CVE-2023-25711

2023-04-07T13:15:07

Description

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPGlobus WPGlobus Translate Options plugin <= 2.1.0 versions.

Affected Software

CPE Name	Name	Version
wpglobus:wpglobus_translate_options	wpglobus wpglobus translate options	2.2.0

{"id": "CVE-2023-25711", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2023-25711", "description": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPGlobus WPGlobus Translate Options plugin <=\u00a02.1.0 versions.", "published": "2023-04-07T13:15:07", "modified": "2023-11-07T04:09:08", "epss": [{"cve": "CVE-2023-25711", "epss": 0.00046, "percentile": 0.14275, "modified": "2023-11-30"}], "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 5.8}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 4.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM"}}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25711", "reporter": "audit@patchstack.com", "references": ["https://patchstack.com/database/vulnerability/wpglobus-translate-options/wordpress-wpglobus-translate-options-plugin-2-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve"], "cvelist": ["CVE-2023-25711"], "immutableFields": [], "lastseen": "2023-11-30T17:34:11", "viewCount": 15, "enchantments": {"dependencies": {"references": [{"type": "prion", "idList": ["PRION:CVE-2023-25711"]}, {"type": "wordfence", "idList": ["WORDFENCE:ECA270437FB0C9374EE710EF3456BBB9"]}]}, "affected_software": {"major_version": [{"name": "wpglobus wpglobus translate options", "version": 2}]}, "epss": [{"cve": "CVE-2023-25711", "epss": 0.00046, "percentile": 0.13987, "modified": "2023-05-02"}], "score": {"value": 6.0, "uncertanity": 0.0, "vector": "NONE"}, "short_description": "Unauth. Reflected XSS in WPGlobus Translate Options plugin <= 2.1.", "tags": ["cve-2023-25711", "unauthenticated", "reflected xss", "cross-site scripting", "wpglobus translate options", "nvd"], "vulnersScore": 6.0}, "_state": {"epss": 0, "dependencies": 1701372189, "score": 1701365702, "affected_software_major_version": 0, "chatgpt": 0}, "_internal": {"score_hash": "b63de93d2d63a5e82268cdc48b5803c0", "chatgpt": "bcd8b0c2eb1fce714eab6cef0d771acc"}, "cna_cvss": {"cna": "Patchstack", "cvss": {"3": {"vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L", "score": 5.8}}}, "cpe": [], "cpe23": [], "cwe": ["CWE-79"], "affectedSoftware": [{"cpeName": "wpglobus:wpglobus_translate_options", "version": "2.2.0", "operator": "lt", "name": "wpglobus wpglobus translate options"}], "affectedConfiguration": [], "cpeConfiguration": {"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:wpglobus:wpglobus_translate_options:2.2.0:*:*:*:*:wordpress:*:*", "versionEndExcluding": "2.2.0", "matchCriteriaId": "BC0989B0-27AC-41BB-A3B8-168E4F2614F2"}]}]}, "extraReferences": [{"url": "https://patchstack.com/database/vulnerability/wpglobus-translate-options/wordpress-wpglobus-translate-options-plugin-2-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve", "source": "audit@patchstack.com", "tags": ["Third Party Advisory"]}], "product_info": [{"vendor": "WPGlobus", "product": "WPGlobus Translate Options"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 2.2.0 or a higher version."}], "value": "Update to\u00a02.2.0 or a higher version."}], "workarounds": [], "impacts": [{"capecId": "CAPEC-591", "descriptions": [{"lang": "en", "value": "CAPEC-591 Reflected XSS"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "exploits": [], "assigned": "2023-02-13T00:00:00"}

{"prion": [{"lastseen": "2023-11-20T22:47:48", "description": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPGlobus WPGlobus Translate Options plugin <= 2.1.0 versions.", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}}, "published": "2023-04-07T13:15:00", "type": "prion", "title": "Cross site scripting", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-25711"], "modified": "2023-04-12T16:28:00", "id": "PRION:CVE-2023-25711", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2023-25711", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "wordfence": [{"lastseen": "2023-03-11T08:32:09", "description": "Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as [Wordfence Intelligence Community Edition](<https://www.wordfence.com/threat-intel/vulnerabilities/>).\n\nThis database is continuously updated, maintained, and populated by Wordfence's highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using [our CVE Request form](<https://www.wordfence.com/request-cve/>), and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can. \n\nOur mission with Wordfence Intelligence Community Edition is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence Community Edition user interface and vulnerability API are completely free to access and utilize both personally and commercially.\n\nLast week, there were 104 vulnerabilities disclosed in WordPress based software that have been added to the Wordfence Intelligence Community Edition Vulnerability Database. You can find those vulnerabilities below.\n\n* * *\n\n#### [GamiPress <= 2.5.7 - Unauthenticated SQL Injection](<https://wordfence.com/threat-intel/vulnerabilities/id/1b097ab2-7675-4409-b22a-ad70cee35ab1>) \n\n\n**CVE ID**: CVE-2023-24000 \n**CVSS Score**: 9.8 (Critical) \n**Researcher/s**: [Dave Jong](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/dave-jong>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/1b097ab2-7675-4409-b22a-ad70cee35ab1>\n\n* * *\n\n#### [WatchTowerHQ <= 3.6.16 - Type Juggling to Authentication Bypass in check_ota](<https://wordfence.com/threat-intel/vulnerabilities/id/481c738e-d544-4587-8632-e85a7ddd8b14>) \n\n\n**CVE ID**: CVE-2023-25701 \n**CVSS Score**: 9.8 (Critical) \n**Researcher/s**: [Dave Jong](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/dave-jong>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/481c738e-d544-4587-8632-e85a7ddd8b14>\n\n* * *\n\n#### [WooCommerce Checkout Field Manager <= 17.3 - Unauthenticated Arbitrary File Upload](<https://wordfence.com/threat-intel/vulnerabilities/id/9be94d63-f027-4988-ab41-673658c1fa5f>) \n\n\n**CVE ID**: CVE-2022-4328 \n**CVSS Score**: 9.8 (Critical) \n**Researcher/s**: [cydave](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/cydave>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/9be94d63-f027-4988-ab41-673658c1fa5f>\n\n* * *\n\n#### [WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.5.14 - Cross-Site Request Forgery](<https://wordfence.com/threat-intel/vulnerabilities/id/faac24e5-94f2-40e5-932e-93ddc2c8af7c>) \n\n\n**CVE ID**: CVE-2023-23706 \n**CVSS Score**: 8.8 (High) \n**Researcher/s**: [yuyudhn](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/yuyudhn>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/faac24e5-94f2-40e5-932e-93ddc2c8af7c>\n\n* * *\n\n#### [Get URL Cron <= 1.4.7 - Missing Authorization via geturlcron_action_handle](<https://wordfence.com/threat-intel/vulnerabilities/id/766003e7-712e-481b-b09d-91d62a325718>) \n\n\n**CVE ID**: CVE Unknown \n**CVSS Score**: 7.5 (High) \n**Researcher/s**: [Rio Darmawan](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rio-darmawan>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/766003e7-712e-481b-b09d-91d62a325718>\n\n* * *\n\n#### [Quick Paypal Payments <= 5.7.25 - Missing Authorization](<https://wordfence.com/threat-intel/vulnerabilities/id/b8133d84-e28c-4132-9eb5-941800320f84>) \n\n\n**CVE ID**: CVE-2023-25714 \n**CVSS Score**: 7.3 (High) \n**Researcher/s**: [yuyudhn](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/yuyudhn>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/b8133d84-e28c-4132-9eb5-941800320f84>\n\n* * *\n\n#### [RSVPMaker <= 9.9.3 - Authenticated (Admin+) SQL Injection via 'delete' parameter](<https://wordfence.com/threat-intel/vulnerabilities/id/13101551-d62e-4b27-9156-5b3d022f0e55>) \n\n\n**CVE ID**: CVE-2023-25047 \n**CVSS Score**: 7.2 (High) \n**Researcher/s**: [Muhammad Arsalan Diponegoro](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/muhammad-arsalan-diponegoro>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/13101551-d62e-4b27-9156-5b3d022f0e55>\n\n* * *\n\n#### [RSVPMaker <= 9.9.3 - Authenticated (Admin+) SQL Injection via $email value](<https://wordfence.com/threat-intel/vulnerabilities/id/44373541-adc5-4aa0-abde-0693f2760afb>) \n\n\n**CVE ID**: CVE-2023-25045 \n**CVSS Score**: 7.2 (High) \n**Researcher/s**: [Aldo Dimas Anugrah K](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/aldo-dimas-anugrah-k>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/44373541-adc5-4aa0-abde-0693f2760afb>\n\n* * *\n\n#### [Quiz And Survey Master <= 8.0.8 - Unauthenticated Arbitrary Media Deletion](<https://wordfence.com/threat-intel/vulnerabilities/id/68110321-db1a-4634-98cd-0afd3ec933b8>) \n\n\n**CVE ID**: CVE-2023-0291 \n**CVSS Score**: 7.2 (High) \n**Researcher/s**: [Julien Ahrens](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/julien-ahrens>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/68110321-db1a-4634-98cd-0afd3ec933b8>\n\n* * *\n\n#### [Multi Rating <= 5.0.5 - Unauthenticated Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/979699fd-ff31-4cba-bbf2-03fa51554031>) \n\n\n**CVE ID**: CVE-2022-47433 \n**CVSS Score**: 7.2 (High) \n**Researcher/s**: [minhtuanact](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/minhtuanact>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/979699fd-ff31-4cba-bbf2-03fa51554031>\n\n* * *\n\n#### [WP Coder \u2013 add custom html, css and js code <= 2.5.3 - Authenticated (Admin+) SQL Injection](<https://wordfence.com/threat-intel/vulnerabilities/id/e4b6a9cd-4d29-4bd8-afa3-b5d455ad8340>) \n\n\n**CVE ID**: CVE-2023-0895 \n**CVSS Score**: 7.2 (High) \n**Researcher/s**: [Etan Imanol Castro Aldrete](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/etan-imanol-castro-aldrete>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/e4b6a9cd-4d29-4bd8-afa3-b5d455ad8340>\n\n* * *\n\n#### [Media Library Assistant <= 3.05 - Authenticated (Administrator+) SQL Injection](<https://wordfence.com/threat-intel/vulnerabilities/id/ecc59a6f-5e4a-44b4-932d-ed990ebb075a>) \n\n\n**CVE ID**: CVE-2023-0279 \n**CVSS Score**: 7.2 (High) \n**Researcher/s**: [Daniel Krohmer](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/daniel-krohmer>), [Kunal Sharma](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/kunal-sharma>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/ecc59a6f-5e4a-44b4-932d-ed990ebb075a>\n\n* * *\n\n#### [Archivist \u2013 Custom Archive Templates <= 1.7.4 - Cross-Site Request Forgery](<https://wordfence.com/threat-intel/vulnerabilities/id/4e381ad7-efe6-48c4-af3a-22d01d73a065>) \n\n\n**CVE ID**: CVE-2023-25448 \n**CVSS Score**: 7.1 (High) \n**Researcher/s**: [yuyudhn](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/yuyudhn>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/4e381ad7-efe6-48c4-af3a-22d01d73a065>\n\n* * *\n\n#### [Ocean Extra <= 2.1.2 - Authenticated (Subscriber+) Arbitrary Post Access](<https://wordfence.com/threat-intel/vulnerabilities/id/32192878-930a-4947-a38f-ec395c17e515>) \n\n\n**CVE ID**: CVE-2023-0749 \n**CVSS Score**: 6.5 (Medium) \n**Researcher/s**: [Erwan LR](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/erwan>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/32192878-930a-4947-a38f-ec395c17e515>\n\n* * *\n\n#### [Protected Posts Logout Button <= 1.4.5 - Missing Authorization on pplb_options_save](<https://wordfence.com/threat-intel/vulnerabilities/id/b87f8bd6-d00d-4062-bf27-b698a1d7e757>) \n\n\n**CVE ID**: CVE-2023-25454 \n**CVSS Score**: 6.5 (Medium) \n**Researcher/s**: [yuyudhn](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/yuyudhn>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/b87f8bd6-d00d-4062-bf27-b698a1d7e757>\n\n* * *\n\n#### [Profile Builder \u2013 User Profile & User Registration Forms <= 3.9.0 - Sensitive Information Disclosure via Shortcode](<https://wordfence.com/threat-intel/vulnerabilities/id/bbedad66-a5a6-4fb5-b03e-0ecf9fbef19a>) \n\n\n**CVE ID**: CVE-2023-0814 \n**CVSS Score**: 6.5 (Medium) \n**Researcher/s**: [Lana Codes](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/lana-codes>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/bbedad66-a5a6-4fb5-b03e-0ecf9fbef19a>\n\n* * *\n\n#### [Google Maps v3 Shortcode <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode](<https://wordfence.com/threat-intel/vulnerabilities/id/15123d5f-eb24-46e3-81ec-7dd4f108a42d>) \n\n\n**CVE ID**: CVE-2023-23827 \n**CVSS Score**: 6.4 (Medium) \n**Researcher/s**: [Lana Codes](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/lana-codes>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/15123d5f-eb24-46e3-81ec-7dd4f108a42d>\n\n* * *\n\n#### [WordPress Fancy Comments <= 1.2.10 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode](<https://wordfence.com/threat-intel/vulnerabilities/id/2508adc4-2a2f-4b6c-9b5a-da85d94226a0>) \n\n\n**CVE ID**: CVE-2023-23670 \n**CVSS Score**: 6.4 (Medium) \n**Researcher/s**: [Lana Codes](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/lana-codes>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/2508adc4-2a2f-4b6c-9b5a-da85d94226a0>\n\n* * *\n\n#### [Portfolio Slideshow <= 1.13.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode](<https://wordfence.com/threat-intel/vulnerabilities/id/26b5c665-b7f6-4481-b9e9-010f9e451d9b>) \n\n\n**CVE ID**: CVE-2023-23717 \n**CVSS Score**: 6.4 (Medium) \n**Researcher/s**: [Lana Codes](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/lana-codes>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/26b5c665-b7f6-4481-b9e9-010f9e451d9b>\n\n* * *\n\n#### [Resume Builder <= 3.1.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/3005c53e-eb09-479f-a4e4-b8d40583d80d>) \n\n\n**CVE ID**: CVE-2023-0078 \n**CVSS Score**: 6.4 (Medium) \n**Researcher/s**: [Lana Codes](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/lana-codes>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/3005c53e-eb09-479f-a4e4-b8d40583d80d>\n\n* * *\n\n#### [Ocean Extra <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/596e970b-5a40-46cd-aa32-ac6ace39c21b>) \n\n\n**CVE ID**: CVE-2023-24399 \n**CVSS Score**: 6.4 (Medium) \n**Researcher/s**: [Erwan LR](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/erwan>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/596e970b-5a40-46cd-aa32-ac6ace39c21b>\n\n* * *\n\n#### [Olevmedia Shortcodes <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/66607be6-cca1-4cbb-b1c0-708d640b1151>) \n\n\n**CVE ID**: CVE-2023-25798 \n**CVSS Score**: 6.4 (Medium) \n**Researcher/s**: [yuyudhn](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/yuyudhn>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/66607be6-cca1-4cbb-b1c0-708d640b1151>\n\n* * *\n\n#### [vSlider Multi Image Slider <= 4.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode](<https://wordfence.com/threat-intel/vulnerabilities/id/72a2449c-4292-45e6-bfe8-106f8043fcad>) \n\n\n**CVE ID**: CVE-2023-25797 \n**CVSS Score**: 6.4 (Medium) \n**Researcher/s**: [Lana Codes](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/lana-codes>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/72a2449c-4292-45e6-bfe8-106f8043fcad>\n\n* * *\n\n#### [Portfolio \u2013 WordPress Portfolio Plugin <= 2.8.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode](<https://wordfence.com/threat-intel/vulnerabilities/id/7c95bbba-6459-420f-a072-3b02c7d58ea0>) \n\n\n**CVE ID**: CVE-2023-23685 \n**CVSS Score**: 6.4 (Medium) \n**Researcher/s**: [Lana Codes](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/lana-codes>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/7c95bbba-6459-420f-a072-3b02c7d58ea0>\n\n* * *\n\n#### [Campaign URL Builder <= 1.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode](<https://wordfence.com/threat-intel/vulnerabilities/id/b2839fdc-5904-4c3b-894f-7bf7e8b2986a>) \n\n\n**CVE ID**: CVE-2023-0538 \n**CVSS Score**: 6.4 (Medium) \n**Researcher/s**: [Lana Codes](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/lana-codes>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/b2839fdc-5904-4c3b-894f-7bf7e8b2986a>\n\n* * *\n\n#### [Quick Paypal Payments <= 5.7.25 - Authenticated (Contributor+) Cross Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/b36303d6-ad28-4354-9f60-acc7df15f468>) \n\n\n**CVE ID**: CVE-2023-23889 \n**CVSS Score**: 6.4 (Medium) \n**Researcher/s**: [yuyudhn](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/yuyudhn>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/b36303d6-ad28-4354-9f60-acc7df15f468>\n\n* * *\n\n#### [Ultimate WP Query Search Filter <= 1.0.10 - Authenticated (Contributor+) Stored Cross Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/f3ef0c46-5765-458e-80c0-ecfc6ead6df6>) \n\n\n**CVE ID**: CVE-2023-23832 \n**CVSS Score**: 6.4 (Medium) \n**Researcher/s**: [Lana Codes](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/lana-codes>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/f3ef0c46-5765-458e-80c0-ecfc6ead6df6>\n\n* * *\n\n#### [vSlider Multi Image Slider <= 4.1.2 - Cross-Site Request Forgery](<https://wordfence.com/threat-intel/vulnerabilities/id/14376064-13c4-4874-afea-395af2a1933d>) \n\n\n**CVE ID**: CVE Unknown \n**CVSS Score**: 6.3 (Medium) \n**Researcher/s**: Unknown \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/14376064-13c4-4874-afea-395af2a1933d>\n\n* * *\n\n#### [Shoppable Images Lite <= 1.2.3 - Missing Authorization](<https://wordfence.com/threat-intel/vulnerabilities/id/413b2b38-44f2-4756-b66d-b6544c7ecaa2>) \n\n\n**CVE ID**: CVE Unknown \n**CVSS Score**: 6.3 (Medium) \n**Researcher/s**: [Rio Darmawan](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rio-darmawan>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/413b2b38-44f2-4756-b66d-b6544c7ecaa2>\n\n* * *\n\n#### [ALD Dropping and Fulfillment for AliExpress and WooCommerce <= 1.0.21 - Missing Authorization to Order Information Disclosure](<https://wordfence.com/threat-intel/vulnerabilities/id/75f0bc5a-f588-4aeb-9e55-72e180d39ddf>) \n\n\n**CVE ID**: CVE Unknown \n**CVSS Score**: 6.3 (Medium) \n**Researcher/s**: [Cat](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/cat>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/75f0bc5a-f588-4aeb-9e55-72e180d39ddf>\n\n* * *\n\n#### [vSlider Multi Image Slider <= 4.1.2 - Missing Authorization](<https://wordfence.com/threat-intel/vulnerabilities/id/f0c7324f-4c22-44e0-8d2a-9b95fd89467d>) \n\n\n**CVE ID**: CVE Unknown \n**CVSS Score**: 6.3 (Medium) \n**Researcher/s**: Unknown \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/f0c7324f-4c22-44e0-8d2a-9b95fd89467d>\n\n* * *\n\n#### [Twitch Player <= 2.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/03c8ec0a-f75f-450f-86e7-a18dfbae9461>) \n\n\n**CVE ID**: CVE-2023-25464 \n**CVSS Score**: 6.1 (Medium) \n**Researcher/s**: [yuyudhn](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/yuyudhn>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/03c8ec0a-f75f-450f-86e7-a18dfbae9461>\n\n* * *\n\n#### [WPGlobus Translate Options <= 2.1.0 - Reflected Cross-Site Scripting via page](<https://wordfence.com/threat-intel/vulnerabilities/id/bf0a1568-e97c-41ea-b2c3-ba335f0b4360>) \n\n\n**CVE ID**: CVE-2023-25711 \n**CVSS Score**: 6.1 (Medium) \n**Researcher/s**: [Ngo Van Thien](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/ngo-van-thien>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/bf0a1568-e97c-41ea-b2c3-ba335f0b4360>\n\n* * *\n\n#### [Interactive SVG Image Map Builder <= 1.0 - Authenticated(Admin+) Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/12d84de4-d97e-40cc-9805-fc9b7de8fa21>) \n\n\n**CVE ID**: CVE-2023-25704 \n**CVSS Score**: 5.5 (Medium) \n**Researcher/s**: [Lokesh Dachepalli](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/lokesh-dachepalli>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/12d84de4-d97e-40cc-9805-fc9b7de8fa21>\n\n* * *\n\n#### [Zeno Font Resizer <= 1.7.9 - Authenticated (Administrator+) Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/4dbba653-e23e-43e6-9dc5-83a6c99f8dc6>) \n\n\n**CVE ID**: CVE-2023-25442 \n**CVSS Score**: 5.5 (Medium) \n**Researcher/s**: [Rio Darmawan](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rio-darmawan>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/4dbba653-e23e-43e6-9dc5-83a6c99f8dc6>\n\n* * *\n\n#### [Quick Event Manager <= 9.6.4 - Authenticated(Admin+) Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/8962c601-2c2c-4b96-b8a4-fdc2ad8a2c08>) \n\n\n**CVE ID**: CVE-2022-46863 \n**CVSS Score**: 5.5 (Medium) \n**Researcher/s**: [Justiice](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/justiice>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/8962c601-2c2c-4b96-b8a4-fdc2ad8a2c08>\n\n* * *\n\n#### [Archivist \u2013 Custom Archive Templates <= 1.7.4 - Authenticated(Admin+) Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/90333dc7-8bdf-4a59-8001-7eb76b4bc61d>) \n\n\n**CVE ID**: CVE-2023-25490 \n**CVSS Score**: 5.5 (Medium) \n**Researcher/s**: [yuyudhn](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/yuyudhn>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/90333dc7-8bdf-4a59-8001-7eb76b4bc61d>\n\n* * *\n\n#### [Click to Call or Chat Buttons <= 1.4.0 - Authenticated(Admin+) Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/92880588-a733-43df-adf6-74fe6291822d>) \n\n\n**CVE ID**: CVE-2023-25710 \n**CVSS Score**: 5.5 (Medium) \n**Researcher/s**: [yuyudhn](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/yuyudhn>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/92880588-a733-43df-adf6-74fe6291822d>\n\n* * *\n\n#### [WP Prayer <= 1.9.6 - Authenticated(Admin+) Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/b9738054-058f-47be-9973-f119fbfd4396>) \n\n\n**CVE ID**: CVE-2023-25705 \n**CVSS Score**: 5.5 (Medium) \n**Researcher/s**: [Rio Darmawan](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rio-darmawan>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/b9738054-058f-47be-9973-f119fbfd4396>\n\n* * *\n\n#### [Robots.txt optimization <= 1.4.5 - Cross Site Request Forgery](<https://wordfence.com/threat-intel/vulnerabilities/id/03eed366-c018-44b9-bb72-56911e9957b8>) \n\n\n**CVE ID**: CVE-2023-25706 \n**CVSS Score**: 5.4 (Medium) \n**Researcher/s**: [Abdi Pranata](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/abdi-pranata>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/03eed366-c018-44b9-bb72-56911e9957b8>\n\n* * *\n\n#### [Cart All In One For WooCommerce <= 1.1.10 - Cross-Site Request Forgery to Cart Changes](<https://wordfence.com/threat-intel/vulnerabilities/id/1d5d2217-306c-4ea2-9727-5c02f7d67c2d>) \n\n\n**CVE ID**: CVE-2022-46806 \n**CVSS Score**: 5.4 (Medium) \n**Researcher/s**: [Cat](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/cat>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/1d5d2217-306c-4ea2-9727-5c02f7d67c2d>\n\n* * *\n\n#### [Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Cross-Site Request Forgery via handleSubmitAction function](<https://wordfence.com/threat-intel/vulnerabilities/id/272c6fbb-bc85-46d9-b139-87534b2a0842>) \n\n\n**CVE ID**: CVE-2022-40203 \n**CVSS Score**: 5.4 (Medium) \n**Researcher/s**: [Lana Codes](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/lana-codes>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/272c6fbb-bc85-46d9-b139-87534b2a0842>\n\n* * *\n\n#### [Shoppable Images <= 1.2.3 - Cross Site Request Forgery](<https://wordfence.com/threat-intel/vulnerabilities/id/2e6a78dc-9b67-4ab5-83f9-be82d05d3a13>) \n\n\n**CVE ID**: CVE-2023-25698 \n**CVSS Score**: 5.4 (Medium) \n**Researcher/s**: [Rio Darmawan](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rio-darmawan>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/2e6a78dc-9b67-4ab5-83f9-be82d05d3a13>\n\n* * *\n\n#### [VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in saveconfig function](<https://wordfence.com/threat-intel/vulnerabilities/id/385c6324-3d8e-4dc7-b8ca-309b05e7bdcc>) \n\n\n**CVE ID**: CVE-2023-25707 \n**CVSS Score**: 5.4 (Medium) \n**Researcher/s**: [Abdi Pranata](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/abdi-pranata>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/385c6324-3d8e-4dc7-b8ca-309b05e7bdcc>\n\n* * *\n\n#### [ALD Dropping and Fulfillment for AliExpress and WooCommerce <= 1.0.21 - Cross-Site Request Forgery to Order Information Disclosure](<https://wordfence.com/threat-intel/vulnerabilities/id/4352b2dc-d2a7-4cc9-a44f-1f5be46e2482>) \n\n\n**CVE ID**: CVE-2022-46811 \n**CVSS Score**: 5.4 (Medium) \n**Researcher/s**: [Cat](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/cat>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/4352b2dc-d2a7-4cc9-a44f-1f5be46e2482>\n\n* * *\n\n#### [VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in savetmplfile function](<https://wordfence.com/threat-intel/vulnerabilities/id/4ad32ff7-0557-439d-aa0f-49c5ea4271ab>) \n\n\n**CVE ID**: CVE-2023-25707 \n**CVSS Score**: 5.4 (Medium) \n**Researcher/s**: [Abdi Pranata](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/abdi-pranata>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/4ad32ff7-0557-439d-aa0f-49c5ea4271ab>\n\n* * *\n\n#### [Simple PDF Viewer <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via googlepdf Shortcode](<https://wordfence.com/threat-intel/vulnerabilities/id/89bc17fd-14e8-4210-8cf7-a043d1ea9c22>) \n\n\n**CVE ID**: CVE-2023-23817 \n**CVSS Score**: 5.4 (Medium) \n**Researcher/s**: [Lana Codes](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/lana-codes>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/89bc17fd-14e8-4210-8cf7-a043d1ea9c22>\n\n* * *\n\n#### [Podlove Subscribe button <= 1.3.7 - Cross-Site Request Forgery via process_form function](<https://wordfence.com/threat-intel/vulnerabilities/id/af695224-24e7-4d5b-b472-dee53eb6073f>) \n\n\n**CVE ID**: CVE-2023-25481 \n**CVSS Score**: 5.4 (Medium) \n**Researcher/s**: [yuyudhn](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/yuyudhn>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/af695224-24e7-4d5b-b472-dee53eb6073f>\n\n* * *\n\n#### [Protected Posts Logout Button <= 1.4.4 - Cross-Site Request Forgery to Settings Update](<https://wordfence.com/threat-intel/vulnerabilities/id/c79fd08c-97bc-4d55-832e-92d0897bc3dc>) \n\n\n**CVE ID**: CVE Unknown \n**CVSS Score**: 5.4 (Medium) \n**Researcher/s**: Unknown \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/c79fd08c-97bc-4d55-832e-92d0897bc3dc>\n\n* * *\n\n#### [VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in savetranslation function](<https://wordfence.com/threat-intel/vulnerabilities/id/d0631ac6-2d85-4073-be2c-05480deecf97>) \n\n\n**CVE ID**: CVE-2023-25707 \n**CVSS Score**: 5.4 (Medium) \n**Researcher/s**: [Abdi Pranata](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/abdi-pranata>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/d0631ac6-2d85-4073-be2c-05480deecf97>\n\n* * *\n\n#### [VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in savetranslationstay function](<https://wordfence.com/threat-intel/vulnerabilities/id/d2594cef-6bde-425f-9412-fd4ed3da312e>) \n\n\n**CVE ID**: CVE-2023-25707 \n**CVSS Score**: 5.4 (Medium) \n**Researcher/s**: [Abdi Pranata](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/abdi-pranata>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/d2594cef-6bde-425f-9412-fd4ed3da312e>\n\n* * *\n\n#### [Conditional Payments for WooCommerce <= 2.3.1 - Cross-Site Request Forgery](<https://wordfence.com/threat-intel/vulnerabilities/id/db15295f-505f-4a0a-bb3a-3ff6daf73008>) \n\n\n**CVE ID**: CVE-2022-46805 \n**CVSS Score**: 5.4 (Medium) \n**Researcher/s**: [Cat](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/cat>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/db15295f-505f-4a0a-bb3a-3ff6daf73008>\n\n* * *\n\n#### [Podlove Subscribe button <= 1.3.7 - Cross-Site Request Forgery via save function](<https://wordfence.com/threat-intel/vulnerabilities/id/eb9a6c9b-24fb-436f-b583-55adeedb726e>) \n\n\n**CVE ID**: CVE-2023-25481 \n**CVSS Score**: 5.4 (Medium) \n**Researcher/s**: [yuyudhn](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/yuyudhn>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/eb9a6c9b-24fb-436f-b583-55adeedb726e>\n\n* * *\n\n#### [Meta Slider and Carousel with Lightbox <= 1.6.2 - Cross-Site Request Forgery](<https://wordfence.com/threat-intel/vulnerabilities/id/f5f59b16-b38a-451b-b220-044598872735>) \n\n\n**CVE ID**: CVE-2023-25703 \n**CVSS Score**: 5.4 (Medium) \n**Researcher/s**: [Cat](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/cat>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/f5f59b16-b38a-451b-b220-044598872735>\n\n* * *\n\n#### [RegistrationMagic <= 5.1.9.2 - Cross-Site Request Forgery leading to Form Metadata Deletion](<https://wordfence.com/threat-intel/vulnerabilities/id/fcfb3a6e-7b58-4568-8439-e9c68a2223b9>) \n\n\n**CVE ID**: CVE-2023-25991 \n**CVSS Score**: 5.4 (Medium) \n**Researcher/s**: [Rafshanzani Suhada](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rafshanzani-suhada>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/fcfb3a6e-7b58-4568-8439-e9c68a2223b9>\n\n* * *\n\n#### [WordPress Social Login and Register <= 7.6.0 - Missing Authorization to Unauthenticated Arbitrary Content Deletion](<https://wordfence.com/threat-intel/vulnerabilities/id/021a25c9-7fad-425f-8104-bb4852603613>) \n\n\n**CVE ID**: CVE-2023-25455 \n**CVSS Score**: 5.3 (Medium) \n**Researcher/s**: [Rafshanzani Suhada](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rafshanzani-suhada>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/021a25c9-7fad-425f-8104-bb4852603613>\n\n* * *\n\n#### [WP Post Rating <= 2.4.6 - Missing Authorization to Vote Manipulation](<https://wordfence.com/threat-intel/vulnerabilities/id/96ab5bb0-724c-434b-acc4-be8265b4838f>) \n\n\n**CVE ID**: CVE-2023-25785 \n**CVSS Score**: 5.3 (Medium) \n**Researcher/s**: [yuyudhn](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/yuyudhn>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/96ab5bb0-724c-434b-acc4-be8265b4838f>\n\n* * *\n\n#### [Woodmart <= 7.0.4 - Unauthenticated Arbitrary Content Injection](<https://wordfence.com/threat-intel/vulnerabilities/id/cb1db880-0942-4fac-a548-8b6a28dce8c0>) \n\n\n**CVE ID**: CVE-2023-25790 \n**CVSS Score**: 5.3 (Medium) \n**Researcher/s**: [FearZzZz](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/fearzzzz>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/cb1db880-0942-4fac-a548-8b6a28dce8c0>\n\n* * *\n\n#### [VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in save_admin_widgets function](<https://wordfence.com/threat-intel/vulnerabilities/id/e2945971-80c6-44a2-bc65-1243af365692>) \n\n\n**CVE ID**: CVE-2023-25707 \n**CVSS Score**: 5.3 (Medium) \n**Researcher/s**: [Abdi Pranata](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/abdi-pranata>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/e2945971-80c6-44a2-bc65-1243af365692>\n\n* * *\n\n#### [All-In-One Security (AIOS) <= 5.1.4 - Authenticated(Admin+) Directory Traversal](<https://wordfence.com/threat-intel/vulnerabilities/id/03bf84e2-c101-416d-a953-c63ecd1dba7d>) \n\n\n**CVE ID**: CVE Unknown \n**CVSS Score**: 4.9 (Medium) \n**Researcher/s**: Unknown \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/03bf84e2-c101-416d-a953-c63ecd1dba7d>\n\n* * *\n\n#### [Campaign URL Builder <= 1.8.1 - Authenticated (Admin+) Stored Cross-Site Scripting via Create Link](<https://wordfence.com/threat-intel/vulnerabilities/id/06294c35-6d58-4270-b143-757831fc5da6>) \n\n\n**CVE ID**: CVE Unknown \n**CVSS Score**: 4.4 (Medium) \n**Researcher/s**: Unknown \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/06294c35-6d58-4270-b143-757831fc5da6>\n\n* * *\n\n#### [WP BaiDu Submit <= 1.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/2241fa07-b6b7-4e5d-8951-ae844a7b88e8>) \n\n\n**CVE ID**: CVE-2023-25796 \n**CVSS Score**: 4.4 (Medium) \n**Researcher/s**: [Rio Darmawan](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rio-darmawan>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/2241fa07-b6b7-4e5d-8951-ae844a7b88e8>\n\n* * *\n\n#### [Announce from the Dashboard <= 1.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/2b75dce8-3e31-45e8-b193-5df3e4391e56>) \n\n\n**CVE ID**: CVE-2023-25716 \n**CVSS Score**: 4.4 (Medium) \n**Researcher/s**: [Rio Darmawan](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rio-darmawan>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/2b75dce8-3e31-45e8-b193-5df3e4391e56>\n\n* * *\n\n#### [Sticky Ad Bar <= 1.3.1 - Authenticated (Admin+) Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/750a4a94-458c-4944-a99b-a1c8e23e57d1>) \n\n\n**CVE ID**: CVE-2023-25784 \n**CVSS Score**: 4.4 (Medium) \n**Researcher/s**: [Rio Darmawan](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rio-darmawan>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/750a4a94-458c-4944-a99b-a1c8e23e57d1>\n\n* * *\n\n#### [Easy Panorama <= 1.1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/783829c2-fe09-44a1-bbb5-2a694ad816ee>) \n\n\n**CVE ID**: CVE-2023-23799 \n**CVSS Score**: 4.4 (Medium) \n**Researcher/s**: [Rio Darmawan](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rio-darmawan>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/783829c2-fe09-44a1-bbb5-2a694ad816ee>\n\n* * *\n\n#### [Eyes Only: User Access Shortcode <= 1.8.2 - Authenticated (Administrator+) Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/7bbc181f-318e-48ea-a2f7-c668ad15c8a6>) \n\n\n**CVE ID**: CVE-2023-25786 \n**CVSS Score**: 4.4 (Medium) \n**Researcher/s**: [Rio Darmawan](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rio-darmawan>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/7bbc181f-318e-48ea-a2f7-c668ad15c8a6>\n\n* * *\n\n#### [Podlove Subscribe button <= 1.3.7 - Authenticated (Administrator+) Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/89058e5a-0f67-4162-ba3b-0a4353d1e0a9>) \n\n\n**CVE ID**: CVE-2023-25479 \n**CVSS Score**: 4.4 (Medium) \n**Researcher/s**: [yuyudhn](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/yuyudhn>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/89058e5a-0f67-4162-ba3b-0a4353d1e0a9>\n\n* * *\n\n#### [Quick Contact Form <= 8.0.3.1 - Authenticated (Admin+) Stored Cross Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/8b5e86be-8a35-48d8-a676-9f7074b81cb7>) \n\n\n**CVE ID**: CVE-2022-47608 \n**CVSS Score**: 4.4 (Medium) \n**Researcher/s**: [yuyudhn](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/yuyudhn>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/8b5e86be-8a35-48d8-a676-9f7074b81cb7>\n\n* * *\n\n#### [Feed Changer <= 0.2 - Authenticated (Admin+) Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/9198ffe4-2f9e-4d80-9f5d-cf967b3feb43>) \n\n\n**CVE ID**: CVE-2023-25795 \n**CVSS Score**: 4.4 (Medium) \n**Researcher/s**: [Rio Darmawan](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rio-darmawan>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/9198ffe4-2f9e-4d80-9f5d-cf967b3feb43>\n\n* * *\n\n#### [Inline Tweet Sharer <= 2.5.3 - Authenticated (Admin+) Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/9a85b549-f6a4-4dc3-9f2a-35d783099f96>) \n\n\n**CVE ID**: CVE-2023-24005 \n**CVSS Score**: 4.4 (Medium) \n**Researcher/s**: [yuyudhn](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/yuyudhn>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/9a85b549-f6a4-4dc3-9f2a-35d783099f96>\n\n* * *\n\n#### [Peadig's Like & Share Button <= 1.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/9d8e0ad2-3cfb-443f-9958-9639d0745dd7>) \n\n\n**CVE ID**: CVE-2023-25783 \n**CVSS Score**: 4.4 (Medium) \n**Researcher/s**: [Rio Darmawan](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rio-darmawan>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/9d8e0ad2-3cfb-443f-9958-9639d0745dd7>\n\n* * *\n\n#### [JSON Content Importer <= 1.3.15 - Authenticated (Admin+) Cross Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/a3839c47-5fd0-48e7-9637-d40bd237e122>) \n\n\n**CVE ID**: CVE-2023-25485 \n**CVSS Score**: 4.4 (Medium) \n**Researcher/s**: [Rio Darmawan](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rio-darmawan>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/a3839c47-5fd0-48e7-9637-d40bd237e122>\n\n* * *\n\n#### [Tapfiliate <= 3.0.12 - Authenticated (Administrator+) Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/a472e78c-ebd7-4ab8-9b47-96c526754387>) \n\n\n**CVE ID**: CVE-2023-25789 \n**CVSS Score**: 4.4 (Medium) \n**Researcher/s**: [Rio Darmawan](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rio-darmawan>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/a472e78c-ebd7-4ab8-9b47-96c526754387>\n\n* * *\n\n#### [Google Analytics Opt-Out <= 2.3.4 - Authenticated (Admin+) Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/a90ea845-9f7f-4a89-887d-cf4337f8471f>) \n\n\n**CVE ID**: CVE-2023-25712 \n**CVSS Score**: 4.4 (Medium) \n**Researcher/s**: [Rio Darmawan](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rio-darmawan>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/a90ea845-9f7f-4a89-887d-cf4337f8471f>\n\n* * *\n\n#### [WP\u8d44\u6e90\u4e0b\u8f7d\u7ba1\u7406 <= 1.3.9 - Authenticatministrator+) Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/aa7aad43-54b4-4b9f-9584-292e40be71bc>) \n\n\n**CVE ID**: CVE-2023-25787 \n**CVSS Score**: 4.4 (Medium) \n**Researcher/s**: [Rio Darmawan](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rio-darmawan>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/aa7aad43-54b4-4b9f-9584-292e40be71bc>\n\n* * *\n\n#### [WP Open Social <= 5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/be0dc9be-f597-46d8-badd-452e442a6d1a>) \n\n\n**CVE ID**: CVE-2023-25792 \n**CVSS Score**: 4.4 (Medium) \n**Researcher/s**: [Rio Darmawan](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rio-darmawan>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/be0dc9be-f597-46d8-badd-452e442a6d1a>\n\n* * *\n\n#### [WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.5.14 - Authenticated (Contributor+) Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/ca91046d-61c1-4a65-a078-c7dffb27092c>) \n\n\n**CVE ID**: CVE-2023-23710 \n**CVSS Score**: 4.4 (Medium) \n**Researcher/s**: [yuyudhn](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/yuyudhn>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/ca91046d-61c1-4a65-a078-c7dffb27092c>\n\n* * *\n\n#### [Service Area Postcode Checker <= 2.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/da8dd02f-0d9f-44a2-bcad-1e392668dd67>) \n\n\n**CVE ID**: CVE-2023-25782 \n**CVSS Score**: 4.4 (Medium) \n**Researcher/s**: [Rio Darmawan](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rio-darmawan>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/da8dd02f-0d9f-44a2-bcad-1e392668dd67>\n\n* * *\n\n#### [Nooz <= 1.6.0 - Authenticated (Admin+) Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/e8b5bc1b-c9dc-4ce5-86db-2802f5b49d0b>) \n\n\n**CVE ID**: CVE-2023-25794 \n**CVSS Score**: 4.4 (Medium) \n**Researcher/s**: [Rio Darmawan](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rio-darmawan>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/e8b5bc1b-c9dc-4ce5-86db-2802f5b49d0b>\n\n* * *\n\n#### [Simple Yearly Archive <= 2.1.8 - Authenticated (Administrator+) Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/e8d41006-ab36-4eed-8c17-2937ca7aff1b>) \n\n\n**CVE ID**: CVE-2023-25484 \n**CVSS Score**: 4.4 (Medium) \n**Researcher/s**: [Rio Darmawan](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rio-darmawan>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/e8d41006-ab36-4eed-8c17-2937ca7aff1b>\n\n* * *\n\n#### [Upload File Type Settings Plugin <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/f4dd4479-2f41-426f-b98c-7c654a82ccfe>) \n\n\n**CVE ID**: CVE-2023-25781 \n**CVSS Score**: 4.4 (Medium) \n**Researcher/s**: [Rio Darmawan](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rio-darmawan>) \n**Patch Status**: Unpatched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/f4dd4479-2f41-426f-b98c-7c654a82ccfe>\n\n* * *\n\n#### [Wp-Insert <= 2.5.0 Authenticated (Admin+) Stored Cross Site Scripting](<https://wordfence.com/threat-intel/vulnerabilities/id/f607b33a-58ef-4526-9ca1-aaa444aa12bc>) \n\n\n**CVE ID**: CVE-2023-25461 \n**CVSS Score**: 4.4 (Medium) \n**Researcher/s**: [Abdi Pranata](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/abdi-pranata>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/f607b33a-58ef-4526-9ca1-aaa444aa12bc>\n\n* * *\n\n#### [VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in admin_widgets_welcome function](<https://wordfence.com/threat-intel/vulnerabilities/id/035d5f4a-1145-48e0-8388-e319088ebd52>) \n\n\n**CVE ID**: CVE-2023-25707 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [Abdi Pranata](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/abdi-pranata>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/035d5f4a-1145-48e0-8388-e319088ebd52>\n\n* * *\n\n#### [Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Cross-Site Request Forgery via migrateCommonToProductOnly function](<https://wordfence.com/threat-intel/vulnerabilities/id/048768bf-326c-455e-919c-9691d6537062>) \n\n\n**CVE ID**: CVE-2022-40203 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [Lana Codes](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/lana-codes>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/048768bf-326c-455e-919c-9691d6537062>\n\n* * *\n\n#### [Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Missing Authorization in ajaxCalculatePrice function](<https://wordfence.com/threat-intel/vulnerabilities/id/0cefa293-c934-413e-b946-07e3060472ee>) \n\n\n**CVE ID**: CVE-2022-40203 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [Lana Codes](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/lana-codes>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/0cefa293-c934-413e-b946-07e3060472ee>\n\n* * *\n\n#### [WP VR <= 8.2.7 - Cross-Site Request Forgery](<https://wordfence.com/threat-intel/vulnerabilities/id/13a0dd72-1124-4b5d-9bad-fe4fea8e3e68>) \n\n\n**CVE ID**: CVE-2023-25708 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [Abdi Pranata](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/abdi-pranata>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/13a0dd72-1124-4b5d-9bad-fe4fea8e3e68>\n\n* * *\n\n#### [Schema - All In One Schema Rich Snippets <= 1.6.5 - Cross-Site Request Forgery in rich_snippet_dashboard](<https://wordfence.com/threat-intel/vulnerabilities/id/23b018d3-3451-4ae8-b571-07e931ad23df>) \n\n\n**CVE ID**: CVE-2023-25058 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [Rio Darmawan](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rio-darmawan>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/23b018d3-3451-4ae8-b571-07e931ad23df>\n\n* * *\n\n#### [GamiPress <= 2.5.6 - Missing Authorization to User Points Updates](<https://wordfence.com/threat-intel/vulnerabilities/id/4c2ce765-018a-4292-b150-7905723d1335>) \n\n\n**CVE ID**: CVE-2023-25715 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [Dave Jong](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/dave-jong>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/4c2ce765-018a-4292-b150-7905723d1335>\n\n* * *\n\n#### [Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Cross-Site Request Forgery via migrateProductOnlyToCommon function](<https://wordfence.com/threat-intel/vulnerabilities/id/4f062ef2-ef94-47c2-8eba-dc7ff6c2537d>) \n\n\n**CVE ID**: CVE-2022-40203 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [Lana Codes](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/lana-codes>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/4f062ef2-ef94-47c2-8eba-dc7ff6c2537d>\n\n* * *\n\n#### [Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Missing Authorization in migrateProductOnlyToCommon function](<https://wordfence.com/threat-intel/vulnerabilities/id/59ff3445-0dfd-4a1a-9ac8-d088b8f4dbf3>) \n\n\n**CVE ID**: CVE-2022-40203 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [Lana Codes](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/lana-codes>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/59ff3445-0dfd-4a1a-9ac8-d088b8f4dbf3>\n\n* * *\n\n#### [AutomatorWP <= 2.5.8 - Cross Site Request Forgery via bulk_delete](<https://wordfence.com/threat-intel/vulnerabilities/id/5ebdf903-828e-4a22-953a-17d85984b576>) \n\n\n**CVE ID**: CVE Unknown \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: Unknown \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/5ebdf903-828e-4a22-953a-17d85984b576>\n\n* * *\n\n#### [VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in exec_multitask_widgets function](<https://wordfence.com/threat-intel/vulnerabilities/id/6adc0154-169a-4d72-8687-66dbf6766139>) \n\n\n**CVE ID**: CVE-2023-25707 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [Abdi Pranata](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/abdi-pranata>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/6adc0154-169a-4d72-8687-66dbf6766139>\n\n* * *\n\n#### [Locatoraid Store Locator <= 3.9.11 - Cross Site Request Forgery in grab](<https://wordfence.com/threat-intel/vulnerabilities/id/7feecce5-f2ce-4278-b648-e363b1fa5d7a>) \n\n\n**CVE ID**: CVE-2023-25709 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [Ngo Van Thien](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/ngo-van-thien>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/7feecce5-f2ce-4278-b648-e363b1fa5d7a>\n\n* * *\n\n#### [WordPress Email Marketing Plugin \u2013 WP Email Capture <= 3.9.3 - Cross Site Request Forgery](<https://wordfence.com/threat-intel/vulnerabilities/id/8f052dfc-609d-43ed-a8bb-e30294749d03>) \n\n\n**CVE ID**: CVE-2023-23724 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [yuyudhn](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/yuyudhn>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/8f052dfc-609d-43ed-a8bb-e30294749d03>\n\n* * *\n\n#### [Get URL Cron <= 1.4.7 - Cross-Site Request Forgery via geturlcron_action_handle](<https://wordfence.com/threat-intel/vulnerabilities/id/934b2767-eae4-4c2d-a635-2e6a27fd9f49>) \n\n\n**CVE ID**: CVE Unknown \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [Rio Darmawan](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rio-darmawan>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/934b2767-eae4-4c2d-a635-2e6a27fd9f49>\n\n* * *\n\n#### [OAuth Single Sign On \u2013 SSO (OAuth Client) <= 6.24.1- Cross-Site Request Forgery](<https://wordfence.com/threat-intel/vulnerabilities/id/a250f678-1ec7-48ea-8b81-e5ef89992155>) \n\n\n**CVE ID**: CVE Unknown \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: Unknown \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/a250f678-1ec7-48ea-8b81-e5ef89992155>\n\n* * *\n\n#### [NextGEN Gallery <= 3.28 - Cross-Site Request Forgery leading to Post Thumbnail Change](<https://wordfence.com/threat-intel/vulnerabilities/id/a841456c-2a01-4caf-bebe-e018b92697d8>) \n\n\n**CVE ID**: CVE-2022-38468 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [Lana Codes](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/lana-codes>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/a841456c-2a01-4caf-bebe-e018b92697d8>\n\n* * *\n\n#### [VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in widgets_watch_data function](<https://wordfence.com/threat-intel/vulnerabilities/id/b07b46a6-8a5d-40cb-8af9-baf0f1722736>) \n\n\n**CVE ID**: CVE-2023-25707 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [Abdi Pranata](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/abdi-pranata>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/b07b46a6-8a5d-40cb-8af9-baf0f1722736>\n\n* * *\n\n#### [VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in exec_admin_widget function](<https://wordfence.com/threat-intel/vulnerabilities/id/b5ef15c4-c96b-4e88-a941-e34d23a0e06a>) \n\n\n**CVE ID**: CVE-2023-25707 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [Abdi Pranata](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/abdi-pranata>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/b5ef15c4-c96b-4e88-a941-e34d23a0e06a>\n\n* * *\n\n#### [Tickera <= 3.5.1.0 - Cross-Site Request Forgery to Ticket Post Status Change](<https://wordfence.com/threat-intel/vulnerabilities/id/bb0f8a0c-d02f-46e2-8808-3ffada105d13>) \n\n\n**CVE ID**: CVE-2023-23726 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [Lana Codes](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/lana-codes>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/bb0f8a0c-d02f-46e2-8808-3ffada105d13>\n\n* * *\n\n#### [TeraWallet \u2013 For WooCommerce <= 1.3.24 - Cross-Site Request Forgery via admin_options](<https://wordfence.com/threat-intel/vulnerabilities/id/d274f8b1-0f7c-44cc-8063-3d04a33a9404>) \n\n\n**CVE ID**: CVE-2022-40198 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [Muhammad Daffa](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/muhammad-daffa>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/d274f8b1-0f7c-44cc-8063-3d04a33a9404>\n\n* * *\n\n#### [Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Missing Authorization in migrateCommonToProductOnly function](<https://wordfence.com/threat-intel/vulnerabilities/id/de46743b-2cc6-4a29-bbc4-bc6cfb540e26>) \n\n\n**CVE ID**: CVE-2022-40203 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [Lana Codes](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/lana-codes>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/de46743b-2cc6-4a29-bbc4-bc6cfb540e26>\n\n* * *\n\n#### [Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Missing Authorization in ajaxCalculateSeveralProducts function](<https://wordfence.com/threat-intel/vulnerabilities/id/f58f994e-0a9b-4b40-9e38-535169c793d3>) \n\n\n**CVE ID**: CVE-2022-40203 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [Lana Codes](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/lana-codes>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/f58f994e-0a9b-4b40-9e38-535169c793d3>\n\n* * *\n\n#### [GamiPress <= 2.5.6 - Cross-Site Request Forgery to User Earnings Deletion](<https://wordfence.com/threat-intel/vulnerabilities/id/ff4b757a-9ede-496b-b559-cf952d39fe70>) \n\n\n**CVE ID**: CVE-2023-25697 \n**CVSS Score**: 4.3 (Medium) \n**Researcher/s**: [Dave Jong](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/dave-jong>) \n**Patch Status**: Patched \n**Vulnerability Details:** <https://wordfence.com/threat-intel/vulnerabilities/id/ff4b757a-9ede-496b-b559-cf952d39fe70>\n\n* * *\n\nIf you'd like to receive this weekly vulnerability report by email, along with Wordfence Intelligence CE product updates, sign up to the Wordfence Intelligence Community Edition Newsletter by filling out this form below.\n\n* * *\n\n_Are you a security researcher who would like to be featured in our weekly vulnerability report?_ You can responsibly disclose your WordPress vulnerability discoveries to us and [obtain a CVE ID through this form](<https://www.wordfence.com/request-cve/>). Responsibly disclosing your vulnerability discoveries to us will also get your name added on the [Wordfence Intelligence Community Edition leaderboard](<https://www.wordfence.com/threat-intel/vulnerabilities/researchers/>) along with being mentioned in our weekly vulnerability report.\n\nThe post [Wordfence Intelligence CE Weekly Vulnerability Report (Feb 13, 2023 to Feb 19, 2023)](<https://www.wordfence.com/blog/2023/02/wordfence-intelligence-ce-weekly-vulnerability-report-feb-13-2023-to-feb-19-2023/>) appeared first on [Wordfence](<https://www.wordfence.com>).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-23T16:30:44", "type": "wordfence", "title": "Wordfence Intelligence CE Weekly Vulnerability Report (Feb 13, 2023 to Feb 19, 2023)", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-38468", "CVE-2022-40198", "CVE-2022-40203", "CVE-2022-4328", "CVE-2022-46805", "CVE-2022-46806", "CVE-2022-46811", "CVE-2022-46863", "CVE-2022-47433", "CVE-2022-47608", "CVE-2023-0078", "CVE-2023-0279", "CVE-2023-0291", "CVE-2023-0538", "CVE-2023-0749", "CVE-2023-0814", "CVE-2023-0895", "CVE-2023-23670", "CVE-2023-23685", "CVE-2023-23706", "CVE-2023-23710", "CVE-2023-23717", "CVE-2023-23724", "CVE-2023-23726", "CVE-2023-23799", "CVE-2023-23817", "CVE-2023-23827", "CVE-2023-23832", "CVE-2023-23889", "CVE-2023-24000", "CVE-2023-24005", "CVE-2023-24399", "CVE-2023-25045", "CVE-2023-25047", "CVE-2023-25058", "CVE-2023-25442", "CVE-2023-25448", "CVE-2023-25454", "CVE-2023-25455", "CVE-2023-25461", "CVE-2023-25464", "CVE-2023-25479", "CVE-2023-25481", "CVE-2023-25484", "CVE-2023-25485", "CVE-2023-25490", "CVE-2023-25697", "CVE-2023-25698", "CVE-2023-25701", "CVE-2023-25703", "CVE-2023-25704", "CVE-2023-25705", "CVE-2023-25706", "CVE-2023-25707", "CVE-2023-25708", "CVE-2023-25709", "CVE-2023-25710", "CVE-2023-25711", "CVE-2023-25712", "CVE-2023-25714", "CVE-2023-25715", "CVE-2023-25716", "CVE-2023-25781", "CVE-2023-25782", "CVE-2023-25783", "CVE-2023-25784", "CVE-2023-25785", "CVE-2023-25786", "CVE-2023-25787", "CVE-2023-25789", "CVE-2023-25790", "CVE-2023-25792", "CVE-2023-25794", "CVE-2023-25795", "CVE-2023-25796", "CVE-2023-25797", "CVE-2023-25798", "CVE-2023-25991"], "modified": "2023-02-23T16:30:44", "id": "WORDFENCE:ECA270437FB0C9374EE710EF3456BBB9", "href": "https://www.wordfence.com/blog/2023/02/wordfence-intelligence-ce-weekly-vulnerability-report-feb-13-2023-to-feb-19-2023/", "cvss": {"score": 0.0, "vector": "NONE"}}]}

CVE-2023-25711

Description

Affected Software

Related