Last week, there were 103 vulnerabilities disclosed in 85 WordPress Plugins and no WordPress themes, with 7 of those being in WordPress Core, that have been added to the Wordfence Intelligence Vulnerability Database, and there were 46 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API and webhook integration are completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Individuals and Enterprises can use the vulnerability Database API to receive a complete dump of our database of over 12,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
_Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published. _
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Patch Status | Number of Vulnerabilities |
---|---|
Unpatched | 52 |
Patched | 51 |
Severity Rating | Number of Vulnerabilities |
---|---|
Low Severity | 0 |
Medium Severity | 91 |
High Severity | 5 |
Critical Severity | 7 |
Vulnerability Type by CWE | Number of Vulnerabilities |
---|---|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 46 |
Cross-Site Request Forgery (CSRF) | 26 |
Missing Authorization | 9 |
Information Exposure | 6 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 4 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 3 |
Unrestricted Upload of File with Dangerous Type | 2 |
Improper Control of Generation of Code ('Code Injection') | 1 |
Improper Input Validation | 1 |
Guessable CAPTCHA | 1 |
URL Redirection to Untrusted Site ('Open Redirect') | 1 |
Improper Preservation of Consistency Between Independent Representations of Shared State | 1 |
External Control of File Name or Path | 1 |
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') | 1 |
Researcher Name | Number of Vulnerabilities |
---|---|
Mika | 11 |
Rio Darmawan | 8 |
thiennv | 8 |
Marco Wotschka | |
(Wordfence Vulnerability Researcher) | 7 |
Abdi Pranata | 6 |
Rafie Muhammad | 5 |
Lana Codes | |
(Wordfence Vulnerability Researcher) | 5 |
minhtuanact | 4 |
LEE SE HYOUNG | 3 |
Satoo Nakano | 2 |
DoYeon Park | 2 |
Skalucy | 2 |
yuyudhn | 2 |
Phd | 2 |
Lokesh Dachepalli | 2 |
Prasanna V Balaji | 2 |
Le Ngoc Anh | 2 |
Elliot | 2 |
Ala Arfaoui | 1 |
Nguyen Xuan Chien | 1 |
James Golovich | 1 |
WhiteCyberSec | 1 |
Karolis Narvilas | 1 |
Marc-Alexandre Montpas | 1 |
Francesco Marano | 1 |
qilin_99 | 1 |
Nano | 1 |
Vladislav Pokrovsky | 1 |
Chloe Chamberland | |
(Wordfence Vulnerability Researcher) | 1 |
Edourard L | 1 |
Revan Arifio | 1 |
Jb Audras | 1 |
Jonas Höbenreich | 1 |
SeungYongLee | 1 |
Enrico Marcolini | 1 |
Claudio Marchesini | 1 |
mascara7784 | 1 |
Fioravante Souza | 1 |
Jorge Costa | 1 |
s5s | 1 |
raouf_maklouf | 1 |
Bob Matyas | 1 |
Rafshanzani Suhada | 1 |
Bae Song Hyun | 1 |
Nguyen Anh Tien | 1 |
Emili Castells | 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
Software Name | Software Slug |
---|---|
AGP Font Awesome Collection | agp-font-awesome-collection |
AI ChatBot | chatbot |
AMP WP – Google AMP For WordPress | amp-wp |
Accessibility Suite by Online ADA | online-accessibility |
Add to Calendar Button | add-to-calendar-button |
Amministrazione Trasparente | amministrazione-trasparente |
ApplyOnline – Application Form Builder and Manager | apply-online |
BuddyPress Global Search | buddypress-global-search |
CITS Support svg, webp Media and TTF,OTF File Upload | cits-support-svg-webp-media-upload |
CPT Shortcode Generator | cpt-shortcode |
Campaign Monitor Forms by Optin Cat | campaign-monitor-wp |
Caret Country Access Limit | caret-country-access-limit |
Comments Ratings | comments-ratings |
Comments – wpDiscuz | wpdiscuz |
Constant Contact Forms by MailMunch | constant-contact-forms-by-mailmunch |
Contact Form Generator : Creative form builder for WordPress | contact-form-generator |
Contact Form With Captcha | contact-form-with-captcha |
Copy or Move Comments | copy-or-move-comments |
Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress | charitable |
Easy Testimonial Slider and Form | easy-testimonial-rotator |
Ebook Store | ebook-store |
Embed Calendly | embed-calendly-scheduling |
Etsy Shop | etsy-shop |
Eupago Gateway For Woocommerce | eupago-gateway-for-woocommerce |
EventPrime – Events Calendar, Bookings and Tickets | eventprime-event-calendar-management |
Fast WP Speed | fast-wp-speed |
Fattura24 | fattura24 |
Feed Statistics | wordpress-feed-statistics |
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder | form-maker |
GEO my WordPress | geo-my-wp |
Gallery – Image and Video Gallery with Thumbnails | gallery-album |
Get Custom Field Values | get-custom-field-values |
Gutenberg | gutenberg |
HTML5 Maps | html5-maps |
History Log by click5 | history-log-by-click5 |
IMPress Listings | wp-listings |
Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce | email-subscribers |
Image Regenerate & Select Crop | image-regenerate-select-crop |
Lazy Load for Videos | lazy-load-for-videos |
LeadSquared Suite | leadsquared-suite |
Libsyn Publisher Hub | libsyn-podcasting |
Login Screen Manager | login-screen-manager |
MailChimp Forms by MailMunch | mailchimp-forms-by-mailmunch |
Master Addons for Elementor | master-addons |
Migration, Backup, Staging – WPvivid | wpvivid-backuprestore |
Newsletter & Bulk Email Sender – Email Newsletter Plugin for WordPress | newsletter-bulk-email |
Next Page | next-page |
Nexter Extension | nexter-extension |
PDF Block | pdf-block |
Peter’s Custom Anti-Spam | peters-custom-anti-spam-image |
PixFields | pixfields |
Poll Maker – Best WordPress Poll Plugin | poll-maker |
Post Gallery | simple-post-gallery |
Print, PDF, Email by PrintFriendly | printfriendly |
Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WPLegalPages | wplegalpages |
Proofreading | proofreading |
QR Twitter Widget | qr-twitter-widget |
Remote Content Shortcode | remote-content-shortcode |
Responsive Column Widgets | responsive-column-widgets |
Responsive Tabs | responsive-tabs |
Royal Elementor Addons and Templates | royal-elementor-addons |
RumbleTalk Live Group Chat – HTML5 | rumbletalk-chat-a-chat-with-themes |
Scroll post excerpt | scroll-post-excerpt |
Sendle Shipping Plugin | official-sendle-shipping-method |
Simple File List | simple-file-list |
Simple Tweet | simple-tweet |
Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management | simple-urls |
Slick Contact Forms | slick-contact-forms |
Snap Pixel | snap-pixel |
Sort SearchResult By Title | sort-searchresult-by-title |
SpiderVPlayer | player |
Taggbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics | taggbox-widget |
Thumbnail Slider With Lightbox | wp-responsive-slider-with-lightbox |
Tweeple | tweeple |
Ultimate Taxonomy Manager | ultimate-taxonomy-manager |
User Submitted Posts – Enable Users to Submit Posts from the Front End | user-submitted-posts |
Video Playlist For YouTube | video-playlist-for-youtube |
WP Attachments | wp-attachments |
WP ERP | Complete HR solution with recruitment & job listings |
WP GoToWebinar | wp-gotowebinar |
WP Lightbox 2 | wp-lightbox-2 |
WP Open Street Map | wp-open-street-map |
WP ULike – Most Advanced WordPress Marketing Toolkit | wp-ulike |
WordPress Backup & Migration | wp-migration-duplicator |
which template file | which-template-file |
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you'd like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
Affected Software: Accessibility Suite by Online ADA CVE ID: CVE-2023-45830 CVSS Score: 9.8 (Critical) Researcher/s: minhtuanact Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/10590944-e08e-4980-846d-7a88880b2dcd>
Affected Software: AI ChatBot CVE ID: CVE-2023-5204 CVSS Score: 9.8 (Critical) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5ad12146-200b-48e5-82de-7572541edcc4>
Affected Software: Royal Elementor Addons and Templates CVE ID: CVE-2023-5360 CVSS Score: 9.8 (Critical) Researcher/s: Fioravante Souza Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a9d95af5-96da-4259-98c6-e2c4c574a896>
Affected Software: User Submitted Posts – Enable Users to Submit Posts from the Front End CVE ID: CVE-2023-45603 CVSS Score: 9.8 (Critical) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/babbe506-3abd-462a-b5b8-5979696eb6e6>
Affected Software: AI ChatBot CVE ID: CVE-2023-5241 CVSS Score: 9.6 (Critical) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/25199281-5286-4d75-8d27-26ce215e0993>
Affected Software: AI ChatBot CVE ID: CVE-2023-5212 CVSS Score: 9.6 (Critical) Researcher/s: Marco Wotschka, Chloe Chamberland Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5b3f4ccb-fcc6-42ec-8e9e-03d69ae7acf2>
Affected Software: Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce CVE ID: CVE-2023-5414 CVSS Score: 9.1 (Critical) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/417186ba-36ef-4d06-bbcd-e85eb9219689>
Affected Software: Contact Form Generator : Creative form builder for WordPress CVE ID: CVE-2023-35911 CVSS Score: 8.8 (High) Researcher/s: Emili Castells Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fa586468-d6ff-46a3-97f3-e2e1d365e5b1>
Affected Software: Migration, Backup, Staging – WPvivid CVE ID: CVE-2023-5576 CVSS Score: 8 (High) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4658109d-295c-4a1b-b219-ca1f4664ff1d>
Affected Software: RumbleTalk Live Group Chat – HTML5 CVE ID: CVE-2023-45828 CVSS Score: 7.6 (High) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d9d6e168-a768-4062-9ef1-0be9d6c65c51>
Affected Software: Nexter Extension CVE ID: CVE-2023-45751 CVSS Score: 7.2 (High) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/188c4417-962a-4b28-b215-1c567b39ba7a>
Affected Software: Campaign Monitor Forms by Optin Cat CVE ID: CVE-2023-5098 CVSS Score: 7.1 (High) Researcher/s: Francesco Marano Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3f11416c-c981-4c85-822c-497ecfaa842d>
Affected Software: History Log by click5 CVE ID: CVE-2023-5082 CVSS Score: 6.6 (Medium) Researcher/s: Karolis Narvilas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2881e144-a109-4034-afe8-2f72efd70360>
Affected Software: IMPress Listings CVE ID: CVE-2023-45633 CVSS Score: 6.5 (Medium) Researcher/s: Nguyen Anh Tien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f426c32e-a376-4447-b83f-409a8eb0c499>
Affected Software: Slick Contact Forms CVE ID: CVE-2023-5468 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/22c63226-2bc6-40be-a5d1-1bd169fc78b8>
Affected Software: PDF Block CVE ID: CVE-2023-45646 CVSS Score: 6.4 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3a1d8adf-c49c-4d88-83c7-4515b0ab1f35>
Affected Software: QR Twitter Widget CVE ID: CVE-2023-45628 CVSS Score: 6.4 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5b16df88-7d9f-4ee2-90ab-6da50c69148e>
Affected Software: Add to Calendar Button CVE ID: CVE Unknown CVSS Score: 6.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/60ba7f68-1fe1-4349-a3eb-11a63ae11e38>
Affected Software/s: WordPress, Gutenberg CVE ID: CVE-2023-38000 CVSS Score: 6.4 (Medium) Researcher/s: Rafie Muhammad, Edourard L Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/66b1f597-f357-4525-8c67-e0be3a07bcfa>
Affected Software: Get Custom Field Values CVE ID: CVE Unknown CVSS Score: 6.4 (Medium) Researcher/s: Satoo Nakano Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/66e55302-f889-4054-817f-aadbdd3c88de>
Affected Software: Newsletter & Bulk Email Sender – Email Newsletter Plugin for WordPress CVE ID: CVE-2023-45829 CVSS Score: 6.4 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a7c19095-3c21-440f-aa28-0117aea29d97>
Affected Software: GEO my WordPress CVE ID: CVE-2023-5467 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a96ac71f-3dae-40eb-9268-d56688a5aa64>
Affected Software: Master Addons for Elementor CVE ID: CVE Unknown CVSS Score: 6.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/abb7def7-df32-4901-b8ea-068ff1af664b>
Affected Software: WordPress CVE ID: CVE Unknown CVSS Score: 6.4 (Medium) Researcher/s: Jorge Costa Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/af77d642-d383-48f2-a59a-3a9c738cd47f>
Affected Software: CITS Support svg, webp Media and TTF,OTF File Upload CVE ID: CVE-2023-5458 CVSS Score: 6.4 (Medium) Researcher/s: Bob Matyas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c7d3edf5-245f-42f2-9add-e87de6839ed1>
Affected Software: Embed Calendly CVE ID: CVE-2023-4995 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d1bf83df-7a1f-4572-9c8d-1013750d51d7>
Affected Software: WP ULike – Most Advanced WordPress Marketing Toolkit CVE ID: CVE-2023-45640 CVSS Score: 6.4 (Medium) Researcher/s: Rafshanzani Suhada Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d2f777b6-5872-4196-81fb-82a9b6aaef2e>
Affected Software: Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress CVE ID: CVE Unknown CVSS Score: 6.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/dbaedb36-6710-48ab-8bb5-e6065fa8df51>
Affected Software: Etsy Shop CVE ID: CVE-2023-5470 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e4696f7a-8b87-4376-b4c9-596eca30b38c>
Affected Software: Remote Content Shortcode CVE ID: CVE-2023-45652 CVSS Score: 6.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d1568e8d-9ea5-4673-a657-03e89cfb6000>
Affected Software: Ultimate Taxonomy Manager CVE ID: CVE-2023-45837 CVSS Score: 6.1 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/06f56834-e1e9-4a02-988a-df4c563182c4>
Affected Software: EventPrime – Events Calendar, Bookings and Tickets CVE ID: CVE-2023-45637 CVSS Score: 6.1 (Medium) Researcher/s: Phd Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/399848fd-e9f6-40e4-bfeb-08f53eb511c6>
Affected Software: Libsyn Publisher Hub CVE ID: CVE-2023-45835 CVSS Score: 6.1 (Medium) Researcher/s: minhtuanact Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/56b3d629-014c-47b3-9726-4086e544011b>
Affected Software: ApplyOnline – Application Form Builder and Manager CVE ID: CVE-2023-45756 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6c704356-e5f7-4b91-a162-647717cbbb7b>
Affected Software: Copy or Move Comments CVE ID: CVE-2023-45634 CVSS Score: 6.1 (Medium) Researcher/s: minhtuanact Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8a7bf74b-1dc7-4159-a874-29694fe5895e>
Affected Software: Peter’s Custom Anti-Spam CVE ID: CVE-2023-45759 CVSS Score: 6.1 (Medium) Researcher/s: SeungYongLee Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8cea7f17-743a-4dce-bd86-5713ff6d8520>
Affected Software: Sendle Shipping Plugin CVE ID: CVE-2023-45761 CVSS Score: 6.1 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8e227e25-3dd9-47fd-bba8-e076f7f92d56>
Affected Software: Nexter Extension CVE ID: CVE-2023-45750 CVSS Score: 6.1 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8f4dc917-028c-451a-9b32-26ef2c488850>
Affected Software: SpiderVPlayer CVE ID: CVE-2023-45632 CVSS Score: 6.1 (Medium) Researcher/s: Elliot Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/93d78063-238d-40c0-92c9-6870d85d29f7>
Affected Software: Fattura24 CVE ID: CVE-2023-5211 CVSS Score: 6.1 (Medium) Researcher/s: Enrico Marcolini, Claudio Marchesini Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a19bff99-b680-40a6-8a5c-7a0233b293ac>
Affected Software: WordPress CVE ID: CVE Unknown CVSS Score: 6.1 (Medium) Researcher/s: mascara7784 Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a5368894-3277-47d0-8fad-adfb8df4fa93>
Affected Software: Fast WP Speed CVE ID: CVE-2023-45770 CVSS Score: 6.1 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cd5a3d4b-6e8b-4abe-9f38-58accada2f57>
Affected Software: Ebook Store CVE ID: CVE-2023-45602 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e36eed5b-f76d-451e-a0f8-fd4b91bcf9f1>
Affected Software: Proofreading CVE ID: CVE-2023-45772 CVSS Score: 6.1 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e76e4c4c-3f84-46b0-b305-2513714a8525>
Affected Software: Tweeple CVE ID: CVE-2023-30781 CVSS Score: 6.1 (Medium) Researcher/s: Elliot Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f9b1c96c-ab87-43a8-a3ac-17fea337b690>
Affected Software: Gallery – Image and Video Gallery with Thumbnails CVE ID: CVE-2023-45630 CVSS Score: 6.1 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fa9e4635-43f8-4f3c-b62c-628e74028f7e>
Affected Software: Get Custom Field Values CVE ID: CVE-2023-45604 CVSS Score: 5.5 (Medium) Researcher/s: Satoo Nakano Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1e0fd85a-2164-4b83-822e-845662591a78>
Affected Software: WP Lightbox 2 CVE ID: CVE-2023-45747 CVSS Score: 5.5 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5ef104ae-b67c-4669-adeb-e5397561c0ae>
Affected Software: Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WPLegalPages CVE ID: CVE-2023-4968 CVSS Score: 5.5 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/68d7b5d0-c777-4ff9-bdef-a7762cfbdf1a>
Affected Software: Simple Tweet CVE ID: CVE-2023-45767 CVSS Score: 5.5 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/de568a71-f51d-4948-839c-48e51d165a64>
Affected Software: WordPress CVE ID: CVE Unknown CVSS Score: 5.4 (Medium) Researcher/s: James Golovich, WhiteCyberSec Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1fc3f65e-5fbe-403b-b7cd-dde16a7e5778>
Affected Software: Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management CVE ID: CVE-2023-45606 CVSS Score: 5.4 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/41d03524-7a53-40cd-a3d5-dafea4fc9a33>
Affected Software: Comments – wpDiscuz CVE ID: CVE-2023-45760 CVSS Score: 5.4 (Medium) Researcher/s: Vladislav Pokrovsky Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4e8ad3c1-549b-4401-8cf4-a8b7f81fbc11>
Affected Software: Gallery – Image and Video Gallery with Thumbnails CVE ID: CVE-2023-45629 CVSS Score: 5.4 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/66efc65e-48d3-4ef9-a369-51448e47686a>
Affected Software: WordPress Backup & Migration CVE ID: CVE-2023-45636 CVSS Score: 5.4 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/adfc5084-ed33-4600-bd34-d3516f1a1b96>
Affected Software: Gallery – Image and Video Gallery with Thumbnails CVE ID: CVE-2023-45631 CVSS Score: 5.4 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cb08cf02-4766-4093-9306-3b4581f54f77>
Affected Software: MailChimp Forms by MailMunch CVE ID: CVE-2023-45748 CVSS Score: 5.4 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f4f96877-406b-4ec0-ac6b-ee1ffdb436e5>
Affected Software: Contact Form With Captcha CVE ID: CVE-2023-45771 CVSS Score: 5.4 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f618a350-e089-40f7-b731-7ffb9ece30b3>
Affected Software: Image Regenerate & Select Crop CVE ID: CVE Unknown CVSS Score: 5.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/307bfd18-840a-4cb4-86e6-33dc28e5514e>
Affected Software: WordPress CVE ID: CVE-2023-5561 CVSS Score: 5.3 (Medium) Researcher/s: Marc-Alexandre Montpas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/38b63167-e1a6-4279-97cf-900df0651f20>
Affected Software: Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder CVE ID: CVE Unknown CVSS Score: 5.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/46525a06-f3a4-4c78-ba32-4b937e1dbac6>
Affected Software: Poll Maker – Best WordPress Poll Plugin CVE ID: CVE-2023-45766 CVSS Score: 5.3 (Medium) Researcher/s: Revan Arifio Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6a27fcc6-b1ac-4649-892b-7e0dee3f0d08>
Affected Software: Libsyn Publisher Hub CVE ID: CVE-2023-45834 CVSS Score: 5.3 (Medium) Researcher/s: minhtuanact Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8bccefbe-2d20-40a7-b24f-d867d80250e3>
Affected Software: AI ChatBot CVE ID: CVE-2023-5533 CVSS Score: 5.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a9db002f-ff41-493a-87b1-5f0b4b07cfc2>
Affected Software: WordPress CVE ID: CVE Unknown CVSS Score: 5.3 (Medium) Researcher/s: s5s, raouf_maklouf Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bdc84664-2a04-4cc6-ac3f-48bfd432691f>
Affected Software: AI ChatBot CVE ID: CVE-2023-5254 CVSS Score: 5.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d897daf8-5320-4546-9a63-1d34a15b2a58>
Affected Software: Responsive Column Widgets CVE ID: CVE-2023-45762 CVSS Score: 4.7 (Medium) Researcher/s: Phd Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a092266b-bd7f-424d-b8c4-d79e4811e6c9>
Affected Software: Easy Testimonial Slider and Form CVE ID: CVE-2023-45754 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/01da1829-e3f4-4246-ae3d-72377c4b232e>
Affected Software: Amministrazione Trasparente CVE ID: CVE-2023-45758 CVSS Score: 4.4 (Medium) Researcher/s: DoYeon Park Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1ef02ecc-6a7b-4782-a891-a1d66d770c81>
Affected Software: CPT Shortcode Generator CVE ID: CVE-2023-45644 CVSS Score: 4.4 (Medium) Researcher/s: Lokesh Dachepalli Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4782d4ea-3d79-40d2-850d-1a7583267616>
Affected Software: Login Screen Manager CVE ID: CVE-2023-5243 CVSS Score: 4.4 (Medium) Researcher/s: Nano Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4d6c37ec-4a17-41b8-a29e-2a9adb382cea>
Affected Software: Scroll post excerpt CVE ID: CVE-2023-45764 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6da00adc-8fc0-4d8f-9ff3-8c21223199f4>
Affected Software: Next Page CVE ID: CVE-2023-45768 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c592887c-718c-46d7-8dc3-d337711471ee>
Affected Software: Print, PDF, Email by PrintFriendly CVE ID: CVE-2023-25032 CVSS Score: 4.4 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e0403a76-86ce-4772-bc0b-22b183f0f684>
Affected Software: WP GoToWebinar CVE ID: CVE-2023-45832 CVSS Score: 4.4 (Medium) Researcher/s: DoYeon Park Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e40f07b5-9e6e-430b-86fc-3bb863a51b01>
Affected Software: Simple File List CVE ID: CVE-2023-39924 CVSS Score: 4.4 (Medium) Researcher/s: Bae Song Hyun Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e61b6e54-b330-41a5-b13f-ba11c10d8bfe>
Affected Software: LeadSquared Suite CVE ID: CVE-2023-45833 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ef1aafc2-e47b-49da-8a4e-9111209308c2>
Affected Software: BuddyPress Global Search CVE ID: CVE-2023-45755 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f78cc71a-db22-4f5f-9231-52c66561df02>
Affected Software: WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting CVE ID: CVE-2023-45765 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/048277c4-f313-484d-a330-420e0682eee2>
Affected Software: Thumbnail Slider With Lightbox CVE ID: CVE-2023-5531 CVSS Score: 4.3 (Medium) Researcher/s: Ala Arfaoui Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/055b7ed5-268a-485e-ac7d-8082dc9fb2ad>
Affected Software: Post Gallery CVE ID: CVE-2023-45752 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0ac31c39-abbc-427f-aba3-d9ec3b51c4d2>
Affected Software: WP Open Street Map CVE ID: CVE-2023-45645 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1aa0fd9d-6c9f-4110-92a0-064fa4b9b589>
Affected Software: Eupago Gateway For Woocommerce CVE ID: CVE-2023-45638 CVSS Score: 4.3 (Medium) Researcher/s: Skalucy Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1f1dcec6-1fcf-40e8-a15b-647b7161b6b5>
Affected Software: which template file CVE ID: CVE-2023-45753 CVSS Score: 4.3 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/279314a4-2d70-4036-ae9a-27bb694b03db>
Affected Software: Constant Contact Forms by MailMunch CVE ID: CVE-2023-45647 CVSS Score: 4.3 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2f8dcbd2-af51-4cc9-9962-53fe644985e1>
Affected Software: Sort SearchResult By Title CVE ID: CVE-2023-45639 CVSS Score: 4.3 (Medium) Researcher/s: Skalucy Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4147e973-5a17-41d8-b8d9-5e43a23c9bc9>
Affected Software: AMP WP – Google AMP For WordPress CVE ID: CVE-2023-45831 CVSS Score: 4.3 (Medium) Researcher/s: qilin_99 Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/44dd7b3f-5892-43e1-acf1-61f66db0b4a3>
Affected Software: Ultimate Taxonomy Manager CVE ID: CVE-2023-45836 CVSS Score: 4.3 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4baf39fd-4191-47eb-9b37-cdf290d6345b>
Affected Software: HTML5 Maps CVE ID: CVE-2023-45650 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/502bc68d-778a-47df-a5c2-6bd0b4f130cc>
Affected Software: CPT Shortcode Generator CVE ID: CVE-2023-45643 CVSS Score: 4.3 (Medium) Researcher/s: Lokesh Dachepalli Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6125a8e6-4c87-4136-ba39-c3a089948733>
Affected Software: Snap Pixel CVE ID: CVE-2023-45642 CVSS Score: 4.3 (Medium) Researcher/s: Prasanna V Balaji Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6150fd60-069f-4ba6-8f0c-773039eaaec6>
Affected Software: WordPress CVE ID: CVE-2023-39999 CVSS Score: 4.3 (Medium) Researcher/s: Rafie Muhammad, Jb Audras Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6bea6a77-79e8-4d3a-bd3e-2bb3d20b6fe9>
Affected Software: Comments Ratings CVE ID: CVE-2023-45654 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8035484b-dc2f-4d54-802b-b09bd88a8bf6>
Affected Software: AI ChatBot CVE ID: CVE-2023-5534 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/846bd929-45cd-4e91-b232-ae16dd2b12a0>
Affected Software: Taggbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics CVE ID: CVE-2023-33214 CVSS Score: 4.3 (Medium) Researcher/s: Jonas Höbenreich Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8a27253d-bfc1-40b5-9da4-d16cc403ad41>
Affected Software: Caret Country Access Limit CVE ID: CVE-2023-45641 CVSS Score: 4.3 (Medium) Researcher/s: Prasanna V Balaji Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9f8c5853-6e21-4a70-a547-e3f0f4b1d7d0>
Affected Software: Lazy Load for Videos CVE ID: CVE-2023-45656 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a467ad30-8271-421c-8af4-8165fd60c03e>
Affected Software: AGP Font Awesome Collection CVE ID: CVE-2023-45749 CVSS Score: 4.3 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/abcb2e9f-a6f1-40c3-b419-e2f65ec5dd41>
Affected Software: PixFields CVE ID: CVE-2023-45655 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d3c6fb8b-9df8-4cf5-b9e6-702852bb1977>
Affected Software: Video Playlist For YouTube CVE ID: CVE-2023-45653 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d72c8140-90f1-49f5-bc42-925e29ecc0b1>
Affected Software: Responsive Tabs CVE ID: CVE-2023-45635 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d9af12ac-68ef-4c65-aecb-82ce7b927340>
Affected Software: WP Attachments CVE ID: CVE-2023-45651 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f23b144e-4380-4099-89b5-816c8c2f710f>
Affected Software: Feed Statistics CVE ID: CVE-2023-45605 CVSS Score: 4.3 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f5740c07-28b3-40ce-997e-e4ec76348cf4>
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (October 9, 2023 to October 15, 2023) appeared first on Wordfence.