Chloe ChamberlandWORDFENCE:2568CF70515DF69AF229501AF01D30A7Wordfence Intelligence Weekly WordPress Vulnerability Report (September 25, 2023 to October 1, 2023)
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
52.1%
Last week, there were 90 vulnerabilities disclosed in 68 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 31 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API and webhook integration are completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Individuals and Enterprises can use the vulnerability Database API to receive a complete dump of our database of over 11,800 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
New Firewall Rules Deployed Last Week
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
- Simple Membership <= 4.3.4 - Account Takeover via Password Reset
- Allow PHP in Posts and Pages <= 3.0.4 - Authenticated (Subscriber+) Remote Code Execution via Shortcode
- WAF-RULE-635 - data redacted while we work with the developer on a patch.
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
|---|---|
| Unpatched | 38 |
| Patched | 52 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
|---|---|
| Low Severity | 3 |
| Medium Severity | 76 |
| High Severity | 9 |
| Critical Severity | 2 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
|---|---|
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 35 |
| Cross-Site Request Forgery (CSRF) | 30 |
| Missing Authorization | 6 |
| Missing Authentication for Critical Function | 3 |
| Information Exposure | 3 |
| Improper Input Validation | 3 |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 3 |
| Authorization Bypass Through User-Controlled Key | 2 |
| Improper Control of Generation of Code ('Code Injection') | 1 |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 1 |
| Guessable CAPTCHA | 1 |
| Files or Directories Accessible to External Parties | 1 |
| Unrestricted Upload of File with Dangerous Type | 1 |
Researchers That Contributed to WordPress Security Last Week
| Researcher Name | Number of Vulnerabilities |
|---|---|
| Marco Wotschka | |
| (Wordfence Vulnerability Researcher) | 13 |
| Lana Codes | |
| (Wordfence Vulnerability Researcher) | 11 |
| Nguyen Xuan Chien | 8 |
| Rio Darmawan | 7 |
| Dmitrii Ignatyev | 4 |
| Skalucy | 4 |
| Pedro José Navas Pérez | 3 |
| NGÔ THIÊN AN | 3 |
| Abdi Pranata | 3 |
| yuyudhn | 3 |
| SeungYongLee | 2 |
| DoYeon Park | 2 |
| Ben Bidner | 2 |
| Vladislav Pokrovsky | 2 |
| Rafie Muhammad | 2 |
| qilin_99 | 2 |
| Bartłomiej Marek | 2 |
| Tomasz Swiadek | 2 |
| Erwan LR | 2 |
| Alex Thomas | |
| (Wordfence Vulnerability Researcher) | 1 |
| Mika | 1 |
| Muhammad Daffa | 1 |
| Jonatas Souza Villa Flor | 1 |
| thiennv | 1 |
| Rafshanzani Suhada | 1 |
| Linwz | 1 |
| Pablo Sanchez | 1 |
| Akihiro Hashimoto | 1 |
| Dao Xuan Hieu | 1 |
| Karolis Narvilas | 1 |
| emad | 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| Active Directory Integration / LDAP Integration | ldap-login-for-intranet-sites |
| ActivityPub | activitypub |
| Add Shortcodes Actions And Filters | add-actions-and-filters |
| Advanced Custom Fields: Extended | acf-extended |
| BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net | woo-bulk-editor |
| Backend Localization | kau-boys-backend-localization |
| Best WordPress Gallery Plugin – FooGallery | foogallery |
| Block Plugin Update | block-specific-plugin-updates |
| Blocks | blocks |
| Booking Calendar | booking |
| BuddyMeet | buddymeet |
| Comments by Startbit | facebook-comment-by-vivacity |
| Contact Form | contact-form-ready |
| Contractor Contact Form Website to Workflow Tool | contractor-contact-form-website-to-workflow-tool |
| Cooked – Recipe Plugin | cooked |
| CopyRightPro | copyrightpro |
| Events Rich Snippets for Google | rich-snippets-vevents |
| Font Awesome Integration | font-awesome-integration |
| Font Awesome More Icons | font-awesome-more-icons |
| Instant CSS | instant-css |
| Keap Landing Pages | infusionsoft-landing-pages |
| Kv TinyMCE Editor Add Fonts | kv-tinymce-editor-fonts |
| Magic Action Box | magic-action-box |
| Mang Board WP | mangboard |
| Mediavine Control Panel | mediavine-control-panel |
| Modal Window – create popup modal window | modal-window |
| Modern Events Calendar Lite | modern-events-calendar-lite |
| Onclick show popup | onclick-show-popup |
| OpenHook | thesis-openhook |
| Options for Twenty Seventeen | options-for-twenty-seventeen |
| Popup contact form | popup-contact-form |
| Pretty Google Calendar | pretty-google-calendar |
| Remove slug from custom post type | remove-slug-from-custom-post-type |
| Schema App Structured Data | schema-app-structured-data-for-schemaorg |
| School Management System – WPSchoolPress | wpschoolpress |
| Shockingly Simple Favicon | shockingly-simple-favicon |
| Simple File List | simple-file-list |
| Simple Membership | simple-membership |
| Simple Posts Ticker – Easy, Lightweight & Flexible | simple-posts-ticker |
| Slideshow, Image Slider by 2J | 2j-slideshow |
| Staff / Employee Business Directory for Active Directory | ldap-ad-staff-employee-directory-search |
| TM WooCommerce Compare & Wishlist | tm-woocommerce-compare-wishlist |
| Table of Contents Plus | table-of-contents-plus |
| The Awesome Feed – Custom Feed | wp-facebook-feed |
| Tiger Forms – Drag and Drop Form Builder | tiger-form |
| Timthumb Vulnerability Scanner | timthumb-vulnerability-scanner |
| Tiny Carousel Horizontal Slider | tiny-carousel-horizontal-slider |
| Track The Click | track-the-click |
| Unyson | unyson |
| User Activity Log Pro | user-activity-log-pro |
| User Avatar – Reloaded | user-avatar-reloaded |
| Vrm 360 3D Model Viewer | vrm360 |
| WP Adminify – WordPress Dashboard Customization | Custom Login |
| WP Captcha | wp-captcha |
| WP Custom Admin Interface | wp-custom-admin-interface |
| WP GPX Maps | wp-gpx-maps |
| WP Hide Pages | wp-hide-pages |
| WP Job Openings – Job Listing, Career Page and Recruitment Plugin | wp-job-openings |
| WP Jump Menu | wp-jump-menu |
| WP Site Protector | wp-site-protector |
| WWM Social Share On Image Hover | wwm-social-share-on-image-hover |
| Welcart e-Commerce | usc-e-shop |
| Woocommerce ESTO | woo-esto |
| WordPress Gallery Plugin – NextGEN Gallery | nextgen-gallery |
| WordPress Online Booking and Scheduling Plugin – Bookly | bookly-responsive-appointment-booking-tool |
| bbp style pack | bbp-style-pack |
| flowpaper | flowpaper-lite-pdf-flipbook |
| iframe | iframe |
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you'd like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
OpenHook <= 4.3.0 - Authenticated (Subscriber+) Remote Code Execution via Shortcode
Affected Software: OpenHook CVE ID: CVE-2023-5201 CVSS Score: 9.9 (Critical) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/37b9ed0e-5af2-47c1-b2da-8d103e4c31bf>
Simple File List <= 6.1.8 - Unauthenticated Arbitrary File Deletion
Affected Software: Simple File List CVE ID: CVE-2023-44227 CVSS Score: 9.1 (Critical) Researcher/s: Rafshanzani Suhada Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7eada9b7-8d53-4e95-858e-aa706f74b2a1>
Events Rich Snippets for Google <= 1.8 - Cross-Site Request Forgery to Arbitrary Options Update
Affected Software: Events Rich Snippets for Google CVE ID: CVE-2023-44478 CVSS Score: 8.8 (High) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5beb0f93-baa7-4400-ab40-d63f3430169e>
Welcart e-Commerce <= 2.8.21 - Authenticated(Editor+) Arbitrary File Upload
Affected Software: Welcart e-Commerce CVE ID: CVE-2023-40219 CVSS Score: 8.8 (High) Researcher/s: Akihiro Hashimoto Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c5eb9b1f-39d5-4c5d-8fb3-71d4bbe5f43a>
Track The Click <= 0.3.11 - Authenticated (Author+) SQL Injection via 'stats' REST Endpoint
Affected Software: Track The Click CVE ID: CVE-2023-5041 CVSS Score: 8.8 (High) Researcher/s: Karolis Narvilas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/dcddb0f3-41d5-4635-88ac-556ee3eec49a>
Simple Membership <= 4.3.4 - Account Takeover via Password Reset
Affected Software: Simple Membership CVE ID: CVE-2023-41956 CVSS Score: 8.8 (High) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e53bb240-8784-4d34-8d3f-4a7af917f3f4>
Active Directory Integration / LDAP Integration <= 4.1.9 - Sensitive Information Exposure
Affected Software: Active Directory Integration / LDAP Integration CVE ID: CVE-2023-4506 CVSS Score: 7.5 (High) Researcher/s: Pedro José Navas Pérez Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1c667631-7934-467e-baa2-7c3b0160c3a5>
Simple Membership <= 4.3.4 - Privilege escalation via Registration
Affected Software: Simple Membership CVE ID: CVE-2023-41957 CVSS Score: 7.3 (High) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7cff7dc5-23e1-424c-923b-68eef49dec6f>
FooGallery <= 2.2.44 - Reflected Cross-Site Scripting
Affected Software: Best WordPress Gallery Plugin – FooGallery CVE ID: CVE-2023-44244 CVSS Score: 7.2 (High) Researcher/s: Vladislav Pokrovsky Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5fd495e8-d7e8-4949-b7aa-43ef40063ca1>
User Activity Log Pro <= 2.3.3 - Unauthenticated Stored Cross-Site Scripting via User-Agent header
Affected Software: User Activity Log Pro CVE ID: CVE-2023-5167 CVSS Score: 7.2 (High) Researcher/s: Bartłomiej Marek, Tomasz Swiadek Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bcf205a3-be7b-49e7-ba02-3f69632ed65f>
WPSchoolPress <= 2.2.4 - Authenticated(Teacher+) SQL Injection via ClassID
Affected Software: School Management System – WPSchoolPress CVE ID: CVE-2023-4776 CVSS Score: 7.2 (High) Researcher/s: Dao Xuan Hieu Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d070e12e-ec53-4574-ac37-dc8805d9a553>
Bookly <= 22.3.1 - Authenticated(Administrator+) SQL Injection
Affected Software: WordPress Online Booking and Scheduling Plugin – Bookly CVE ID: CVE-2023-4691 CVSS Score: 6.6 (Medium) Researcher/s: Pablo Sanchez Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ade6f9f2-2a35-4bb0-ab13-33b84394d965>
NextGEN Gallery <= 3.37 - Authenticated (Admininistrator+) Arbitrary File Read and Deletion in gallery_edit
Affected Software: WordPress Gallery Plugin – NextGEN Gallery CVE ID: CVE-2023-3155 CVSS Score: 6.5 (Medium) Researcher/s: Linwz Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a15e917f-f46a-4006-a4cb-3d55331ccb5b>
ActivityPub <= 0.17.0 - Authenticated (Subscriber+) Insecure Direct Object Reference to Sensitive Post Content Exposure
Affected Software: ActivityPub CVE ID: CVE-2023-3707 CVSS Score: 6.5 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a1c6ad5a-bc76-4012-acc6-35f742e0869e>
Booking Calendar <= 9.7.3.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode
Affected Software: Booking Calendar CVE ID: CVE Unknown CVSS Score: 6.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/08814d06-0039-49cc-bcbb-96cb01129e3c>
Font Awesome More Icons <= 3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: Font Awesome More Icons CVE ID: CVE-2023-5232 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/15947764-a070-4715-bd44-cb79b62ed59d>
bbp style pack <= 5.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: bbp style pack CVE ID: CVE-2023-44984 CVSS Score: 6.4 (Medium) Researcher/s: NGÔ THIÊN AN Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/169cb1b8-8a37-4a8b-b824-c31ef132b88a>
flowpaper <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: flowpaper CVE ID: CVE-2023-5200 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/31d6288d-87f0-4822-b3f4-541f70cf99fd>
iframe <= 4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'iframe' Shortcode
Affected Software: iframe CVE ID: CVE-2023-4919 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes, Alex Thomas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3706deed-55f2-4dfb-bfed-7a14872cd15a>
ActivityPub <= 0.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Content
Affected Software: ActivityPub CVE ID: CVE-2023-3746 CVSS Score: 6.4 (Medium) Researcher/s: Ben Bidner Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/406951d8-4c61-45b3-a8a2-788921662b6c>
Modal Window <= 5.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: Modal Window – create popup modal window CVE ID: CVE-2023-5161 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/48e2129f-6a2c-45e4-a0cf-7d8d5f563a7f>
Slideshow, Image Slider by 2J <= 1.3.54 - Authenticated (Contributor+) Stored Cross-Site Scripting
Affected Software: Slideshow, Image Slider by 2J CVE ID: CVE-2023-44242 CVSS Score: 6.4 (Medium) Researcher/s: NGÔ THIÊN AN Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5bbccacf-0c34-4656-834b-b3b4c0a84abe>
Comments by Startbit <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: Comments by Startbit CVE ID: CVE-2023-5295 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/602b3b9c-76a7-4b0b-8aad-e554c2fd6910>
The Awesome Feed – Custom Feed <= 2.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: The Awesome Feed – Custom Feed CVE ID: CVE-2023-44264 CVSS Score: 6.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6892fefa-3866-4dbf-8604-dd4bc1e7d481>
BuddyMeet <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: BuddyMeet CVE ID: CVE-2023-44985 CVSS Score: 6.4 (Medium) Researcher/s: NGÔ THIÊN AN Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/75dafb36-7596-492f-a377-32315b1abe33>
Cooked <= 1.7.13 - Authenticated (Contributor+) Stored Cross-Site Scripting
Affected Software: Cooked – Recipe Plugin CVE ID: CVE-2023-44477 CVSS Score: 6.4 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/76ba273d-0919-45b3-8044-b8f0ff3972ab>
ActivityPub <= 0.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via User Metadata
Affected Software: ActivityPub CVE ID: CVE-2023-5057 CVSS Score: 6.4 (Medium) Researcher/s: Ben Bidner Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/76e35dc6-a4d2-4dca-a186-395f0dd954aa>
TM WooCommerce Compare & Wishlist <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: TM WooCommerce Compare & Wishlist CVE ID: CVE-2023-5230 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/771ecb8c-feb1-40ea-b47b-a2ae033b3c87>
Pretty Google Calendar <= 1.5.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via pretty_google_calendar shortcode
Affected Software: Pretty Google Calendar CVE ID: CVE Unknown CVSS Score: 6.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8ed90a91-e007-42a5-bbef-f186bd3875ea>
Font Awesome Integration <= 5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: Font Awesome Integration CVE ID: CVE-2023-5233 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a2791f48-895f-4099-87ec-41aaac2494a2>
User Avatar – Reloaded <= 1.2.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: User Avatar – Reloaded CVE ID: CVE-2023-4798 CVSS Score: 6.4 (Medium) Researcher/s: Dmitrii Ignatyev Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c3ecf638-dfc4-4e9d-bca8-cd008227e934>
Magic Action Box <= 2.17.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: Magic Action Box CVE ID: CVE-2023-5231 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ce9b908b-1388-41fb-915c-e4e29eaf57ed>
Advanced Custom Fields: Extended <= 0.8.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: Advanced Custom Fields: Extended CVE ID: CVE-2023-5292 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/dcbe0c72-d518-45d3-a220-896a51071b26>
Options for Twenty Seventeen <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: Options for Twenty Seventeen CVE ID: CVE-2023-5162 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/df35d8c6-55ec-4cf5-8055-93ec5193c0a4>
Simple Posts Ticker <= 1.1.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode
Affected Software: Simple Posts Ticker – Easy, Lightweight & Flexible CVE ID: CVE-2023-4646 CVSS Score: 6.4 (Medium) Researcher/s: Dmitrii Ignatyev Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ec1ffc70-fc0c-4c25-926c-e78e0f206d2b>
Tiger Forms <= 2.0.0 - Reflected Cross-Site Scripting
Affected Software: Tiger Forms – Drag and Drop Form Builder CVE ID: CVE-2023-44474 CVSS Score: 6.1 (Medium) Researcher/s: SeungYongLee Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/286e52b4-2694-4f3b-9d1d-fd1ebf1d1e50>
Contractor Contact Form Website to Workflow Tool <= 4.0.0 - Reflected Cross-Site Scripting
Affected Software: Contractor Contact Form Website to Workflow Tool CVE ID: CVE-2023-44245 CVSS Score: 6.1 (Medium) Researcher/s: SeungYongLee Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/da4684b8-20f6-4dc1-8f29-d79f64ccb9d8>
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Deletion
Affected Software: BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net CVE ID: CVE-2023-4923 CVSS Score: 5.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7a4db03d-ec40-4145-aa95-fee78bda5205>
BEAR <= 1.1.3.3 - Missing Authorization to Product Deletion
Affected Software: BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net CVE ID: CVE-2023-4924 CVSS Score: 5.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7dfd0246-4265-4dde-8a1e-18b7042eae74>
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Deletion
Affected Software: BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net CVE ID: CVE-2023-4926 CVSS Score: 5.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ab633506-63a1-4be1-b402-c7f0bcc4ea7a>
Block Plugin Update <= 3.3 - Cross-Site Request Forgery via bspu_plugin_select.php
Affected Software: Block Plugin Update CVE ID: CVE-2023-44261 CVSS Score: 5.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3a998de7-fa46-495c-a4ca-15df4e59457f>
Schema App Structured Data <= 1.22.3 - Missing Authorization via page_init
Affected Software: Schema App Structured Data CVE ID: CVE-2023-44258 CVSS Score: 5.3 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3de82328-e44f-4488-a2ae-1dd2c3b8a502>
CopyRightPro <= 2.1 - Cross-Site Request Forgery
Affected Software: CopyRightPro CVE ID: CVE-2023-44476 CVSS Score: 5.3 (Medium) Researcher/s: Skalucy Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/83b48cfc-04e7-4929-8da2-cf6beee6d88e>
User Activity Log Pro <= 2.3.3 - Tracking Bypass via IP Spoofing
Affected Software: User Activity Log Pro CVE ID: CVE-2023-5133 CVSS Score: 5.3 (Medium) Researcher/s: Bartłomiej Marek, Tomasz Swiadek Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9666913e-55a3-441c-85ef-8a12756e37ba>
WP Captcha <= 2.0.0 - CAPTCHA Bypass
Affected Software: WP Captcha CVE ID: CVE-2023-44235 CVSS Score: 5.3 (Medium) Researcher/s: qilin_99 Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9bc2a04c-7b7c-483f-b81b-97a7caac179c>
WP Jump Menu <= 3.6.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: WP Jump Menu CVE ID: CVE-2023-44479 CVSS Score: 4.4 (Medium) Researcher/s: DoYeon Park Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2d34c665-e99c-408e-b7ab-d08a1a51c6c4>
Popup contact form <= 7.1 - Authenticated (Admin+) Stored Cross-Site Scripting
Affected Software: Popup contact form CVE ID: CVE-2023-44265 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/47eb6ca7-049c-41b8-9210-391d4d1b8b2f>
Blocks <= 1.6.41 - Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Blocks CVE ID: CVE-2023-44262 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/66925385-d89e-45c0-a87b-4ad4f7b89d60>
Simple Posts Ticker <= 1.1.5 - Authenticated(Administrator+) Stored Cross-Site Scripting
Affected Software: Simple Posts Ticker – Easy, Lightweight & Flexible CVE ID: CVE-2023-4725 CVSS Score: 4.4 (Medium) Researcher/s: Dmitrii Ignatyev Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9ac2c929-2188-4818-880d-8793984e8df1>
WP Adminify <= 3.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting
Affected Software: WP Adminify – WordPress Dashboard Customization | Custom Login | Admin Columns | Dashboard Widget | Media Library Folders CVE ID: CVE-2023-44266 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a600f164-7255-4590-8239-2d3e0b445e79>
Popup contact form <= 7.1 - Authenticated (Admin+) Stored Cross-Site Scripting
Affected Software: Popup contact form CVE ID: CVE-2023-44230 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ad896d7d-2c75-466c-9a79-b6a9cfb0bc15>
WWM Social Share On Image Hover <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: WWM Social Share On Image Hover CVE ID: CVE-2023-44239 CVSS Score: 4.4 (Medium) Researcher/s: DoYeon Park Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c9ab868b-51ab-4dad-b662-8302cda9c0e7>
Tiny Carousel Horizontal Slider <= 8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Tiny Carousel Horizontal Slider CVE ID: CVE-2023-44229 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d2a3ad97-b4ea-4ad9-ac83-071e56cb8df7>
Onclick Show Popup <= 8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Onclick show popup CVE ID: CVE-2023-44228 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ee013d3f-18bc-418e-ab5b-87724710f340>
Modern Events Calendar lite < 7.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting
Affected Software: Modern Events Calendar Lite CVE ID: CVE-2023-4021 CVSS Score: 4.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f213fb42-5bab-4017-80ea-ce6543031af2>
Keap Landing Pages <= 1.4.2 - Cross-Site Request Forgery
Affected Software: Keap Landing Pages CVE ID: CVE-2023-44241 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/113f0cb7-a5eb-42d5-ad42-871c0381b617>
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Manipulation
Affected Software: BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net CVE ID: CVE-2023-4942 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/26d8b75b-befa-4c6a-b072-0da44e437174>
BEAR <= 1.1.3.3 - Missing Authorization to Product Manipulation
Affected Software: BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net CVE ID: CVE-2023-4943 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2d10475f-83dd-4e59-83e4-aeaa72a22b96>
Instant CSS <= 1.2.1 - Cross-Site Request Forgery
Affected Software: Instant CSS CVE ID: CVE-2023-44243 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/30ce93b4-9e2a-4a8c-8590-ffd61d618d31>
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Manipulation
Affected Software: BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net CVE ID: CVE-2023-4940 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/31c5e524-ef4d-48c7-baa0-595f8060a167>
Unyson <= 2.7.28 - Missing Authorization
Affected Software: Unyson CVE ID: CVE-2023-44472 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/35421b32-701a-4fc9-bcec-80684d874bab>
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Manipulation
Affected Software: BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net CVE ID: CVE-2023-4937 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/40bf51bf-efb2-4504-815b-4681d1078f77>
WP Custom Admin Interface <= 7.32 - Missing Authorization to Transients Deletion
Affected Software: WP Custom Admin Interface CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/418b9138-9ae0-41f1-a75b-69cbcaffbb88>
WP Hide Pages <= 1.0 - Cross-Site Request Forgery
Affected Software: WP Hide Pages CVE ID: CVE-2023-44232 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/46e7ca97-6dd9-4e27-8e69-2e73f9490ea7>
Add Shortcodes Actions And Filters <= 2.0.9 - Cross-Site Request Forgery
Affected Software: Add Shortcodes Actions And Filters CVE ID: CVE-2023-44475 CVSS Score: 4.3 (Medium) Researcher/s: Skalucy Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4942de17-d141-4a6c-885e-75f540fe21b6>
Woocommerce ESTO <= 2.23.1 - Cross-Site Request Forgery via saveSetting
Affected Software: Woocommerce ESTO CVE ID: CVE-2023-44260 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/49f7e35d-e453-4e60-8f73-12891def267a>
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Affected Software: BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net CVE ID: CVE-2023-4920 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/58d25eeb-b12c-4850-8308-eaa30982b5a8>
Contact Form <= 2.0.10 - Cross-Site Request Forgery
Affected Software: Contact Form CVE ID: CVE-2023-44231 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5bdba43c-0156-4a6b-b7b9-3f74b506e8f8>
Table of Contents Plus <= 2302 - Cross-Site Request Forgery
Affected Software: Table of Contents Plus CVE ID: CVE-2023-44473 CVSS Score: 4.3 (Medium) Researcher/s: Muhammad Daffa Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/624a3174-03fa-4a8e-9c02-5e24add92392>
WP GPX Map <= 1.7.05 - Missing Authorization
Affected Software: WP GPX Maps CVE ID: CVE-2023-44234 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/625c1df5-6655-4319-8833-5519b464e53e>
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Profile Creation
Affected Software: BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net CVE ID: CVE-2023-4935 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/639f3941-7783-4500-aca4-5e8155db6460>
Vrm 360 3D Model Viewer <= 1.2.1 - Authenticated(Subscriber+) Sensitive Information Exposure
Affected Software: Vrm 360 3D Model Viewer CVE ID: CVE-2023-5177 CVSS Score: 4.3 (Medium) Researcher/s: Jonatas Souza Villa Flor Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6c71183f-45e7-44de-a957-614ce417db90>
Remove slug from custom post type <= 1.0.3 - Cross-Site Request Forgery
Affected Software: Remove slug from custom post type CVE ID: CVE-2023-44238 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/77cb14b1-d9e5-4296-ad8c-6642327ef310>
WP Captcha <= 2.0.0 - Cross-Site Request Forgery
Affected Software: WP Captcha CVE ID: CVE-2023-44236 CVSS Score: 4.3 (Medium) Researcher/s: qilin_99 Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/810adc9a-d4e1-46a8-89e4-22615cbbb9c6>
WP Custom Admin Interface <= 7.32 - Cross-Site Request Forgery to Transients Deletion
Affected Software: WP Custom Admin Interface CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a5bc6097-d6ed-4598-b3c8-9159d5ce04ee>
Mediavine Control Panel <= 2.10.2 - Cross-Site Request Forgery via render_settings_page
Affected Software: Mediavine Control Panel CVE ID: CVE-2023-44259 CVSS Score: 4.3 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ac20b454-a5e5-4ff6-a5bf-9c3c339321d8>
Backend Localization <= 2.1.10 - Cross-Site Request Forgery
Affected Software: Backend Localization CVE ID: CVE-2023-44471 CVSS Score: 4.3 (Medium) Researcher/s: Skalucy Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ad0bd82d-db0e-440e-9cea-d3843525b0f0>
BEAR <= 1.1.3.3 - Missing Authorization to Product Manipulation
Affected Software: BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net CVE ID: CVE-2023-4941 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bc20f303-cac3-4517-9c45-153c410a13af>
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Profile Deletion
Affected Software: BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net CVE ID: CVE-2023-4935 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c045b31f-b4d6-470e-8f93-36eb70bb75f8>
BEAR <= 1.1.3.3 - Missing Authorization to Product Manipulation
Affected Software: BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net CVE ID: CVE-2023-4938 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c42f56a2-b9f9-40ef-86ad-fea6cf2e29f8>
Kv TinyMCE Editor Add Fonts <= 1.1 - Cross-Site Request Forgery
Affected Software: Kv TinyMCE Editor Add Fonts CVE ID: CVE-2023-44470 CVSS Score: 4.3 (Medium) Researcher/s: Skalucy Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cde526f2-7eff-49cf-8a9f-e0c0cdd12522>
ActivityPub <= 0.17.0 - Authenticated (Subscriber+) Insecure Direct Object Reference to Sensitive Post Title Exposure
Affected Software: ActivityPub CVE ID: CVE-2023-3706 CVSS Score: 4.3 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d1b92249-bc18-4939-aefa-286667f6c003>
FooGallery <= 2.2.44 - Cross-Site Request Forgery
Affected Software: Best WordPress Gallery Plugin – FooGallery CVE ID: CVE-2023-44233 CVSS Score: 4.3 (Medium) Researcher/s: Vladislav Pokrovsky Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d58ca75a-f425-477d-8e48-a5d600543578>
Mang Board WP <= 1.7.6 - Cross-Site Request Forgery
Affected Software: Mang Board WP CVE ID: CVE-2023-44257 CVSS Score: 4.3 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e4a32fdc-1c72-45fc-bb57-44f6888e0885>
Timthumb Vulnerability Scanner <= 1.54 - Cross-Site Request Forgery
Affected Software: Timthumb Vulnerability Scanner CVE ID: CVE-2023-44240 CVSS Score: 4.3 (Medium) Researcher/s: emad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f0e8d029-af6b-43cb-aa90-f92777c5ac99>
WP Site Protector <= 2.0 - Cross-Site Request Forgery
Affected Software: WP Site Protector CVE ID: CVE-2023-44237 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f92f614b-162a-4ca5-bf7d-9d7088f59af9>
Shockingly Simple Favicon <= 1.8.2 - Cross-Site Request Forgery
Affected Software: Shockingly Simple Favicon CVE ID: CVE-2023-44246 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fd7a1440-18f5-4bcb-a4cf-c4713375d0a1>
WP Job Openings <= 3.4.2 - Information Exposure
Affected Software: WP Job Openings – Job Listing, Career Page and Recruitment Plugin CVE ID: CVE-2023-4933 CVSS Score: 3.7 (Low) Researcher/s: Dmitrii Ignatyev Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/334be95c-438a-4e03-9ee4-9a6d2c2fa5f7>
Active Directory Integration / LDAP Integration <= 4.1.10 - LDAP Passback
Affected Software: Active Directory Integration / LDAP Integration CVE ID: CVE-2023-4506 CVSS Score: 2.2 (Low) Researcher/s: Pedro José Navas Pérez Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0585969d-dd08-4058-9d72-138a55a2cdf1>
Staff / Employee Business Directory for Active Directory <= 1.2.3 - Authenticated (Admin+) LDAP Passback
Affected Software: Staff / Employee Business Directory for Active Directory CVE ID: CVE-2023-4505 CVSS Score: 2.2 (Low) Researcher/s: Pedro José Navas Pérez Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1ea40b96-4693-4f98-8e6e-2ed8186cedd8>
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (September 25, 2023 to October 1, 2023) appeared first on Wordfence.
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
52.1%