Last week, there were 64 vulnerabilities disclosed in 61 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 32 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API and webhook notifications are completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
_Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published. _
Patch Status | Number of Vulnerabilities |
---|---|
Unpatched | 37 |
Patched | 27 |
Severity Rating | Number of Vulnerabilities |
---|---|
Low Severity | 2 |
Medium Severity | 53 |
High Severity | 6 |
Critical Severity | 3 |
Vulnerability Type by CWE | Number of Vulnerabilities |
---|---|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 29 |
Missing Authorization | 12 |
Cross-Site Request Forgery (CSRF) | 11 |
Unrestricted Upload of File with Dangerous Type | 5 |
Server-Side Request Forgery (SSRF) | 1 |
URL Redirection to Untrusted Site ('Open Redirect') | 1 |
Improper Input Validation | 1 |
Authorization Bypass Through User-Controlled Key | 1 |
Improper Control of Generation of Code ('Code Injection') | 1 |
Use of Less Trusted Source | 1 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 1 |
Researcher Name | Number of Vulnerabilities |
---|---|
Rio Darmawan | 11 |
Rafie Muhammad | 5 |
Lana Codes | |
(Wordfence Vulnerability Researcher) | 4 |
thiennv | 3 |
LEE SE HYOUNG | 3 |
Mika | 2 |
Zlrqh | 2 |
Dmitrii | 2 |
László Radnai | 2 |
Elliot | 2 |
Marco Wotschka | |
(Wordfence Vulnerability Researcher) | 2 |
Bartłomiej Marek | 2 |
Tomasz Swiadek | 2 |
Abdi Pranata | 2 |
Phd | 1 |
Emili Castells | 1 |
Pavitra Tiwari | 1 |
Ramuel Gall | |
(Wordfence Vulnerability Researcher) | 1 |
FearZzZz | 1 |
emad | 1 |
Prasanna V Balaji | 1 |
deokhunKim | 1 |
yuyudhn | 1 |
Le Ngoc Anh | 1 |
Dipak Panchal | 1 |
mehmet | 1 |
Lokesh Dachepalli | 1 |
Jonas Höbenreich | 1 |
Enrico Marcolini | 1 |
Animesh Gaurav | 1 |
Jonatas Souza Villa Flor | 1 |
Ravi Dharmawan | 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
Software Name | Software Slug |
---|---|
Activity Log | aryo-activity-log |
AffiliateWP | AffiliateWP |
All-in-One WP Migration Box Extension | all-in-one-wp-migration-box-extension |
All-in-One WP Migration Dropbox Extension | all-in-one-wp-migration-dropbox-extension |
All-in-One WP Migration Google Drive Extension | all-in-one-wp-migration-gdrive-extension |
All-in-One WP Migration OneDrive Extension | all-in-one-wp-migration-onedrive-extension |
Better Elementor Addons | better-elementor-addons |
Bridge Core | bridge-core |
Ditty – Responsive News Tickers, Sliders, and Lists | ditty-news-ticker |
DoLogin Security | dologin |
Easy Coming Soon | easy-coming-soon |
Easy Newsletter Signups | easy-newsletter-signups |
Email Encoder – Protect Email Addresses and Phone Numbers | email-encoder-bundle |
Fast & Effective Popups & Lead-Generation for WordPress – HollerBox | holler-box |
FileOrganizer – Manage WordPress and Website Files | fileorganizer |
Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager | folders |
Font Awesome 4 Menus | font-awesome-4-menus |
Forminator – Contact Form, Payment Form & Custom Form Builder | forminator |
GiveWP – Donation Plugin and Fundraising Platform | give |
GuruWalk Affiliates | guruwalk-affiliates |
Happy Addons for Elementor Pro | happy-elementor-addons-pro |
Import XML and RSS Feeds | import-xml-feed |
Localize Remote Images | localize-remote-images |
Login and Logout Redirect | login-and-logout-redirect |
LuckyWP Scripts Control | luckywp-scripts-control |
Maintenance Switch | maintenance-switch |
MakeStories (for Google Web Stories) | makestories-helper |
Metform Elementor Contact Form Builder | metform |
Multi-column Tag Map | multi-column-tag-map |
Olive One Click Demo Import | olive-one-click-demo-import |
Order Tracking – WordPress Status Tracking Plugin | order-tracking |
Ovic Product Bundle | ovic-product-bundle |
Popup Builder – Create highly converting, mobile friendly marketing popups. | popup-builder |
Popup box | ays-popup-box |
PowerPress Podcasting plugin by Blubrry | powerpress |
Prevent files / folders access | prevent-file-access |
Pricing Deals for WooCommerce | pricing-deals-for-woocommerce |
RSVPMaker | rsvpmaker |
Remove/hide Author, Date, Category Like Entry-Meta | removehide-author-date-category-like-entry-meta |
Responsive Gallery Grid | responsive-gallery-grid |
Sermon'e – Sermons Online | sermone-online-sermons-management |
Simple 301 Redirects by BetterLinks | simple-301-redirects |
Site Reviews | site-reviews |
Sitekit | sitekit |
Slimstat Analytics | wp-slimstat |
Smarty for WordPress | smarty-for-wordpress |
Snap Pixel | snap-pixel |
Social Media Share Buttons & Social Sharing Icons | ultimate-social-media-icons |
Social Share Boost | social-share-boost |
Surfer – WordPress Plugin | surferseo |
URL Shortener by MyThemeShop | mts-url-shortener |
Ultimate Addons for Contact Form 7 | ultimate-addons-for-contact-form-7 |
WP Bannerize Pro | wp-bannerize-pro |
WP GoToWebinar | wp-gotowebinar |
WP Search Analytics | search-analytics |
WP Super Minify | wp-super-minify |
WP Synchro – WordPress Migration Plugin for Database & Files | wpsynchro |
WP Users Media | wp-users-media |
WP-dTree | wp-dtree-30 |
WordPress Ecommerce For Creating Fast Online Stores – By SureCart | surecart |
authLdap | authldap |
Software Name | Software Slug |
---|---|
Arya Multipurpose Pro | [arya-multipurpose-pro](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/Arya Multipurpose Pro>) |
Everest News Pro | [everest-news-pro](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/Everest News Pro>) |
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities.
Affected Software: Forminator – Contact Form, Payment Form & Custom Form Builder CVE ID: CVE-2023-4596 CVSS Score: 9.8 (Critical) Researcher/s: mehmet Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9cd87da6-1f4c-4a15-8ebb-6e0f8ef72513>
Affected Software: Import XML and RSS Feeds CVE ID: CVE-2023-4521 CVSS Score: 9.8 (Critical) Researcher/s: Enrico Marcolini Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c0856920-5463-4dd3-a4fd-e56901a89b83>
Affected Software: RSVPMaker CVE ID: CVE-2023-41652 CVSS Score: 9.8 (Critical) Researcher/s: Ravi Dharmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f655704d-70a1-40d8-ae36-39029185d262>
Affected Software: Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager CVE ID: CVE-2023-40204 CVSS Score: 8.8 (High) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9ab28410-76c5-43cb-b87a-c99f8867167c>
Affected Software: GiveWP – Donation Plugin and Fundraising Platform CVE ID: CVE-2023-41665 CVSS Score: 7.2 (High) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/22ff4b09-063b-425e-9d59-be2e5d283186>
Affected Software: Olive One Click Demo Import CVE ID: CVE-2023-29102 CVSS Score: 7.2 (High) Researcher/s: deokhunKim Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4f3e3311-11d8-4e4f-9d99-36533fe44d56>
Affected Software: DoLogin Security CVE ID: CVE-2023-4549 CVSS Score: 7.2 (High) Researcher/s: Bartłomiej Marek, Tomasz Swiadek Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ad34d657-da59-46ff-a54a-64e6c8974b69>
Affected Software: Prevent files / folders access CVE ID: CVE-2023-4238 CVSS Score: 7.2 (High) Researcher/s: Dmitrii Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b266bd10-dbc6-4058-a5b2-1578c0814cb4>
Affected Software: Import XML and RSS Feeds CVE ID: CVE-2023-4300 CVSS Score: 7.2 (High) Researcher/s: Jonatas Souza Villa Flor Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f45b4c43-c6c4-41da-bd59-9a355800815a>
Affected Software: Easy Newsletter Signups CVE ID: CVE-2023-41664 CVSS Score: 6.5 (Medium) Researcher/s: Emili Castells Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/288946ae-6e58-42e6-89d1-8951539728d3>
Affected Software: Slimstat Analytics CVE ID: CVE-2023-4597 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/52aee4b8-f494-4eeb-8357-71ce8d5bc656>
Affected Software: Sitekit CVE ID: CVE-2023-27628 CVSS Score: 6.4 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7f0be29a-7896-4166-a2a6-64f99d845236>
Affected Software: Font Awesome 4 Menus CVE ID: CVE-2023-4718 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/dc59510c-6eaf-4526-8acb-c07e39923ad9>
Affected Software: Email Encoder – Protect Email Addresses and Phone Numbers CVE ID: CVE-2023-4599 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e90f04e4-eb4c-4822-89c6-79f553987c37>
Affected Software: Login and Logout Redirect CVE ID: CVE-2023-41648 CVSS Score: 6.1 (Medium) Researcher/s: Phd Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/09a0639e-4b14-4dc9-a50c-d18234faa7b1>
Affected Software: Arya Multipurpose Pro CVE ID: CVE-2023-41237 CVSS Score: 6.1 (Medium) Researcher/s: László Radnai Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/22cfbaa1-5412-4944-899c-7ae41d017384>
Affected Software: Social Media Share Buttons & Social Sharing Icons CVE ID: CVE-2023-41238 CVSS Score: 6.1 (Medium) Researcher/s: FearZzZz Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3a8998db-ffc2-40b2-a191-09380984adac>
Affected Software: URL Shortener by MyThemeShop CVE ID: CVE-2023-30472 CVSS Score: 6.1 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/52c2837e-8947-4ce9-bda5-e0c2f831fb36>
Affected Software: Sermon'e – Sermons Online CVE ID: CVE-2023-41653 CVSS Score: 6.1 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5c17678e-6598-4e80-b121-beae822b9f81>
Affected Software: WP-dTree CVE ID: CVE-2023-41662 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6c01da54-fbbe-42f9-a76e-8e823027d62a>
Affected Software: Everest News Pro CVE ID: CVE-2023-41235 CVSS Score: 6.1 (Medium) Researcher/s: László Radnai Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bb967453-59d6-4b03-8c75-1906b99bff80>
Affected Software: Bridge Core CVE ID: CVE-2023-40333 CVSS Score: 6.1 (Medium) Researcher/s: Rafie Muhammad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bc698c40-4a2b-4dab-93f0-647e4db79d2c>
Affected Software: Ditty – Responsive News Tickers, Sliders, and Lists CVE ID: CVE-2023-4148 CVSS Score: 6.1 (Medium) Researcher/s: Animesh Gaurav Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cabf7aae-0673-4358-a2df-0ca22c8432b5>
Affected Software: Happy Addons for Elementor Pro CVE ID: CVE-2023-41236 CVSS Score: 6.1 (Medium) Researcher/s: Rafie Muhammad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d536d3a8-9ac5-4ea9-8c65-16ad8b3a7106>
Affected Software: Ultimate Addons for Contact Form 7 CVE ID: CVE-2023-30493 CVSS Score: 6.1 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d857324c-94c9-471a-9da8-0b8c9bb50262>
Affected Software: Order Tracking – WordPress Status Tracking Plugin CVE ID: CVE-2023-4471 CVSS Score: 6.1 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ed64d0ff-4f49-4c18-86ec-2c6fbd559d2e>
Affected Software: WP Bannerize Pro CVE ID: CVE-2023-41663 CVSS Score: 6.1 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/edc35f8c-f916-433e-9d3f-4992e8c9d7cd>
Affected Software: WP Search Analytics CVE ID: CVE-2023-30471 CVSS Score: 6.1 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f6433a17-0017-46a9-a8e6-4d4a4a55f2db>
Affected Software: PowerPress Podcasting plugin by Blubrry CVE ID: CVE-2023-41239 CVSS Score: 5.4 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/031c31b2-6e27-47bb-9f63-2bbaa1edbbb2>
Affected Software: Site Reviews CVE ID: CVE Unknown CVSS Score: 5.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1accc41e-41d2-49e3-a80a-6b95b02cb42e>
Affected Software: Responsive Gallery Grid CVE ID: CVE-2023-41659 CVSS Score: 5.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3abe2de8-9127-4ef0-9194-cf331b20868a>
Affected Software: LuckyWP Scripts Control CVE ID: CVE-2023-29239 CVSS Score: 5.4 (Medium) Researcher/s: Elliot Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3ed93c5c-38bb-4e84-8fe8-03dd75b4d9f3>
Affected Software: Maintenance Switch CVE ID: CVE-2023-29235 CVSS Score: 5.4 (Medium) Researcher/s: Elliot Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6f14f19d-95b3-474b-a2ea-d846c85644cd>
Affected Software: Simple 301 Redirects by BetterLinks CVE ID: CVE Unknown CVSS Score: 5.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9945c85b-a97a-4ad0-9d0a-69faf157563a>
Affected Software: Surfer – WordPress Plugin CVE ID: CVE-2023-35037 CVSS Score: 5.4 (Medium) Researcher/s: Jonas Höbenreich Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c06f9f6d-3cd0-4700-834b-435a99983453>
Affected Software: Pricing Deals for WooCommerce CVE ID: CVE-2023-41240 CVSS Score: 5.3 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1101bfe6-2075-4f44-933b-6d9f372100a2>
Affected Software: Ovic Product Bundle CVE ID: CVE-2023-41649 CVSS Score: 5.3 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5657ffe2-7d04-4834-bcec-ab6afaeda7df>
Affected Software/s: All-in-One WP Migration Dropbox Extension, All-in-One WP Migration OneDrive Extension, All-in-One WP Migration Google Drive Extension, All-in-One WP Migration Box Extension CVE ID: CVE-2023-40004 CVSS Score: 5.3 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/86bb44f0-142d-4c4e-8fc5-a50526118130>
Affected Software: Localize Remote Images CVE ID: CVE-2023-41244 CVSS Score: 5.3 (Medium) Researcher/s: Lokesh Dachepalli Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ab96123e-17aa-461f-b460-e8eba82c78e1>
Affected Software: Multi-column Tag Map CVE ID: CVE-2023-41651 CVSS Score: 5.3 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d2a60cb2-fe7d-4c51-9995-5cb4682d9d26>
Affected Software: Activity Log CVE ID: CVE-2023-4281 CVSS Score: 5.3 (Medium) Researcher/s: Bartłomiej Marek, Tomasz Swiadek Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/de821236-f878-46a4-9265-bcf6e8661910>
Affected Software: Order Tracking – WordPress Status Tracking Plugin CVE ID: CVE-2023-4500 CVSS Score: 4.7 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/81f9a4c6-971f-4f6d-8bb1-e97bf75cf8d3>
Affected Software: GuruWalk Affiliates CVE ID: CVE-2023-27622 CVSS Score: 4.4 (Medium) Researcher/s: Pavitra Tiwari Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2b2714f7-9877-4d3d-a692-70fbf8584728>
Affected Software: WordPress Ecommerce For Creating Fast Online Stores – By SureCart CVE ID: CVE-2023-41241 CVSS Score: 4.4 (Medium) Researcher/s: emad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/416c13ff-15ae-4ba4-8a95-7c07bec75c22>
Affected Software: Smarty for WordPress CVE ID: CVE-2023-41661 CVSS Score: 4.4 (Medium) Researcher/s: Prasanna V Balaji Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/498a10a1-8da6-4309-833f-950f6442d5ae>
Affected Software: WP GoToWebinar CVE ID: CVE Unknown CVSS Score: 4.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4a7b32f5-5d27-4f5a-89f3-abf4f8da79e4>
Affected Software: Fast & Effective Popups & Lead-Generation for WordPress – HollerBox CVE ID: CVE-2023-41657 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5c76871e-b774-4284-ad00-f8ef7f6df389>
Affected Software: Popup Builder – Create highly converting, mobile friendly marketing popups. CVE ID: CVE-2023-3226 CVSS Score: 4.4 (Medium) Researcher/s: Dipak Panchal Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7f97af51-1532-4034-8b2a-8356b65cb617>
Affected Software: Snap Pixel CVE ID: CVE-2023-41242 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c37686f8-6bd7-4c06-b80a-7d6849bbc7b0>
Affected Software: Easy Coming Soon CVE ID: CVE-2023-25483 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e46139c8-dd7e-4904-81b2-283952cea9b5>
Affected Software: Popup box CVE ID: CVE Unknown CVSS Score: 4.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e6dbbb52-4202-4d69-837f-c7d5ca06fab5>
Affected Software: WP Users Media CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Zlrqh Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/07a82335-d738-4c14-b385-04843f12e4ef>
Affected Software: Metform Elementor Contact Form Builder CVE ID: CVE-2023-0689 CVSS Score: 4.3 (Medium) Researcher/s: Ramuel Gall Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/356cf06e-16e7-438b-83b5-c8a52a21f903>
Affected Software: Social Share Boost CVE ID: CVE-2023-25033 CVSS Score: 4.3 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/53a265b8-e34c-4683-a653-4b4b2410e9de>
Affected Software: Better Elementor Addons CVE ID: CVE-2023-41656 CVSS Score: 4.3 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5a628eef-937c-4391-afac-22128ec5b51c>
Affected Software: WP Users Media CVE ID: CVE-2023-27428 CVSS Score: 4.3 (Medium) Researcher/s: Zlrqh Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8e125188-4aff-4c64-b4ec-a363db2431b7>
Affected Software: WP Super Minify CVE ID: CVE-2023-27615 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/af59fcf6-4435-45f0-8904-ff520ea86157>
Affected Software: Remove/hide Author, Date, Category Like Entry-Meta CVE ID: CVE-2023-41650 CVSS Score: 4.3 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cd0abdf2-24da-4e87-825b-0796af6c3ccd>
Affected Software: MakeStories (for Google Web Stories) CVE ID: CVE-2023-27448 CVSS Score: 4.3 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d9f7130d-883a-4db4-9edf-f5526724de11>
Affected Software: AffiliateWP CVE ID: CVE-2023-4600 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/eab422b8-8cf5-441e-a21f-6a0e1b7642b2>
Affected Software: authLdap CVE ID: CVE-2023-41654 CVSS Score: 4.3 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/eddce6e0-2ea7-4980-97a7-857b2e1e3b69>
Affected Software: WP Synchro – WordPress Migration Plugin for Database & Files CVE ID: CVE-2023-41660 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f1b6f041-5ea6-48ca-9ca7-4ce96cbfa275>
Affected Software: authLdap CVE ID: CVE-2023-41655 CVSS Score: 3.3 (Low) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5b91ad8b-79ec-4ef7-bb39-edb06309da5e>
Affected Software: FileOrganizer – Manage WordPress and Website Files CVE ID: CVE-2023-3664 CVSS Score: 2.7 (Low) Researcher/s: Dmitrii Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/11c9124d-80e0-435d-9eb4-901c4f481a6f>
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (August 28, 2023 to September 3, 2023) appeared first on Wordfence.