Description
The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: This can potentially be exploited by lower-privileged users if the `Admin Dashboard Access Permission` setting it set for those users to access the dashboard.
Affected Software
Related
{"id": "CVE-2023-1469", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2023-1469", "description": "The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018pec_coupon[code]\u2019 parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: This can potentially be exploited by lower-privileged users if the `Admin Dashboard Access Permission` setting it set for those users to access the dashboard.", "published": "2023-03-17T13:15:00", "modified": "2023-03-23T14:56:00", "epss": [{"cve": "CVE-2023-1469", "epss": 0.00045, "percentile": 0.11995, "modified": "2023-05-31"}], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:M/C:P/I:P/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:M/C:P/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "MULTIPLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 4.3}, "severity": "MEDIUM", "exploitabilityScore": 5.5, "impactScore": 4.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 1.7, "impactScore": 2.7}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1469", "reporter": "security@wordfence.com", "references": ["https://www.wordfence.com/threat-intel/vulnerabilities/id/b35ee801-f04d-4b22-8238-053b02a6ee0c?source=cve", "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2879453%40wp-express-checkout&new=2879453%40wp-express-checkout&sfp_email=&sfph_mail="], "cvelist": ["CVE-2023-1469"], "immutableFields": [], "lastseen": "2023-05-31T17:36:18", "viewCount": 9, "enchantments": {"score": {"value": 5.7, "vector": "NONE"}, "affected_software": {"major_version": [{"name": "tipsandtricks-hq wp express checkout", "version": 2}]}, "epss": [{"cve": "CVE-2023-1469", "epss": 0.00045, "percentile": 0.11932, "modified": "2023-05-02"}], "dependencies": {"references": [{"type": "wordfence", "idList": ["WORDFENCE:F7027F99D0A687FC30564B2086094AE1"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:33D53463-7E29-440E-9F30-9B7AB2C50A62"]}]}, "vulnersScore": 5.7}, "_state": {"dependencies": 1685578091, "score": 1685554720, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "34f0e0cd88b6a1d701c043626746f327"}, "cna_cvss": {"cna": "Wordfence", "cvss": {"3": {"vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", "score": 4.4}}}, "cpe": [], "cpe23": [], "cwe": ["CWE-79"], "affectedSoftware": [{"cpeName": "tipsandtricks-hq:wp_express_checkout", "version": "2.2.9", "operator": "lt", "name": "tipsandtricks-hq wp express checkout"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:tipsandtricks-hq:wp_express_checkout:2.2.9:*:*:*:*:wordpress:*:*", "versionEndExcluding": "2.2.9", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b35ee801-f04d-4b22-8238-053b02a6ee0c?source=cve", "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b35ee801-f04d-4b22-8238-053b02a6ee0c?source=cve", "refsource": "MISC", "tags": ["Third Party Advisory"]}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2879453%40wp-express-checkout&new=2879453%40wp-express-checkout&sfp_email=&sfph_mail=", "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2879453%40wp-express-checkout&new=2879453%40wp-express-checkout&sfp_email=&sfph_mail=", "refsource": "MISC", "tags": ["Patch"]}], "product_info": [{"vendor": "mra13", "product": "WP Express Checkout (Accept PayPal Payments Easily)"}], "solutions": [], "workarounds": [], "impacts": [], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "exploits": []}
{"wpvulndb": [{"lastseen": "2023-05-31T20:38:31", "description": "The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). If the 'Admin Dashboard Access Permission' is set to allow low privilege users to access the plugin's dashboard, they could also perform such attack\n", "cvss3": {"exploitabilityScore": 1.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "baseScore": 4.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2023-03-17T00:00:00", "type": "wpvulndb", "title": "WP Express Checkout < 2.2.9 - Admin+ Stored XSS", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:M/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "MULTIPLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-1469"], "modified": "2023-03-17T15:23:43", "id": "WPVDB-ID:33D53463-7E29-440E-9F30-9B7AB2C50A62", "href": "https://wpscan.com/vulnerability/33d53463-7e29-440e-9f30-9b7ab2c50a62", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:M/C:P/I:P/A:N"}}], "wordfence": [{"lastseen": "2023-04-09T02:22:34", "description": "Last week, there were 92 vulnerabilities disclosed in 76 WordPress Plugins and 7 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 34 Vulnerability Researchers that contributed to WordPress Security last week. **Review those vulnerabilities in this report now to ensure your site is not affected.**\n\nOur mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface and vulnerability API are completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.\n\n_[Click here to sign-up for our mailing list](<https://www.wordfence.com/subscribe-to-the-wordfence-email-list/>) to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published. _\n\n* * *\n\n### New Firewall Rules Deployed Last Week\n\nThe Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.\n\nThe team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:\n\n * [UpdraftPlus 1.22.14 to 1.23.2 and UpdraftPlus (Premium) 2.22.14 to 2.23.2 - Privilege Escalation via updraft_central_ajax_handler](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/updraftplus/updraft-plus-12214-to-1232-privilege-escalation-via-updraft-central-ajax-handler>)\n * WAF-RULE-565 - Data redacted while we work with the developer to ensure the vulnerability protected by this WAF rule gets patched.\n\nWordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.\n\n* * *\n\n### Total Unpatched & Patched Vulnerabilities Last Week\n\n**Patch Status** | **Number of Vulnerabilities** \n---|--- \nUnpatched | 44 \nPatched | 48 \n \n* * *\n\n### Total Vulnerabilities by CVSS Severity Last Week\n\n**Severity Rating** | **Number of Vulnerabilities** \n---|--- \nLow Severity | 0 \nMedium Severity | 80 \nHigh Severity | 11 \nCritical Severity | 1 \n \n* * *\n\n### Total Vulnerabilities by CWE Type Last Week\n\n**Vulnerability Type by CWE** | **Number of Vulnerabilities** \n---|--- \nImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 37 \nCross-Site Request Forgery (CSRF) | 34 \nMissing Authorization | 13 \nImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 3 \nInformation Exposure | 3 \nServer-Side Request Forgery (SSRF) | 1 \nImproper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') | 1 \n \n* * *\n\n### Researchers That Contributed to WordPress Security Last Week\n\n**Researcher Name** | **Number of Vulnerabilities** \n---|--- \n[Lana Codes](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/lana-codes>) | 10 \n[Rio Darmawan](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rio-darmawan>) | 7 \n[Dave Jong](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/dave-jong>) | 6 \n[rezaduty](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rezaduty-1>) | 5 \n[Mika](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/mika>) | 4 \n[minhtuanact](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/minhtuanact>) | 3 \n[Rafie Muhammad](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rafie-muhammad>) | 3 \n[yuyudhn](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/yuyudhn>) | 3 \n[Rafshanzani Suhada](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rafshanzani-suhada>) | 3 \n[Nithissh S](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/nithissh-s>) | 3 \n[Aman Rawat](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/aman-rawat>) | 2 \n[Marco Wotschka](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/marco-wotschka>) | 2 \n[Cat](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/cat>) | 2 \n[TEAM WEBoB of BoB 11th](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/team-webob-of-bob-11th>) | 2 \n[Prasanna V Balaji](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/prasanna-v-balaji>) | 2 \n[Daniel Kelley](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/daniel-kelley>) | 2 \n[Ayoub Safa](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/ayoub-safa>) | 2 \n[Muhammad Daffa](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/muhammad-daffa>) | 2 \n[FearZzZz](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/vlad-visse>) | 1 \n[Bhuvanesh Jayaprakash](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/bhuvanesh-jayaprakash>) | 1 \n[Erwan LR](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/erwan>) | 1 \n[Etan Imanol Castro Aldrete](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/etan-imanol-castro-aldrete>) | 1 \n[Dimas Aprilianto](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/dimas-aprilianto>) | 1 \n[dc11](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/dc11>) | 1 \n[Shreya Pohekar](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/shreya-pohekar>) | 1 \n[Justiice](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/justiice>) | 1 \n[Nguyen Anh Tien](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/nguyen-anh-tien>) | 1 \n[Vinay Kumar](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/vinay-kumar>) | 1 \n[Abdi Pranata](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/abdi-pranata>) | 1 \n[Brandon James Roldan](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/brandon-james-roldan>) | 1 \n[Pavak Tiwari](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/pavak-tiwari>) | 1 \n[n0paew](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/n0paew>) | 1 \n[Fariq Fadillah Gusti Insani](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/fariq-fadillah-gusti-insani>) | 1 \n[Le Ngoc Anh](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/le-ngoc-anh>) | 1 \n \n \n\n_Are you a security researcher who would like to be featured in our weekly vulnerability report?_ You can responsibly disclose your WordPress vulnerability discoveries to us and [obtain a CVE ID through this form](<https://www.wordfence.com/request-cve/>). Responsibly disclosing your vulnerability discoveries to us will also get your name added on the [Wordfence Intelligence leaderboard](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/>) along with being mentioned in our weekly vulnerability report.\n\n* * *\n\n### WordPress Plugins with Reported Vulnerabilities Last Week\n\n**Software Name** | **Software Slug** \n---|--- \nAdmin side data storage for Contact Form 7 | [admin-side-data-storage-for-contact-form-7](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/admin-side-data-storage-for-contact-form-7>) \nAuto Rename Media On Upload | [auto-rename-media-on-upload](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/auto-rename-media-on-upload>) \nBackup Bank: WordPress Backup Plugin | [wp-backup-bank](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-backup-bank>) \nBe POPIA Compliant | [be-popia-compliant](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/be-popia-compliant>) \nBranda \u2013 White Label WordPress, Custom Login Page Customizer | [branda-white-labeling](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/branda-white-labeling>) \nBulk Resize Media | [bulk-resize-media](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/bulk-resize-media>) \nCF7 Invisible reCAPTCHA | [cf7-invisible-recaptcha](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/cf7-invisible-recaptcha>) \nCMS Press | [cms-press](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/cms-press>) \nCalendar Event Multi View | [cp-multi-view-calendar](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/cp-multi-view-calendar>) \nChronoforms | [chronoforms](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/chronoforms>) \nContact Form 7 Redirect & Thank You Page | [cf7-redirect-thank-you-page](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/cf7-redirect-thank-you-page>) \nContact Form 7 \u2013 PayPal & Stripe Add-on | [contact-form-7-paypal-add-on](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/contact-form-7-paypal-add-on>) \nContact Form Email | [contact-form-to-email](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/contact-form-to-email>) \nCustom Options Plus | [custom-options-plus](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/custom-options-plus>) \nCustomify \u2013 Intuitive Website Styling | [customify](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/customify>) \nData Tables Generator by Supsystic | [data-tables-generator-by-supsystic](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/data-tables-generator-by-supsystic>) \nDrag and Drop Multiple File Upload PRO - Contact Form 7 Standard | [drag-n-drop-upload-cf7-pro](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/drag-n-drop-upload-cf7-pro>) \nDynamics 365 Integration | [integration-dynamics](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/integration-dynamics>) \nEasy Event calendar | [easy-event-calendar](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/easy-event-calendar>) \nEcwid Ecommerce Shopping Cart | [ecwid-shopping-cart](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/ecwid-shopping-cart>) \nEmbed Any Document \u2013 Embed PDF, Word, PowerPoint and Excel Files | [embed-any-document](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/embed-any-document>) \nEvent Manager and Tickets Selling Plugin for WooCommerce | [mage-eventpress](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/mage-eventpress>) \nExxp | [exxp-wp](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/exxp-wp>) \nFluid Checkout for WooCommerce \u2013 Lite | [fluid-checkout](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/fluid-checkout>) \nForce First and Last Name as Display Name | [force-first-last](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/force-first-last>) \nGoogle XML Sitemap for Images | [google-image-sitemap](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/google-image-sitemap>) \nGoogle XML Sitemap for Videos | [xml-sitemaps-for-videos](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/xml-sitemaps-for-videos>) \nHT Feed | [ht-instagram](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/ht-instagram>) \nHotel Booking Lite | [motopress-hotel-booking-lite](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/motopress-hotel-booking-lite>) \nImport External Images | [import-external-images](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/import-external-images>) \nKlaviyo | [klaviyo](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/klaviyo>) \nLOGIN AND REGISTRATION ATTEMPTS LIMIT | [login-attempts-limit-wp](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/login-attempts-limit-wp>) \nModern Events Calendar Lite | [modern-events-calendar-lite](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/modern-events-calendar-lite>) \nModern Footnotes | [modern-footnotes](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/modern-footnotes>) \nOpen RDW kenteken voertuiginformatie | [open-rdw-kenteken-voertuiginformatie](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/open-rdw-kenteken-voertuiginformatie>) \nPB SEO Friendly Images | [pb-seo-friendly-images](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/pb-seo-friendly-images>) \nPhonePe Payment Solutions | [phonepe-payment-solutions](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/phonepe-payment-solutions>) \nPhoto Gallery, Images, Slider in Rbs Image Gallery | [robo-gallery](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/robo-gallery>) \nPopup Maker \u2013 Popup for opt-ins, lead gen, & more | [popup-maker](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/popup-maker>) \nPrint Invoice & Delivery Notes for WooCommerce | [woocommerce-delivery-notes](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woocommerce-delivery-notes>) \nRapidLoad Power-Up for Autoptimize | [unusedcss](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/unusedcss>) \nRedirection | [redirect-redirection](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/redirect-redirection>) \nReturn and Warranty Management System for WooCommerce | [wc-return-warrranty](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wc-return-warrranty>) \nReusable Blocks Extended | [reusable-blocks-extended](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/reusable-blocks-extended>) \nSEO Plugin by Squirrly SEO | [squirrly-seo](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/squirrly-seo>) \nSMTP2GO \u2013 Email Made Easy | [smtp2go](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/smtp2go>) \nShopping Cart & eCommerce Store | [wp-easycart](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-easycart>) \nSite Reviews | [site-reviews](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/site-reviews>) \nSlide Anything \u2013 Responsive Content / HTML Slider and Carousel | [slide-anything](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/slide-anything>) \nSlideshow Gallery LITE | [slideshow-gallery](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/slideshow-gallery>) \nSolidres \u2013 Hotel booking plugin for WordPress | [solidres](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/solidres>) \nStore Locator for WordPress with Google Maps \u2013 LotsOfLocales | [store-locator](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/store-locator>) \nSurbma | GDPR Proof Cookie Consent & Notice Bar | [surbma-gdpr-proof-google-analytics](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/surbma-gdpr-proof-google-analytics>) \nTags Cloud Manager | [tags-cloud-manager](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/tags-cloud-manager>) \nUpdraftPlus WordPress Backup Plugin | [updraftplus](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/updraftplus>) \nUser Role by BestWebSoft \u2013 Add and Customize Roles and Capabilities in WordPress | [user-role](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/user-role>) \nWH Testimonials | [wh-testimonials](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wh-testimonials>) \nWP Basic Elements | [wp-basic-elements](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-basic-elements>) \nWP Express Checkout (Accept PayPal Payments Easily) | [wp-express-checkout](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-express-checkout>) \nWP Job Portal \u2013 A Complete Job Board | [wp-job-portal](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-job-portal>) \nWP Popup Banners | [wp-popup-banners](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-popup-banners>) \nWP Shortcode by MyThemeShop | [wp-shortcode](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-shortcode>) \nWP Simple Events | [wp-simple-events](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-simple-events>) \nWSB Brands | [wsb-brands](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wsb-brands>) \nWebsite Monetization by MageNet | [website-monetization-by-magenet](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/website-monetization-by-magenet>) \nWooCommerce Weight Based Shipping | [weight-based-shipping-for-woocommerce](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/weight-based-shipping-for-woocommerce>) \nWordPress Console | [wordpress-console](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wordpress-console>) \nWordPress Email Marketing Plugin \u2013 WP Email Capture | [wp-email-capture](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-email-capture>) \nWordPress Mortgage Calculator Estatik | [estatik-mortgage-calculator](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/estatik-mortgage-calculator>) \nWordPress Online Booking and Scheduling Plugin \u2013 Bookly | [bookly-responsive-appointment-booking-tool](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/bookly-responsive-appointment-booking-tool>) \nWordPress Plugin for Google Maps \u2013 WP MAPS | [wp-google-map-plugin](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-google-map-plugin>) \nWordPress Simple Shopping Cart | [wordpress-simple-paypal-shopping-cart](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wordpress-simple-paypal-shopping-cart>) \nWordPress WP-Advanced-Search | [wp-advanced-search](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-advanced-search>) \nYandex.News Feed by Teplitsa | [yandexnews-feed-by-teplitsa](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/yandexnews-feed-by-teplitsa>) \neCommerce Product Catalog Plugin for WordPress | [ecommerce-product-catalog](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/ecommerce-product-catalog>) \nwpml | [wpml](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wpml>) \n \n* * *\n\n### WordPress Themes with Reported Vulnerabilities Last Week\n\n**Software Name** | **Software Slug** \n---|--- \nBrilliance | [brilliance](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/brilliance>) \nChankhe | [chankhe](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/chankhe>) \nMediciti Lite | [mediciti-lite](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/mediciti-lite>) \nNewsMag | [newsmag](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/newsmag>) \nReal Estate Directory | [real-estate-directory](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/real-estate-directory>) \nRegina Lite | [regina-lite](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/regina-lite>) \nintrepidity | [intrepidity](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/intrepidity>) \n \n* * *\n\n### Vulnerability Details\n\n#### [Be POPIA Compliant <= 1.2.0 - Unauthenticated SQL Injection](<https://wordfence.com/threat-intel/vulnerabilities/id/eecd1497-c94e-4f67-8cc5-72afffe9fae2>)\n\n**Affected Software**: [Be POPIA Compliant](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/be-popia-compliant>) \n**CVE ID**: CVE-2022-47445 \n**CVSS Score**: 9.8 (Critical) \n**Researcher/s**: [TEAM WEBoB of BoB 11th](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/team-webob-of-bob-11th>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/eecd1497-c94e-4f67-8cc5-72afffe9fae2>\n\n* * *\n\n#### [Intrepidity <= 1.5.1 - Cross-Site Request Forgery via mytheme_add_admin](<https://wordfence.com/threat-intel/vulnerabilities/id/01cc613a-d0b5-4c8f-8961-8f8aaf63b8ac>)\n\n**Affected Software**: [intrepidity](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/intrepidity>) \n**CVE ID**: CVE-2023-27634 \n**CVSS Score**: 8.8 (High) \n**Researcher/s**: [Dave Jong](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/dave-jong>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/01cc613a-d0b5-4c8f-8961-8f8aaf63b8ac>\n\n* * *\n\n#### [UpdraftPlus 1.22.14 to 1.23.2 and UpdraftPlus (Premium) 2.22.14 to 2.23.2 - Privilege Escalation via updraft_central_ajax_handler](<https://wordfence.com/threat-intel/vulnerabilities/id/2e329432-c404-4312-969b-42cac345637d>)\n\n**Affected Software**: [UpdraftPlus WordPress Backup Plugin](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/updraftplus>) \n**CVE ID**: CVE Unknown \n**CVSS Score**: 8.8 (High) \n**Researcher/s**: Unknown \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/2e329432-c404-4312-969b-42cac345637d>\n\n* * *\n\n#### [WP Popup Banners <= 1.2.5 - Authenticated (Subscriber+) SQL Injection](<https://wordfence.com/threat-intel/vulnerabilities/id/8281cb20-73d3-4ab5-910e-d353b2a5cbd8>)\n\n**Affected Software**: [WP Popup Banners](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-popup-banners>) \n**CVE ID**: CVE-2023-1471 \n**CVSS Score**: 8.8 (High) \n**Researcher/s**: [Etan Imanol Castro Aldrete](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/etan-imanol-castro-aldrete>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/8281cb20-73d3-4ab5-910e-d353b2a5cbd8>\n\n* * *\n\n#### [User Role by BestWebSoft <= 1.6.6 - Cross-Site Request Forgery to Privilege Escalation](<https://wordfence.com/threat-intel/vulnerabilities/id/8b4bc525-a21f-46f2-895a-c8474f72eb92>)\n\n**Affected Software**: [User Role by BestWebSoft \u2013 Add and Customize Roles and Capabilities in WordPress](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/user-role>) \n**CVE ID**: CVE-2023-0820 \n**CVSS Score**: 8.8 (High) \n**Researcher/s**: [dc11](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/dc11>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/8b4bc525-a21f-46f2-895a-c8474f72eb92>\n\n* * *\n\n#### [WordPress Email Marketing Plugin \u2013 WP Email Capture <= 3.10 - Missing Authorization to Email Capture List Download](<https://wordfence.com/threat-intel/vulnerabilities/id/a41d78b9-9bdb-48dd-b3ec-2559e79fa251>)\n\n**Affected Software**: [WordPress Email Marketing Plugin \u2013 WP Email Capture](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-email-capture>) \n**CVE ID**: CVE Unknown \n**CVSS Score**: 8.2 (High) \n**Researcher/s**: Unknown \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/a41d78b9-9bdb-48dd-b3ec-2559e79fa251>\n\n* * *\n\n#### [Admin side data storage for Contact Form 7 <= 1.1.1 - Unauthenticated Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/172b2191-6595-47dd-bf2d-97dc3d17e5ca>)\n\n**Affected Software**: [Admin side data storage for Contact Form 7](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/admin-side-data-storage-for-contact-form-7>) \n**CVE ID**: CVE-2023-24420 \n**CVSS Score**: 7.2 (High) \n**Researcher/s**: [Bhuvanesh Jayaprakash](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/bhuvanesh-jayaprakash>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/172b2191-6595-47dd-bf2d-97dc3d17e5ca>\n\n* * *\n\n#### [Tags Cloud Manager <= 1.0.0 - Unauthenticated Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/6ad70391-7ea0-49c0-ac5c-ecf7ddb3c948>)\n\n**Affected Software**: [Tags Cloud Manager](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/tags-cloud-manager>) \n**CVE ID**: CVE-2023-28166 \n**CVSS Score**: 7.2 (High) \n**Researcher/s**: [Nithissh S](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/nithissh-s>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/6ad70391-7ea0-49c0-ac5c-ecf7ddb3c948>\n\n* * *\n\n#### [Shopping Cart & eCommerce Store <= 5.4.2 - Authenticated (Admin+) Local File Inclusion via import_file_url](<https://wordfence.com/threat-intel/vulnerabilities/id/936e753b-b3e9-43c9-8686-c610faa8b20e>)\n\n**Affected Software**: [Shopping Cart & eCommerce Store](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-easycart>) \n**CVE ID**: CVE-2023-1124 \n**CVSS Score**: 7.2 (High) \n**Researcher/s**: [Shreya Pohekar](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/shreya-pohekar>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/936e753b-b3e9-43c9-8686-c610faa8b20e>\n\n* * *\n\n#### [WH Testimonials <= 3.0.0 - Unauthenticated Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/b6fe5f1a-787e-4662-915f-c6f04961e194>)\n\n**Affected Software**: [WH Testimonials](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wh-testimonials>) \n**CVE ID**: CVE-2023-1372 \n**CVSS Score**: 7.2 (High) \n**Researcher/s**: [Daniel Kelley](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/daniel-kelley>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/b6fe5f1a-787e-4662-915f-c6f04961e194>\n\n* * *\n\n#### [Bookly <= 21.5 - Unauthenticated Stored Cross-Site Scripting via Name](<https://wordfence.com/threat-intel/vulnerabilities/id/c3efbd9d-e2b5-4915-a964-29a49c7fba86>)\n\n**Affected Software**: [WordPress Online Booking and Scheduling Plugin \u2013 Bookly](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/bookly-responsive-appointment-booking-tool>) \n**CVE ID**: CVE-2023-1172 \n**CVSS Score**: 7.2 (High) \n**Researcher/s**: [Vinay Kumar](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/vinay-kumar>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/c3efbd9d-e2b5-4915-a964-29a49c7fba86>\n\n* * *\n\n#### [Return and Warranty Management System for WooCommerce <= 1.2.3 - Unauthenticated Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/fa1e6527-d874-4003-b36b-5769c2950864>)\n\n**Affected Software**: [Return and Warranty Management System for WooCommerce](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wc-return-warrranty>) \n**CVE ID**: CVE-2023-22710 \n**CVSS Score**: 7.2 (High) \n**Researcher/s**: [Le Ngoc Anh](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/le-ngoc-anh>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/fa1e6527-d874-4003-b36b-5769c2950864>\n\n* * *\n\n#### [Slideshow Gallery LITE <= 1.7.6 - Authenticated(Admin+) SQL Injection](<https://wordfence.com/threat-intel/vulnerabilities/id/61b07604-b206-4f13-b25f-7a6d54236eb1>)\n\n**Affected Software**: [Slideshow Gallery LITE](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/slideshow-gallery>) \n**CVE ID**: CVE-2023-28491 \n**CVSS Score**: 6.5 (Medium) \n**Researcher/s**: [minhtuanact](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/minhtuanact>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/61b07604-b206-4f13-b25f-7a6d54236eb1>\n\n* * *\n\n#### [Exxp <= 2.6.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/0de75f3f-1e6b-42ea-9f08-54c32e37b4c7>)\n\n**Affected Software**: [Exxp](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/exxp-wp>) \n**CVE ID**: CVE-2022-45812 \n**CVSS Score**: 6.4 (Medium) \n**Researcher/s**: [Aman Rawat](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/aman-rawat>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/0de75f3f-1e6b-42ea-9f08-54c32e37b4c7>\n\n* * *\n\n#### [Slide Anything <= 2.4.7 - Authenticated (Author+) Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/130b069d-d224-44af-b2b4-26be7e081f6b>)\n\n**Affected Software**: [Slide Anything \u2013 Responsive Content / HTML Slider and Carousel](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/slide-anything>) \n**CVE ID**: CVE-2023-28499 \n**CVSS Score**: 6.4 (Medium) \n**Researcher/s**: [FearZzZz](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/vlad-visse>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/130b069d-d224-44af-b2b4-26be7e081f6b>\n\n* * *\n\n#### [Surbma | GDPR Proof Cookie Consent & Notice Bar <= 17.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/48b9f3e3-b7fd-4d7c-8f8b-b11ed977aa92>)\n\n**Affected Software**: [Surbma | GDPR Proof Cookie Consent & Notice Bar](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/surbma-gdpr-proof-google-analytics>) \n**CVE ID**: CVE-2023-23894 \n**CVSS Score**: 6.4 (Medium) \n**Researcher/s**: [yuyudhn](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/yuyudhn>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/48b9f3e3-b7fd-4d7c-8f8b-b11ed977aa92>\n\n* * *\n\n#### [Robo Gallery <= 3.2.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes](<https://wordfence.com/threat-intel/vulnerabilities/id/4e0424f8-f60f-49c3-9969-a88c830dc0e2>)\n\n**Affected Software**: [Photo Gallery, Images, Slider in Rbs Image Gallery](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/robo-gallery>) \n**CVE ID**: CVE-2023-27620 \n**CVSS Score**: 6.4 (Medium) \n**Researcher/s**: [Rafshanzani Suhada](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rafshanzani-suhada>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/4e0424f8-f60f-49c3-9969-a88c830dc0e2>\n\n* * *\n\n#### [Ecwid Shopping Cart <= 6.11.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode](<https://wordfence.com/threat-intel/vulnerabilities/id/c8c530e2-ce42-40f3-82ab-1df9089a5407>)\n\n**Affected Software**: [Ecwid Ecommerce Shopping Cart](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/ecwid-shopping-cart>) \n**CVE ID**: CVE-2023-24408 \n**CVSS Score**: 6.4 (Medium) \n**Researcher/s**: [Lana Codes](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/lana-codes>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/c8c530e2-ce42-40f3-82ab-1df9089a5407>\n\n* * *\n\n#### [Embed Any Document \u2013 Embed PDF, Word, PowerPoint and Excel Files <= 2.7.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG files](<https://wordfence.com/threat-intel/vulnerabilities/id/eebe37bf-2983-47c0-afd8-0aa3e7982196>)\n\n**Affected Software**: [Embed Any Document \u2013 Embed PDF, Word, PowerPoint and Excel Files](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/embed-any-document>) \n**CVE ID**: CVE-2023-23707 \n**CVSS Score**: 6.4 (Medium) \n**Researcher/s**: [n0paew](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/n0paew>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/eebe37bf-2983-47c0-afd8-0aa3e7982196>\n\n* * *\n\n#### [WP Job Portal <= 1.1.9 - Authenticated (Subscriber+) Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/f11ea6b2-1225-42a5-aa7b-260315d0bec5>)\n\n**Affected Software**: [WP Job Portal \u2013 A Complete Job Board](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-job-portal>) \n**CVE ID**: CVE-2023-28534 \n**CVSS Score**: 6.4 (Medium) \n**Researcher/s**: [Fariq Fadillah Gusti Insani](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/fariq-fadillah-gusti-insani>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/f11ea6b2-1225-42a5-aa7b-260315d0bec5>\n\n* * *\n\n#### [RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery](<https://wordfence.com/threat-intel/vulnerabilities/id/8f9ee168-82b1-4d13-a84e-379f16dcb283>)\n\n**Affected Software**: [RapidLoad Power-Up for Autoptimize](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/unusedcss>) \n**CVE ID**: CVE-2023-1472 \n**CVSS Score**: 6.3 (Medium) \n**Researcher/s**: [Marco Wotschka](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/marco-wotschka>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/8f9ee168-82b1-4d13-a84e-379f16dcb283>\n\n* * *\n\n#### [SEO Plugin by Squirrly SEO <= 12.1.20 - Missing Authorization](<https://wordfence.com/threat-intel/vulnerabilities/id/9251afbb-1a6d-40c6-b62e-a8866742f669>)\n\n**Affected Software**: [SEO Plugin by Squirrly SEO](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/squirrly-seo>) \n**CVE ID**: CVE-2022-44626 \n**CVSS Score**: 6.3 (Medium) \n**Researcher/s**: [Rafie Muhammad](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rafie-muhammad>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/9251afbb-1a6d-40c6-b62e-a8866742f669>\n\n* * *\n\n#### [Data Tables Generator by Supsystic <= 1.10.25 - Missing Authorization](<https://wordfence.com/threat-intel/vulnerabilities/id/ae98e3bd-f663-4609-92ed-ed0431047d85>)\n\n**Affected Software**: [Data Tables Generator by Supsystic](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/data-tables-generator-by-supsystic>) \n**CVE ID**: CVE-2023-25043 \n**CVSS Score**: 6.3 (Medium) \n**Researcher/s**: [Rafshanzani Suhada](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rafshanzani-suhada>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/ae98e3bd-f663-4609-92ed-ed0431047d85>\n\n* * *\n\n#### [Open RDW kenteken voertuiginformatie <= 2.0.14 - Reflected Cross-Site Scripting via open_data_rdw_kenteken](<https://wordfence.com/threat-intel/vulnerabilities/id/1fa87357-09c0-4e99-8ceb-41a7987c4a57>)\n\n**Affected Software**: [Open RDW kenteken voertuiginformatie](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/open-rdw-kenteken-voertuiginformatie>) \n**CVE ID**: CVE-2022-47431 \n**CVSS Score**: 6.1 (Medium) \n**Researcher/s**: [minhtuanact](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/minhtuanact>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/1fa87357-09c0-4e99-8ceb-41a7987c4a57>\n\n* * *\n\n#### [Solidres <= 0.9.4 - Reflected Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/36d9e9cd-7885-4127-b62c-ee0b3aad8846>)\n\n**Affected Software**: [Solidres \u2013 Hotel booking plugin for WordPress](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/solidres>) \n**CVE ID**: CVE-2023-1377 \n**CVSS Score**: 6.1 (Medium) \n**Researcher/s**: [Erwan LR](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/erwan>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/36d9e9cd-7885-4127-b62c-ee0b3aad8846>\n\n* * *\n\n#### [SEO Plugin by Squirrly SEO <= 12.1.20 - Reflected Cross-Site Scripting via 'page' and 'tab'](<https://wordfence.com/threat-intel/vulnerabilities/id/3edce64d-13c2-454a-b5da-0454453f69cb>)\n\n**Affected Software**: [SEO Plugin by Squirrly SEO](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/squirrly-seo>) \n**CVE ID**: CVE-2022-45065 \n**CVSS Score**: 6.1 (Medium) \n**Researcher/s**: [Rafie Muhammad](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rafie-muhammad>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/3edce64d-13c2-454a-b5da-0454453f69cb>\n\n* * *\n\n#### [WordPress Mortgage Calculator Estatik <= 2.0.7 - Reflected Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/5ce9dd21-3c89-4ddd-9022-f1edf1224e2d>)\n\n**Affected Software**: [WordPress Mortgage Calculator Estatik](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/estatik-mortgage-calculator>) \n**CVE ID**: CVE-2023-28490 \n**CVSS Score**: 6.1 (Medium) \n**Researcher/s**: [minhtuanact](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/minhtuanact>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/5ce9dd21-3c89-4ddd-9022-f1edf1224e2d>\n\n* * *\n\n#### [Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard <= 2.11.0 - Reflected Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/60ae8b8f-bc65-40df-b6ae-4ec8e328dbe5>)\n\n**Affected Software**: [Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/drag-n-drop-upload-cf7-pro>) \n**CVE ID**: CVE Unknown \n**CVSS Score**: 6.1 (Medium) \n**Researcher/s**: Unknown \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/60ae8b8f-bc65-40df-b6ae-4ec8e328dbe5>\n\n* * *\n\n#### [WPML <= 4.6.1 - Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/b5639c00-f34c-45e3-8ff1-dfde7856a80e>)\n\n**Affected Software**: [wpml](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wpml>) \n**CVE ID**: CVE Unknown \n**CVSS Score**: 6.1 (Medium) \n**Researcher/s**: Unknown \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/b5639c00-f34c-45e3-8ff1-dfde7856a80e>\n\n* * *\n\n#### [Brilliance <= 1.3.1 - Reflected Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/e5726c70-c2c7-45b9-bd03-38cf1320646a>)\n\n**Affected Software**: [Brilliance](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/brilliance>) \n**CVE ID**: CVE-2023-28171 \n**CVSS Score**: 6.1 (Medium) \n**Researcher/s**: [Dave Jong](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/dave-jong>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/e5726c70-c2c7-45b9-bd03-38cf1320646a>\n\n* * *\n\n#### [Mediciti Lite <= 1.3.0 - Reflected Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/ec2825b2-c8df-40fd-b44d-a840be66446f>)\n\n**Affected Software**: [Mediciti Lite](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/mediciti-lite>) \n**CVE ID**: CVE-2023-28418 \n**CVSS Score**: 6.1 (Medium) \n**Researcher/s**: [Dave Jong](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/dave-jong>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/ec2825b2-c8df-40fd-b44d-a840be66446f>\n\n* * *\n\n#### [Dynamics 365 Integration <= 1.3.12 - Missing Authorization via wp_ajax_wpcrm_log & wp_ajax_wpcrm_log_verbosity](<https://wordfence.com/threat-intel/vulnerabilities/id/1671e437-09f0-46bc-87ef-3a5712c3dc98>)\n\n**Affected Software**: [Dynamics 365 Integration](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/integration-dynamics>) \n**CVE ID**: CVE-2023-28417 \n**CVSS Score**: 5.4 (Medium) \n**Researcher/s**: [Lana Codes](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/lana-codes>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/1671e437-09f0-46bc-87ef-3a5712c3dc98>\n\n* * *\n\n#### [Force First and Last Name as Display Name <= 1.2 - Cross-Site Request Forgery](<https://wordfence.com/threat-intel/vulnerabilities/id/27d579d5-a4d2-45f7-a7bb-8f384d851d7a>)\n\n**Affected Software**: [Force First and Last Name as Display Name](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/force-first-last>) \n**CVE ID**: CVE-2023-28419 \n**CVSS Score**: 5.4 (Medium) \n**Researcher/s**: [Mika](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/mika>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/27d579d5-a4d2-45f7-a7bb-8f384d851d7a>\n\n* * *\n\n#### [WP Google Map Plugin <= 4.4.2 - Cross-Site Request Forgery via delete()](<https://wordfence.com/threat-intel/vulnerabilities/id/71f58781-3fb3-4eba-8e5a-f98f006f4607>)\n\n**Affected Software**: [WordPress Plugin for Google Maps \u2013 WP MAPS](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-google-map-plugin>) \n**CVE ID**: CVE-2023-28172 \n**CVSS Score**: 5.4 (Medium) \n**Researcher/s**: [Rafie Muhammad](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rafie-muhammad>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/71f58781-3fb3-4eba-8e5a-f98f006f4607>\n\n* * *\n\n#### [Redirect Redirection <= 1.1.4 - Cross-Site Request Forgery to Plugin De-Installation](<https://wordfence.com/threat-intel/vulnerabilities/id/7d500729-3b1a-4ece-81de-4c1f9afbf798>)\n\n**Affected Software**: [Redirection](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/redirect-redirection>) \n**CVE ID**: CVE Unknown \n**CVSS Score**: 5.4 (Medium) \n**Researcher/s**: Unknown \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/7d500729-3b1a-4ece-81de-4c1f9afbf798>\n\n* * *\n\n#### [Regina Lite <= 2.0.7 - Reflected Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/7dcd3452-a340-44e5-b292-347dc69ab863>)\n\n**Affected Software**: [Regina Lite](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/regina-lite>) \n**CVE ID**: CVE-2023-27619 \n**CVSS Score**: 5.4 (Medium) \n**Researcher/s**: [Dave Jong](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/dave-jong>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/7dcd3452-a340-44e5-b292-347dc69ab863>\n\n* * *\n\n#### [WooCommerce Weight Based Shipping <= 5.4.1 - Cross-Site Request Forgery leading to Plugin Settings Changes](<https://wordfence.com/threat-intel/vulnerabilities/id/b5086b8d-6c74-4970-9937-5ddc5b528495>)\n\n**Affected Software**: [WooCommerce Weight Based Shipping](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/weight-based-shipping-for-woocommerce>) \n**CVE ID**: CVE-2022-46794 \n**CVSS Score**: 5.4 (Medium) \n**Researcher/s**: [Muhammad Daffa](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/muhammad-daffa>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/b5086b8d-6c74-4970-9937-5ddc5b528495>\n\n* * *\n\n#### [Site Reviews <= 6.5.1 - Missing Authorization](<https://wordfence.com/threat-intel/vulnerabilities/id/d94f6cdd-8232-4e0c-b510-0e755c280b58>)\n\n**Affected Software**: [Site Reviews](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/site-reviews>) \n**CVE ID**: CVE-2023-27625 \n**CVSS Score**: 5.4 (Medium) \n**Researcher/s**: [Rafshanzani Suhada](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rafshanzani-suhada>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/d94f6cdd-8232-4e0c-b510-0e755c280b58>\n\n* * *\n\n#### [Newsmag <= 2.4.4 - Reflected Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/debe6f54-0f56-4bc9-a0cd-4f2caa1ed9e3>)\n\n**Affected Software**: [NewsMag](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/newsmag>) \n**CVE ID**: CVE-2023-28493 \n**CVSS Score**: 5.4 (Medium) \n**Researcher/s**: [Brandon James Roldan](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/brandon-james-roldan>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/debe6f54-0f56-4bc9-a0cd-4f2caa1ed9e3>\n\n* * *\n\n#### [WordPress Email Marketing Plugin \u2013 WP Email Capture <= 3.10 - Information Exposure via wp_email_capture_options_process](<https://wordfence.com/threat-intel/vulnerabilities/id/b4570948-1625-44b3-8af6-73765d9710ee>)\n\n**Affected Software**: [WordPress Email Marketing Plugin \u2013 WP Email Capture](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-email-capture>) \n**CVE ID**: CVE-2023-28421 \n**CVSS Score**: 5.3 (Medium) \n**Researcher/s**: [Nguyen Anh Tien](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/nguyen-anh-tien>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/b4570948-1625-44b3-8af6-73765d9710ee>\n\n* * *\n\n#### [Popup Maker <= 1.17.1 - Sensitive Data Exposure via debug log file](<https://wordfence.com/threat-intel/vulnerabilities/id/d0240b35-72d0-4943-84cd-5d1574609b36>)\n\n**Affected Software**: [Popup Maker \u2013 Popup for opt-ins, lead gen, & more](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/popup-maker>) \n**CVE ID**: CVE-2022-47597 \n**CVSS Score**: 5.3 (Medium) \n**Researcher/s**: [rezaduty](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rezaduty-1>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/d0240b35-72d0-4943-84cd-5d1574609b36>\n\n* * *\n\n#### [Backup Bank: WordPress Backup Plugin <= 4.0.28 - Missing Authorization via post_user_feedback_backup_bank](<https://wordfence.com/threat-intel/vulnerabilities/id/e5ab6dcd-ef22-4fea-9e35-9358ede3ff5d>)\n\n**Affected Software**: [Backup Bank: WordPress Backup Plugin](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-backup-bank>) \n**CVE ID**: CVE-2023-28165 \n**CVSS Score**: 5.3 (Medium) \n**Researcher/s**: [Lana Codes](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/lana-codes>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/e5ab6dcd-ef22-4fea-9e35-9358ede3ff5d>\n\n* * *\n\n#### [WP Simple Shopping Cart <= 4.6.3 - Information Disclosure](<https://wordfence.com/threat-intel/vulnerabilities/id/ea4453bc-557b-4abf-85c6-4aecfd8f4012>)\n\n**Affected Software**: [WordPress Simple Shopping Cart](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wordpress-simple-paypal-shopping-cart>) \n**CVE ID**: CVE-2023-1431 \n**CVSS Score**: 5.3 (Medium) \n**Researcher/s**: [Ayoub Safa](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/ayoub-safa>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/ea4453bc-557b-4abf-85c6-4aecfd8f4012>\n\n* * *\n\n#### [WordPress Console <= 0.3.9 - Missing Authorization via reload.php](<https://wordfence.com/threat-intel/vulnerabilities/id/fd3cd605-6292-4a04-9aee-f4b9a8127e8e>)\n\n**Affected Software**: [WordPress Console](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wordpress-console>) \n**CVE ID**: CVE-2023-28168 \n**CVSS Score**: 5.3 (Medium) \n**Researcher/s**: [Prasanna V Balaji](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/prasanna-v-balaji>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/fd3cd605-6292-4a04-9aee-f4b9a8127e8e>\n\n* * *\n\n#### [PhonePe Payment Solutions <= 1.0.15 - Authenticated (Subscriber+) Server-Side Request Forgery](<https://wordfence.com/threat-intel/vulnerabilities/id/8f24f7e2-2516-4f4d-955f-f3f6001cbce7>)\n\n**Affected Software**: [PhonePe Payment Solutions](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/phonepe-payment-solutions>) \n**CVE ID**: CVE-2022-45835 \n**CVSS Score**: 5 (Medium) \n**Researcher/s**: [Aman Rawat](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/aman-rawat>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/8f24f7e2-2516-4f4d-955f-f3f6001cbce7>\n\n* * *\n\n#### [Auto Rename Media On Upload <= 1.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/25a566ed-9ed6-4c72-9728-49a0edfb5ba5>)\n\n**Affected Software**: [Auto Rename Media On Upload](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/auto-rename-media-on-upload>) \n**CVE ID**: CVE Unknown \n**CVSS Score**: 4.4 (Medium) \n**Researcher/s**: Unknown \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/25a566ed-9ed6-4c72-9728-49a0edfb5ba5>\n\n* * *\n\n#### [eCommerce Product Catalog plugin for WordPress <= 3.3.8 - Authenticated (Administrator+) Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/26b7438e-438b-41eb-9458-2fba8ab1964d>)\n\n**Affected Software**: [eCommerce Product Catalog Plugin for WordPress](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/ecommerce-product-catalog>) \n**CVE ID**: CVE-2023-1470 \n**CVSS Score**: 4.4 (Medium) \n**Researcher/s**: [Marco Wotschka](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/marco-wotschka>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/26b7438e-438b-41eb-9458-2fba8ab1964d>\n\n* * *\n\n#### [WP Simple Events <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/53de68ad-76a6-4043-8369-7679c1c5c1cd>)\n\n**Affected Software**: [WP Simple Events](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-simple-events>) \n**CVE ID**: CVE-2023-24376 \n**CVSS Score**: 4.4 (Medium) \n**Researcher/s**: [Nithissh S](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/nithissh-s>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/53de68ad-76a6-4043-8369-7679c1c5c1cd>\n\n* * *\n\n#### [Easy Event calendar <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/57dda8e6-54d1-41db-a54d-4a5d635e23b7>)\n\n**Affected Software**: [Easy Event calendar](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/easy-event-calendar>) \n**CVE ID**: CVE-2023-28169 \n**CVSS Score**: 4.4 (Medium) \n**Researcher/s**: [Nithissh S](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/nithissh-s>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/57dda8e6-54d1-41db-a54d-4a5d635e23b7>\n\n* * *\n\n#### [Yandex.News Feed by Teplitsa <= 1.12.5 - Authenticated (Administrator+) Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/756810c0-d805-4391-a67b-19b40597d219>)\n\n**Affected Software**: [Yandex.News Feed by Teplitsa](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/yandexnews-feed-by-teplitsa>) \n**CVE ID**: CVE-2023-25052 \n**CVSS Score**: 4.4 (Medium) \n**Researcher/s**: [yuyudhn](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/yuyudhn>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/756810c0-d805-4391-a67b-19b40597d219>\n\n* * *\n\n#### [SMTP2GO <= 1.4.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings](<https://wordfence.com/threat-intel/vulnerabilities/id/7cc618c8-63a9-4321-ad18-ee5277a5f5e0>)\n\n**Affected Software**: [SMTP2GO \u2013 Email Made Easy](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/smtp2go>) \n**CVE ID**: CVE-2023-28496 \n**CVSS Score**: 4.4 (Medium) \n**Researcher/s**: [Rio Darmawan](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rio-darmawan>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/7cc618c8-63a9-4321-ad18-ee5277a5f5e0>\n\n* * *\n\n#### [WSB Brands <= 1.1.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via $logo](<https://wordfence.com/threat-intel/vulnerabilities/id/89321887-0116-47fb-b65b-008c9fb01b62>)\n\n**Affected Software**: [WSB Brands](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wsb-brands>) \n**CVE ID**: CVE-2022-47437 \n**CVSS Score**: 4.4 (Medium) \n**Researcher/s**: [TEAM WEBoB of BoB 11th](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/team-webob-of-bob-11th>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/89321887-0116-47fb-b65b-008c9fb01b62>\n\n* * *\n\n#### [PB SEO Friendly Images <= 4.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/89fc8407-3d1f-4b1b-9b4c-13c0da928231>)\n\n**Affected Software**: [PB SEO Friendly Images](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/pb-seo-friendly-images>) \n**CVE ID**: CVE-2022-47434 \n**CVSS Score**: 4.4 (Medium) \n**Researcher/s**: [Dimas Aprilianto](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/dimas-aprilianto>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/89fc8407-3d1f-4b1b-9b4c-13c0da928231>\n\n* * *\n\n#### [CMS Press <= 0.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/905cb57b-70ec-4324-ae66-9c06d1737939>)\n\n**Affected Software**: [CMS Press](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/cms-press>) \n**CVE ID**: CVE-2023-25452 \n**CVSS Score**: 4.4 (Medium) \n**Researcher/s**: [Prasanna V Balaji](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/prasanna-v-balaji>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/905cb57b-70ec-4324-ae66-9c06d1737939>\n\n* * *\n\n#### [Modern Footnotes <= 1.4.15 - Authenticated (Administrator+) Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/94b98842-8c75-4623-8cc9-ad3dc0916a18>)\n\n**Affected Software**: [Modern Footnotes](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/modern-footnotes>) \n**CVE ID**: CVE-2023-28423 \n**CVSS Score**: 4.4 (Medium) \n**Researcher/s**: [Rio Darmawan](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rio-darmawan>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/94b98842-8c75-4623-8cc9-ad3dc0916a18>\n\n* * *\n\n#### [Solidres <= 0.9.4 - Authenticated (Admin+) Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/b13ee51b-9f23-428f-9cef-4a9b9b06b0c4>)\n\n**Affected Software**: [Solidres \u2013 Hotel booking plugin for WordPress](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/solidres>) \n**CVE ID**: CVE-2023-1374 \n**CVSS Score**: 4.4 (Medium) \n**Researcher/s**: [Daniel Kelley](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/daniel-kelley>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/b13ee51b-9f23-428f-9cef-4a9b9b06b0c4>\n\n* * *\n\n#### [WP Express Checkout <= 2.2.8 - Authenticated (Admin+) Stored Cross-Site Scripting via pec_coupon](<https://wordfence.com/threat-intel/vulnerabilities/id/b35ee801-f04d-4b22-8238-053b02a6ee0c>)\n\n**Affected Software**: [WP Express Checkout (Accept PayPal Payments Easily)](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-express-checkout>) \n**CVE ID**: CVE-2023-1469 \n**CVSS Score**: 4.4 (Medium) \n**Researcher/s**: [Ayoub Safa](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/ayoub-safa>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/b35ee801-f04d-4b22-8238-053b02a6ee0c>\n\n* * *\n\n#### [Branda \u2013 White Label WordPress <= 3.4.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/c3508b46-6920-48b9-9acb-620ea34e07e2>)\n\n**Affected Software**: [Branda \u2013 White Label WordPress, Custom Login Page Customizer](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/branda-white-labeling>) \n**CVE ID**: CVE Unknown \n**CVSS Score**: 4.4 (Medium) \n**Researcher/s**: Unknown \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/c3508b46-6920-48b9-9acb-620ea34e07e2>\n\n* * *\n\n#### [Klaviyo <= 3.0.7 - Authenticated (Administrator+) Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/d2b66f27-e4d2-4f6e-be96-b7f967a30885>)\n\n**Affected Software**: [Klaviyo](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/klaviyo>) \n**CVE ID**: CVE-2023-25456 \n**CVSS Score**: 4.4 (Medium) \n**Researcher/s**: [Abdi Pranata](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/abdi-pranata>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/d2b66f27-e4d2-4f6e-be96-b7f967a30885>\n\n* * *\n\n#### [Modern Events Calendar lite <= 5.16.2 - Authenticated (Admin+) Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/e7465ca4-21e8-4935-b294-e7378b2b01a7>)\n\n**Affected Software**: [Modern Events Calendar Lite](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/modern-events-calendar-lite>) \n**CVE ID**: CVE-2023-1400 \n**CVSS Score**: 4.4 (Medium) \n**Researcher/s**: [Pavak Tiwari](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/pavak-tiwari>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/e7465ca4-21e8-4935-b294-e7378b2b01a7>\n\n* * *\n\n#### [Slideshow Gallery LITE <= 1.7.6 - Cross-Site Request Forgery via admin_galleries](<https://wordfence.com/threat-intel/vulnerabilities/id/0a598274-3c67-4751-94d6-49abed38422c>)\n\n**Affected Software**: [Slideshow Gallery LITE](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/slideshow-gallery>) \n**CVE ID**: CVE-2023-28497 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [Rio Darmawan](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rio-darmawan>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/0a598274-3c67-4751-94d6-49abed38422c>\n\n* * *\n\n#### [Google XML Sitemap for Images <= 2.1.3 - Cross-Site Request Forgery via image_sitemap_generate](<https://wordfence.com/threat-intel/vulnerabilities/id/1165c68d-3da4-45f3-b054-4904e54d18ac>)\n\n**Affected Software**: [Google XML Sitemap for Images](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/google-image-sitemap>) \n**CVE ID**: CVE-2023-28173 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [Rio Darmawan](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rio-darmawan>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/1165c68d-3da4-45f3-b054-4904e54d18ac>\n\n* * *\n\n#### [Slideshow Gallery LITE <= 1.7.6 - Cross-Site Request Forgery via admin_slides](<https://wordfence.com/threat-intel/vulnerabilities/id/164ec659-e1a6-4267-b6e9-4e37a402e503>)\n\n**Affected Software**: [Slideshow Gallery LITE](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/slideshow-gallery>) \n**CVE ID**: CVE-2023-28497 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [Rio Darmawan](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rio-darmawan>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/164ec659-e1a6-4267-b6e9-4e37a402e503>\n\n* * *\n\n#### [Real Estate Directory <= 1.0.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Activation](<https://wordfence.com/threat-intel/vulnerabilities/id/17031e21-e697-4e01-8848-c3957f5dac7f>)\n\n**Affected Software**: [Real Estate Directory](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/real-estate-directory>) \n**CVE ID**: CVE-2023-28532 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [Dave Jong](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/dave-jong>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/17031e21-e697-4e01-8848-c3957f5dac7f>\n\n* * *\n\n#### [LOGIN AND REGISTRATION ATTEMPTS LIMIT <= 2.1 - Cross-Site Request Forgery](<https://wordfence.com/threat-intel/vulnerabilities/id/257052f4-2b0a-4604-befd-651dc338b3d5>)\n\n**Affected Software**: [LOGIN AND REGISTRATION ATTEMPTS LIMIT](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/login-attempts-limit-wp>) \n**CVE ID**: CVE-2022-47138 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [rezaduty](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rezaduty-1>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/257052f4-2b0a-4604-befd-651dc338b3d5>\n\n* * *\n\n#### [Chronoforms <= 7.0.9 - Cross-Site Request Forgery](<https://wordfence.com/threat-intel/vulnerabilities/id/2c02b9b2-b41e-4a30-b69a-9cdae86dd7a7>)\n\n**Affected Software**: [Chronoforms](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/chronoforms>) \n**CVE ID**: CVE-2022-47135 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [rezaduty](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rezaduty-1>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/2c02b9b2-b41e-4a30-b69a-9cdae86dd7a7>\n\n* * *\n\n#### [Real Estate Directory <= 1.0.5 - Cross-Site Request Forgery via rdm_activate_plugin](<https://wordfence.com/threat-intel/vulnerabilities/id/39a50c49-5c24-4ae7-8f77-4f3d98270f8f>)\n\n**Affected Software**: [Real Estate Directory](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/real-estate-directory>) \n**CVE ID**: CVE-2023-28532 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: Unknown \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/39a50c49-5c24-4ae7-8f77-4f3d98270f8f>\n\n* * *\n\n#### [CP Multi View Event Calendar <= 1.4.10 - Missing Authentication leading to Authenticated (Subscriber+) Private Form Submission](<https://wordfence.com/threat-intel/vulnerabilities/id/49ebff14-ce09-4607-8246-50ae028957f6>)\n\n**Affected Software**: [Calendar Event Multi View](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/cp-multi-view-calendar>) \n**CVE ID**: CVE-2023-28492 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [Lana Codes](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/lana-codes>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/49ebff14-ce09-4607-8246-50ae028957f6>\n\n* * *\n\n#### [Customify <= 2.10.4 - Cross-Site Request Forgery to Settings Update](<https://wordfence.com/threat-intel/vulnerabilities/id/4b1c0ee5-5329-411c-8030-14bec586d74d>)\n\n**Affected Software**: [Customify \u2013 Intuitive Website Styling](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/customify>) \n**CVE ID**: CVE-2023-27633 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [Mika](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/mika>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/4b1c0ee5-5329-411c-8030-14bec586d74d>\n\n* * *\n\n#### [Fluid Checkout for WooCommerce \u2013 Lite <= 2.3.1 - Cross-Site Request Forgery via dismiss_notice](<https://wordfence.com/threat-intel/vulnerabilities/id/5c8caf17-7844-4f26-b989-d29593b3ffda>)\n\n**Affected Software**: [Fluid Checkout for WooCommerce \u2013 Lite](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/fluid-checkout>) \n**CVE ID**: CVE Unknown \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: Unknown \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/5c8caf17-7844-4f26-b989-d29593b3ffda>\n\n* * *\n\n#### [Website Monetization by MageNet <= 1.0.29.1 - Cross-Site Request Forgery via admin_magenet_settings](<https://wordfence.com/threat-intel/vulnerabilities/id/5f1f3562-f869-4442-b77f-c06c5683c1b2>)\n\n**Affected Software**: [Website Monetization by MageNet](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/website-monetization-by-magenet>) \n**CVE ID**: CVE-2023-22673 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [Mika](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/mika>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/5f1f3562-f869-4442-b77f-c06c5683c1b2>\n\n* * *\n\n#### [Bulk Resize Media <= 1.1 - Cross-Site Request Forgery via bulk_resize_resize_image](<https://wordfence.com/threat-intel/vulnerabilities/id/605fbfb9-85d8-43ff-a738-ad1a8a9584c3>)\n\n**Affected Software**: [Bulk Resize Media](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/bulk-resize-media>) \n**CVE ID**: CVE-2022-46865 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [Cat](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/cat>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/605fbfb9-85d8-43ff-a738-ad1a8a9584c3>\n\n* * *\n\n#### [Import External Images <= 1.4 - Cross-Site Request Forgery via [placeholder]](<https://wordfence.com/threat-intel/vulnerabilities/id/6785be1c-85d4-48f1-be15-275c71284b3e>)\n\n**Affected Software**: [Import External Images](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/import-external-images>) \n**CVE ID**: CVE-2022-46866 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [Cat](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/cat>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/6785be1c-85d4-48f1-be15-275c71284b3e>\n\n* * *\n\n#### [Reusable Blocks Extended <= 0.9 - Cross-Site Request Forgery via reblex_reusable_screen_block_pattern_registration](<https://wordfence.com/threat-intel/vulnerabilities/id/67c2cac8-c3cf-46d1-a592-229081bc31e1>)\n\n**Affected Software**: [Reusable Blocks Extended](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/reusable-blocks-extended>) \n**CVE ID**: CVE-2023-27611 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [Rio Darmawan](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rio-darmawan>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/67c2cac8-c3cf-46d1-a592-229081bc31e1>\n\n* * *\n\n#### [WP Shortcode by MyThemeShop <= 1.4.16 - Cross-Site Request Forgery](<https://wordfence.com/threat-intel/vulnerabilities/id/763fec04-72c5-4910-af97-f58b5b69a02e>)\n\n**Affected Software**: [WP Shortcode by MyThemeShop](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-shortcode>) \n**CVE ID**: CVE-2023-28495 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [Lana Codes](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/lana-codes>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/763fec04-72c5-4910-af97-f58b5b69a02e>\n\n* * *\n\n#### [WP Basic Elements <= 5.2.15 - Cross-Site Request Forgery via wpbe_save_settings](<https://wordfence.com/threat-intel/vulnerabilities/id/78e79423-7b69-4d85-a939-96eb5385624c>)\n\n**Affected Software**: [WP Basic Elements](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-basic-elements>) \n**CVE ID**: CVE-2022-47139 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [rezaduty](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rezaduty-1>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/78e79423-7b69-4d85-a939-96eb5385624c>\n\n* * *\n\n#### [Dynamics 365 Integration <= 1.3.12 - Cross-Site Request Forgery via wp_ajax_wpcrm_log](<https://wordfence.com/threat-intel/vulnerabilities/id/7945110e-2a9d-4e0e-b0e8-77c16694993b>)\n\n**Affected Software**: [Dynamics 365 Integration](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/integration-dynamics>) \n**CVE ID**: CVE Unknown \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: Unknown \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/7945110e-2a9d-4e0e-b0e8-77c16694993b>\n\n* * *\n\n#### [Hotel Booking Lite <= 4.6.0 - Cross-Site Request Forgery to Settings Update](<https://wordfence.com/threat-intel/vulnerabilities/id/7a874287-c648-4807-8387-b0b47187651e>)\n\n**Affected Software**: [Hotel Booking Lite](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/motopress-hotel-booking-lite>) \n**CVE ID**: CVE-2023-28498 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [yuyudhn](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/yuyudhn>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/7a874287-c648-4807-8387-b0b47187651e>\n\n* * *\n\n#### [CF7 Invisible reCAPTCHA <= 1.3.3 - Cross-Site Request Forgery via vsz_cf7_invisible_recaptcha_page](<https://wordfence.com/threat-intel/vulnerabilities/id/8fa1048e-bdcd-41d1-a7c4-196731a60843>)\n\n**Affected Software**: [CF7 Invisible reCAPTCHA](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/cf7-invisible-recaptcha>) \n**CVE ID**: CVE-2023-28167 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [Rio Darmawan](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rio-darmawan>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/8fa1048e-bdcd-41d1-a7c4-196731a60843>\n\n* * *\n\n#### [HT Feed <= 1.2.7 - Cross-Site Request Forgery leading to Limited Plugin Activation](<https://wordfence.com/threat-intel/vulnerabilities/id/95723482-a6c5-4e95-a88d-c50a88108715>)\n\n**Affected Software**: [HT Feed](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/ht-instagram>) \n**CVE ID**: CVE-2023-23804 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [Lana Codes](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/lana-codes>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/95723482-a6c5-4e95-a88d-c50a88108715>\n\n* * *\n\n#### [Contact Form Email <= 1.3.31 - Missing Authorization to Feedback Submission](<https://wordfence.com/threat-intel/vulnerabilities/id/9596c243-4099-420a-aa2a-381b6299f927>)\n\n**Affected Software**: [Contact Form Email](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/contact-form-to-email>) \n**CVE ID**: CVE-2023-28494 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [Lana Codes](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/lana-codes>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/9596c243-4099-420a-aa2a-381b6299f927>\n\n* * *\n\n#### [Custom Options Plus <= 1.8.1 - Cross-Site Request Forgery via custom_options_plus_adm](<https://wordfence.com/threat-intel/vulnerabilities/id/97c8858a-f05d-4159-b914-4e6ae9bf0d79>)\n\n**Affected Software**: [Custom Options Plus](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/custom-options-plus>) \n**CVE ID**: CVE-2023-28420 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [Justiice](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/justiice>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/97c8858a-f05d-4159-b914-4e6ae9bf0d79>\n\n* * *\n\n#### [Store Locator <= 3.98.7 - Cross-Site Request Forgery to Settings Update](<https://wordfence.com/threat-intel/vulnerabilities/id/98ae3315-8361-43bb-be2c-1564f4df8d5b>)\n\n**Affected Software**: [Store Locator for WordPress with Google Maps \u2013 LotsOfLocales](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/store-locator>) \n**CVE ID**: CVE Unknown \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: Unknown \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/98ae3315-8361-43bb-be2c-1564f4df8d5b>\n\n* * *\n\n#### [Dynamics 365 Integration <= 1.3.12 - Cross-Site Request Forgery via wp_ajax_wpcrm_log_verbosity](<https://wordfence.com/threat-intel/vulnerabilities/id/98e0d103-2369-4c6a-93ae-6be2a1770bae>)\n\n**Affected Software**: [Dynamics 365 Integration](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/integration-dynamics>) \n**CVE ID**: CVE Unknown \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: Unknown \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/98e0d103-2369-4c6a-93ae-6be2a1770bae>\n\n* * *\n\n#### [Contact Form 7 Redirect & Thank You Page <= 1.0.3 - Cross-Site Request Forgery via cf7rl_admin_table](<https://wordfence.com/threat-intel/vulnerabilities/id/99f831f2-fb96-4dc8-ba3d-6015fbc7e2e1>)\n\n**Affected Software**: [Contact Form 7 Redirect & Thank You Page](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/cf7-redirect-thank-you-page>) \n**CVE ID**: CVE-2023-24395 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [Lana Codes](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/lana-codes>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/99f831f2-fb96-4dc8-ba3d-6015fbc7e2e1>\n\n* * *\n\n#### [WP-Advanced-Search <= 3.3.8 - Cross-Site Request Forgery leading to Plugin Settings Updates](<https://wordfence.com/threat-intel/vulnerabilities/id/a2ba21cd-d8f3-402a-b067-1758937d9eb4>)\n\n**Affected Software**: [WordPress WP-Advanced-Search](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-advanced-search>) \n**CVE ID**: CVE-2022-47447 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [rezaduty](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rezaduty-1>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/a2ba21cd-d8f3-402a-b067-1758937d9eb4>\n\n* * *\n\n#### [Event Manager for WooCommerce <= 3.7.7 - Cross-Site Request Forgery leading to Uninstall Form Submission](<https://wordfence.com/threat-intel/vulnerabilities/id/af59eb6d-1ffa-4593-9bfc-f910d907f6e0>)\n\n**Affected Software**: [Event Manager and Tickets Selling Plugin for WooCommerce](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/mage-eventpress>) \n**CVE ID**: CVE-2022-47164 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [Lana Codes](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/lana-codes>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/af59eb6d-1ffa-4593-9bfc-f910d907f6e0>\n\n* * *\n\n#### [Contact Form 7 \u2013 PayPal & Stripe Add-on <= 1.9.3 - Cross-Site Request Forgery](<https://wordfence.com/threat-intel/vulnerabilities/id/c0c13b83-6885-46db-bf33-0b2b63ff06db>)\n\n**Affected Software**: [Contact Form 7 \u2013 PayPal & Stripe Add-on](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/contact-form-7-paypal-add-on>) \n**CVE ID**: CVE-2023-24405 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [Lana Codes](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/lana-codes>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/c0c13b83-6885-46db-bf33-0b2b63ff06db>\n\n* * *\n\n#### [WP Basic Elements <= 5.2.15 - Missing Authorization to Plugin Settings Update via wpbe_save_settings](<https://wordfence.com/threat-intel/vulnerabilities/id/d6516fc0-4ef8-423b-9cdb-a275996fd98b>)\n\n**Affected Software**: [WP Basic Elements](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-basic-elements>) \n**CVE ID**: CVE Unknown \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: Unknown \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/d6516fc0-4ef8-423b-9cdb-a275996fd98b>\n\n* * *\n\n#### [Print Invoice & Delivery Notes for WooCommerce <= 4.7.2 - Cross-Site Request Forgery via ts_reset_tracking_setting](<https://wordfence.com/threat-intel/vulnerabilities/id/d811782e-3b59-4a46-9a2e-f24ef3dfbd4a>)\n\n**Affected Software**: [Print Invoice & Delivery Notes for WooCommerce](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woocommerce-delivery-notes>) \n**CVE ID**: CVE-2022-46795 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [Muhammad Daffa](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/muhammad-daffa>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/d811782e-3b59-4a46-9a2e-f24ef3dfbd4a>\n\n* * *\n\n#### [Chankhe <= 1.0.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Activation](<https://wordfence.com/threat-intel/vulnerabilities/id/efa4b67c-1bb8-413a-8cb8-039168b0b586>)\n\n**Affected Software**: [Chankhe](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/chankhe>) \n**CVE ID**: CVE-2023-28416 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [Dave Jong](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/dave-jong>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/efa4b67c-1bb8-413a-8cb8-039168b0b586>\n\n* * *\n\n#### [Google XML Sitemap for Videos <= 2.6.1 - Cross-Site Request Forgery via video_sitemap_generate](<https://wordfence.com/threat-intel/vulnerabilities/id/feb4f3dc-9abf-4ee3-834e-e5516652d810>)\n\n**Affected Software**: [Google XML Sitemap for Videos](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/xml-sitemaps-for-videos>) \n**CVE ID**: CVE-2023-25055 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [Mika](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/mika>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/feb4f3dc-9abf-4ee3-834e-e5516652d810>\n\n* * *\n\n_As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence._\n\nThis database is continuously updated, maintained, and populated by Wordfence\u2019s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.\n\n[Click here to sign-up for our mailing list](<https://www.wordfence.com/subscribe-to-the-wordfence-email-list/>) to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.\n\nThe post [Wordfence Intelligence Weekly WordPress Vulnerability Report (Mar 13, 2023 to Mar 19, 2023)](<https://www.wordfence.com/blog/2023/03/wordfence-intelligence-weekly-wordpress-vulnerability-report-mar-13-2023-to-mar-19-2023/>) appeared first on [Wordfence](<https://www.wordfence.com>).", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-03-23T13:52:54", "type": "wordfence", "title": "Wordfence Intelligence Weekly WordPress Vulnerability Report (Mar 13, 2023 to Mar 19, 2023)", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-44626", "CVE-2022-45065", "CVE-2022-45812", "CVE-2022-45835", "CVE-2022-46794", "CVE-2022-46795", "CVE-2022-46865", "CVE-2022-46866", "CVE-2022-47135", "CVE-2022-47138", "CVE-2022-47139", "CVE-2022-47164", "CVE-2022-47431", "CVE-2022-47434", "CVE-2022-47437", "CVE-2022-47445", "CVE-2022-47447", "CVE-2022-47597", "CVE-2023-0820", "CVE-2023-1124", "CVE-2023-1172", "CVE-2023-1372", "CVE-2023-1374", "CVE-2023-1377", "CVE-2023-1400", "CVE-2023-1431", "CVE-2023-1469", "CVE-2023-1470", "CVE-2023-1471", "CVE-2023-1472", "CVE-2023-22673", "CVE-2023-22710", "CVE-2023-23707", "CVE-2023-23804", "CVE-2023-23894", "CVE-2023-24376", "CVE-2023-24395", "CVE-2023-24405", "CVE-2023-24408", "CVE-2023-24420", "CVE-2023-25043", "CVE-2023-25052", "CVE-2023-25055", "CVE-2023-25452", "CVE-2023-25456", "CVE-2023-27611", "CVE-2023-27619", "CVE-2023-27620", "CVE-2023-27625", "CVE-2023-27633", "CVE-2023-27634", "CVE-2023-28165", "CVE-2023-28166", "CVE-2023-28167", "CVE-2023-28168", "CVE-2023-28169", "CVE-2023-28171", "CVE-2023-28172", "CVE-2023-28173", "CVE-2023-28416", "CVE-2023-28417", "CVE-2023-28418", "CVE-2023-28419", "CVE-2023-28420", "CVE-2023-28421", "CVE-2023-28423", "CVE-2023-28490", "CVE-2023-28491", "CVE-2023-28492", "CVE-2023-28493", "CVE-2023-28494", "CVE-2023-28495", "CVE-2023-28496", "CVE-2023-28497", "CVE-2023-28498", "CVE-2023-28499", "CVE-2023-28532", "CVE-2023-28534"], "modified": "2023-03-23T13:52:54", "id": "WORDFENCE:F7027F99D0A687FC30564B2086094AE1", "href": "https://www.wordfence.com/blog/2023/03/wordfence-intelligence-weekly-wordpress-vulnerability-report-mar-13-2023-to-mar-19-2023/", "cvss": {"score": 0.0, "vector": "NONE"}}]}
CVE-2023-1469
