8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
52.1%
Last week, there were 90 vulnerabilities disclosed in 68 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 31 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API and webhook integration are completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Individuals and Enterprises can use the vulnerability Database API to receive a complete dump of our database of over 11,800 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Patch Status | Number of Vulnerabilities |
---|---|
Unpatched | 38 |
Patched | 52 |
Severity Rating | Number of Vulnerabilities |
---|---|
Low Severity | 3 |
Medium Severity | 76 |
High Severity | 9 |
Critical Severity | 2 |
Vulnerability Type by CWE | Number of Vulnerabilities |
---|---|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 35 |
Cross-Site Request Forgery (CSRF) | 30 |
Missing Authorization | 6 |
Missing Authentication for Critical Function | 3 |
Information Exposure | 3 |
Improper Input Validation | 3 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 3 |
Authorization Bypass Through User-Controlled Key | 2 |
Improper Control of Generation of Code ('Code Injection') | 1 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 1 |
Guessable CAPTCHA | 1 |
Files or Directories Accessible to External Parties | 1 |
Unrestricted Upload of File with Dangerous Type | 1 |
Researcher Name | Number of Vulnerabilities |
---|---|
Marco Wotschka | |
(Wordfence Vulnerability Researcher) | 13 |
Lana Codes | |
(Wordfence Vulnerability Researcher) | 11 |
Nguyen Xuan Chien | 8 |
Rio Darmawan | 7 |
Dmitrii Ignatyev | 4 |
Skalucy | 4 |
Pedro José Navas Pérez | 3 |
NGÔ THIÊN AN | 3 |
Abdi Pranata | 3 |
yuyudhn | 3 |
SeungYongLee | 2 |
DoYeon Park | 2 |
Ben Bidner | 2 |
Vladislav Pokrovsky | 2 |
Rafie Muhammad | 2 |
qilin_99 | 2 |
Bartłomiej Marek | 2 |
Tomasz Swiadek | 2 |
Erwan LR | 2 |
Alex Thomas | |
(Wordfence Vulnerability Researcher) | 1 |
Mika | 1 |
Muhammad Daffa | 1 |
Jonatas Souza Villa Flor | 1 |
thiennv | 1 |
Rafshanzani Suhada | 1 |
Linwz | 1 |
Pablo Sanchez | 1 |
Akihiro Hashimoto | 1 |
Dao Xuan Hieu | 1 |
Karolis Narvilas | 1 |
emad | 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
Software Name | Software Slug |
---|---|
Active Directory Integration / LDAP Integration | ldap-login-for-intranet-sites |
ActivityPub | activitypub |
Add Shortcodes Actions And Filters | add-actions-and-filters |
Advanced Custom Fields: Extended | acf-extended |
BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net | woo-bulk-editor |
Backend Localization | kau-boys-backend-localization |
Best WordPress Gallery Plugin – FooGallery | foogallery |
Block Plugin Update | block-specific-plugin-updates |
Blocks | blocks |
Booking Calendar | booking |
BuddyMeet | buddymeet |
Comments by Startbit | facebook-comment-by-vivacity |
Contact Form | contact-form-ready |
Contractor Contact Form Website to Workflow Tool | contractor-contact-form-website-to-workflow-tool |
Cooked – Recipe Plugin | cooked |
CopyRightPro | copyrightpro |
Events Rich Snippets for Google | rich-snippets-vevents |
Font Awesome Integration | font-awesome-integration |
Font Awesome More Icons | font-awesome-more-icons |
Instant CSS | instant-css |
Keap Landing Pages | infusionsoft-landing-pages |
Kv TinyMCE Editor Add Fonts | kv-tinymce-editor-fonts |
Magic Action Box | magic-action-box |
Mang Board WP | mangboard |
Mediavine Control Panel | mediavine-control-panel |
Modal Window – create popup modal window | modal-window |
Modern Events Calendar Lite | modern-events-calendar-lite |
Onclick show popup | onclick-show-popup |
OpenHook | thesis-openhook |
Options for Twenty Seventeen | options-for-twenty-seventeen |
Popup contact form | popup-contact-form |
Pretty Google Calendar | pretty-google-calendar |
Remove slug from custom post type | remove-slug-from-custom-post-type |
Schema App Structured Data | schema-app-structured-data-for-schemaorg |
School Management System – WPSchoolPress | wpschoolpress |
Shockingly Simple Favicon | shockingly-simple-favicon |
Simple File List | simple-file-list |
Simple Membership | simple-membership |
Simple Posts Ticker – Easy, Lightweight & Flexible | simple-posts-ticker |
Slideshow, Image Slider by 2J | 2j-slideshow |
Staff / Employee Business Directory for Active Directory | ldap-ad-staff-employee-directory-search |
TM WooCommerce Compare & Wishlist | tm-woocommerce-compare-wishlist |
Table of Contents Plus | table-of-contents-plus |
The Awesome Feed – Custom Feed | wp-facebook-feed |
Tiger Forms – Drag and Drop Form Builder | tiger-form |
Timthumb Vulnerability Scanner | timthumb-vulnerability-scanner |
Tiny Carousel Horizontal Slider | tiny-carousel-horizontal-slider |
Track The Click | track-the-click |
Unyson | unyson |
User Activity Log Pro | user-activity-log-pro |
User Avatar – Reloaded | user-avatar-reloaded |
Vrm 360 3D Model Viewer | vrm360 |
WP Adminify – WordPress Dashboard Customization | Custom Login |
WP Captcha | wp-captcha |
WP Custom Admin Interface | wp-custom-admin-interface |
WP GPX Maps | wp-gpx-maps |
WP Hide Pages | wp-hide-pages |
WP Job Openings – Job Listing, Career Page and Recruitment Plugin | wp-job-openings |
WP Jump Menu | wp-jump-menu |
WP Site Protector | wp-site-protector |
WWM Social Share On Image Hover | wwm-social-share-on-image-hover |
Welcart e-Commerce | usc-e-shop |
Woocommerce ESTO | woo-esto |
WordPress Gallery Plugin – NextGEN Gallery | nextgen-gallery |
WordPress Online Booking and Scheduling Plugin – Bookly | bookly-responsive-appointment-booking-tool |
bbp style pack | bbp-style-pack |
flowpaper | flowpaper-lite-pdf-flipbook |
iframe | iframe |
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you'd like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
Affected Software: OpenHook CVE ID: CVE-2023-5201 CVSS Score: 9.9 (Critical) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/37b9ed0e-5af2-47c1-b2da-8d103e4c31bf>
Affected Software: Simple File List CVE ID: CVE-2023-44227 CVSS Score: 9.1 (Critical) Researcher/s: Rafshanzani Suhada Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7eada9b7-8d53-4e95-858e-aa706f74b2a1>
Affected Software: Events Rich Snippets for Google CVE ID: CVE-2023-44478 CVSS Score: 8.8 (High) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5beb0f93-baa7-4400-ab40-d63f3430169e>
Affected Software: Welcart e-Commerce CVE ID: CVE-2023-40219 CVSS Score: 8.8 (High) Researcher/s: Akihiro Hashimoto Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c5eb9b1f-39d5-4c5d-8fb3-71d4bbe5f43a>
Affected Software: Track The Click CVE ID: CVE-2023-5041 CVSS Score: 8.8 (High) Researcher/s: Karolis Narvilas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/dcddb0f3-41d5-4635-88ac-556ee3eec49a>
Affected Software: Simple Membership CVE ID: CVE-2023-41956 CVSS Score: 8.8 (High) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e53bb240-8784-4d34-8d3f-4a7af917f3f4>
Affected Software: Active Directory Integration / LDAP Integration CVE ID: CVE-2023-4506 CVSS Score: 7.5 (High) Researcher/s: Pedro José Navas Pérez Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1c667631-7934-467e-baa2-7c3b0160c3a5>
Affected Software: Simple Membership CVE ID: CVE-2023-41957 CVSS Score: 7.3 (High) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7cff7dc5-23e1-424c-923b-68eef49dec6f>
Affected Software: Best WordPress Gallery Plugin – FooGallery CVE ID: CVE-2023-44244 CVSS Score: 7.2 (High) Researcher/s: Vladislav Pokrovsky Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5fd495e8-d7e8-4949-b7aa-43ef40063ca1>
Affected Software: User Activity Log Pro CVE ID: CVE-2023-5167 CVSS Score: 7.2 (High) Researcher/s: Bartłomiej Marek, Tomasz Swiadek Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bcf205a3-be7b-49e7-ba02-3f69632ed65f>
Affected Software: School Management System – WPSchoolPress CVE ID: CVE-2023-4776 CVSS Score: 7.2 (High) Researcher/s: Dao Xuan Hieu Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d070e12e-ec53-4574-ac37-dc8805d9a553>
Affected Software: WordPress Online Booking and Scheduling Plugin – Bookly CVE ID: CVE-2023-4691 CVSS Score: 6.6 (Medium) Researcher/s: Pablo Sanchez Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ade6f9f2-2a35-4bb0-ab13-33b84394d965>
Affected Software: WordPress Gallery Plugin – NextGEN Gallery CVE ID: CVE-2023-3155 CVSS Score: 6.5 (Medium) Researcher/s: Linwz Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a15e917f-f46a-4006-a4cb-3d55331ccb5b>
Affected Software: ActivityPub CVE ID: CVE-2023-3707 CVSS Score: 6.5 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a1c6ad5a-bc76-4012-acc6-35f742e0869e>
Affected Software: Booking Calendar CVE ID: CVE Unknown CVSS Score: 6.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/08814d06-0039-49cc-bcbb-96cb01129e3c>
Affected Software: Font Awesome More Icons CVE ID: CVE-2023-5232 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/15947764-a070-4715-bd44-cb79b62ed59d>
Affected Software: bbp style pack CVE ID: CVE-2023-44984 CVSS Score: 6.4 (Medium) Researcher/s: NGÔ THIÊN AN Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/169cb1b8-8a37-4a8b-b824-c31ef132b88a>
Affected Software: flowpaper CVE ID: CVE-2023-5200 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/31d6288d-87f0-4822-b3f4-541f70cf99fd>
Affected Software: iframe CVE ID: CVE-2023-4919 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes, Alex Thomas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3706deed-55f2-4dfb-bfed-7a14872cd15a>
Affected Software: ActivityPub CVE ID: CVE-2023-3746 CVSS Score: 6.4 (Medium) Researcher/s: Ben Bidner Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/406951d8-4c61-45b3-a8a2-788921662b6c>
Affected Software: Modal Window – create popup modal window CVE ID: CVE-2023-5161 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/48e2129f-6a2c-45e4-a0cf-7d8d5f563a7f>
Affected Software: Slideshow, Image Slider by 2J CVE ID: CVE-2023-44242 CVSS Score: 6.4 (Medium) Researcher/s: NGÔ THIÊN AN Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5bbccacf-0c34-4656-834b-b3b4c0a84abe>
Affected Software: Comments by Startbit CVE ID: CVE-2023-5295 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/602b3b9c-76a7-4b0b-8aad-e554c2fd6910>
Affected Software: The Awesome Feed – Custom Feed CVE ID: CVE-2023-44264 CVSS Score: 6.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6892fefa-3866-4dbf-8604-dd4bc1e7d481>
Affected Software: BuddyMeet CVE ID: CVE-2023-44985 CVSS Score: 6.4 (Medium) Researcher/s: NGÔ THIÊN AN Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/75dafb36-7596-492f-a377-32315b1abe33>
Affected Software: Cooked – Recipe Plugin CVE ID: CVE-2023-44477 CVSS Score: 6.4 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/76ba273d-0919-45b3-8044-b8f0ff3972ab>
Affected Software: ActivityPub CVE ID: CVE-2023-5057 CVSS Score: 6.4 (Medium) Researcher/s: Ben Bidner Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/76e35dc6-a4d2-4dca-a186-395f0dd954aa>
Affected Software: TM WooCommerce Compare & Wishlist CVE ID: CVE-2023-5230 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/771ecb8c-feb1-40ea-b47b-a2ae033b3c87>
Affected Software: Pretty Google Calendar CVE ID: CVE Unknown CVSS Score: 6.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8ed90a91-e007-42a5-bbef-f186bd3875ea>
Affected Software: Font Awesome Integration CVE ID: CVE-2023-5233 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a2791f48-895f-4099-87ec-41aaac2494a2>
Affected Software: User Avatar – Reloaded CVE ID: CVE-2023-4798 CVSS Score: 6.4 (Medium) Researcher/s: Dmitrii Ignatyev Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c3ecf638-dfc4-4e9d-bca8-cd008227e934>
Affected Software: Magic Action Box CVE ID: CVE-2023-5231 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ce9b908b-1388-41fb-915c-e4e29eaf57ed>
Affected Software: Advanced Custom Fields: Extended CVE ID: CVE-2023-5292 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/dcbe0c72-d518-45d3-a220-896a51071b26>
Affected Software: Options for Twenty Seventeen CVE ID: CVE-2023-5162 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/df35d8c6-55ec-4cf5-8055-93ec5193c0a4>
Affected Software: Simple Posts Ticker – Easy, Lightweight & Flexible CVE ID: CVE-2023-4646 CVSS Score: 6.4 (Medium) Researcher/s: Dmitrii Ignatyev Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ec1ffc70-fc0c-4c25-926c-e78e0f206d2b>
Affected Software: Tiger Forms – Drag and Drop Form Builder CVE ID: CVE-2023-44474 CVSS Score: 6.1 (Medium) Researcher/s: SeungYongLee Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/286e52b4-2694-4f3b-9d1d-fd1ebf1d1e50>
Affected Software: Contractor Contact Form Website to Workflow Tool CVE ID: CVE-2023-44245 CVSS Score: 6.1 (Medium) Researcher/s: SeungYongLee Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/da4684b8-20f6-4dc1-8f29-d79f64ccb9d8>
Affected Software: BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net CVE ID: CVE-2023-4923 CVSS Score: 5.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7a4db03d-ec40-4145-aa95-fee78bda5205>
Affected Software: BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net CVE ID: CVE-2023-4924 CVSS Score: 5.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7dfd0246-4265-4dde-8a1e-18b7042eae74>
Affected Software: BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net CVE ID: CVE-2023-4926 CVSS Score: 5.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ab633506-63a1-4be1-b402-c7f0bcc4ea7a>
Affected Software: Block Plugin Update CVE ID: CVE-2023-44261 CVSS Score: 5.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3a998de7-fa46-495c-a4ca-15df4e59457f>
Affected Software: Schema App Structured Data CVE ID: CVE-2023-44258 CVSS Score: 5.3 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3de82328-e44f-4488-a2ae-1dd2c3b8a502>
Affected Software: CopyRightPro CVE ID: CVE-2023-44476 CVSS Score: 5.3 (Medium) Researcher/s: Skalucy Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/83b48cfc-04e7-4929-8da2-cf6beee6d88e>
Affected Software: User Activity Log Pro CVE ID: CVE-2023-5133 CVSS Score: 5.3 (Medium) Researcher/s: Bartłomiej Marek, Tomasz Swiadek Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9666913e-55a3-441c-85ef-8a12756e37ba>
Affected Software: WP Captcha CVE ID: CVE-2023-44235 CVSS Score: 5.3 (Medium) Researcher/s: qilin_99 Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9bc2a04c-7b7c-483f-b81b-97a7caac179c>
Affected Software: WP Jump Menu CVE ID: CVE-2023-44479 CVSS Score: 4.4 (Medium) Researcher/s: DoYeon Park Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2d34c665-e99c-408e-b7ab-d08a1a51c6c4>
Affected Software: Popup contact form CVE ID: CVE-2023-44265 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/47eb6ca7-049c-41b8-9210-391d4d1b8b2f>
Affected Software: Blocks CVE ID: CVE-2023-44262 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/66925385-d89e-45c0-a87b-4ad4f7b89d60>
Affected Software: Simple Posts Ticker – Easy, Lightweight & Flexible CVE ID: CVE-2023-4725 CVSS Score: 4.4 (Medium) Researcher/s: Dmitrii Ignatyev Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9ac2c929-2188-4818-880d-8793984e8df1>
Affected Software: WP Adminify – WordPress Dashboard Customization | Custom Login | Admin Columns | Dashboard Widget | Media Library Folders CVE ID: CVE-2023-44266 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a600f164-7255-4590-8239-2d3e0b445e79>
Affected Software: Popup contact form CVE ID: CVE-2023-44230 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ad896d7d-2c75-466c-9a79-b6a9cfb0bc15>
Affected Software: WWM Social Share On Image Hover CVE ID: CVE-2023-44239 CVSS Score: 4.4 (Medium) Researcher/s: DoYeon Park Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c9ab868b-51ab-4dad-b662-8302cda9c0e7>
Affected Software: Tiny Carousel Horizontal Slider CVE ID: CVE-2023-44229 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d2a3ad97-b4ea-4ad9-ac83-071e56cb8df7>
Affected Software: Onclick show popup CVE ID: CVE-2023-44228 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ee013d3f-18bc-418e-ab5b-87724710f340>
Affected Software: Modern Events Calendar Lite CVE ID: CVE-2023-4021 CVSS Score: 4.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f213fb42-5bab-4017-80ea-ce6543031af2>
Affected Software: Keap Landing Pages CVE ID: CVE-2023-44241 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/113f0cb7-a5eb-42d5-ad42-871c0381b617>
Affected Software: BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net CVE ID: CVE-2023-4942 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/26d8b75b-befa-4c6a-b072-0da44e437174>
Affected Software: BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net CVE ID: CVE-2023-4943 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2d10475f-83dd-4e59-83e4-aeaa72a22b96>
Affected Software: Instant CSS CVE ID: CVE-2023-44243 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/30ce93b4-9e2a-4a8c-8590-ffd61d618d31>
Affected Software: BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net CVE ID: CVE-2023-4940 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/31c5e524-ef4d-48c7-baa0-595f8060a167>
Affected Software: Unyson CVE ID: CVE-2023-44472 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/35421b32-701a-4fc9-bcec-80684d874bab>
Affected Software: BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net CVE ID: CVE-2023-4937 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/40bf51bf-efb2-4504-815b-4681d1078f77>
Affected Software: WP Custom Admin Interface CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/418b9138-9ae0-41f1-a75b-69cbcaffbb88>
Affected Software: WP Hide Pages CVE ID: CVE-2023-44232 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/46e7ca97-6dd9-4e27-8e69-2e73f9490ea7>
Affected Software: Add Shortcodes Actions And Filters CVE ID: CVE-2023-44475 CVSS Score: 4.3 (Medium) Researcher/s: Skalucy Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4942de17-d141-4a6c-885e-75f540fe21b6>
Affected Software: Woocommerce ESTO CVE ID: CVE-2023-44260 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/49f7e35d-e453-4e60-8f73-12891def267a>
Affected Software: BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net CVE ID: CVE-2023-4920 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/58d25eeb-b12c-4850-8308-eaa30982b5a8>
Affected Software: Contact Form CVE ID: CVE-2023-44231 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5bdba43c-0156-4a6b-b7b9-3f74b506e8f8>
Affected Software: Table of Contents Plus CVE ID: CVE-2023-44473 CVSS Score: 4.3 (Medium) Researcher/s: Muhammad Daffa Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/624a3174-03fa-4a8e-9c02-5e24add92392>
Affected Software: WP GPX Maps CVE ID: CVE-2023-44234 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/625c1df5-6655-4319-8833-5519b464e53e>
Affected Software: BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net CVE ID: CVE-2023-4935 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/639f3941-7783-4500-aca4-5e8155db6460>
Affected Software: Vrm 360 3D Model Viewer CVE ID: CVE-2023-5177 CVSS Score: 4.3 (Medium) Researcher/s: Jonatas Souza Villa Flor Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6c71183f-45e7-44de-a957-614ce417db90>
Affected Software: Remove slug from custom post type CVE ID: CVE-2023-44238 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/77cb14b1-d9e5-4296-ad8c-6642327ef310>
Affected Software: WP Captcha CVE ID: CVE-2023-44236 CVSS Score: 4.3 (Medium) Researcher/s: qilin_99 Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/810adc9a-d4e1-46a8-89e4-22615cbbb9c6>
Affected Software: WP Custom Admin Interface CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a5bc6097-d6ed-4598-b3c8-9159d5ce04ee>
Affected Software: Mediavine Control Panel CVE ID: CVE-2023-44259 CVSS Score: 4.3 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ac20b454-a5e5-4ff6-a5bf-9c3c339321d8>
Affected Software: Backend Localization CVE ID: CVE-2023-44471 CVSS Score: 4.3 (Medium) Researcher/s: Skalucy Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ad0bd82d-db0e-440e-9cea-d3843525b0f0>
Affected Software: BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net CVE ID: CVE-2023-4941 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bc20f303-cac3-4517-9c45-153c410a13af>
Affected Software: BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net CVE ID: CVE-2023-4935 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c045b31f-b4d6-470e-8f93-36eb70bb75f8>
Affected Software: BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net CVE ID: CVE-2023-4938 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c42f56a2-b9f9-40ef-86ad-fea6cf2e29f8>
Affected Software: Kv TinyMCE Editor Add Fonts CVE ID: CVE-2023-44470 CVSS Score: 4.3 (Medium) Researcher/s: Skalucy Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cde526f2-7eff-49cf-8a9f-e0c0cdd12522>
Affected Software: ActivityPub CVE ID: CVE-2023-3706 CVSS Score: 4.3 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d1b92249-bc18-4939-aefa-286667f6c003>
Affected Software: Best WordPress Gallery Plugin – FooGallery CVE ID: CVE-2023-44233 CVSS Score: 4.3 (Medium) Researcher/s: Vladislav Pokrovsky Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d58ca75a-f425-477d-8e48-a5d600543578>
Affected Software: Mang Board WP CVE ID: CVE-2023-44257 CVSS Score: 4.3 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e4a32fdc-1c72-45fc-bb57-44f6888e0885>
Affected Software: Timthumb Vulnerability Scanner CVE ID: CVE-2023-44240 CVSS Score: 4.3 (Medium) Researcher/s: emad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f0e8d029-af6b-43cb-aa90-f92777c5ac99>
Affected Software: WP Site Protector CVE ID: CVE-2023-44237 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f92f614b-162a-4ca5-bf7d-9d7088f59af9>
Affected Software: Shockingly Simple Favicon CVE ID: CVE-2023-44246 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fd7a1440-18f5-4bcb-a4cf-c4713375d0a1>
Affected Software: WP Job Openings – Job Listing, Career Page and Recruitment Plugin CVE ID: CVE-2023-4933 CVSS Score: 3.7 (Low) Researcher/s: Dmitrii Ignatyev Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/334be95c-438a-4e03-9ee4-9a6d2c2fa5f7>
Affected Software: Active Directory Integration / LDAP Integration CVE ID: CVE-2023-4506 CVSS Score: 2.2 (Low) Researcher/s: Pedro José Navas Pérez Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0585969d-dd08-4058-9d72-138a55a2cdf1>
Affected Software: Staff / Employee Business Directory for Active Directory CVE ID: CVE-2023-4505 CVSS Score: 2.2 (Low) Researcher/s: Pedro José Navas Pérez Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1ea40b96-4693-4f98-8e6e-2ed8186cedd8>
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (September 25, 2023 to October 1, 2023) appeared first on Wordfence.
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
52.1%