9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
56.3%
Last week, there were 82 vulnerabilities disclosed in 70 WordPress Plugins and 1 WordPress theme that have been added to the Wordfence Intelligence Vulnerability Database, and there were 34 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface and vulnerability API are completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
_Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published. _
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Patch Status | Number of Vulnerabilities |
---|---|
Unpatched | 21 |
Patched | 61 |
Severity Rating | Number of Vulnerabilities |
---|---|
Low Severity | 1 |
Medium Severity | 65 |
High Severity | 14 |
Critical Severity | 2 |
Vulnerability Type by CWE | Number of Vulnerabilities |
---|---|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 37 |
Cross-Site Request Forgery (CSRF) | 23 |
Missing Authorization | 11 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 7 |
Information Exposure | 2 |
URL Redirection to Untrusted Site ('Open Redirect') | 1 |
Deserialization of Untrusted Data | 1 |
Researcher Name | Number of Vulnerabilities |
---|---|
Lana Codes | 9 |
Rio Darmawan | 8 |
thiennv | 5 |
Erwan LR | 4 |
yuyudhn | 4 |
Dave Jong | 3 |
MyungJu Kim | 3 |
dc11 | 3 |
Mika | 2 |
minhtuanact | 2 |
TEAM WEBoB of BoB 11th | 2 |
Juampa Rodríguez | 1 |
nlpro | 1 |
Abdi Pranata | 1 |
muhga | 1 |
Shreya Pohekar | 1 |
Muhammad Daffa | 1 |
Cat | 1 |
Junsu Yeo | 1 |
Jerome Bruandet | 1 |
Kunal Sharma | 1 |
Daniel Krohmer | 1 |
Le Ngoc Anh | 1 |
Alex Sanford | 1 |
Joshua Martinelle | 1 |
Marco Wotschka | 1 |
Jeong Seong Ho | 1 |
Phd | 1 |
qilin_99 | 1 |
pilvar | 1 |
Alex Thomas | 1 |
Rafshanzani Suhada | 1 |
Justiice | 1 |
Yuki Haruma | 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
Software Name | Software Slug |
---|---|
AI ChatBot | chatbot |
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup | armember-membership |
Advanced Local Pickup for WooCommerce | advanced-local-pickup-for-woocommerce |
Advanced Page Visit Counter – Advanced WordPress Visit Counter | advanced-page-visit-counter |
Advanced Shipment Tracking for WooCommerce | woo-advanced-shipment-tracking |
Affiliates Manager | affiliates-manager |
Albo Pretorio On line | albo-pretorio-on-line |
Conditional cart fee / Extra charge rule for WooCommerce extra fees | conditional-extra-fees-for-woocommerce |
Configurable Tag Cloud (CTC) | configurable-tag-cloud-widget |
Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress | contest-gallery |
Continuous Image Carousel With Lightbox | continuous-image-carousel-with-lightbox |
Coupon Affiliates – WooCommerce Affiliate Plugin | woo-coupon-usage |
Custom More Link Complete | custom-more-link-complete |
Custom Post Type UI | custom-post-type-ui |
Custom Post Type and Taxonomy GUI Manager | custom-post-type-cpt-cusom-taxonomy-ct-manager |
Direct checkout, Add to cart redirect, Quick purchase button, Buy now button, Quick View button for WooCommerce | add-to-cart-direct-checkout-for-woocommerce |
Easy Forms for Mailchimp | yikes-inc-easy-mailchimp-extender |
Easy Media Replace | easy-media-replace |
Easy Quiz Maker | n-media-wp-simple-quiz |
Elementor Website Builder Pro | elementor-pro |
Enhanced WP Contact Form | enhanced-wordpress-contactform |
Feed Them Social – Page, Post, Video, and Photo Galleries | feed-them-social |
FileBird – WordPress Media Library Folders & File Manager | filebird |
Full Width Banner Slider Wp | full-width-responsive-slider-wp |
GMAce | gmace |
Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress | gallery-plugin |
Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) | gift-voucher |
HT Menu – WordPress Mega Menu Builder for Elementor | ht-menu-lite |
Happy Addons for Elementor | happy-elementor-addons |
HappyFiles Pro | happyfiles-pro |
Health Check & Troubleshooting | health-check |
JustTables – WooCommerce Product Table | just-tables |
LionScripts: IP Blocker Lite | ip-address-blocker |
MS-Reviews | ms-reviews |
Maps Widget for Google Maps | google-maps-widget |
Mega Main Menu | mega_main_menu |
Mobile Banner | mobile-banner |
Newsletter – Send awesome emails from WordPress | newsletter |
Order date, Order pickup, Order date time, Pickup Location, delivery date for WooCommerce | pi-woocommerce-order-date-time-and-type |
Pagination by BestWebSoft – Customizable WordPress Content Splitter and Navigation Plugin | pagination |
Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | wp-user-avatar |
PixFields | pixfields |
Popup Anything – A Marketing Popup and Lead Generation Conversions | popup-anything-on-click |
Premmerce Redirect Manager | premmerce-redirect-manager |
Product Specifications for Woocommerce | product-specifications |
Quick Paypal Payments | quick-paypal-payments |
Really Simple Google Tag Manager | really-simple-google-tag-manager |
Responsive Vertical Icon Menu | wpdevart-vertical-menu |
Review Stream | review-stream |
Simple Author Box | simple-author-box |
Slimstat Analytics | wp-slimstat |
Social Proof (Testimonial) Slider | social-proof-testimonials-slider |
Swatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches) | swatchly |
Themeflection Numbers – Number Counter and Animated Numbers | tf-numbers-number-counter-animaton |
Trending/Popular Post Slider and Widget | wp-trending-post-slider-and-widget |
Video Central for WordPress | video-central |
WC Fields Factory | wc-fields-factory |
WP Image Carousel | wp-image-carousel |
WP Meta SEO | wp-meta-seo |
WP VR – 360 Panorama and Virtual Tour Builder For WordPress | wpvr |
WPMobile.App — Android and iOS Mobile Application | wpappninja |
Weaver Show Posts | show-posts |
Welcome Bar | intelly-welcome-bar |
WishSuite – Wishlist for WooCommerce | wishsuite |
Woocommerce Custom Checkout Fields Editor With Drag & Drop | woo-custom-checkout-fields |
WordPress Contact Forms by Cimatti | contact-forms |
Wp Ultimate Review | wp-ultimate-review |
Zippy | zippy |
affiliate-toolkit – WordPress Affiliate Plugin | affiliate-toolkit-starter |
iThemes Security | better-wp-security |
Software Name | Software Slug |
---|---|
Viral Mag | [viral-mag](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/Viral Mag>) |
Affected Software: ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup CVE ID: CVE-2022-46808 CVSS Score: 9.8 (Critical) Researcher/s: Le Ngoc Anh Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7ff230b0-c186-41fc-93a5-2ed90e8aab4d>
Affected Software: Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) CVE ID: CVE-2023-28662 CVSS Score: 9.8 (Critical) Researcher/s: Joshua Martinelle Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a10a3f01-082d-4a94-89c6-b5b46891aa4d>
Affected Software: Elementor Website Builder Pro CVE ID: CVE Unknown CVSS Score: 8.8 (High) Researcher/s: Jerome Bruandet Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/570474f2-c118-45e1-a237-c70b849b2d3c>
Affected Software: WC Fields Factory CVE ID: CVE Unknown CVSS Score: 8.8 (High) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5c51f55f-6e8c-467c-999b-4e6a1a6f7bbc>
Affected Software: GMAce CVE ID: CVE-2023-1509 CVSS Score: 8.8 (High) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/826b3913-9a37-4e15-80fd-b35cefb51af8>
Affected Software: Advanced Page Visit Counter – Advanced WordPress Visit Counter CVE ID: CVE-2023-28788 CVSS Score: 8.8 (High) Researcher/s: minhtuanact Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/871e5091-bb20-4a53-83e2-85ed6f26247a>
Affected Software: WP Meta SEO CVE ID: CVE-2023-1381 CVSS Score: 8.8 (High) Researcher/s: Alex Sanford Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9f07d76e-1973-4ea7-b448-666466cd688f>
Affected Software: Slimstat Analytics CVE ID: CVE Unknown CVSS Score: 8.8 (High) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/af075ffe-553a-4351-a696-5c678788f3b9>
Affected Software: Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress CVE ID: CVE-2023-0765 CVSS Score: 8.8 (High) Researcher/s: dc11 Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cbfbb06c-f048-4912-9ff7-59aa10bc96bd>
Affected Software: Themeflection Numbers – Number Counter and Animated Numbers CVE ID: CVE-2023-0889 CVSS Score: 8.8 (High) Researcher/s: dc11 Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/db6616b5-4c4e-4cc7-83eb-22fac94f47f2>
Affected Software: Easy Media Replace CVE ID: CVE-2022-46850 CVSS Score: 8.1 (High) Researcher/s: Jeong Seong Ho Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/abb4af63-37fe-49b7-8f70-ac9c7e47e939>
Affected Software: WC Fields Factory CVE ID: CVE-2023-0277 CVSS Score: 7.2 (High) Researcher/s: Kunal Sharma, Daniel Krohmer Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/70ca7ad4-6848-4f87-ae2d-4b9c2ffa668e>
Affected Software: Easy Quiz Maker CVE ID: CVE Unknown CVSS Score: 7.2 (High) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8566a5ad-df8a-4843-82c9-05da9d44582d>
Affected Software: Coupon Affiliates – WooCommerce Affiliate Plugin CVE ID: CVE-2023-28992 CVSS Score: 7.2 (High) Researcher/s: thiennv Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a0d93ee4-63e1-4fa7-9346-f56354124b9a>
Affected Software: WordPress Contact Forms by Cimatti CVE ID: CVE-2023-28781 CVSS Score: 7.2 (High) Researcher/s: thiennv Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b4b2587a-e84e-4149-b9ac-ecf36451f815>
Affected Software: Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress CVE ID: CVE-2022-47444 CVSS Score: 7.2 (High) Researcher/s: pilvar Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c8416840-c022-40a1-bcd3-17b34df11d95>
Affected Software: WP Image Carousel CVE ID: CVE-2023-0589 CVSS Score: 6.5 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0f4bb514-80bd-4d66-a60f-0a6a287af5de>
Affected Software: Easy Forms for Mailchimp CVE ID: CVE-2023-1325 CVSS Score: 6.4 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1be5da88-723a-4386-a73e-3fe90eefb6ba>
Affected Software: MS-Reviews CVE ID: CVE-2023-0424 CVSS Score: 6.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/68fd5e6f-9883-4e8f-9c4f-5905b487629a>
Affected Software: Video Central for WordPress CVE ID: CVE-2023-0418 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/87eb6644-fd70-42a1-b05d-b166cb89c45c>
Affected Software: Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress CVE ID: CVE-2023-0764 CVSS Score: 6.4 (Medium) Researcher/s: dc11 Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/94868d48-2d36-49f1-9da1-7965ecaeae3c>
Affected Software: Weaver Show Posts CVE ID: CVE-2023-1404 CVSS Score: 6.4 (Medium) Researcher/s: Alex Thomas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c8647c44-4879-4895-bd07-19f7d62a7326>
Affected Software: PixFields CVE ID: CVE-2022-46844 CVSS Score: 6.4 (Medium) Researcher/s: Justiice Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e7f86396-2f3f-4cd6-b3d4-e518b074a579>
Affected Software: HappyFiles Pro CVE ID: CVE-2023-25446 CVSS Score: 6.3 (Medium) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7bfabeb4-c57d-412a-b27b-a6387d30081f>
Affected Software: HappyFiles Pro CVE ID: CVE-2023-25445 CVSS Score: 6.3 (Medium) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d293f35a-a42f-441f-b521-da0ba9887c45>
Affected Software: Health Check & Troubleshooting CVE ID: CVE Unknown CVSS Score: 6.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e8d75eb6-2a9f-4c33-9e15-db7db037b67e>
Affected Software: Continuous Image Carousel With Lightbox CVE ID: CVE-2023-28792 CVSS Score: 6.1 (Medium) Researcher/s: thiennv Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0b4651d8-dad7-4f6f-a47d-2095b9d2bdca>
Affected Software: Custom Post Type and Taxonomy GUI Manager CVE ID: CVE-2023-0420 CVSS Score: 6.1 (Medium) Researcher/s: Shreya Pohekar Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/26c75a0a-8590-4ac7-814e-29e0c2d0822e>
Affected Software: Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress CVE ID: CVE-2023-28784 CVSS Score: 6.1 (Medium) Researcher/s: thiennv Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7dbd3b23-cebc-4212-bcae-c6f23031c040>
Affected Software: Product Specifications for Woocommerce CVE ID: CVE-2022-46858 CVSS Score: 6.1 (Medium) Researcher/s: TEAM WEBoB of BoB 11th Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/916d4f2f-769b-4902-9464-f55d8f64c9d2>
Affected Software: Responsive Vertical Icon Menu CVE ID: CVE Unknown CVSS Score: 6.1 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9a999044-5d4a-4415-a3b9-28c564e63a25>
Affected Software: Woocommerce Custom Checkout Fields Editor With Drag & Drop CVE ID: CVE-2022-46864 CVSS Score: 6.1 (Medium) Researcher/s: TEAM WEBoB of BoB 11th Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9e3899d8-170e-481f-8c80-90addc66eb41>
Affected Software: Albo Pretorio On line CVE ID: CVE-2023-28750 CVSS Score: 6.1 (Medium) Researcher/s: Phd Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ad8f8c41-a3b9-4287-b6b2-489fb77b7553>
Affected Software: WordPress Contact Forms by Cimatti CVE ID: CVE-2023-28789 CVSS Score: 6.1 (Medium) Researcher/s: thiennv Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b512f9a9-6c83-416c-bacc-ee3bba8dfe29>
Affected Software: Easy Forms for Mailchimp CVE ID: CVE-2023-1324 CVSS Score: 6.1 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c30d517b-e051-408c-a022-4399c3d62390>
Affected Software: Full Width Banner Slider Wp CVE ID: CVE-2023-24392 CVSS Score: 6.1 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cb4bb127-360d-4f17-9da9-f7be17140ff3>
Affected Software: affiliate-toolkit – WordPress Affiliate Plugin CVE ID: CVE-2023-23786 CVSS Score: 5.5 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8dda7b14-c341-434b-85f1-029f384c65d6>
Affected Software: Mega Main Menu CVE ID: CVE-2023-1575 CVSS Score: 5.5 (Medium) Researcher/s: Marco Wotschka Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a44ce6a3-0a9d-4bce-9251-f3a38b000645>
Affected Software: Continuous Image Carousel With Lightbox CVE ID: CVE-2023-28776 CVSS Score: 5.4 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3a196177-2786-4f6d-8076-f0232e4d5a5d>
Affected Software: LionScripts: IP Blocker Lite CVE ID: CVE-2023-23993 CVSS Score: 5.4 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/45d3f82b-9e19-4678-8995-7fe265606fd2>
Affected Software: AI ChatBot CVE ID: CVE Unknown CVSS Score: 5.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b33bf55c-0397-44a2-8c18-ea5f8f1e2ec9>
Affected Software: FileBird – WordPress Media Library Folders & File Manager CVE ID: CVE-2023-25966 CVSS Score: 5.4 (Medium) Researcher/s: Rafshanzani Suhada Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d5a6e9f4-dbc3-4af0-b9e4-4c9ad7b5fe9f>
Affected Software: Custom Post Type UI CVE ID: CVE-2023-1623 CVSS Score: 5.4 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f28afb93-b72a-4a56-994b-144124202147>
Affected Software: JustTables – WooCommerce Product Table CVE ID: CVE-2023-23803 CVSS Score: 5.3 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c2b795d8-3cab-4d81-a016-b4498315ddf4>
Affected Software: iThemes Security CVE ID: CVE-2023-28786 CVSS Score: 4.7 (Medium) Researcher/s: nlpro Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/047cd34e-f2a1-4643-a1c5-3ead926b83ca>
Affected Software: Newsletter – Send awesome emails from WordPress CVE ID: CVE Unknown CVSS Score: 4.7 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fa49346c-726e-41f9-8a74-adaa4a8fa5d9>
Affected Software: WPMobile.App — Android and iOS Mobile Application CVE ID: CVE-2023-28932 CVSS Score: 4.4 (Medium) Researcher/s: Juampa Rodríguez Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/02b5aefe-ba27-4273-927c-7779df83eb18>
Affected Software: Quick Paypal Payments CVE ID: CVE Unknown CVSS Score: 4.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1a507489-f337-4b47-9506-daea1b426798>
Affected Software: Review Stream CVE ID: CVE-2023-28774 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1b645d0e-daee-4926-af47-05cacf811fbf>
Affected Software: Conditional cart fee / Extra charge rule for WooCommerce extra fees CVE ID: CVE-2023-29093 CVSS Score: 4.4 (Medium) Researcher/s: MyungJu Kim Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/797840ba-5589-42d6-9d50-52bf8c131d6e>
Affected Software: Enhanced WP Contact Form CVE ID: CVE-2023-23812 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5e91a6bd-05ae-4088-8c1f-bc5598545606>
Affected Software: Custom More Link Complete CVE ID: CVE-2023-23788 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/698079d0-b539-431c-98c3-c69d0352d214>
Affected Software: Direct checkout, Add to cart redirect, Quick purchase button, Buy now button, Quick View button for WooCommerce CVE ID: CVE-2023-28988 CVSS Score: 4.4 (Medium) Researcher/s: MyungJu Kim Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6cc218fb-6c2a-4676-b2d7-86abe01c1530>
Affected Software: Enhanced WP Contact Form CVE ID: CVE Unknown CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/71548a7f-43a5-4f71-8add-45f675e8aa66>
Affected Software: Premmerce Redirect Manager CVE ID: CVE-2023-23789 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b2e8f9b7-1fce-46be-8198-eeff58a563c6>
Affected Software: Wp Ultimate Review CVE ID: CVE-2023-28751 CVSS Score: 4.4 (Medium) Researcher/s: qilin_99 Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c198008f-271e-431e-beb9-3a9f93cbbf8e>
Affected Software: Social Proof (Testimonial) Slider CVE ID: CVE-2023-24389 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e324cd49-beaf-44bf-8890-5377731f0cc5>
Affected Software: Order date, Order pickup, Order date time, Pickup Location, delivery date for WooCommerce CVE ID: CVE-2023-28991 CVSS Score: 4.4 (Medium) Researcher/s: MyungJu Kim Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f19006a0-6848-467b-90ed-33b3ebd2c7ba>
Affected Software: Pagination by BestWebSoft – Customizable WordPress Content Splitter and Navigation Plugin CVE ID: CVE-2023-28778 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ffbb85c5-e949-4c0f-8c02-2c022b802e05>
Affected Software: Maps Widget for Google Maps CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0472804e-00cc-4c4c-97aa-86f433f65782>
Affected Software: Feed Them Social – Page, Post, Video, and Photo Galleries CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/057ab824-8071-4c3c-9a57-f9a0043a9ad5>
Affected Software: Advanced Local Pickup for WooCommerce CVE ID: CVE-2022-40702 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/05ff8080-59e5-4d48-a69b-275a89eef758>
Affected Software: Configurable Tag Cloud (CTC) CVE ID: CVE-2023-28995 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0775b36b-d543-41f9-a20d-f629b40c70d7>
Affected Software: Advanced Local Pickup for WooCommerce CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0b3fa78c-d97f-43bf-b3e9-47d6aa41b458>
Affected Software: Popup Anything – A Marketing Popup and Lead Generation Conversions CVE ID: CVE-2022-38077 CVSS Score: 4.3 (Medium) Researcher/s: muhga Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/11ea3e40-8802-43ea-9816-973a15d7904d>
Affected Software: Happy Addons for Elementor CVE ID: CVE-2023-28989 CVSS Score: 4.3 (Medium) Researcher/s: Muhammad Daffa Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/27439d44-f2ff-4c20-965f-25d12c83781c>
Affected Software: Viral Mag CVE ID: CVE-2023-28990 CVSS Score: 4.3 (Medium) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/48aa5be8-a5d9-4f5e-ba30-d6afb3f0fee0>
Affected Software: Trending/Popular Post Slider and Widget CVE ID: CVE-2022-46846 CVSS Score: 4.3 (Medium) Researcher/s: Cat Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4a0cffca-94d8-46b8-8b84-57e76a5bfd94>
Affected Software: Zippy CVE ID: CVE-2023-26533 CVSS Score: 4.3 (Medium) Researcher/s: Junsu Yeo Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4c306428-8880-483f-be3a-6f6b87e55eef>
Affected Software: WP VR – 360 Panorama and Virtual Tour Builder For WordPress CVE ID: CVE-2023-1414 CVSS Score: 4.3 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/54b495e8-f641-444d-a3d4-a54bb0836c40>
Affected Software: Premmerce Redirect Manager CVE ID: CVE-2023-23787 CVSS Score: 4.3 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6d84fa60-f780-41e2-96dc-57057c646e01>
Affected Software: Welcome Bar CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/82a26836-44fc-47cf-ad09-bd3d264e8635>
Affected Software: Wp Ultimate Review CVE ID: CVE-2023-28987 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/892372c9-380c-43b2-b928-b5964574c414>
Affected Software: Welcome Bar CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/98730677-200b-4b1a-8568-7af8b2b0e94b>
Affected Software: WishSuite – Wishlist for WooCommerce CVE ID: CVE-2023-23731 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a2f3fcd1-6dff-409b-b8c1-46c5485980ee>
Affected Software: Advanced Shipment Tracking for WooCommerce CVE ID: CVE-2022-41635 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b55a80ed-5e27-4087-a792-e78066a41399>
Affected Software: Really Simple Google Tag Manager CVE ID: CVE-2023-23801 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c579825b-e92e-48d2-925e-d1fc81374c4a>
Affected Software: Affiliates Manager CVE ID: CVE-2023-28986 CVSS Score: 4.3 (Medium) Researcher/s: minhtuanact Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d1a6bdc8-ae74-4d0b-9c47-f4bf69158a44>
Affected Software: HT Menu – WordPress Mega Menu Builder for Elementor CVE ID: CVE-2023-23791 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/deb2544f-75ac-4d6c-bec7-9f35cfe0028d>
Affected Software: Mobile Banner CVE ID: CVE-2023-28930 CVSS Score: 4.3 (Medium) Researcher/s: Yuki Haruma Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e98aa389-9113-4997-8b96-1ca03cdfc235>
Affected Software: Simple Author Box CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f670b93e-da2e-43e7-a28a-6cacba4df3a1>
Affected Software: Swatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches) CVE ID: CVE-2023-23792 CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fa73c2a0-a692-47db-99ca-7e7159fc96aa>
_As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published. _
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (Mar 27, 2023 to Apr 2, 2023) appeared first on Wordfence.
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
56.3%