Chloe ChamberlandWORDFENCE:3018BEE05DC8266E48E33B406BC7B5A9Wordfence Intelligence Weekly WordPress Vulnerability Report (Feb 20, 2023 to Feb 26, 2023)
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence Community Edition.
This database is continuously updated, maintained, and populated by Wordfence's highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Our mission with Wordfence Intelligence Community Edition is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence Community Edition user interface and vulnerability API are completely free to access and utilize both personally and commercially.
Last week, there were 136 vulnerabilities disclosed in WordPress based software that have been added to the Wordfence Intelligence Community Edition Vulnerability Database, and there were 33 Vulnerability Researchers that contributed to WordPress Security last week. You can find those vulnerabilities below along with some data about the vulnerabilities that were added.
_Click here to sign-up for our mailing list and receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published. _
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
|---|---|
| Unpatched | 41 |
| Patched | 95 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
|---|---|
| Low Severity | 1 |
| Medium Severity | 114 |
| High Severity | 17 |
| Critical Severity | 4 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
|---|---|
| Cross-Site Request Forgery (CSRF) | 50 |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 40 |
| Missing Authorization | 29 |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 4 |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 2 |
| Information Exposure | 2 |
| Improper Authorization | 1 |
| Improper Input Validation | 1 |
| Improper Privilege Management | 1 |
| Deserialization of Untrusted Data | 1 |
| Improper Control of Generation of Code ('Code Injection') | 1 |
| Unrestricted Upload of File with Dangerous Type | 1 |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') | 1 |
| Inefficient Regular Expression Complexity | 1 |
| Improper Neutralization of Formula Elements in a CSV File | 1 |
Researchers That Contributed to WordPress Security Last Week
| Researcher Name | Number of Vulnerabilities |
|---|---|
| Rio Darmawan | 16 |
| Lana Codes | 11 |
| Mika | 11 |
| Marco Wotschka | 9 |
| yuyudhn | 5 |
| Rafshanzani Suhada | 5 |
| rezaduty | 4 |
| Abdi Pranata | 4 |
| Dave Jong | 3 |
| Mahesh Nagabhairava | 3 |
| Muhammad Daffa | 3 |
| Lokesh Dachepalli | 2 |
| Ivan Kuzymchak | 2 |
| Erwan LR | 2 |
| Rafie Muhammad | 2 |
| thiennv | 2 |
| MyungJu Kim | 2 |
| minhtuanact | 1 |
| Joshua Martinelle | 1 |
| Nguyen Anh Tien | 1 |
| Darius Sveikauskas | 1 |
| NeginNrb | 1 |
| Fariq Fadillah Gusti Insani | 1 |
| Aman Rawat | 1 |
| 84EM | 1 |
| Nguyen Xuan Chien | 1 |
| FearZzZz | 1 |
| Numan Rajkotiya | 1 |
| Prasanna V Balaji | 1 |
| Justiice | 1 |
| Cat | 1 |
| deokhunKim | 1 |
| Marc-Alexandre Montpas | 1 |
Vulnerability Details
Zendrop – Global Dropshipping <= 1.0.0 - SQL Injection in setMetaData
CVE ID: CVE-2023-25960 CVSS Score: 9.8 (Critical) Researcher/s: Dave Jong Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/153e435b-9986-4242-a89b-12e8f1552803>
Houzez Login Register <= 2.6.3 - Privilege Escalation
CVE ID: CVE-2023-26009 CVSS Score: 9.8 (Critical) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2948d8f6-4b7b-49c3-a917-4306448416ff>
Zendrop – Global Dropshipping <= 1.0.0 - Arbitrary File Upload
CVE ID: CVE-2023-25970 CVSS Score: 9.8 (Critical) Researcher/s: Dave Jong Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6a0be61b-a1ee-499f-b991-58d5494bce18>
Live Streaming - Broadcast Live Video <= 5.5.15 - Missing Authorization to Unauthenticated Remote Code Execution
CVE ID: CVE-2023-25699 CVSS Score: 9.1 (Critical) Researcher/s: minhtuanact Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/27180d98-223a-4d86-b8ea-e47da1d61bbf>
PayGreen – Ancienne version <= 4.10.2 - Cross-Site Request Forgery
CVE ID: CVE-2023-25986 CVSS Score: 8.8 (High) Researcher/s: Lokesh Dachepalli Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1a8b22b4-151c-4f42-a0a0-966dc5eb7a9d>
BuddyForms <= 2.7.7 - PHAR Deserialization
CVE ID: CVE-2023-26326 CVSS Score: 8.8 (High) Researcher/s: Joshua Martinelle Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2f6669aa-e53c-45bb-88c4-2e1350993423>
Paytm Payment Gateway <= 2.7.3 - Authenticated (Editor+) SQL Injection via 'post'
CVE ID: CVE-2022-45805 CVSS Score: 8.8 (High) Researcher/s: Aman Rawat Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6fa560b2-6283-42ab-a482-1e02d08181f8>
Drag and Drop Multiple File Upload for WooCommerce <= 1.0.8 - Cross-Site Request Forgery in upload and delete_file
CVE ID: CVE-2022-45377 CVSS Score: 8.8 (High) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7087221f-c092-4803-8725-687ffbbbd941>
Booking Ultra Pro <= 1.1.4 - Cross-Site Request Forgery
CVE ID: CVE-2022-46816 CVSS Score: 8.8 (High) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8cd1b975-ac38-4393-9928-109db507828c>
WP Meta SEO <= 4.5.2 - Authenticated (Subscriber+) SQL Injection
CVE ID: CVE Unknown CVSS Score: 8.8 (High) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b2c83287-13ca-4fdc-95b6-97da150b0c09>
Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.6.5 - Cross-Site Request Forgery in dnd_upload_cf7_upload and dnd_codedropz_upload_delete
CVE ID: CVE-2022-45364 CVSS Score: 8.8 (High) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c8b1015f-6825-4813-b5db-71f1c1e88310>
Custom Content Shortcode <= 4.0.2 - Authenticated (Contributor+) Local File Inclusion via Shortcode
CVE ID: CVE-2023-0340 CVSS Score: 8.8 (High) Researcher/s: Erwan LR Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d245dc6c-c579-4e28-a953-9227261911d4>
Slimstat Analytics <= 4.9.3.2 - Authenticated (Subscriber+) SQL Injection via Shortcode
CVE ID: CVE-2023-0630 CVSS Score: 8.8 (High) Researcher/s: Marc-Alexandre Montpas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fce15e1c-e2eb-4bd9-8b07-78d87a6ae1cc>
simple-git < 3.16.0 - Remote Code Execution
CVE ID: CVE-2022-25860 CVSS Score: 8.1 (High) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/46fdd494-8073-4a68-a4ab-1f5767011f67>
GMAce <= 1.5.2 - Cross-Site Request Forgery via gmace_manager_client
CVE ID: CVE-2023-23861 CVSS Score: 8.1 (High) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c6e82b46-0b10-45fe-949e-dd94dd8656c0>
Community by PeepSo <= 6.0.2.0 - Cross-Site Request Forgery leading to Plugin/Subscription Deletion
CVE ID: CVE-2023-25967 CVSS Score: 8.1 (High) Researcher/s: Cat Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/dcf59d89-43e9-4bb2-be4f-9308698d1bb3>
Video Gallery – YouTube Gallery <= 1.7.6 - Missing Authorization
CVE ID: CVE-2023-25988 CVSS Score: 7.3 (High) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7fc8436b-f787-41dd-8404-9e85cca38cdf>
Real Estate 7 Theme <= 3.3.1 - Stored Cross-Site Scripting
CVE ID: CVE-2022-47146 CVSS Score: 7.2 (High) Researcher/s: FearZzZz Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/952aec28-a380-4c6d-8391-b21cddf90a5c>
10Web Booster – Website speed optimization, Cache & Page Speed optimizer <= 2.13.44 - Missing Authorization in Settings Import to Stored Cross-Site Scripting
CVE ID: CVE Unknown CVSS Score: 7.2 (High) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9c8b0de4-e3ee-4711-8f27-097dee843dd8>
ProfilePress <= 4.5.4 - Unauthenticated Stored Cross-Site Scripting
CVE ID: CVE-2023-23830 CVSS Score: 7.2 (High) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e4077fda-3f39-4e17-b7b8-3f1b6bf0a9e1>
WP Meta SEO <= 4.5.2 - Missing Authorization in 'startProcess'
CVE ID: CVE Unknown CVSS Score: 7.1 (High) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/29c47391-5d37-4f49-8806-1f378a6306d0>
All In One Favicon <= 4.7 - Authenticated(Admin+) Directory Traversal
CVE ID: CVE-2023-24416 CVSS Score: 6.5 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1a081788-007e-463b-b757-afefcf4c6e17>
WP OAuth Server <= 4.2.3 - Cross-Site Request Forgery to Arbitrary Post Deletion (wo_ajax_remove_client)
CVE ID: CVE-2022-3894 CVSS Score: 6.5 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3bf68449-487d-4ef1-86be-c51dc7d79054>
All in One SEO Pack <= 4.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE ID: CVE-2023-0586 CVSS Score: 6.4 (Medium) Researcher/s: Ivan Kuzymchak Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1c13f00e-3048-44cf-8979-2b0b0c508f3a>
Sp*tify Play Button for WordPress <= 2.05 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-26536 CVSS Score: 6.4 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/28941027-a812-4d53-b3da-4e715202f88d>
Simple YouTube Responsive <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-25982 CVSS Score: 6.4 (Medium) Researcher/s: yuyudhn, Darius Sveikauskas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4e4a605e-542b-4001-84d8-0a0aad044798>
ProfilePress <= 4.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes
CVE ID: CVE-2023-23820 CVSS Score: 6.4 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5201963b-3b30-4e7a-9ad1-d9fa7bf629e5>
JS Job Manager <= 2.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via title
CVE ID: CVE-2023-25963 CVSS Score: 6.4 (Medium) Researcher/s: Fariq Fadillah Gusti Insani Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/62ea9e85-7752-4d0f-aafb-cbbc94294335>
GoToWP <= 5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-0369 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8d07dcb9-ec8c-4f38-b5c2-2f4020a1c610>
Hero Banner Ultimate <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes
CVE ID: CVE-2022-45818 CVSS Score: 6.4 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8defdd2e-e191-498e-826a-b73c6b4f2f57>
wpDataTables <= 2.1.49 - Authenticated (Contributor+) Stored Cross Site Scripting
CVE ID: CVE-2023-23876 CVSS Score: 6.4 (Medium) Researcher/s: Rafshanzani Suhada Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8e42831f-844d-40dc-965e-80334aab333c>
Custom Content Shortcode <= 4.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-0273 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c26e2aea-835e-4462-b4e3-99d2caf3a014>
Companion Sitemap Generator <= 4.5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-0066 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ccf0d482-b4a1-47a8-8741-0970531e9630>
Strong Testimonials <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes
CVE ID: CVE-2023-26013 CVSS Score: 6.4 (Medium) Researcher/s: Rafshanzani Suhada Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e1c97b99-ca39-45de-8df9-312ba1573e8d>
Ditty <= 3.0.32 - Authenticated (Contributor+) Stored Cross-Scripting via Shortcode
CVE ID: CVE-2023-23874 CVSS Score: 6.4 (Medium) Researcher/s: Rafshanzani Suhada Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ef8697a2-7c58-43be-aaa9-05273fc3114b>
Gutenberge Blocks <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes
CVE ID: CVE-2023-22713 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f090e1f1-2713-4f3a-b908-9407c242fdf9>
Multiple Page Generator Plugin <= 3.3.9 - Cross-Site Request Forgery
CVE ID: CVE-2022-47143 CVSS Score: 6.3 (Medium) Researcher/s: rezaduty Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6aa2d172-73b6-487d-ae65-0920f915e750>
CSS JS Manager <= 2.4.49 - Cross-Site Request Forgery
CVE ID: CVE-2022-47154 CVSS Score: 6.3 (Medium) Researcher/s: rezaduty Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f167c3c5-df35-456c-a5f1-139cc3c02ffb>
Easy Google Analytics for WordPress <= 1.6.0 - Cross-Site Request Forgery
CVE ID: CVE-2023-23887 CVSS Score: 6.1 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/37e707ef-fe66-4c21-9c37-7b65fb7690db>
Japanized For WooCommerce <= 2.5.4 - Reflected Cross-Site Scripting
CVE ID: CVE-2023-0942 CVSS Score: 6.1 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bb606a30-2f7c-41e9-9ebc-9f1b0b84fff8>
asMember <= 1.5.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-26541 CVSS Score: 5.9 (Medium) Researcher/s: Prasanna V Balaji Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c70bb3d6-6acd-46b2-8e47-30be031f73e4>
Social Login WP <= 5.0.0.0 - Cross-Site Request Forgery
CVE ID: CVE-2022-38063 CVSS Score: 5.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1518653c-e64d-4aba-b7f8-a928b8f2cbe3>
Etsy Shop <= 3.0.3 - Cross-Site Request Forgery to Plugin Settings Update
CVE ID: CVE-2023-25975 CVSS Score: 5.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/474494ad-6713-4167-b40d-c29c533f169e>
phpinfo() WP <= 3.0 - Cross-Site Request Forgery
CVE ID: CVE-2023-26542 CVSS Score: 5.4 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4e944a08-b6c1-456f-921a-501ab4b59f31>
Admin Block Country <= 7.1.4 - Cross-Site Request Forgery via admin_block_country_initial_page
CVE ID: CVE-2023-24007 CVSS Score: 5.4 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5d3bcd2c-4cdd-4a11-83a5-b727a2b2b6a6>
WP Meta SEO <= 4.5.3 - Missing Authorization in 'wpmsGGSaveInformation'
CVE ID: CVE-2023-1022 CVSS Score: 5.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/702f9d3b-5d33-4215-ac76-9aae3162d775>
Feed Them Social <= 3.0.2 - Cross-Site Request Forgery
CVE ID: CVE-2023-25056 CVSS Score: 5.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/736d08ca-3f65-4232-96a9-303bafbf3471>
WP Meta SEO <= 4.5.3 - Missing Authorization in 'saveSitemapSettings'
CVE ID: CVE-2023-1023 CVSS Score: 5.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9d1e498a-ddcb-4c67-bf0d-bb45b6fe0e9d>
Publish to Schedule <= 4.4.2 - Cross-Site Request Forgery leading to Plugin Option Changes
CVE ID: CVE-2023-25994 CVSS Score: 5.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a438ec56-8ddc-4cea-8d93-c8f79b46f47e>
Client Portal – Private user pages and login <= 1.1.8 - Cross-Site Request Forgery via cp_create_private_pages_for_all_users function
CVE ID: CVE-2023-25968 CVSS Score: 5.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b89185c1-f7f9-47fb-ae8b-ba4c9f4e1d3e>
Apollo13 Framework Extensions <= 1.8.10 - Missing Authorization
CVE ID: CVE-2023-25959 CVSS Score: 5.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e122d75b-0bde-4886-a8e0-d07a535fc967>
Community by PeepSo <= 6.0.2.0 - Cross Site Request Forgery
CVE ID: CVE-2022-41633 CVSS Score: 5.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e7346f1e-a101-4131-8950-dbb0af4505f2>
WP Dynamic Keywords Injector <= 2.3.15 - Cross-Site Request Forgery
CVE ID: CVE-2022-47141 CVSS Score: 5.4 (Medium) Researcher/s: rezaduty Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f5b00784-9120-403d-9788-3cd3c3c020aa>
WP-RecentComments <= 2.2.7 - Unauthenticated Information Exposure
CVE ID: CVE-2023-23886 CVSS Score: 5.3 (Medium) Researcher/s: Nguyen Anh Tien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3becd450-b0de-466a-9721-b156a2ba1de3>
Conditional Checkout Fields & Edit Checkout Fields for WooCommerce <= 1.2.1 - Missing Authorization
CVE ID: CVE-2022-45070 CVSS Score: 5.3 (Medium) Researcher/s: 84EM Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7fb0cb21-6645-4a28-a78c-d5dbeaddbf21>
Redirect Redirection <= 1.1.3 - Missing Authorization in 'loadRedirectSettings' function
CVE ID: CVE Unknown CVSS Score: 5.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a7beb9b3-3e4e-4aa2-b174-ecd9307cb3d0>
http-cache-semantics < 4.1.1 - Regular Expression Denial of Service (ReDoS)
CVE ID: CVE-2022-25881 CVSS Score: 5.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f6092987-5f60-42ac-9636-e1e0a2c85147>
GMAce <= 1.5.2 - Authenticated(Admin+) Directory Traversal
CVE ID: CVE-2023-23872 CVSS Score: 4.9 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b3523535-6938-4922-8126-8386861ca512>
VK All in One Expansion Unit <= 9.87.0.1 - Reflected Cross-Site Scripting via REQUEST_URI
CVE ID: CVE-2023-0937 CVSS Score: 4.7 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/390e9c30-e4c0-474d-9915-dd46f5464cea>
WordPress Custom Settings <= 1.0 - Authenticated(Admin+) Stored Cross-Site Scripting
CVE ID: CVE-2023-23806 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/23f7f4ad-f9d5-44b7-8354-5145b003fd20>
Jobs for WordPress <= 2.5.10.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-26017 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/30c34ea7-3df8-4ba8-bea8-4c785b23a4f4>
WPMobile.App — Android and iOS Mobile Application <= 11.18 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-26010 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/355decb2-2667-4056-836c-9ac8897f340e>
All in One SEO Pack <= 4.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-0585 CVSS Score: 4.4 (Medium) Researcher/s: Marco Wotschka, Ivan Kuzymchak Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3db97180-9308-4891-9de9-acefe31d088f>
Sitemap Index <= 1.2.3 - Authenticated(Admin+) Stored Cross-Site Scripting
CVE ID: CVE-2023-23816 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/40005aed-07aa-44da-a06e-0187931105ec>
Accordions <= 2.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Several Parameters
CVE ID: CVE-2023-25962 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/401eeb23-bf43-49a8-9c39-4fcd0db57cd3>
Custom Login Page <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-26012 CVSS Score: 4.4 (Medium) Researcher/s: Mahesh Nagabhairava Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/44cde2d1-8cb4-4185-a7e6-58a2bec0dae9>
Simple Portfolio Gallery <= 0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-26016 CVSS Score: 4.4 (Medium) Researcher/s: Mahesh Nagabhairava Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/46d65fed-cb21-46e1-bafe-eda11c25a467>
Exquisite PayPal Donation <= v2.0.0 - Authenticated(Admin+) Stored Cross-Site Scripting
CVE ID: CVE-2023-23785 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/46f7dc18-fc07-400a-bb79-0d9821299023>
Chat Bee <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-26538 CVSS Score: 4.4 (Medium) Researcher/s: Lokesh Dachepalli Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5bf4ffaa-5192-4fb6-95d0-d19c4fe45b93>
Stock market charts from finviz <= 1.0 - Authenticated(Admin+) Stored Cross-Site Scripting
CVE ID: CVE-2023-23809 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5d6b5a4c-1dc9-4d86-ac41-61880637fcbb>
Clio Grow <= 1.0.0 - Authenticated (Admin+) Stored Cross Site Scripting
CVE ID: CVE-2023-22683 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/72835a3e-e842-4146-ae7d-4aea722de11f>
TypeSquare Webfonts for ConoHa <= 2.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-25458 CVSS Score: 4.4 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/80e9aa1f-166f-47df-bc50-c7dd55c6e7cc>
Circles Gallery <= 1.0.10 - Authenticated (Admin+) Stored Cross-Site Scripting via Admin Settings
CVE ID: CVE-2023-23881 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/882caa58-b56f-455f-ab3e-1fd8fd4e10e2>
Video Gallery – YouTube Gallery <= 1.7.6 - Authenticated (Admin+) Stored Cross Site Scripting
CVE ID: CVE-2023-25979 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/88f9f4db-b15b-43d4-918a-a4c83e5735d1>
WP Table Builder – WordPress Table Plugin <= 1.4.6 - Authenticated (Admin+) Stored Cross-Site Scripting
CVE ID: CVE-2022-46852 CVSS Score: 4.4 (Medium) Researcher/s: Muhammad Daffa Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/91d5d052-d219-4c2f-9341-19f415ff90c4>
CPT – Speakers <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-25977 CVSS Score: 4.4 (Medium) Researcher/s: Mahesh Nagabhairava Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ae7c41fd-6ad6-49da-a213-686157e029d4>
Binge Site Verification using Meta Tag <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Admin Settings
CVE ID: CVE-2023-23875 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b050fa45-05b7-49ff-bb24-179150f3f959>
CM Answers <= 3.1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-25992 CVSS Score: 4.4 (Medium) Researcher/s: MyungJu Kim Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b23d276c-69c5-47e0-99bd-f20ff1d45904>
Calculated Fields Form <= 1.1.150 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-0389 CVSS Score: 4.4 (Medium) Researcher/s: Numan Rajkotiya Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c2036c08-3aaf-4e41-bcd6-787f4b8fba9d>
WP Custom Fields Search <= 1.2.34 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2022-47157 CVSS Score: 4.4 (Medium) Researcher/s: Justiice Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ce106c3a-e99b-4182-84d8-8f896edbbefd>
Sponsors Carousel <= 4.02 - Authenticated (Admin+) Stored Cross-Site Scripting in show
CVE ID: CVE-2023-23808 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d61ed3e3-5102-4293-a999-e324e721ab89>
Top 10 – Popular posts plugin - <= 3.2.4 - Authenticated(Admin+) Stored Cross-Site Scripting
CVE ID: CVE-2023-26008 CVSS Score: 4.4 (Medium) Researcher/s: deokhunKim Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f50f1e64-5015-4e40-912e-92a4f16e1398>
KB Support <= 1.5.84 - Authenticated (Subscriber+) CSV Injection
CVE ID: CVE-2023-25983 CVSS Score: 4.4 (Medium) Researcher/s: Rafshanzani Suhada Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f7be9241-26b6-4dd0-bd26-fdff59da3b76>
Redirect Redirection <= 1.1.3 - Missing Authorization in 'redirectionPageContent' function
CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0bde3052-ae8e-4434-962a-88d3c8328a9c>
Redirect Redirection <= 1.1.3 - Missing Authorization in 'addRedirect' function
CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/140a6fd3-e446-44ea-94eb-9c8d12f7b7ed>
Top 10 – Popular posts plugin for WordPress <= 3.2.3 - Missing Authorization on tptn_ajax_clearcache
CVE ID: CVE-2023-25993 CVSS Score: 4.3 (Medium) Researcher/s: Rafshanzani Suhada Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/14e832ec-7181-44d9-8d26-2f77e6111763>
Redirect Redirection <= 1.1.3 - Missing Authorization in 'deleteRedirect' function
CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1c22717f-494e-4f62-9691-ee5a3366a487>
Accept Stripe Donation – AidWP <= 3.1.5 - Cross Site Request Forgery
CVE ID: CVE-2022-47422 CVSS Score: 4.3 (Medium) Researcher/s: rezaduty Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/27161b4b-d11c-487b-b1ce-7e43bf7b2e57>
Read More Excerpt Link <= 1.5 - Cross-Site Request Forgery
CVE ID: CVE-2023-26011 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/27c3d563-4ed5-47a1-ae2c-ff765fb56cb7>
Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'SaveSettings' function
CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/29333999-ffe3-4cd0-a537-be98168cb2ee>
My YouTube Channel <= 3.23.3 - Cross-Site Request Forgery to Cache Deletion
CVE ID: CVE-2023-25987 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3670665c-0ae1-47d6-b463-581eb195666e>
Contextual Related Posts <= 3.3.1 - Missing Authorization in crp_ajax_clearcache
CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/37b5fcfd-654b-4151-9494-551799464c7c>
WP Meta SEO <= 4.5.3 - Missing Authorization in 'regenerateSitemaps'
CVE ID: CVE-2023-1024 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4a3f835e-0aa9-4581-9150-fe5041e0f293>
Redirect Redirection <= 1.1.3 - Missing Authorization in 'SaveSettings' function
CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4c953a46-d2ae-41f7-a940-d23b011d9eca>
WP Meta SEO <= 4.5.3 - Missing Authorization in 'checkAllCategoryInSitemap'
CVE ID: CVE-2023-1027 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4f589e21-7417-4b43-b580-4f1d3c2041f4>
Educare – Students & Result Management System <= 1.4.1 - Cross-Site Request Forgery
CVE ID: CVE-2023-25971 CVSS Score: 4.3 (Medium) Researcher/s: NeginNrb Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5292fcb2-4084-42e6-b78b-62e36123829a>
Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'bulkDelete' function
CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/53667fd6-0d12-400d-b3a1-7cee305a2bc2>
Coupon Zen <= 1.0.5 - Cross-Site Request Forgery to Plugin Activation
CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/53d39276-5d92-4a5b-848d-33aefb18a970>
Starter Templates — Elementor, WordPress & Beaver Builder Templates <= 3.1.20 - Cross-Site Request Forgery in add_to_favorite
CVE ID: CVE-2022-46851 CVSS Score: 4.3 (Medium) Researcher/s: Muhammad Daffa Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/568545a4-7f73-4050-9724-d47279c340c9>
For the visually impaired <= 0.58 - Cross-Site Request Forgery to Plugin Settings Changes
CVE ID: CVE-2023-25038 CVSS Score: 4.3 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/56976e5f-13e9-45e3-8cd1-7ac5f34f4248>
Advanced Database Cleaner <= 3.1.1 - Cross-Site Request Forgery via aDBc_save_settings_callback
CVE ID: CVE-2022-46813 CVSS Score: 4.3 (Medium) Researcher/s: thiennv Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5af799a4-0aee-4601-943e-82cbc860ede5>
Top 10 – Popular posts plugin for WordPress <= 3.2.3 - Cross-Site Request Forgery via tptn_ajax_clearcache
CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5c7edfad-b45b-4297-876d-a063e02af0bf>
Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'statusBulkEdit' function
CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5d1d012a-46cd-4c86-ac6f-993736a91acb>
Auto Affiliate Links <= 6.3.0.2 - Cross-Site Request Forgery via aalChangeOptions function
CVE ID: CVE-2023-25973 CVSS Score: 4.3 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/611af50f-7f60-4c09-be64-3f2705e06206>
WP Meta SEO <= 4.5.3 - Cross-Site Request Forgery via 'setIgnore'
CVE ID: CVE-2023-1028 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6b978749-7ea5-45f4-9f69-66a19c0e39ca>
Redirect Redirection <= 1.1.3 - Missing Authorization in 'instantEditRedirect' function
CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/71caa071-d279-4807-88ad-a71673b9d17d>
多合一搜索自动推Baidu/Google/Bing/IndexNow/Yandex/头条 <= 4.2.1 - Cross-Site Request Forgery
CVE ID: CVE-2023-26531 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/72d18504-7b12-43f0-b2ea-40dbc25912c4>
WP Meta SEO <= 4.5.3 - Cross-Site Request Forgery via 'regenerateSitemaps'
CVE ID: CVE-2023-1029 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/764aec73-f291-4372-9dde-812ffaf025ed>
Theme Tweaker <= 5.20 - Cross-Site Request Forgery
CVE ID: CVE-2023-23713 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7dd67111-514f-4f7d-8cdd-7b10ea718530>
Upload Resume <= 1.2.0 - Authenticated Sensitive Information Disclosure via resume_upload_form_list shortcode
CVE ID: CVE-2023-25965 CVSS Score: 4.3 (Medium) Researcher/s: MyungJu Kim Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8246ea9f-3ccb-4448-bf32-135c8140b09b>
Redirect Redirection <= 1.1.3 - Missing Authorization in 'LoadTab' function
CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8250434a-2fad-4f44-9813-90e734d32d2e>
Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'addRedirectRule' function
CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/84d43356-274e-42d5-ac40-10a34effce8d>
Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'saveRedirectSettings' function
CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8b421330-dd3c-4af0-9f42-95430117eb9b>
Integration for Contact Form 7 and Zoho CRM, Bigin <= 1.2.2 - Cross-Site Request Forgery via settings_page function
CVE ID: CVE-2023-25976 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8bb330be-f12c-475c-97b6-745a1e6edb58>
WP Meta SEO <= 4.5.3 - Missing Authorization in 'listPostsCategory'
CVE ID: CVE-2023-1026 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/978d5715-7993-4f89-8d69-895467633bfb>
Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'addRedirect' function
CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9a70e291-1bc9-44ad-91a2-cf0624bb8d88>
Redirect Redirection <= 1.1.3 - Missing Authorization in 'liveSearch' function
CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a7ec331c-51ea-466a-ab7b-4234df47114a>
Redirect Redirection <= 1.1.3 - Missing Authorization in 'loadSettings' function
CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b2ec7d77-fe50-4bb2-a57b-6ee4246805f9>
The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid <= 5.0.4 - Cross-Site Request Forgery in rttpg_spare_me
CVE ID: CVE-2022-46853 CVSS Score: 4.3 (Medium) Researcher/s: Muhammad Daffa Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b352be87-ea61-4666-a4d0-cf93fef40e33>
Redirect Redirection <= 1.1.3 - Missing Authorization in 'addRedirectRule' function
CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b57dd8e3-e3e1-4d6b-b9dd-b5a24c4886b4>
Client Portal <= 1.1.8 - Cross-Site Request Forgery via cp_create_private_pages_for_all_users
CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c3319993-6f2c-425d-8cb2-ab26f7a52139>
Contextual Related Posts <= 3.3.1 - Cross-Site Request Forgery in crpClearCache
CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ca8f4f6b-756b-4511-9e48-e41a872a9dad>
Top 10 – Popular posts plugin for WordPress <= 3.2.4 - Missing Authorization on tptn_chart_data
CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cbff7ec1-535d-43bf-be61-83a1e7625c77>
Redirect Redirection <= 1.1.3 - Missing Authorization in 'logFilter' function
CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d0d6f467-6e62-45ff-bf9d-4db5b1ed1dd2>
WordPress Books Gallery <= 4.4.8 - Cross-Site Request Forgery leading to Plugin Settings Changes
CVE ID: CVE-2023-23705 CVSS Score: 4.3 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d2e10791-7158-47ae-85c9-4a5a53b25d68>
Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'deleteRedirect' function
CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d433a5b3-4661-4246-ae60-8a99633372ad>
Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'cronLogDeleteOption' function
CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d4dacd15-85cc-41f5-830c-b02c85c798f9>
Redirect Redirection <= 1.1.3 - Missing Authorization in 'logPageContent' function
CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/dceca4ee-6587-4eaa-974e-a21e7a10b6e8>
Redirect Redirection <= 1.1.3 - Missing Authorization in 'selectAll' function
CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/de69d597-b663-4c58-82e0-c90391fb8416>
Redirect Redirection <= 1.1.3 - Missing Authorization in 'bulkDelete' function
CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e29dac44-5c85-4f73-ae96-4bc0deca64f4>
Redirect Redirection <= 1.1.3 - Missing Authorization in 'statusBulkEdit' function
CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ef5f99ca-8a0d-4ec4-8b59-c0c4637dfbc3>
Minify HTML <= 2.02 - Cross-Site Request Forgery in minify_html_menu_options
CVE ID: CVE-2023-26014 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ef7cf633-e907-4da1-bd96-0013e88defbb>
Redirect Redirection <= 1.1.3 - Missing Authorization in 'saveRedirectSettings' function
CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f347a629-523e-4ec4-ad56-6ae9357dd7f5>
WordPress Tooltips <= 8.2.5 - Multiple Cross-Site Request Forgery
CVE ID: CVE-2023-25985 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f6b9e63f-0492-4d51-a8ae-0874ef57e852>
Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'instantEditRedirect' function
CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fdd57b3b-bd0a-4b07-831e-72f2329b2577>
CP Multi View Event Calendar <= 1.4.13 - Insufficient Authorization
CVE ID: CVE-2023-23814 CVSS Score: 3.8 (Low) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/13d0eb8a-5b63-460e-b4ba-a3ed80c84fc2>
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence Community Edition leaderboard along with being mentioned in our weekly vulnerability report.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (Feb 20, 2023 to Feb 26, 2023) appeared first on Wordfence.
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H