9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
41.5%
Last week, there were 64 vulnerabilities disclosed in 67 WordPress Plugins and 10 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 37 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, and webhook integration are completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
_Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published. _
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Patch Status | Number of Vulnerabilities |
---|---|
Unpatched | 24 |
Patched | 40 |
Severity Rating | Number of Vulnerabilities |
---|---|
Low Severity | 1 |
Medium Severity | 50 |
High Severity | 9 |
Critical Severity | 4 |
Vulnerability Type by CWE | Number of Vulnerabilities |
---|---|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 26 |
Missing Authorization | 12 |
Cross-Site Request Forgery (CSRF) | 9 |
Improper Privilege Management | 2 |
Use of Less Trusted Source | 2 |
Information Exposure | 2 |
Deserialization of Untrusted Data | 1 |
Server-Side Request Forgery (SSRF) | 1 |
Improper Control of Generation of Code ('Code Injection') | 1 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 1 |
URL Redirection to Untrusted Site ('Open Redirect') | 1 |
Improper Authorization | 1 |
Improper Access Control | 1 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 1 |
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') | 1 |
Weak Password Recovery Mechanism for Forgotten Password | 1 |
Unrestricted Upload of File with Dangerous Type | 1 |
Researcher Name | Number of Vulnerabilities |
---|---|
Abdi Pranata | 5 |
Marco Wotschka | |
(Wordfence Vulnerability Researcher) | 4 |
Lana Codes | |
(Wordfence Vulnerability Researcher) | 4 |
Mika | 4 |
minhtuanact | 3 |
thiennv | 3 |
David | 2 |
Truoc Phan | 2 |
Rio Darmawan | 2 |
LEE SE HYOUNG | 2 |
Yuki Haruma | 2 |
Muhammad Arsalan Diponegoro | 2 |
Jonatas Souza Villa Flor | 1 |
Ivy | 1 |
Random Robbie | 1 |
Nithissh S | 1 |
TomS | 1 |
NGÔ THIÊN AN | 1 |
Le Ngoc Anh | 1 |
Debangshu Kundu | 1 |
Arpeet Rathi | 1 |
Rafie Muhammad | 1 |
Utkarsh Agrawal | 1 |
Hung Duong | 1 |
Bartłomiej Marek | 1 |
Tomasz Swiadek | 1 |
Prasanna V Balaji | 1 |
Nguyen Xuan Chien | 1 |
Elliot | 1 |
Lokesh Dachepalli | 1 |
Rafshanzani Suhada | 1 |
Dmitrii Ignatyev | 1 |
Dmitrii | 1 |
Skalucy | 1 |
yuyudhn | 1 |
Francesco Carlucci | 1 |
Jonas Höbenreich | 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
Software Name | Software Slug |
---|---|
123.chat – 1:1 Live Video Chat Tool Plugin | 123-chat-videochat |
Accordion Slider | accordion-slider |
Accordion and Accordion Slider | accordion-and-accordion-slider |
Advanced File Manager | file-manager-advanced |
Album and Image Gallery plus Lightbox | album-and-image-gallery-plus-lightbox |
BigBlueButton | bigbluebutton |
Blog Designer – Post and Widget | blog-designer-for-post-and-widget |
CLUEVO LMS, E-Learning Platform | cluevo-lms |
CT Commerce | ct-commerce |
Carrrot | carrrot |
Cleverwise Daily Quotes | cleverwise-daily-quotes |
Comments Like Dislike | comments-like-dislike |
Contact form 7 Custom validation | cf7-field-validation |
Cookies and Content Security Policy | cookies-and-content-security-policy |
Cost Calculator Builder | cost-calculator-builder |
Countdown Timer Ultimate | countdown-timer-ultimate |
Custom Admin Login Page | WPZest |
Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress | charitable |
Donations Made Easy – Smart Donations | smart-donations |
Doofinder WP & WooCommerce Search | doofinder-for-woocommerce |
Dynamic Pricing and Discount Rules for WooCommerce | woo-conditional-discount-rules-for-checkout |
Enhanced Ecommerce Google Analytics for WooCommerce | woo-ecommerce-tracking-for-google-and-facebook |
Event Tickets with Ticket Scanner | event-tickets-with-ticket-scanner |
GD Security Headers | gd-security-headers |
InfiniteWP Client | iwp-client |
JS Help Desk – Best Help Desk & Support Plugin | js-support-ticket |
Kanban Boards for WordPress | kanban |
Make Paths Relative | make-paths-relative |
Media from FTP | media-from-ftp |
Meta Slider and Carousel with Lightbox | meta-slider-and-carousel-with-lightbox |
Orders Tracking for WooCommerce | woo-orders-tracking |
Paid Memberships Pro CCBill Gateway | pmpro-ccbill |
Password Reset with Code for WordPress REST API | bdvs-password-reset |
Plausible Analytics | plausible-analytics |
Portfolio Gallery – Responsive Image Gallery | gallery-portfolio |
Portfolio and Projects | portfolio-and-projects |
Post Ticker Ultimate | ticker-ultimate |
Post grid and filter ultimate | post-grid-and-filter-ultimate |
Products Quick View for WooCommerce | woocommerce-products-quick-view |
Putler Connector for WooCommerce – Accurate Analytics and Reports for your WooCommerce Store | woocommerce-putler-connector |
RSVPMaker | rsvpmaker |
Schedule Posts Calendar | schedule-posts-calendar |
Serial Codes Generator and Validator with WooCommerce Support | serial-codes-generator-and-validator |
Simple Org Chart | simple-org-chart |
Simple Staff List | simple-staff-list |
Smart SEO Tool – SEO优化插件 | smart-seo-tool |
Stripe Payment Plugin for WooCommerce | payment-gateway-stripe-and-woocommerce-integration |
Tabs & Accordion | tabs |
Team Slider and Team Grid Showcase plus Team Carousel | wp-team-showcase-and-slider |
Testimonial Grid and Testimonial Slider plus Carousel with Rotator Widget | wp-testimonial-with-widget |
Timeline and History slider | timeline-and-history-slider |
Trending/Popular Post Slider and Widget | wp-trending-post-slider-and-widget |
Typing Effect | animated-typing-effect |
User Activity Log | user-activity-log |
User Submitted Posts – Enable Users to Submit Posts from the Front End | user-submitted-posts |
Video Gallery for YouTube Videos and WordPress | youtube-showcase |
Video gallery and Player | html5-videogallery-plus-player |
WP LINE Notify | wp-line-notify |
WP Remote Users Sync | wp-remote-users-sync |
WP VR – 360 Panorama and Virtual Tour Builder For WordPress | wpvr |
WP-PostRatings | wp-postratings |
WebLibrarian | weblibrarian |
WooCommerce PDF Invoice Builder, Create invoices, packing slips and more | woo-pdf-invoice-builder |
WordPress Mortgage Calculator Estatik | estatik-mortgage-calculator |
fitness calculators plugin | fitness-calculators |
tagDiv Composer | td-composer |
wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin | wpdatatables |
Software Name | Software Slug |
---|---|
Aapna | aapna |
Anand | anand |
Anfaust | anfaust |
Arendelle | arendelle |
Atlast Business | [atlast-business](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/Atlast Business>) |
Bazaar Lite | [bazaar-lite](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/Bazaar Lite>) |
Brain Power | [brain-power](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/Brain Power>) |
BunnyPressLite | bunnypresslite |
Cafe Bistro | [cafe-bistro](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/Cafe Bistro>) |
College | college |
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities.
Affected Software: Kanban Boards for WordPress CVE ID: CVE-2023-40606 CVSS Score: 9.8 (Critical) Researcher/s: TomS Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3adea276-6b55-422d-adc9-a767f569181c>
Affected Software: Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress CVE ID: CVE-2023-4404 CVSS Score: 9.8 (Critical) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/522ecc1c-5834-4325-9234-79cf712213f3>
Affected Software: Contact form 7 Custom validation CVE ID: CVE-2023-40609 CVSS Score: 9.8 (Critical) Researcher/s: minhtuanact Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/dbfc52a4-6c9d-480b-9247-1513318ff84b>
Affected Software: Password Reset with Code for WordPress REST API CVE ID: CVE-2023-35039 CVSS Score: 9.8 (Critical) Researcher/s: Jonas Höbenreich Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f44b9e6d-2f84-45f6-9f74-3f23b03c5a49>
Affected Software: WP Remote Users Sync CVE ID: CVE-2023-3958 CVSS Score: 8.5 (High) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2e78c759-4a54-4ee4-8eff-df91fe9dad46>
Affected Software: InfiniteWP Client CVE ID: CVE-2023-2916 CVSS Score: 7.5 (High) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/aa157c80-447f-4406-9e49-9cc6208b7b19>
Affected Software: User Submitted Posts – Enable Users to Submit Posts from the Front End CVE ID: CVE-2023-4308 CVSS Score: 7.2 (High) Researcher/s: NGÔ THIÊN AN Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3bb4d37c-c4c2-4523-9b4e-73ffb7be81ea>
Affected Software: tagDiv Composer CVE ID: CVE-2023-3169 CVSS Score: 7.2 (High) Researcher/s: Truoc Phan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6998cf4c-6086-402b-a95f-ee6a4980dffb>
Affected Software: Cleverwise Daily Quotes CVE ID: CVE-2023-40335 CVSS Score: 7.2 (High) Researcher/s: Yuki Haruma Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/71f7733a-1350-4e22-98d8-28be401aee69>
Affected Software: GD Security Headers CVE ID: CVE-2023-40330 CVSS Score: 7.2 (High) Researcher/s: minhtuanact Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7ce32ecf-6995-4794-8559-2f84533ecf50>
Affected Software: RSVPMaker CVE ID: CVE-2023-27616 CVSS Score: 7.2 (High) Researcher/s: Muhammad Arsalan Diponegoro Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/aaf0e58c-0430-44fe-980f-8ea469802c86>
Affected Software: WordPress Mortgage Calculator Estatik CVE ID: CVE-2023-40601 CVSS Score: 7.2 (High) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cb73e92b-b807-4406-b378-cef6cff9eb82>
Affected Software: JS Help Desk – Best Help Desk & Support Plugin CVE ID: CVE-2023-25444 CVSS Score: 7.2 (High) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fa75366a-651c-43d0-a32b-cdabf5b07b66>
Affected Software: wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin CVE ID: CVE Unknown CVSS Score: 6.6 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0c458644-a799-4bea-abcb-06a946dc19df>
Affected Software: Advanced File Manager CVE ID: CVE-2023-3814 CVSS Score: 6.6 (Medium) Researcher/s: Dmitrii Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ceba35c3-16b0-4366-b33c-603bdc2c1006>
Affected Software: Portfolio Gallery – Responsive Image Gallery CVE ID: CVE Unknown CVSS Score: 6.5 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/96112707-04ca-4647-9008-31954764486f>
Affected Software: Event Tickets with Ticket Scanner CVE ID: CVE Unknown CVSS Score: 6.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2ec40d89-9caa-44dc-8577-00fa6463348c>
Affected Software: BigBlueButton CVE ID: CVE Unknown CVSS Score: 6.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5f829d21-5347-46ec-9218-2b3cbe7d7b95>
Affected Software: Serial Codes Generator and Validator with WooCommerce Support CVE ID: CVE Unknown CVSS Score: 6.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c4886822-3a05-45b3-ad1d-4d4a4f921817>
Affected Software: Typing Effect CVE ID: CVE-2023-40605 CVSS Score: 6.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/db12f986-580e-4e81-8bd2-124393e5d21b>
Affected Software: Media from FTP CVE ID: CVE-2023-4019 CVSS Score: 6.3 (Medium) Researcher/s: Dmitrii Ignatyev Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9764d402-b8a2-43d5-882a-bc3886078b7f>
Affected Software: WP LINE Notify CVE ID: CVE-2023-30497 CVSS Score: 6.1 (Medium) Researcher/s: Ivy Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2b4e7c02-48d3-4271-a3bc-e7d3256b7217>
Affected Software/s: College, Anfaust, Brain Power, BunnyPressLite, Bazaar Lite, Cafe Bistro, Arendelle, Anand, Atlast Business, Aapna CVE ID: CVE-2023-2813 CVSS Score: 6.1 (Medium) Researcher/s: Random Robbie Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/32253923-ffec-4312-bcdf-06c5aed77d30>
Affected Software: Plausible Analytics CVE ID: CVE-2023-40553 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3ed6d5e6-1094-46ec-afb9-43c142f334ed>
Affected Software: WebLibrarian CVE ID: CVE-2023-29441 CVSS Score: 6.1 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6b4b05a8-3a32-4fa9-9ff5-a2a62b11a05d>
Affected Software: Donations Made Easy – Smart Donations CVE ID: CVE-2023-40664 CVSS Score: 6.1 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/799975aa-44fe-48dc-8ac9-469c89a03c67>
Affected Software: WP VR – 360 Panorama and Virtual Tour Builder For WordPress CVE ID: CVE-2023-40663 CVSS Score: 6.1 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fc08e4cf-3964-406e-9046-420e749df4b5>
Affected Software: fitness calculators plugin CVE ID: CVE-2023-40552 CVSS Score: 5.5 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/aafbdd50-c78b-4aad-a3e2-f1339d698e77>
Affected Software: Smart SEO Tool – SEO优化插件 CVE ID: CVE Unknown CVSS Score: 5.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/078d06ad-555b-4de4-a032-d81440c7dfb5>
Affected Software: Doofinder WP & WooCommerce Search CVE ID: CVE-2023-40602 CVSS Score: 5.4 (Medium) Researcher/s: minhtuanact Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7414779e-7241-4ab2-9b1f-34c3e1acc66b>
Affected Software: Cost Calculator Builder CVE ID: CVE-2023-40011 CVSS Score: 5.4 (Medium) Researcher/s: Rafshanzani Suhada Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/94d60fcb-a542-41a9-b6ac-6ac2607068aa>
Affected Software: Enhanced Ecommerce Google Analytics for WooCommerce CVE ID: CVE-2023-40561 CVSS Score: 5.4 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a3f7e1a4-88b2-4069-adb8-d51278b48234>
Affected Software: Putler Connector for WooCommerce – Accurate Analytics and Reports for your WooCommerce Store CVE ID: CVE-2023-40327 CVSS Score: 5.3 (Medium) Researcher/s: David Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/09a1388e-6c87-44cd-a137-4212b569423b>
Affected Software/s: Portfolio and Projects, Video gallery and Player, Testimonial Grid and Testimonial Slider plus Carousel with Rotator Widget, Accordion and Accordion Slider, Album and Image Gallery plus Lightbox, Meta Slider and Carousel with Lightbox, Blog Designer – Post and Widget, Trending/Popular Post Slider and Widget, Countdown Timer Ultimate, Post Ticker Ultimate, Team Slider and Team Grid Showcase plus Team Carousel, Post grid and filter ultimate, Timeline and History slider CVE ID: CVE-2023-40200 CVSS Score: 5.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2931fda2-edc8-44ea-9fff-ae9d94aa01bf>
Affected Software: Paid Memberships Pro CCBill Gateway CVE ID: CVE-2023-40608 CVSS Score: 5.3 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/47bb46df-3ed6-4331-8c05-c76331aa6995>
Affected Software: Comments Like Dislike CVE ID: CVE-2023-3244 CVSS Score: 5.3 (Medium) Researcher/s: Hung Duong Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/66019297-a8a8-4bbc-99db-4b47066f3e50>
Affected Software: WP-PostRatings CVE ID: CVE-2023-40332 CVSS Score: 5.3 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6aed9434-1681-47d6-bbc1-0815db548a24>
Affected Software: User Activity Log CVE ID: CVE-2023-4279 CVSS Score: 5.3 (Medium) Researcher/s: Bartłomiej Marek, Tomasz Swiadek Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/77462f1f-f7d8-4d11-aaf1-82395897fcfa>
Affected Software: Cookies and Content Security Policy CVE ID: CVE-2023-40662 CVSS Score: 5.3 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/79e68c5b-1f1a-4af3-acf4-1a38f2d72424>
Affected Software: Simple Org Chart CVE ID: CVE-2023-40603 CVSS Score: 5.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c674ec32-7959-414a-8c31-3455bebb47bb>
Affected Software: Stripe Payment Plugin for WooCommerce CVE ID: CVE-2023-4040 CVSS Score: 5.3 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ef543c61-2acc-4b72-81ff-883960d4c7c3>
Affected Software: 123.chat – 1:1 Live Video Chat Tool Plugin CVE ID: CVE-2023-4298 CVSS Score: 4.4 (Medium) Researcher/s: Jonatas Souza Villa Flor Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0a0ced4d-368d-4f12-9099-1f8c0b0fe245>
Affected Software: tagDiv Composer CVE ID: CVE-2023-3170 CVSS Score: 4.4 (Medium) Researcher/s: Truoc Phan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3861f675-1a26-4947-91ef-8ab04646704f>
Affected Software: CT Commerce CVE ID: CVE-2023-40007 CVSS Score: 4.4 (Medium) Researcher/s: Nithissh S Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/399109be-7efe-428e-a9b8-7a68864b2790>
Affected Software: Schedule Posts Calendar CVE ID: CVE-2023-40560 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/61c815c2-a5ea-431c-bfde-c08a4eb5fda6>
Affected Software: WooCommerce PDF Invoice Builder, Create invoices, packing slips and more CVE ID: CVE-2023-4160 CVSS Score: 4.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6a765360-8603-4ba1-a6db-dd0175ff3ddf>
Affected Software: Carrrot CVE ID: CVE-2023-40328 CVSS Score: 4.4 (Medium) Researcher/s: Prasanna V Balaji Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/77fa042d-1e4f-4344-bf5a-3860add7aae3>
Affected Software: Custom Admin Login Page | WPZest CVE ID: CVE-2023-40329 CVSS Score: 4.4 (Medium) Researcher/s: Lokesh Dachepalli Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/906dcf2a-6be1-4966-9a70-1ef9a8f1017d>
Affected Software: RSVPMaker CVE ID: CVE-2023-27617 CVSS Score: 4.4 (Medium) Researcher/s: Muhammad Arsalan Diponegoro Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cfb27513-61ad-4cf0-a471-0ab7aeb0801b>
Affected Software: Simple Staff List CVE ID: CVE-2023-28790 CVSS Score: 4.4 (Medium) Researcher/s: Yuki Haruma Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f5880581-3505-4851-b32f-cd2873072f73>
Affected Software: WooCommerce PDF Invoice Builder, Create invoices, packing slips and more CVE ID: CVE-2023-4245 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/200fbfc1-df21-43b0-8eb1-b2ba0cc0c0df>
Affected Software: WP Remote Users Sync CVE ID: CVE-2023-4374 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2e87cfc4-8e7c-47d6-80fc-9c293cdd8acb>
Affected Software: Putler Connector for WooCommerce – Accurate Analytics and Reports for your WooCommerce Store CVE ID: CVE-2023-40326 CVSS Score: 4.3 (Medium) Researcher/s: David Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/38537f60-52f4-4007-b26f-6948b9263931>
Affected Software: Products Quick View for WooCommerce CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/39c9f055-2527-4678-bda1-27a29ab24acd>
Affected Software: WooCommerce PDF Invoice Builder, Create invoices, packing slips and more CVE ID: CVE-2023-4161 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3b7aac1c-6962-49cf-850f-ab7b1d220090>
Affected Software: Accordion Slider CVE ID: CVE-2023-40331 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3dc69bba-39e0-46bd-8cdb-7cf1f7d36282>
Affected Software: CLUEVO LMS, E-Learning Platform CVE ID: CVE-2023-40607 CVSS Score: 4.3 (Medium) Researcher/s: Debangshu Kundu, Arpeet Rathi Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/414165a3-78f8-4254-ac24-2de177cad3dd>
Affected Software: Schedule Posts Calendar CVE ID: CVE-2023-40556 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7d4f490e-c86e-490e-8041-36c154b890aa>
Affected Software: Make Paths Relative CVE ID: CVE-2023-27433 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/85317781-7e77-4a78-af67-0a1dce39364c>
Affected Software: Simple Org Chart CVE ID: CVE-2023-28791 CVSS Score: 4.3 (Medium) Researcher/s: Elliot Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8d413350-f520-4dd9-af7d-e776628aef1d>
Affected Software: Dynamic Pricing and Discount Rules for WooCommerce CVE ID: CVE-2023-40559 CVSS Score: 4.3 (Medium) Researcher/s: Skalucy Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d624f234-c57a-4a66-900d-362194a79d34>
Affected Software: Video Gallery for YouTube Videos and WordPress CVE ID: CVE-2023-40558 CVSS Score: 4.3 (Medium) Researcher/s: thiennv Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e226d75f-37b2-4af2-bba0-0fd3a96cc1a0>
Affected Software: Tabs & Accordion CVE ID: CVE-2023-40557 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/eaead805-b122-4418-a4a0-cf1b0925f3c3>
Affected Software: Orders Tracking for WooCommerce CVE ID: CVE-2023-4216 CVSS Score: 2.7 (Low) Researcher/s: Utkarsh Agrawal Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5a62e8b2-7606-4842-8be5-dff8634539d0>
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (August 14, 2023 to August 20, 2023) appeared first on Wordfence.
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
41.5%