Last week, there were 109 vulnerabilities disclosed in 95 WordPress Plugins and 1 WordPress theme that have been added to the Wordfence Intelligence Vulnerability Database, and there were 39 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API and webhook integration are completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Individuals and Enterprises can use the vulnerability Database API to receive a complete dump of our database of over 12,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
_Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published. _
Patch Status | Number of Vulnerabilities |
---|---|
Unpatched | 68 |
Patched | 41 |
Severity Rating | Number of Vulnerabilities |
---|---|
Low Severity | 1 |
Medium Severity | 91 |
High Severity | 15 |
Critical Severity | 2 |
Vulnerability Type by CWE | Number of Vulnerabilities |
---|---|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 47 |
Cross-Site Request Forgery (CSRF) | 25 |
Missing Authorization | 17 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 4 |
Unrestricted Upload of File with Dangerous Type | 3 |
Improper Authorization | 3 |
Information Exposure | 3 |
Deserialization of Untrusted Data | 2 |
Authorization Bypass Through User-Controlled Key | 1 |
Server-Side Request Forgery (SSRF) | 1 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 1 |
Improper Privilege Management | 1 |
Authentication Bypass by Primary Weakness | 1 |
Researcher Name | Number of Vulnerabilities |
---|---|
LEE SE HYOUNG | 14 |
Lana Codes | |
(Wordfence Vulnerability Researcher) | 12 |
Rafie Muhammad | 8 |
Abdi Pranata | 7 |
Mika | 5 |
Nguyen Xuan Chien | 4 |
thiennv | 4 |
Francesco Carlucci | 4 |
Le Ngoc Anh | 4 |
Rio Darmawan | 3 |
Marco Wotschka | |
(Wordfence Vulnerability Researcher) | 3 |
Revan Arifio | 3 |
Jonas Höbenreich | 2 |
Emili Castells | 2 |
Skalucy | 2 |
Shuning Xu | 1 |
qilin_99 | 1 |
niclo | 1 |
Ala Arfaoui | 1 |
Taihei Shimamine | 1 |
Milad Hacking | 1 |
Alexander Concha | 1 |
NGÔ THIÊN AN | 1 |
Phd | 1 |
Alex Thomas | |
(Wordfence Vulnerability Researcher) | 1 |
minhtuanact | 1 |
Nguyen Anh Tien | 1 |
DoYeon Park | 1 |
Dimas Maulana | 1 |
emad | 1 |
juweihuitao | 1 |
Dmitrii Ignatyev | 1 |
Krzysztof Zając | 1 |
Elliot | 1 |
Theodoros Malachias | 1 |
trein | 1 |
TP Cyber Security | 1 |
Rafshanzani Suhada | 1 |
Joshua Chan | 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
Software Name | Software Slug |
---|---|
404 Solution | 404-solution |
Add Custom Body Class | add-custom-body-class |
Add Shortcodes Actions And Filters | add-actions-and-filters |
Advanced Local Pickup for WooCommerce | advanced-local-pickup-for-woocommerce |
Ajax Archive Calendar | ajax-archive-calendar |
ApplyOnline – Application Form Builder and Manager | apply-online |
Appointment Calendar | appointment-calendar |
Archivist – Custom Archive Templates | archivist-custom-archive-templates |
Ashe Extra | ashe-extra |
Auto Login New User After Registration | auto-login-new-user-after-registration |
BetterLinks – Shorten, Track and Manage any URL | betterlinks |
Booster for WooCommerce | woocommerce-jetpack |
Broken Link Checker | Finder |
CPO Shortcodes | cpo-shortcodes |
Category SEO Meta Tags | category-seo-meta-tags |
Comments – wpDiscuz | wpdiscuz |
Contact Form Builder, Contact Widget | contact-forms-builder |
Contact Form builder with drag & drop for WordPress – Kali Forms | kali-forms |
Custom post types, Custom Fields & more | custom-post-types |
DX Delete Attached Media | dx-delete-attached-media |
Delete Usermetas | delete-usermetas |
Duplicate Theme | duplicate-theme |
E2Pdf – Export To Pdf Tool for WordPress | e2pdf |
EG-Attachments | eg-attachments |
Envo Extra | envo-extra |
Eonet Manual User Approve | eonet-manual-user-approve |
EventON | eventon-lite |
Freesoul Deactivate Plugins – Plugin manager and cleanup | freesoul-deactivate-plugins |
FreshMail For WordPress | freshmail-integration |
GeoDirectory – WordPress Business Directory Plugin, or Classified Directory | geodirectory |
Grid Plus – Unlimited grid layout | grid-plus |
Headline Analyzer | headline-analyzer |
Icons Font Loader | icons-font-loader |
Internal Link Building | internal-link-building-plugin |
Just Custom Fields | just-custom-fields |
Lava Directory Manager | lava-directory-manager |
MW WP Form | mw-wp-form |
Maileon for WordPress | xqueue-maileon |
Mediabay – Media Library Folders | mediabay-lite |
Minimum Purchase for WooCommerce | minimum-purchase-for-woocommerce |
Modern Footnotes | modern-footnotes |
Motors – Car Dealer, Classifieds & Listing | motors-car-dealership-classified-listings |
Novo-Map : your WP posts on custom google maps | novo-map |
Open Graph Metabox | open-graph-metabox |
Popup by Supsystic | popup-by-supsystic |
Post Meta Data Manager | post-meta-data-manager |
Product Category Tree | product-category-tree |
Protección de Datos RGPD | click-datos-lopd |
Recip.ly Plugin | reciply |
Rocket Font | rocket-font |
SALESmanago | salesmanago |
Simple Calendar – Google Calendar Plugin | google-calendar-events |
Simple Table Manager | simple-table-manager |
Skype Legacy Buttons | skype-online-status |
Smart App Banner | smart-app-banner |
Smart Online Order for Clover | clover-online-orders |
Smooth Scroll Links [SSL] | smooth-scrolling-links-ssl |
Social Media Share Buttons & Social Sharing Icons | ultimate-social-media-icons |
Social proof testimonials and reviews by Repuso | social-testimonials-and-reviews-widget |
Soisy Pagamento Rateale | soisy-pagamento-rateale |
Super Testimonials | super-testimonial |
TCD Google Maps | tcd-google-maps |
Tab Ultimate | tabs-pro |
Taggbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics | taggbox-widget |
Team Showcase | team-showcase |
Templately – Templates Cloud for Elementor & Gutenberg : 4000+ Free & Premium Designs! | templately |
The Awesome Feed – Custom Feed | wp-facebook-feed |
Theme Blvd Shortcodes | theme-blvd-shortcodes |
Theme Switcha – Easily Switch Themes for Development and Testing | theme-switcha |
Thumbnail Slider With Lightbox | wp-responsive-slider-with-lightbox |
Track Google Analytics 4, Facebook Pixel & Conversions API via Google Tag Manager for WooCommerce | enhanced-e-commerce-for-woocommerce-store |
Triberr | triberr-wordpress-plugin |
Ultimate Addons for WPBakery | Ultimate_VC_Addons |
User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds | userfeedback-lite |
Userback | userback |
WC Captcha | wc-captcha |
WC Serial Numbers – Ultimate License Manager Plugin for Selling, Licensing & Securely Delivering Digital Products with WooCommerce | wc-serial-numbers |
WDSocialWidgets | spider-facebook |
WOLF – WordPress Posts Bulk Editor and Manager Professional | bulk-editor |
WP EXtra | wp-extra |
WP Full Stripe Free | wp-full-stripe-free |
WP Hotel Booking | wp-hotel-booking |
WP Post Columns | wp-post-columns |
WP Radio – Worldwide Online Radio Stations Directory for WordPress | wp-radio |
Web Push Notifications – Webpushr | webpushr-web-push-notifications |
Webmaster Tools | webmaster-tools |
WhatsApp Share Button | |
Who Hit The Page – Hit Counter | who-hit-the-page-hit-counter |
Widgets for Google Reviews | wp-reviews-plugin-for-google |
WooCommerce Ninja Forms Product Add-ons | woocommerce-ninjaforms-product-addons |
WooCommerce PDF Invoice Builder, Create invoices, packing slips and more | woo-pdf-invoice-builder |
WooCommerce Stripe Payment Gateway | woocommerce-gateway-stripe |
Wp Ultimate Review | wp-ultimate-review |
iPanorama 360 – WordPress Virtual Tour Builder | ipanorama-360-virtual-tour-builder-lite |
mpOperationLogs | mpoperationlogs |
Software Name | Software Slug |
---|---|
themify-ultra | themify-ultra |
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you'd like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
Affected Software: Recip.ly Plugin CVE ID: CVE-2011-10004 CVSS Score: 9.8 (Critical) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/068da172-629d-422a-bcd5-1b73af2a5933>
Affected Software: WooCommerce Ninja Forms Product Add-ons CVE ID: CVE-2023-5601 CVSS Score: 9.8 (Critical) Researcher/s: Alexander Concha Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/601d70ff-2e0e-403b-9c58-130d378a8240>
Affected Software: themify-ultra CVE ID: CVE-2023-46147 CVSS Score: 8.8 (High) Researcher/s: Rafie Muhammad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/17c6a91c-e2a6-4f17-b145-145e9e7a0079>
Affected Software: iPanorama 360 – WordPress Virtual Tour Builder CVE ID: CVE-2023-5336 CVSS Score: 8.8 (High) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3566b602-c991-488f-9de2-57236c4735b5>
Affected Software: Icons Font Loader CVE ID: CVE-2023-46084 CVSS Score: 8.8 (High) Researcher/s: minhtuanact Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8564fc82-ff23-44b6-91b0-d63e6afb1a73>
Affected Software: themify-ultra CVE ID: CVE-2023-46145 CVSS Score: 8.8 (High) Researcher/s: Rafie Muhammad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cc994b2a-b3da-4edc-ada3-1150065efd30>
Affected Software: Web Push Notifications – Webpushr CVE ID: CVE-2023-35041 CVSS Score: 8.8 (High) Researcher/s: Theodoros Malachias Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e140973b-d37c-45bf-aed2-9223bd812957>
Affected Software: themify-ultra CVE ID: CVE-2023-46149 CVSS Score: 8.8 (High) Researcher/s: Rafie Muhammad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ed5251e7-64d2-4210-9864-144952a49327>
Affected Software: Soisy Pagamento Rateale CVE ID: CVE-2023-5132 CVSS Score: 7.5 (High) Researcher/s: Francesco Carlucci Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d3c997cd-37b4-4b9c-b99e-397be484aa36>
Affected Software: Advanced Local Pickup for WooCommerce CVE ID: CVE-2023-2841 CVSS Score: 7.2 (High) Researcher/s: Marco Wotschka Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/125e7ea3-574a-4760-b10b-7a98d94c87a5>
Affected Software: GeoDirectory – WordPress Business Directory Plugin, or Classified Directory CVE ID: CVE Unknown CVSS Score: 7.2 (High) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3bcd61d4-4775-4297-b7f5-664991fcd6d2>
Affected Software: Lava Directory Manager CVE ID: CVE-2023-46081 CVSS Score: 7.2 (High) Researcher/s: Emili Castells Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3bf669ed-ea31-4144-96b3-b1f29057b86d>
Affected Software: Motors – Car Dealer, Classifieds & Listing CVE ID: CVE-2023-46207 CVSS Score: 7.2 (High) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/437423f0-978f-4c7c-9ec3-40668c630c93>
Affected Software: User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds CVE ID: CVE-2023-46153 CVSS Score: 7.2 (High) Researcher/s: Dimas Maulana Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/abc056b0-55a2-439c-b7f6-4a2fc48c9823>
Affected Software: mpOperationLogs CVE ID: CVE-2023-5538 CVSS Score: 7.2 (High) Researcher/s: juweihuitao Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bc5f1b00-acee-4dc8-acd7-2d3f3493f253>
Affected Software: E2Pdf – Export To Pdf Tool for WordPress CVE ID: CVE-2023-46154 CVSS Score: 7.2 (High) Researcher/s: trein Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ea7f654b-88d1-4ed8-bab0-701e2e66e060>
Affected Software: Ultimate Addons for WPBakery CVE ID: CVE-2023-46205 CVSS Score: 7.1 (High) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5222ce69-ac9f-4bb0-9832-8cdff1f8b078>
Affected Software: BetterLinks – Shorten, Track and Manage any URL CVE ID: CVE-2023-45104 CVSS Score: 6.5 (Medium) Researcher/s: Nguyen Anh Tien Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/92b8829e-a8eb-4fdb-a772-9efbb5aaeb6c>
Affected Software: Headline Analyzer CVE ID: CVE-2023-46195 CVSS Score: 6.5 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a057ad05-0ed7-48c4-9dc1-0e7b1d3cb270>
Affected Software: Templately – Templates Cloud for Elementor & Gutenberg : 4000+ Free & Premium Designs! CVE ID: CVE-2023-5454 CVSS Score: 6.5 (Medium) Researcher/s: Krzysztof Zając Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c74553c0-366e-44d7-8c4a-161a05ef02b4>
Affected Software: Social Media Share Buttons & Social Sharing Icons CVE ID: CVE-2023-5070 CVSS Score: 6.5 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e9e43c5b-a094-44ab-a8a3-52d437f0e00d>
Affected Software: Tab Ultimate CVE ID: CVE-2023-5667 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/08220b23-d6fa-4005-bbbb-019412d328a5>
Affected Software: Theme Switcha – Easily Switch Themes for Development and Testing CVE ID: CVE-2023-5614 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2b0937fe-3ea6-427a-aef7-539c08687abb>
Affected Software: Minimum Purchase for WooCommerce CVE ID: CVE-2023-30492 CVSS Score: 6.4 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4633c5b1-a6e3-4ee8-94ca-8afa8ff16a35>
Affected Software: TCD Google Maps CVE ID: CVE-2023-5128 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/50f6d0aa-059d-48d9-873b-6404f288f002>
Affected Software: Super Testimonials CVE ID: CVE-2023-5613 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/52659f1c-642e-4c88-b3d0-d5c5a206b11c>
Affected Software: Ajax Archive Calendar CVE ID: CVE-2023-46069 CVSS Score: 6.4 (Medium) Researcher/s: NGÔ THIÊN AN Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/664d22f2-b7a3-42df-9530-4040160ead2c>
Affected Software: WhatsApp Share Button CVE ID: CVE-2023-5668 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/77911b0f-c028-49ae-b85e-15909d806e30>
Affected Software: Theme Blvd Shortcodes CVE ID: CVE-2023-5338 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/88809668-ea6b-41df-b2a7-ffe03a931c86>
Affected Software: Ultimate Addons for WPBakery CVE ID: CVE-2023-46211 CVSS Score: 6.4 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/90a8230f-7008-48af-a1a9-fbaf38dcb21c>
Affected Software: Skype Legacy Buttons CVE ID: CVE-2023-5615 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/914bcc8f-fecd-450e-b2a7-0989b7a0dd4c>
Affected Software: Add Custom Body Class CVE ID: CVE-2023-5205 CVSS Score: 6.4 (Medium) Researcher/s: Francesco Carlucci Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9841b57b-b869-4282-8781-60538f6f269f>
Affected Software: Mediabay – Media Library Folders CVE ID: CVE-2023-46066 CVSS Score: 6.4 (Medium) Researcher/s: emad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b1954340-397c-4cc0-ba9d-d698d94ea608>
Affected Software: Modern Footnotes CVE ID: CVE-2023-5618 CVSS Score: 6.4 (Medium) Researcher/s: Dmitrii Ignatyev Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c20c674f-54b5-470f-b470-07a63501eb4d>
Affected Software: Team Showcase CVE ID: CVE-2023-5639 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d3b26060-294e-4d4c-9295-0b08f533d5c4>
Affected Software: WP Post Columns CVE ID: CVE-2023-5708 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d96e5986-8c89-4e7e-aa63-f41aa13eeff4>
Affected Software: Booster for WooCommerce CVE ID: CVE-2023-5638 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f0257620-3a0e-4011-9378-7aa423e7c0b2>
Affected Software: CPO Shortcodes CVE ID: CVE-2023-5704 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f8ba38c3-51d2-43a7-89ff-c72a8edc946b>
Affected Software: The Awesome Feed – Custom Feed CVE ID: CVE-2023-46077 CVSS Score: 6.1 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/01878991-37c7-4c7b-b68c-d59ca66521e7>
Affected Software: EventON CVE ID: CVE-2023-4635 CVSS Score: 6.1 (Medium) Researcher/s: Shuning Xu Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/115ad0b2-febe-485a-8fb5-9bd6edc37ef7>
Affected Software: Motors – Car Dealer, Classifieds & Listing CVE ID: CVE-2023-46208 CVSS Score: 6.1 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1f06b855-c1e1-4378-a340-9dda2919fb83>
Affected Software: Contact Form Builder, Contact Widget CVE ID: CVE-2023-46075 CVSS Score: 6.1 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/43ea0665-2c6e-4c78-8bc5-056f47f190ab>
Affected Software: Add Shortcodes Actions And Filters CVE ID: CVE-2023-46072 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/44cb21f9-467a-4119-99fb-5cd21166a334>
Affected Software: Smart Online Order for Clover CVE ID: CVE-2023-46312 CVSS Score: 6.1 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5f1e0dfa-f99a-43d1-bdc9-6fc7a4ea381d>
Affected Software: Track Google Analytics 4, Facebook Pixel & Conversions API via Google Tag Manager for WooCommerce CVE ID: CVE-2023-46094 CVSS Score: 6.1 (Medium) Researcher/s: Phd Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6ad84e6e-5498-4bf1-b662-15b7628ceba2>
Affected Software: Grid Plus – Unlimited grid layout CVE ID: CVE-2023-46209 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6b213baa-8508-4eb2-ac09-d320e2b4276c>
Affected Software: WDSocialWidgets CVE ID: CVE-2023-46090 CVSS Score: 6.1 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a74d6b36-e0f1-4cfb-b1e9-0573081ed975>
Affected Software: EG-Attachments CVE ID: CVE-2023-46070 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b63ccc9a-222d-4119-909b-d04bab78d663>
Affected Software: Archivist – Custom Archive Templates CVE ID: CVE-2023-46194 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e3f59671-0db2-4acf-8e97-a0ead518bebd>
Affected Software: FreshMail For WordPress CVE ID: CVE-2023-46074 CVSS Score: 6.1 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e87fe70d-5ac3-40ee-a8d0-601d7b417562>
Affected Software: Protección de Datos RGPD CVE ID: CVE-2023-46071 CVSS Score: 6.1 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/eaebcae4-cdf5-4eb7-9246-07185fe62d07>
Affected Software: WooCommerce PDF Invoice Builder, Create invoices, packing slips and more CVE ID: CVE-2023-46076 CVSS Score: 6.1 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fb0d093b-c339-4b19-a6cd-d2589b8e57ff>
Affected Software: Appointment Calendar CVE ID: CVE-2023-46198 CVSS Score: 5.4 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/06a92619-5281-414e-8846-be0db38df89d>
Affected Software: themify-ultra CVE ID: CVE-2023-46148 CVSS Score: 5.4 (Medium) Researcher/s: Rafie Muhammad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5cf17465-59a9-475d-bd1a-9e3623190926>
Affected Software: WooCommerce Stripe Payment Gateway CVE ID: CVE-2023-44999 CVSS Score: 5.4 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8e4ad8fa-b04c-4821-aadb-3120f824557f>
Affected Software: themify-ultra CVE ID: CVE-2023-46146 CVSS Score: 5.4 (Medium) Researcher/s: Rafie Muhammad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a32f50f7-d271-45f6-9a73-838a8dcb901f>
Affected Software: Taggbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics CVE ID: CVE-2023-33215 CVSS Score: 5.4 (Medium) Researcher/s: Jonas Höbenreich Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d970a9f6-69f6-42d2-b863-82b8110e52c3>
Affected Software: WP Hotel Booking CVE ID: CVE Unknown CVSS Score: 5.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0439d2ee-7742-4aa7-ba4e-db55c6b2718e>
Affected Software: Post Meta Data Manager CVE ID: CVE Unknown CVSS Score: 5.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1958c166-282d-4469-b79d-4e959e0492c1>
Affected Software: Comments – wpDiscuz CVE ID: CVE Unknown CVSS Score: 5.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4a1fe36b-75d2-48c3-bfac-af965eb9363f>
Affected Software: MW WP Form CVE ID: CVE-2023-46206 CVSS Score: 5.3 (Medium) Researcher/s: Revan Arifio Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/616de170-6645-4a06-a393-51bec1d8bd8c>
Affected Software: Contact Form builder with drag & drop for WordPress – Kali Forms CVE ID: CVE-2023-46083 CVSS Score: 5.3 (Medium) Researcher/s: Revan Arifio Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bfb473a6-08ba-4b23-877d-4aa661c0053f>
Affected Software: SALESmanago CVE ID: CVE-2023-4939 CVSS Score: 5.3 (Medium) Researcher/s: Francesco Carlucci Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/de7db1d6-b352-44c7-a6cc-b21cb65a0482>
Affected Software: Broken Link Checker | Finder CVE ID: CVE-2023-46082 CVSS Score: 5.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e4383f41-bd08-4fab-9491-4cf9f7326300>
Affected Software: 404 Solution CVE ID: CVE Unknown CVSS Score: 5.3 (Medium) Researcher/s: Joshua Chan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fadc1374-fe4d-414a-af84-1a4de5b89807>
Affected Software: Smart App Banner CVE ID: CVE-2023-46200 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0c7497fc-e42c-49a6-99ee-6ec774cc4617>
Affected Software: Auto Login New User After Registration CVE ID: CVE-2023-46201 CVSS Score: 4.4 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0fb82b48-3cf8-47a5-b68d-e37a1823a125>
Affected Software: Eonet Manual User Approve CVE ID: CVE-2023-32738 CVSS Score: 4.4 (Medium) Researcher/s: Emili Castells Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2b696e0b-d4e1-4a81-9204-929100ade073>
Affected Software: WC Captcha CVE ID: CVE-2023-46210 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/400dde23-eafb-4ace-8b4a-ac88d0b200ac>
Affected Software: Simple Table Manager CVE ID: CVE-2023-4858 CVSS Score: 4.4 (Medium) Researcher/s: niclo Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/53760acf-e8b2-4e35-8c01-768472fc0996>
Affected Software: Thumbnail Slider With Lightbox CVE ID: CVE-2023-5621 CVSS Score: 4.4 (Medium) Researcher/s: Ala Arfaoui Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/547c425d-8b0f-4e65-8b8a-c3a3059301fe>
Affected Software: Custom post types, Custom Fields & more CVE ID: CVE-2023-32116 CVSS Score: 4.4 (Medium) Researcher/s: Taihei Shimamine Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/58ee5f31-7d10-4772-929c-98249a351342>
Affected Software: Triberr CVE ID: CVE-2023-46199 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5e8a8e0e-6dc0-4d9f-aee3-1fd940c49d3d>
Affected Software: Category SEO Meta Tags CVE ID: CVE-2023-46091 CVSS Score: 4.4 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6985a8bb-0ad5-4b02-9a95-9dbc6018dec0>
Affected Software: Maileon for WordPress CVE ID: CVE-2023-46068 CVSS Score: 4.4 (Medium) Researcher/s: DoYeon Park Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a67972d7-abfd-4ce3-9e47-30736ab32af5>
Affected Software: WP Full Stripe Free CVE ID: CVE-2023-46088 CVSS Score: 4.4 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b7c630c0-b37f-48d5-a87c-8e7c60103a30>
Affected Software: Internal Link Building CVE ID: CVE-2023-46192 CVSS Score: 4.4 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/dd300737-dda4-4ed3-b21f-0407a5e32a05>
Affected Software: Webmaster Tools CVE ID: CVE-2023-46093 CVSS Score: 4.4 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e80bb7de-ce18-40d5-bf4c-9616739b2f9d>
Affected Software: Who Hit The Page – Hit Counter CVE ID: CVE-2023-46087 CVSS Score: 4.3 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/07663fae-53e9-45d2-834c-6e1392484e0a>
Affected Software: Ashe Extra CVE ID: CVE-2023-46079 CVSS Score: 4.3 (Medium) Researcher/s: Jonas Höbenreich Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/09551d22-c8c2-435c-9d00-bb4833497c16>
Affected Software: Simple Calendar – Google Calendar Plugin CVE ID: CVE-2023-46189 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1218ed3b-badc-464e-adbc-76fb4f6af008>
Affected Software: Product Category Tree CVE ID: CVE-2023-46151 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/147e47f8-c40b-4ae7-8627-b32b36e4d14f>
Affected Software: Wp Ultimate Review CVE ID: CVE-2023-46085 CVSS Score: 4.3 (Medium) Researcher/s: qilin_99 Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1559fb43-cc5e-4dd2-80d8-06a137c7276d>
Affected Software: Userback CVE ID: CVE-2023-46089 CVSS Score: 4.3 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2178b39c-5341-4f53-82be-668b400d7f25>
Affected Software: Delete Usermetas CVE ID: CVE-2023-5537 CVSS Score: 4.3 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/23b46e5b-ce1e-4215-921c-edea7fd6c56a>
Affected Software: Simple Calendar – Google Calendar Plugin CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/38adede2-73ca-470c-8ace-4f5bbec51d28>
Affected Software: Webmaster Tools CVE ID: CVE-2023-46092 CVSS Score: 4.3 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4112ca9a-39fa-4fe8-a060-9f8f492eb846>
Affected Software: Smooth Scroll Links [SSL] CVE ID: CVE-2023-46095 CVSS Score: 4.3 (Medium) Researcher/s: Skalucy Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/49018b4b-2833-4ced-b36a-ebe69c5cb096>
Affected Software: Open Graph Metabox CVE ID: CVE-2023-46191 CVSS Score: 4.3 (Medium) Researcher/s: Milad Hacking Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5a2b7aac-b11d-4c52-b3d8-7b3f4b3eecd5>
Affected Software: Rocket Font CVE ID: CVE-2023-46067 CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/635f448b-5c51-4152-b6f5-076a686709bf>
Affected Software: Widgets for Google Reviews CVE ID: CVE-2023-3254 CVSS Score: 4.3 (Medium) Researcher/s: Alex Thomas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/70968476-b064-477f-999f-4aa2c51d89cc>
Affected Software: Internal Link Building CVE ID: CVE-2023-46193 CVSS Score: 4.3 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/78ce6a2a-aa28-4ae9-a2e7-ca3861a9677f>
Affected Software: Just Custom Fields CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/79899dc1-4953-4f95-95f5-853d24e7b9ab>
Affected Software: WC Serial Numbers – Ultimate License Manager Plugin for Selling, Licensing & Securely Delivering Digital Products with WooCommerce CVE ID: CVE-2023-46078 CVSS Score: 4.3 (Medium) Researcher/s: Skalucy Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8671b549-2cce-4f38-ad2d-a9472f7e8e7b>
Affected Software: WP Radio – Worldwide Online Radio Stations Directory for WordPress CVE ID: CVE-2023-46150 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/874e9e14-1330-40f0-8199-8abcaae58e98>
Affected Software: WOLF – WordPress Posts Bulk Editor and Manager Professional CVE ID: CVE-2023-46152 CVSS Score: 4.3 (Medium) Researcher/s: thiennv Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8b771d76-b79a-4ff2-9433-8d35734a4396>
Affected Software: Auto Login New User After Registration CVE ID: CVE-2023-46202 CVSS Score: 4.3 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9311c7b6-2c32-4f30-8286-6d59c267c09d>
Affected Software: DX Delete Attached Media CVE ID: CVE-2023-46073 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/961d6d1d-46e8-489f-ac5f-51b55c5a0460>
Affected Software: ApplyOnline – Application Form Builder and Manager CVE ID: CVE-2023-46080 CVSS Score: 4.3 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a3473b5e-2f50-4845-9cfa-d19129f2a430>
Affected Software: Social Media Share Buttons & Social Sharing Icons CVE ID: CVE-2023-5602 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d44a45fb-3bff-4a1f-8319-a58a47a9d76b>
Affected Software: Duplicate Theme CVE ID: CVE-2023-46204 CVSS Score: 4.3 (Medium) Researcher/s: Elliot Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d93e0175-db55-42ab-8475-cd0f47e5dcbb>
Affected Software: Social proof testimonials and reviews by Repuso CVE ID: CVE-2023-46196 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ec311df2-33af-4b91-80a1-252d934c7f61>
Affected Software: WP EXtra CVE ID: CVE-2023-46212 CVSS Score: 4.3 (Medium) Researcher/s: TP Cyber Security Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ed5c433b-eaab-4716-8749-2a5598a1dbb9>
Affected Software: Freesoul Deactivate Plugins – Plugin manager and cleanup CVE ID: CVE-2023-46188 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f2949ff1-5c69-4189-99a9-e50c65c78461>
Affected Software: Popup by Supsystic CVE ID: CVE-2023-46197 CVSS Score: 4.3 (Medium) Researcher/s: Rafshanzani Suhada Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f458663f-6b1a-4acd-b2db-c66d7a915ab7>
Affected Software: Just Custom Fields CVE ID: CVE-2023-46203 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f6d44749-8b1a-4d22-9917-fee134737063>
Affected Software: Novo-Map : your WP posts on custom google maps CVE ID: CVE-2023-46190 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f6f91816-a263-4938-bac1-eeb3bb2fc120>
Affected Software: Envo Extra CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f709fca2-b7b6-4567-8055-1156f510d1ca>
Affected Software: Comments – wpDiscuz CVE ID: CVE-2023-46311 CVSS Score: 2.7 (Low) Researcher/s: Revan Arifio Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/359c573f-7031-4f56-b66f-c37339667aca>
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (October 16, 2023 to October 22, 2023) appeared first on Wordfence.