbbee |
| iframe forms | iframe-forms |
| video carousel slider with lightbox | wp-responsive-video-gallery-with-lightbox |
| wp image slideshow | wp-image-slideshow |
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
The Plus Addons for Elementor Pro <= 5.2.8 – Unauthenticated Local File Inclusion
Affected Software: The Plus Addons for Elementor Page Builder
CVE ID: CVE-2023-47178
CVSS Score: 9.8 (Critical)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4d739821-569d-42d7-a4c5-70e32d5d41a1
CVE ID: CVE-2023-47178
CVSS Score: 9.8 (Critical)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4d739821-569d-42d7-a4c5-70e32d5d41a1
Ads by datafeedr.com <= 1.1.3 – Unauthenticated (Limited) Remote Code Execution
Affected Software: Ads by datafeedr.com
CVE ID: CVE-2023-5843
CVSS Score: 9 (Critical)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5412fd87-49bc-445c-8d16-443e38933d1e
CVE ID: CVE-2023-5843
CVSS Score: 9 (Critical)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5412fd87-49bc-445c-8d16-443e38933d1e
Image vertical reel scroll slideshow <= 9.0 – Authenticated (Subscriber+) SQL Injection via Shortcode
Affected Software: Image vertical reel scroll slideshow
CVE ID: CVE-2023-5428
CVSS Score: 8.8 (High)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/01d31d8a-4459-488a-9cbe-92761faa58b4
CVE ID: CVE-2023-5428
CVSS Score: 8.8 (High)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/01d31d8a-4459-488a-9cbe-92761faa58b4
Jquery accordion slideshow <= 8.1 – Authenticated (Subscriber+) SQL Injection via Shortcode
Affected Software: Jquery accordion slideshow
CVE ID: CVE-2023-5464
CVSS Score: 8.8 (High)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0531ca34-5d7b-4071-a1aa-934f14b87728
CVE ID: CVE-2023-5464
CVSS Score: 8.8 (High)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0531ca34-5d7b-4071-a1aa-934f14b87728
Image horizontal reel scroll slideshow <= 13.2 – Authenticated (Subscriber+) SQL Injection via Shortcode
Affected Software: Image horizontal reel scroll slideshow
CVE ID: CVE-2023-5412
CVSS Score: 8.8 (High)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/08fb698f-c87c-4200-85fe-3fe72745633e
CVE ID: CVE-2023-5412
CVSS Score: 8.8 (High)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/08fb698f-c87c-4200-85fe-3fe72745633e
Up down image slideshow gallery <= 12.0 – Authenticated (Subscriber+) SQL Injection via Shortcode
Affected Software: Up down image slideshow gallery
CVE ID: CVE-2023-5435
CVSS Score: 8.8 (High)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0b72cf6f-4924-4fa5-8e1a-4054dfe73be0
CVE ID: CVE-2023-5435
CVSS Score: 8.8 (High)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0b72cf6f-4924-4fa5-8e1a-4054dfe73be0
Superb slideshow gallery <= 13.1 – Authenticated (Subscriber+) SQL Injection via Shortcode
Affected Software: Superb slideshow gallery
CVE ID: CVE-2023-5434
CVSS Score: 8.8 (High)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3a12945d-a67c-4a19-a4e7-f65f5f2a21bb
CVE ID: CVE-2023-5434
CVSS Score: 8.8 (High)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3a12945d-a67c-4a19-a4e7-f65f5f2a21bb
Jquery news ticker <= 3.0 – Authenticated (Subscriber+) SQL Injection via Shortcode
Affected Software: Jquery news ticker
CVE ID: CVE-2023-5430
CVSS Score: 8.8 (High)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3b7f8739-7f40-40a7-952e-002ea3b82ac7
CVE ID: CVE-2023-5430
CVSS Score: 8.8 (High)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3b7f8739-7f40-40a7-952e-002ea3b82ac7
Wp photo text slider 50 <= 8.0 – Authenticated (Subscriber+) SQL Injection via Shortcode
Affected Software: Wp photo text slider 50
CVE ID: CVE-2023-5439
CVSS Score: 8.8 (High)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/515502b5-c344-4855-aff1-57833233c5d2
CVE ID: CVE-2023-5439
CVSS Score: 8.8 (High)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/515502b5-c344-4855-aff1-57833233c5d2
Wp anything slider <= 9.1 – Authenticated (Subscriber+) SQL Injection via Shortcode
Affected Software: Wp anything slider
CVE ID: CVE-2023-5466
CVSS Score: 8.8 (High)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/535e754e-f851-4809-a148-d9ba808b9d8a
CVE ID: CVE-2023-5466
CVSS Score: 8.8 (High)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/535e754e-f851-4809-a148-d9ba808b9d8a
Information Reel <= 10.0 – Authenticated (Subscriber+) SQL Injection via Shortcode
Affected Software: Information Reel
CVE ID: CVE-2023-5429
CVSS Score: 8.8 (High)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/64db63e5-ff76-494a-be4f-d820f0cc9ab0
CVE ID: CVE-2023-5429
CVSS Score: 8.8 (High)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/64db63e5-ff76-494a-be4f-d820f0cc9ab0
Left right image slideshow gallery <= 12.0 – Authenticated (Subscriber+) SQL Injection via Shortcode
Affected Software: Left right image slideshow gallery
CVE ID: CVE-2023-5431
CVSS Score: 8.8 (High)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/69902627-ce79-4a43-8949-43db6a9cc0dd
CVE ID: CVE-2023-5431
CVSS Score: 8.8 (High)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/69902627-ce79-4a43-8949-43db6a9cc0dd
wp image slideshow <= 12.0 – Authenticated (Subscriber+) SQL Injection via Shortcode
Affected Software: wp image slideshow
CVE ID: CVE-2023-5438
CVSS Score: 8.8 (High)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7e24383b-5b0f-4114-908b-4c2778632f73
CVE ID: CVE-2023-5438
CVSS Score: 8.8 (High)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7e24383b-5b0f-4114-908b-4c2778632f73
WooODT Lite <= 2.4.6 – Missing Authorization to Arbitrary Options Update
Affected Software: WooODT Lite – WooCommerce Order Delivery or Pickup with Date Time Location
CVE ID: CVE-2023-47179
CVSS Score: 8.8 (High)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9939f297-e3ca-4d7d-9acd-c416ee2014c9
CVE ID: CVE-2023-47179
CVSS Score: 8.8 (High)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9939f297-e3ca-4d7d-9acd-c416ee2014c9
WP fade in text news <= 12.0 – Authenticated (Subscriber+) SQL Injection via Shortcode
Affected Software: WP fade in text news
CVE ID: CVE-2023-5437
CVSS Score: 8.8 (High)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b4accf10-710e-4cba-8d61-04e422324f9d
CVE ID: CVE-2023-5437
CVSS Score: 8.8 (High)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b4accf10-710e-4cba-8d61-04e422324f9d
Popup with fancybox <= 3.5 – Authenticated (Subscriber+) SQL Injection via Shortcode
Affected Software: Popup with fancybox
CVE ID: CVE-2023-5465
CVSS Score: 8.8 (High)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c943cf0b-0e99-4d47-808d-2b803369d53a
CVE ID: CVE-2023-5465
CVSS Score: 8.8 (High)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c943cf0b-0e99-4d47-808d-2b803369d53a
Vertical marquee plugin <= 7.1 – Authenticated (Subscriber+) SQL Injection via Shortcode
Affected Software: Vertical marquee plugin
CVE ID: CVE-2023-5436
CVSS Score: 8.8 (High)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cd90d9c0-0cab-4fd3-b016-106032f300f7
CVE ID: CVE-2023-5436
CVSS Score: 8.8 (High)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cd90d9c0-0cab-4fd3-b016-106032f300f7
Message ticker <= 9.2 – Authenticated (Subscriber+) SQL Injection via Shortcode
Affected Software: Message ticker
CVE ID: CVE-2023-5433
CVSS Score: 8.8 (High)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d0b1fa88-2fc6-41af-bd39-12af92dc6533
CVE ID: CVE-2023-5433
CVSS Score: 8.8 (High)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d0b1fa88-2fc6-41af-bd39-12af92dc6533
HTML filter and csv-file search <= 2.7 – Authenticated (Contributor+) Local File Inclusion via Shortcode
Affected Software: HTML filter and csv-file search
CVE ID: CVE-2023-5099
CVSS Score: 8.8 (High)
Researcher/s: Alex Thomas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ee2b4055-8cbd-49b7-bb0b-eddef85060fc
CVE ID: CVE-2023-5099
CVSS Score: 8.8 (High)
Researcher/s: Alex Thomas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ee2b4055-8cbd-49b7-bb0b-eddef85060fc
Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.7.3 – Unauthenticated Arbitrary File Upload
Affected Software: Drag and Drop Multiple File Upload – Contact Form 7
CVE ID: CVE-2023-5822
CVSS Score: 8.1 (High)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1b3be300-5b7f-4844-8637-1bb8c939ed4c
CVE ID: CVE-2023-5822
CVSS Score: 8.1 (High)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1b3be300-5b7f-4844-8637-1bb8c939ed4c
Finale Lite <= 2.16.0 – Missing Authorization to Content Deletion
Affected Software: Finale Lite – Sales Countdown Timer & Discount for WooCommerce
CVE ID: CVE-2023-47180
CVSS Score: 7.5 (High)
Researcher/s: Unknown
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/725bce1b-ec76-411d-928c-2aea47867292
CVE ID: CVE-2023-47180
CVSS Score: 7.5 (High)
Researcher/s: Unknown
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/725bce1b-ec76-411d-928c-2aea47867292
WP Travel <= 7.5.0 – Missing Authorization via Multiple AJAX Actions
Affected Software: WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine
CVE ID: CVE-2023-47224
CVSS Score: 7.5 (High)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d23d2cdf-206e-4714-9753-198519ba737b
CVE ID: CVE-2023-47224
CVSS Score: 7.5 (High)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d23d2cdf-206e-4714-9753-198519ba737b
wpDiscuz <= 7.6.11 – Unauthenticated Stored Cross-Site Scripting via Comment Uploaded Image Filename
Affected Software: Comments – wpDiscuz
CVE ID: CVE-2023-47185
CVSS Score: 7.2 (High)
Researcher/s: Vladislav Pokrovsky
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/026ff6f4-077e-4fee-8fbe-8176f8ca5af3
CVE ID: CVE-2023-47185
CVSS Score: 7.2 (High)
Researcher/s: Vladislav Pokrovsky
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/026ff6f4-077e-4fee-8fbe-8176f8ca5af3
Icons Font Loader <= 1.1.2 – Authenticated (Administrator+) Arbitrary File Upload
Affected Software: Icons Font Loader
CVE ID: CVE-2023-5860
CVSS Score: 7.2 (High)
Researcher/s: Alex Thomas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/12a9fbe8-445a-478a-b6ce-cd669ccb6a2d
CVE ID: CVE-2023-5860
CVSS Score: 7.2 (High)
Researcher/s: Alex Thomas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/12a9fbe8-445a-478a-b6ce-cd669ccb6a2d
iPages Flipbook < 1.5.0 – Authenticated (Administrator+) SQL Injection
Affected Software: iPages Flipbook For WordPress
CVE ID: CVE Unknown
CVSS Score: 7.2 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/279a02e1-7b61-4edd-ab67-6a7fed4e17c1
CVE ID: CVE Unknown
CVSS Score: 7.2 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/279a02e1-7b61-4edd-ab67-6a7fed4e17c1
Funnelforms Free <= 3.4 – Missing Authorization to Arbitrary Post Deletion
Affected Software: Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free
CVE ID: CVE-2023-5386
CVSS Score: 6.5 (Medium)
Researcher/s: Alex Thomas, Duc Manh
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/400fe58b-8203-4fd5-a3d3-d30eb1b8cd85
CVE ID: CVE-2023-5386
CVSS Score: 6.5 (Medium)
Researcher/s: Alex Thomas, Duc Manh
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/400fe58b-8203-4fd5-a3d3-d30eb1b8cd85
Funnelforms Free <= 3.4 – Cross-Site Request Forgery to Arbitrary Post Deletion
Affected Software: Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free
CVE ID: CVE-2023-5382
CVSS Score: 6.5 (Medium)
Researcher/s: Duc Manh
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/72e4428b-d2cd-471f-9821-947f4601fd64
CVE ID: CVE-2023-5382
CVSS Score: 6.5 (Medium)
Researcher/s: Duc Manh
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/72e4428b-d2cd-471f-9821-947f4601fd64
Youzify <= 1.2.2 – Insecure Direct Object Reference
Affected Software: Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress
CVE ID: CVE-2023-47191
CVSS Score: 6.5 (Medium)
Researcher/s: lttn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/94c98edf-6f4a-4c23-afa7-d5caaa22397f
CVE ID: CVE-2023-47191
CVSS Score: 6.5 (Medium)
Researcher/s: lttn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/94c98edf-6f4a-4c23-afa7-d5caaa22397f
Short URL <= 1.6.8 – Missing Authorization via multiple AJAX functions
Affected Software: Short URL
CVE ID: CVE-2023-47225
CVSS Score: 6.5 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a83061c0-d8d3-4dbe-bf2a-65350d17094b
CVE ID: CVE-2023-47225
CVSS Score: 6.5 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a83061c0-d8d3-4dbe-bf2a-65350d17094b
HTML filter and csv-file search <= 2.7 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: HTML filter and csv-file search
CVE ID: CVE-2023-5096
CVSS Score: 6.4 (Medium)
Researcher/s: Alex Thomas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/157eddd4-67f0-4a07-b3ab-11dbfb9f12aa
CVE ID: CVE-2023-5096
CVSS Score: 6.4 (Medium)
Researcher/s: Alex Thomas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/157eddd4-67f0-4a07-b3ab-11dbfb9f12aa
SEO Slider <= 1.1.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: SEO Slider
CVE ID: CVE-2023-5707
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/32bc88a7-93ed-4d67-9383-b6d935a0df4d
CVE ID: CVE-2023-5707
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/32bc88a7-93ed-4d67-9383-b6d935a0df4d
WP Meta and Date Remover < 2.2.0 – Authenticated (Subscriber+) Stored Cross-Site Scripting via settings
Affected Software: WP Meta and Date Remover
CVE ID: CVE-2023-4823
CVSS Score: 6.4 (Medium)
Researcher/s: dc11
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3da0a44f-d4b4-4330-a2e3-d25a2a7df926
CVE ID: CVE-2023-4823
CVSS Score: 6.4 (Medium)
Researcher/s: dc11
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3da0a44f-d4b4-4330-a2e3-d25a2a7df926
Linker <= 1.2.1 – Authenticated (Contributor+) Stored Cross-Site Scripting
Affected Software: Linker
CVE ID: CVE-2023-47177
CVSS Score: 6.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3fd620a3-5d9e-4bc3-b026-871610df7c2d
CVE ID: CVE-2023-47177
CVSS Score: 6.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3fd620a3-5d9e-4bc3-b026-871610df7c2d
Apollo13 Framework Extensions <= 1.9.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: Apollo13 Framework Extensions
CVE ID: CVE-2023-47190
CVSS Score: 6.4 (Medium)
Researcher/s: NGÔ THIÊN AN (ancorn_)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4c5b2ce5-d3bf-4412-b329-470a1115260b
CVE ID: CVE-2023-47190
CVSS Score: 6.4 (Medium)
Researcher/s: NGÔ THIÊN AN (ancorn_)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4c5b2ce5-d3bf-4412-b329-470a1115260b
Gift Up Gift Cards for WordPress and WooCommerce <= 2.20.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: Gift Up Gift Cards for WordPress and WooCommerce
CVE ID: CVE-2023-5703
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4e498706-3dbe-4c48-9c0d-0d90677aba0d
CVE ID: CVE-2023-5703
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4e498706-3dbe-4c48-9c0d-0d90677aba0d
Interact: Embed A Quiz On Your Site <= 3.0.7 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: Interact: Embed A Quiz On Your Site
CVE ID: CVE-2023-5659
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/69ba1a39-ddb0-4661-8104-d8bb71710e0c
CVE ID: CVE-2023-5659
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/69ba1a39-ddb0-4661-8104-d8bb71710e0c
iframe forms <= 1.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via iframe Shortcode
Affected Software: iframe forms
CVE ID: CVE-2023-5073
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes, Alex Thomas
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/818de7f7-913a-4ade-927e-bba281b4709a
CVE ID: CVE-2023-5073
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes, Alex Thomas
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/818de7f7-913a-4ade-927e-bba281b4709a
Live updates from Excel <= 2.3.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: Live updates from Excel
CVE ID: CVE-2023-5116
CVSS Score: 6.4 (Medium)
Researcher/s: Alex Thomas
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ab856722-e954-49de-a93f-46664da6e3e8
CVE ID: CVE-2023-5116
CVSS Score: 6.4 (Medium)
Researcher/s: Alex Thomas
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ab856722-e954-49de-a93f-46664da6e3e8
Download Top 25 Social Icons <= 3.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: Top 25 Social Icons
CVE ID: CVE-2023-47229
CVSS Score: 6.4 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b9e3e417-d8a8-4e32-99aa-650e0a25a415
CVE ID: CVE-2023-47229
CVSS Score: 6.4 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b9e3e417-d8a8-4e32-99aa-650e0a25a415
Easy PayPal Shopping Cart <= 1.1.10 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: Easy PayPal Shopping Cart
CVE ID: CVE Unknown
CVSS Score: 6.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cf6e3552-9616-4da1-8d8e-a6144ba1d0a3
CVE ID: CVE Unknown
CVSS Score: 6.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cf6e3552-9616-4da1-8d8e-a6144ba1d0a3
ShortCodes UI <= 1.9.8 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: ShortCodes UI
CVE ID: CVE-2023-47231
CVSS Score: 6.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f6c14c65-a47c-4dc1-9d5a-f804061152e4
CVE ID: CVE-2023-47231
CVSS Score: 6.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f6c14c65-a47c-4dc1-9d5a-f804061152e4
Digirisk 6.0.0.0 – Reflected Cross-Site Scripting
Affected Software: Digirisk
CVE ID: CVE-2023-5946
CVSS Score: 6.1 (Medium)
Researcher/s: Ala Arfaoui
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d41355ed-77d0-48b3-bbb3-4cc3b4df4b2a
CVE ID: CVE-2023-5946
CVSS Score: 6.1 (Medium)
Researcher/s: Ala Arfaoui
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d41355ed-77d0-48b3-bbb3-4cc3b4df4b2a
GiveWP <= 2.33.3 – Cross-Site Request Forgery to Stripe Integration Deletion
Affected Software: GiveWP – Donation Plugin and Fundraising Platform
CVE ID: CVE-2023-4248
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2bff8dea-6971-47d4-bd2c-0821687033e5
CVE ID: CVE-2023-4248
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2bff8dea-6971-47d4-bd2c-0821687033e5
Auto Publish for Google My Business <= 3.7 – Cross-Site Request Forgery
Affected Software: Auto Publish for Google My Business
CVE ID: CVE Unknown
CVSS Score: 5.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3d4b9f07-a4a0-4cbd-a147-281570bc7f4a
CVE ID: CVE Unknown
CVSS Score: 5.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3d4b9f07-a4a0-4cbd-a147-281570bc7f4a
idbbee <= 1.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: idbbee
CVE ID: CVE-2023-5114
CVSS Score: 5.4 (Medium)
Researcher/s: Lana Codes, Alex Thomas
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ac763936-7147-4100-8a46-4c6d2f2224b4
CVE ID: CVE-2023-5114
CVSS Score: 5.4 (Medium)
Researcher/s: Lana Codes, Alex Thomas
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ac763936-7147-4100-8a46-4c6d2f2224b4
GiveWP <= 2.33.3 – Cross-Site Request Forgery to plugin deactivation
Affected Software: GiveWP – Donation Plugin and Fundraising Platform
CVE ID: CVE-2023-4247
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e32d9104-5a39-4455-b76a-e24ae787bdfd
CVE ID: CVE-2023-4247
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e32d9104-5a39-4455-b76a-e24ae787bdfd
GiveWP <= 2.33.1 – Missing Authorization via handleBeforeGateway
Affected Software: GiveWP – Donation Plugin and Fundraising Platform
CVE ID: CVE-2023-47183
CVSS Score: 5.3 (Medium)
Researcher/s: Revan Arifio
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3b6b1b7e-2ba4-4b72-9e3d-b54c00437cac
CVE ID: CVE-2023-47183
CVSS Score: 5.3 (Medium)
Researcher/s: Revan Arifio
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3b6b1b7e-2ba4-4b72-9e3d-b54c00437cac
Defender Security <= 4.2.0 – Masked Login Area Security Feature Bypass
Affected Software: Defender Security – Malware Scanner, Login Security & Firewall
CVE ID: CVE-2023-5977
CVSS Score: 5.3 (Medium)
Researcher/s: Naveen Muthusamy
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/66122be6-7c28-44cc-a8dd-7b2ec64346f7
CVE ID: CVE-2023-5977
CVSS Score: 5.3 (Medium)
Researcher/s: Naveen Muthusamy
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/66122be6-7c28-44cc-a8dd-7b2ec64346f7
Solid Security Basic <= 9.0.0 – Unauthenticated Login Page Disclosure
Affected Software: Solid Security – Password, Two Factor Authentication, and Brute Force Protection
CVE ID: CVE Unknown
CVSS Score: 5.3 (Medium)
Researcher/s: Naveen Muthusamy
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/88163d55-ab97-4697-a25b-d54615e2a843
CVE ID: CVE Unknown
CVSS Score: 5.3 (Medium)
Researcher/s: Naveen Muthusamy
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/88163d55-ab97-4697-a25b-d54615e2a843
Post Sliders & Post Grids <= 1.0.20 – Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Post Sliders & Post Grids
CVE ID: CVE-2023-47226
CVSS Score: 4.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2ddc39a8-57b7-46be-878a-2e1cf3271bd2
CVE ID: CVE-2023-47226
CVSS Score: 4.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2ddc39a8-57b7-46be-878a-2e1cf3271bd2
Basic Interactive World Map <= 2.0 – Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Basic Interactive World Map
CVE ID: CVE-2023-47223
CVSS Score: 4.4 (Medium)
Researcher/s: DoYeon Park (p6rkdoye0n)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/321b2b0d-8169-4e80-b86f-2ae29d9b8b7d
CVE ID: CVE-2023-47223
CVSS Score: 4.4 (Medium)
Researcher/s: DoYeon Park (p6rkdoye0n)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/321b2b0d-8169-4e80-b86f-2ae29d9b8b7d
IdeaPush <= 8.46 – Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: IdeaPush
CVE ID: CVE-2023-47181
CVSS Score: 4.4 (Medium)
Researcher/s: Emili Castells
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3673a86c-1e11-45ad-8944-84a38aad53dd
CVE ID: CVE-2023-47181
CVSS Score: 4.4 (Medium)
Researcher/s: Emili Castells
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3673a86c-1e11-45ad-8944-84a38aad53dd
Admin Bar & Dashboard Control <= 1.2.8 – Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Admin Bar & Dashboard Access Control
CVE ID: CVE-2023-47184
CVSS Score: 4.4 (Medium)
Researcher/s: Rachit Arora
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/37aa3d05-79b6-49ea-b698-afa78615e438
CVE ID: CVE-2023-47184
CVSS Score: 4.4 (Medium)
Researcher/s: Rachit Arora
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/37aa3d05-79b6-49ea-b698-afa78615e438
Social Feed | All social media in one place <= 1.5.4.6 – Authenticated (Administrator+) Stored Cross-Site Scripting]
Affected Software: Social Feed | All social media in one place
CVE ID: CVE-2023-47227
CVSS Score: 4.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4a77675b-5a31-4bc1-b4bd-36dd9a612b7c
CVE ID: CVE-2023-47227
CVSS Score: 4.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4a77675b-5a31-4bc1-b4bd-36dd9a612b7c
Comments Ratings <= 1.1.7 – Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Comments Ratings
CVE ID: CVE-2023-23702
CVSS Score: 4.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5786b859-3ee9-45ab-8926-f4a09e323e3b
CVE ID: CVE-2023-23702
CVSS Score: 4.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5786b859-3ee9-45ab-8926-f4a09e323e3b
Layer Slider <= 1.1.9.7 – Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Layer Slider
CVE ID: CVE-2023-47228
CVSS Score: 4.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6df68d66-7294-4dff-8ba8-394932a64281
CVE ID: CVE-2023-47228
CVSS Score: 4.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6df68d66-7294-4dff-8ba8-394932a64281
ChatBot 4.8.6 – 4.9.6 – Authenticated (Administrator+) Stored Cross-Site Scripting in FAQ Builder
Affected Software: AI ChatBot
CVE ID: CVE-2023-5606
CVSS Score: 4.4 (Medium)
Researcher/s: Huynh Tien Si
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fc305c48-8337-42b7-ad61-61aea8018def
CVE ID: CVE-2023-5606
CVSS Score: 4.4 (Medium)
Researcher/s: Huynh Tien Si
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fc305c48-8337-42b7-ad61-61aea8018def
Advance Menu Manager <= 3.0.6 – Missing Authorization
Affected Software: Advance Menu Manager
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/04ad816b-0ac0-44b5-928a-5bb3e36523b2
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/04ad816b-0ac0-44b5-928a-5bb3e36523b2
WP Affiliate Disclosure <= 1.2.6 – Cross-Site Request Forgery via check_capability
Affected Software: WP Affiliate Disclosure
CVE ID: CVE-2023-47232
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/11cc8c6e-b60e-46b3-966e-07b1fb2bf8e9
CVE ID: CVE-2023-47232
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/11cc8c6e-b60e-46b3-966e-07b1fb2bf8e9
Funnelforms Free <= 3.4 – Missing Authorization to Category Update
Affected Software: Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free
CVE ID: CVE-2023-5417
CVSS Score: 4.3 (Medium)
Researcher/s: Alex Thomas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/148794ea-3bc9-4084-bdb9-6ee63a781a39
CVE ID: CVE-2023-5417
CVSS Score: 4.3 (Medium)
Researcher/s: Alex Thomas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/148794ea-3bc9-4084-bdb9-6ee63a781a39
Animated Rotating Words <= 5.4 – Cross-Site Request Forgery via save_admin_options
Affected Software: Animated Rotating Words (Interchanging Random Words in a Sentence)
CVE ID: CVE-2023-47187
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/15b7008f-07fc-4f8a-b214-8ac0c4cf6d99
CVE ID: CVE-2023-47187
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/15b7008f-07fc-4f8a-b214-8ac0c4cf6d99
WP Customer Reviews <= 3.6.6 – Authenticated (Subscriber+) Sensitive Information Exposure
Affected Software: WP Customer Reviews
CVE ID: CVE-2023-4686
CVSS Score: 4.3 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/24b9984c-ec33-4492-815b-67a21ac4da0e
CVE ID: CVE-2023-4686
CVSS Score: 4.3 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/24b9984c-ec33-4492-815b-67a21ac4da0e
UsersWP <= 1.2.3.22 – Cross-Site Request Forgery
Affected Software: UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/413d3ec0-8d04-4bef-9394-f666cfed733e
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/413d3ec0-8d04-4bef-9394-f666cfed733e
Animated Rotating Words <= 5.4 – Missing Authorization via save_admin_options
Affected Software: Animated Rotating Words (Interchanging Random Words in a Sentence)
CVE ID: CVE-2023-47187
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/41d9786e-4ce3-42d6-a0d6-8eb863103d5c
CVE ID: CVE-2023-47187
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/41d9786e-4ce3-42d6-a0d6-8eb863103d5c
Funnelforms Free <= 3.4 – Missing Authorization to Test Email Sending
Affected Software: Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free
CVE ID: CVE-2023-5419
CVSS Score: 4.3 (Medium)
Researcher/s: Alex Thomas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/64248d15-e6a7-442f-b269-e9f629d297d3
CVE ID: CVE-2023-5419
CVSS Score: 4.3 (Medium)
Researcher/s: Alex Thomas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/64248d15-e6a7-442f-b269-e9f629d297d3
Funnelforms Free <= 3.4 – Missing Authorization to New Category Creation
Affected Software: Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free
CVE ID: CVE-2023-5415
CVSS Score: 4.3 (Medium)
Researcher/s: Alex Thomas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6ec3051e-a5e4-48ee-8f8e-eb5dbc482f33
CVE ID: CVE-2023-5415
CVSS Score: 4.3 (Medium)
Researcher/s: Alex Thomas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6ec3051e-a5e4-48ee-8f8e-eb5dbc482f33
Kadence WooCommerce Email Designer <= 1.5.11 – Cross-Site Request Forgery
Affected Software: Kadence WooCommerce Email Designer
CVE ID: CVE-2023-47186
CVSS Score: 4.3 (Medium)
Researcher/s: Brandon James Roldan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7b8483b8-07b4-436f-992f-35e16fef867b
CVE ID: CVE-2023-47186
CVSS Score: 4.3 (Medium)
Researcher/s: Brandon James Roldan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7b8483b8-07b4-436f-992f-35e16fef867b
Top 10 <= 3.3.2 – Cross-Site Request Forgery via edit_count_ajax
Affected Software: Top 10 – WordPress Popular posts by WebberZone
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7e7d3bf0-1860-45b0-b928-2291b0f98902
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7e7d3bf0-1860-45b0-b928-2291b0f98902
Funnelforms Free <= 3.4 – Missing Authorization to Post Modification
Affected Software: Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free
CVE ID: CVE-2023-5411
CVSS Score: 4.3 (Medium)
Researcher/s: Alex Thomas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/816f5fc1-e4e6-4c0d-b222-fe733f026e33
CVE ID: CVE-2023-5411
CVSS Score: 4.3 (Medium)
Researcher/s: Alex Thomas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/816f5fc1-e4e6-4c0d-b222-fe733f026e33
Funnelforms Free <= 3.4 – Missing Authorization to Category Deletion
Affected Software: Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free
CVE ID: CVE-2023-5416
CVSS Score: 4.3 (Medium)
Researcher/s: Alex Thomas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/992fc98f-4b23-4596-81fb-5543d82fd615
CVE ID: CVE-2023-5416
CVSS Score: 4.3 (Medium)
Researcher/s: Alex Thomas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/992fc98f-4b23-4596-81fb-5543d82fd615
Funnelforms Free <= 3.4 – Missing Authorization to Enable/Disable Dark Mode
Affected Software: Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free
CVE ID: CVE-2023-5387
CVSS Score: 4.3 (Medium)
Researcher/s: Alex Thomas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ccb34b44-9fa4-4ebe-b217-b2a42920247f
CVE ID: CVE-2023-5387
CVSS Score: 4.3 (Medium)
Researcher/s: Alex Thomas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ccb34b44-9fa4-4ebe-b217-b2a42920247f
Advance Menu Manager <= 3.0.6 – Cross-Site Request Forgery
Affected Software: Advance Menu Manager
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cf34af9d-4de7-498d-8065-c3cc6818b7c4
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cf34af9d-4de7-498d-8065-c3cc6818b7c4
Funnelforms Free <= 3.4 – Cross-Site Request Forgery to Arbitrary Post Duplication
Affected Software: Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free
CVE ID: CVE-2023-5383
CVSS Score: 4.3 (Medium)
Researcher/s: Duc Manh
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d35ec0f0-fa7a-4531-b5f7-5adcf2af051c
CVE ID: CVE-2023-5383
CVSS Score: 4.3 (Medium)
Researcher/s: Duc Manh
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d35ec0f0-fa7a-4531-b5f7-5adcf2af051c
Decorator – WooCommerce Email Customizer <= 1.2.7 – Cross-Site Request Forgery
Affected Software: Decorator – WooCommerce Email Customizer
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: thiennv
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/db664d0a-a58d-4d8b-ae0a-074f32d8710c
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: thiennv
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/db664d0a-a58d-4d8b-ae0a-074f32d8710c
video carousel slider with lightbox 1.0 – Cross-Site Request Forgery
Affected Software: video carousel slider with lightbox
CVE ID: CVE-2023-5945
CVSS Score: 4.3 (Medium)
Researcher/s: Ala Arfaoui
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dc052b00-65a7-4668-8bdd-b06d69d12a4a
CVE ID: CVE-2023-5945
CVSS Score: 4.3 (Medium)
Researcher/s: Ala Arfaoui
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dc052b00-65a7-4668-8bdd-b06d69d12a4a
GiveWP <= 2.33.3 – Cross-Site Request Forgery to plugin installation
Affected Software: GiveWP – Donation Plugin and Fundraising Platform
CVE ID: CVE-2023-4246
CVSS Score: 4.3 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dc5c511f-dc79-468b-a107-cdf50999faf8
CVE ID: CVE-2023-4246
CVSS Score: 4.3 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dc5c511f-dc79-468b-a107-cdf50999faf8
Funnelforms Free <= 3.4 – Missing Authorization to Arbitrary Post Duplication
Affected Software: Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free
CVE ID: CVE-2023-5385
CVSS Score: 4.3 (Medium)
Researcher/s: Alex Thomas, Duc Manh
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e2719afc-e52c-4fcc-b030-2f6aaddb5ab9
CVE ID: CVE-2023-5385
CVSS Score: 4.3 (Medium)
Researcher/s: Alex Thomas, Duc Manh
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e2719afc-e52c-4fcc-b030-2f6aaddb5ab9
Product Catalog Enquiry <= 5.0.2
Affected Software: Product Catalog Mode For Woocommerce
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e881ba2f-0e88-4c7b-aa0d-84e816019db9
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e881ba2f-0e88-4c7b-aa0d-84e816019db9
Email Templates <= 1.4.2 – Cross-Site Request Forgery via send_test_email
Affected Software: Email Templates Customizer and Designer for WordPress and WooCommerce
CVE ID: CVE-2022-47181
CVSS Score: 4.3 (Medium)
Researcher/s: Cat
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f3e1851a-9545-4687-b58b-5cdad3291525
CVE ID: CVE-2022-47181
CVSS Score: 4.3 (Medium)
Researcher/s: Cat
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f3e1851a-9545-4687-b58b-5cdad3291525
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (October 30, 2023 to November 5, 2023) appeared first on Wordfence.
