9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.057 Low
EPSS
Percentile
92.4%
Last week, there were 107 vulnerabilities disclosed in 89 WordPress Plugins and 5 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 36 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API and webhook notifications are completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
_Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published. _
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Patch Status | Number of Vulnerabilities |
---|---|
Unpatched | 44 |
Patched | 63 |
Severity Rating | Number of Vulnerabilities |
---|---|
Low Severity | 2 |
Medium Severity | 89 |
High Severity | 11 |
Critical Severity | 5 |
Vulnerability Type by CWE | Number of Vulnerabilities |
---|---|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 35 |
Cross-Site Request Forgery (CSRF) | 31 |
Missing Authorization | 24 |
Unrestricted Upload of File with Dangerous Type | 3 |
Authorization Bypass Through User-Controlled Key | 2 |
Deserialization of Untrusted Data | 2 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 2 |
External Control of File Name or Path | 1 |
Improper Input Validation | 1 |
Server-Side Request Forgery (SSRF) | 1 |
Improper Privilege Management | 1 |
Improper Neutralization of Formula Elements in a CSV File | 1 |
Improper Encoding or Escaping of Output | 1 |
Information Exposure | 1 |
Improper Authorization | 1 |
Researcher Name | Number of Vulnerabilities |
---|---|
Rio Darmawan | 11 |
Mika | 10 |
Abdi Pranata | 10 |
Rafshanzani Suhada | 7 |
thiennv | 5 |
yuyudhn | 4 |
Rafie Muhammad | 4 |
LEE SE HYOUNG | 3 |
Le Ngoc Anh | 3 |
NGÔ THIÊN AN | 3 |
Nguyen Xuan Chien | 3 |
Marco Wotschka | |
(Wordfence Vulnerability Researcher) | 2 |
Revan Arifio | 2 |
Lana Codes | |
(Wordfence Vulnerability Researcher) | 2 |
Skalucy | 2 |
Elliot | 2 |
FearZzZz | 2 |
qilin_99 | 2 |
Pepitoh | 1 |
Shuning Xu | 1 |
deokhunKim | 1 |
DoYeon Park | 1 |
spacecroupier | 1 |
Nguyen Anh Tien | 1 |
Debangshu Kundu | 1 |
Arpeet Rathi | 1 |
Ravi Dharmawan | 1 |
Theodoros Malachias | 1 |
Alexander Concha | 1 |
Pedro José Navas Pérez | 1 |
Alex Sanford | 1 |
emad | 1 |
Emili Castells | 1 |
Pavitra Tiwari | 1 |
Alex Concha | 1 |
László Radnai | 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
Software Name | Software Slug |
---|---|
AcyMailing – Newsletter & mailing automation for WordPress | acymailing |
All in One B2B for WooCommerce | all-in-one-b2b-for-woocommerce |
Analytify – Google Analytics Dashboard For WordPress (GA4 made easy) | wp-analytify |
Auto Amazon Links – Amazon Associates Affiliate Plugin | amazon-auto-links |
Automatic YouTube Gallery | automatic-youtube-gallery |
Back To The Top Button | back-to-the-top-button |
BackupBliss – Backup Migration Staging | backup-backup |
BitPay Checkout for WooCommerce | bitpay-checkout-for-woocommerce |
Bulk NoIndex & NoFollow Toolkit | bulk-noindex-nofollow-toolkit-by-mad-fish |
CP Blocks | cp-blocks |
Carousel Slider | carousel-slider |
Click To Tweet | click-to-tweet |
Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms | fluentform |
Cookie Notice & Consent | cookie-notice-consent |
Customizable WordPress Gallery Plugin – Modula Image Gallery | modula-best-grid-gallery |
Directorist – WordPress Business Directory Plugin with Classified Ads Listings | directorist |
Duplicate Post Page Menu & Custom Post Type | duplicate-post-page-menu-custom-post-type |
EWWW Image Optimizer | ewww-image-optimizer |
Easy Form by AYS | easy-form |
Easy WP Cleaner | easy-wp-cleaner |
Email posts to subscribers | email-posts-to-subscribers |
EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor | embedpress |
Export Import Menus | export-import-menus |
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder | form-maker |
Goods Catalog | goods-catalog |
Hide admin notices – Admin Notification Center | wp-admin-notification-center |
Insert Estimated Reading Time | insert-estimated-reading-time |
Laposta Signup Basic | laposta-signup-basic |
Laposta Signup Embed | laposta-signup-embed |
Leadster | leadster-marketing-conversacional |
Live News | live-news-lite |
Locations | locations |
MailMunch – Grow your Email List | mailmunch |
Media Library Assistant | media-library-assistant |
My Account Page Editor | my-account-page-editor |
MyCryptoCheckout – Bitcoin, Ethereum, and 100+ altcoins for WooCommerce | mycryptocheckout |
Notice Bar | notice-bar |
Order Delivery Date for WP e-Commerce | order-delivery-date |
Outbound Link Manager | outbound-link-manager |
POEditor | poeditor |
Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | wp-user-avatar |
PeproDev CF7 Database | pepro-cf7-database |
Poll Maker – Best WordPress Poll Plugin | poll-maker |
Premium Starter Templates | astra-pro-sites |
RSVPMaker | rsvpmaker |
Realbig For WordPress | realbig-media |
Regpack | regpack |
Rescue Shortcodes | rescue-shortcodes |
Restrict – membership, site, content and user access restrictions for WordPress | restricted-content |
SAML Single Sign On – SSO Login Standard | miniorange-saml-20-single-sign-on |
SIS Handball | sis-handball |
SendPress Newsletters | sendpress |
Simple Download Counter | simple-download-counter |
Simple Membership | simple-membership |
Slider Pro | sliderpro |
Social Share, Social Login and Social Comments Plugin – Super Socializer | super-socializer |
Staff / Employee Business Directory for Active Directory | ldap-ad-staff-employee-directory-search |
StagTools | stagtools |
Starter Templates — Elementor, WordPress & Beaver Builder Templates | astra-sites |
Stock Quotes List | stock-quotes-list |
Sunshine Photo Cart | sunshine-photo-cart |
Swifty Bar, sticky bar by WPGens | swifty-bar |
TelSender – Сontact form 7, Events, Wpforms and wooccommerce to telegram bot | telsender |
Tilda Publishing | tilda-publishing |
Travel Map | travelmap-blog |
UniConsent CMP for GDPR CPRA GPP TCF | uniconsent-cmp |
Use Memcached | use-memcached |
User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds | userfeedback-lite |
User Submitted Posts – Enable Users to Submit Posts from the Front End | user-submitted-posts |
VS Contact Form | very-simple-contact-form |
WP Accessibility Helper (WAH) | wp-accessibility-helper |
WP Crowdfunding | wp-crowdfunding |
WP Custom Post Template | wp-custom-post-template |
WP Directory Kit | wpdirectorykit |
WP Gallery Metabox | wp-gallery-metabox |
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts | wedevs-project-manager |
WP iCal Availability | wp-ical-availability |
WP-dTree | wp-dtree-30 |
WRC Pricing Tables – WordPress Responsive CSS3 Pricing Tables | wrc-pricing-tables |
WiserNotify Social Proof & FOMO Notification, WooCommerce Sales Popup, Review Popups, Notification Bars & Urgency Widgets | wiser-notify |
WooCommerce PensoPay | woo-pensopay |
Woocommerce Support System | wc-support-system |
WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds | another-wordpress-classifieds-plugin |
WordPress File Sharing Plugin | user-private-files |
WordPress Social Login | wordpress-social-login |
iFolders – Ultimate Folder Manager for Media, Pages, Posts & etc | ifolders |
rtMedia for WordPress, BuddyPress and bbPress | buddypress-media |
wordpress publish post email notification | publish-post-email-notification |
wpCentral | wp-central |
Software Name | Software Slug |
---|---|
Attorney | attorney |
Flatsome | flatsome |
Raise Mag | [raise-mag](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/Raise Mag>) |
Wishful Blog | [wishful-blog](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/Wishful Blog>) |
Woodmart | woodmart |
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities.
Affected Software: Media Library Assistant CVE ID: CVE-2023-4634 CVSS Score: 9.8 (Critical) Researcher/s: Pepitoh Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/05c68377-feb6-442d-a3a0-1fbc246c7cbf>
Affected Software: RSVPMaker CVE ID: CVE-2023-25054 CVSS Score: 9.8 (Critical) Researcher/s: Ravi Dharmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/647cc71d-4d3a-4722-b498-baaee2450809>
Affected Software: All in One B2B for WooCommerce CVE ID: CVE-2023-4703 CVSS Score: 9.8 (Critical) Researcher/s: Alexander Concha Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/aab3016d-5834-4b4a-a206-0b626884b335>
Affected Software: Flatsome CVE ID: CVE-2023-40555 CVSS Score: 9.8 (Critical) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bfc4863a-1b8c-4b13-9df1-18f221b40b26>
Affected Software: Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder CVE ID: CVE Unknown CVSS Score: 9.8 (Critical) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c691d129-35db-4de8-a28e-5e77347e2280>
Affected Software: WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts CVE ID: CVE-2023-34383 CVSS Score: 8.8 (High) Researcher/s: Theodoros Malachias Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/79dabaa6-d907-4fa6-bc6f-f28f39578256>
Affected Software: Export Import Menus CVE ID: CVE-2023-34385 CVSS Score: 8.8 (High) Researcher/s: Emili Castells Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d74efb03-4a1c-4163-bd79-ef17975a609e>
Affected Software: My Account Page Editor CVE ID: CVE-2023-4536 CVSS Score: 8.8 (High) Researcher/s: Alex Concha Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f87b6987-8896-4edf-9b14-8582426adeb0>
Affected Software: Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress CVE ID: CVE Unknown CVSS Score: 7.3 (High) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5b2840ee-3b48-415e-9bed-d34d0b6e36d7>
Affected Software: Woocommerce Support System CVE ID: CVE-2023-41686 CVSS Score: 7.3 (High) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8004a306-4c8f-40e9-accc-a12d65b5f2f9>
Affected Software: Woocommerce Support System CVE ID: CVE-2023-41685 CVSS Score: 7.2 (High) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/efab7ec7-7143-4556-8d68-4a7e34f46e9e>
Affected Software: Travel Map CVE ID: CVE-2023-41860 CVSS Score: 7.2 (High) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3f04a742-56be-42e9-9080-2131c6e98325>
Affected Software: Click To Tweet CVE ID: CVE-2023-41856 CVSS Score: 7.2 (High) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b5031140-9a48-43da-b946-00ce9c70258b>
Affected Software: PeproDev CF7 Database CVE ID: CVE-2023-41863 CVSS Score: 7.2 (High) Researcher/s: FearZzZz Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c7a7df90-a542-48cf-a58e-bcbddc978df2>
Affected Software: Simple Membership CVE ID: CVE-2023-4719 CVSS Score: 7.2 (High) Researcher/s: FearZzZz Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e4b10172-7e54-4ff8-9fbb-41d160ce49e4>
Affected Software: User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds CVE ID: CVE-2023-39308 CVSS Score: 7.2 (High) Researcher/s: Revan Arifio Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f9e45bc2-6db6-49cd-8a4a-58489a8ddac2>
Affected Software: All in One B2B for WooCommerce CVE ID: CVE-2023-3547 CVSS Score: 6.5 (Medium) Researcher/s: Alex Sanford Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bd53bc57-b10e-47a7-8c10-96bf1f1e82a5>
Affected Software: Auto Amazon Links – Amazon Associates Affiliate Plugin CVE ID: CVE-2023-4482 CVSS Score: 6.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/11ffb8a1-55d2-44c5-bcd2-ba866b94e8bc>
Affected Software: Goods Catalog CVE ID: CVE-2023-41687 CVSS Score: 6.4 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/21542a9e-efa2-4655-b076-d282e3678fdf>
Affected Software: Rescue Shortcodes CVE ID: CVE-2023-41728 CVSS Score: 6.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6a11e7c9-f565-4a8c-895f-425c6654b5a9>
Affected Software/s: Starter Templates — Elementor, WordPress & Beaver Builder Templates, Premium Starter Templates CVE ID: CVE-2023-41804 CVSS Score: 6.4 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6e0bdbba-2b67-42b9-8c26-115d472aed0e>
Affected Software: Simple Download Counter CVE ID: CVE-2023-4838 CVSS Score: 6.4 (Medium) Researcher/s: NGÔ THIÊN AN Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/aa5f7f2a-c7b7-4339-a608-51fd684c18bf>
Affected Software: User Submitted Posts – Enable Users to Submit Posts from the Front End CVE ID: CVE-2023-41696 CVSS Score: 6.4 (Medium) Researcher/s: NGÔ THIÊN AN Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b7fca965-86f8-4ee4-a9d6-cb18fe5f098e>
Affected Software: WordPress Social Login CVE ID: CVE-2023-4773 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b987822d-2b1b-4f79-988b-4bd731864b63>
Affected Software: User Submitted Posts – Enable Users to Submit Posts from the Front End CVE ID: CVE-2023-4779 CVSS Score: 6.4 (Medium) Researcher/s: NGÔ THIÊN AN Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d21ca709-183f-4dd1-849c-f1b2a4f7ec43>
Affected Software: Notice Bar CVE ID: CVE-2023-41847 CVSS Score: 6.4 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/defc5b5a-243d-4564-a9f8-3ecf3538129b>
Affected Software: Locations CVE ID: CVE-2023-41797 CVSS Score: 6.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fe10acf6-2649-4e85-abd1-b6840169eb41>
Affected Software: Attorney CVE ID: CVE-2023-41692 CVSS Score: 6.1 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/026443b6-4ab5-4f31-8a8d-2019097bde4c>
Affected Software: Restrict – membership, site, content and user access restrictions for WordPress CVE ID: CVE-2023-41861 CVSS Score: 6.1 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/62029ce5-ab97-4594-93e6-469ef5692320>
Affected Software: WooCommerce PensoPay CVE ID: CVE-2023-41691 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6845b506-3d38-47f6-9348-d7931e65707a>
Affected Software: Woodmart CVE ID: CVE-2023-41872 CVSS Score: 6.1 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6fc92b8f-6794-461a-b6b6-598de21f5e2d>
Affected Software: AcyMailing – Newsletter & mailing automation for WordPress CVE ID: CVE-2023-41867 CVSS Score: 6.1 (Medium) Researcher/s: Rafshanzani Suhada Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9f82ec7c-72a0-4c3b-8041-c6ad080a48f1>
Affected Software: StagTools CVE ID: CVE-2023-41868 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ca09ce0d-3989-420d-9457-f0acd709cc6b>
Affected Software: Poll Maker – Best WordPress Poll Plugin CVE ID: CVE-2023-41871 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/faad9cf7-5d83-4ade-b121-c38fb0de78a5>
Affected Software/s: Raise Mag, Wishful Blog CVE ID: CVE-2023-28621 CVSS Score: 6.1 (Medium) Researcher/s: László Radnai Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fb33f779-d045-48dd-babe-8b1fab903124>
Affected Software: Stock Quotes List CVE ID: CVE-2023-41666 CVSS Score: 5.4 (Medium) Researcher/s: deokhunKim Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1dffbb2d-69d1-495c-8c96-64c5fd878fcd>
Affected Software: Tilda Publishing CVE ID: CVE-2023-31234 CVSS Score: 5.4 (Medium) Researcher/s: spacecroupier Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4a992bb2-67b9-48db-a536-c3af79e93af4>
Affected Software: Staff / Employee Business Directory for Active Directory CVE ID: CVE-2023-4757 CVSS Score: 5.4 (Medium) Researcher/s: Pedro José Navas Pérez Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b1355e9f-fa3a-439a-a13f-49b10dd4473a>
Affected Software: Easy WP Cleaner CVE ID: CVE-2023-41697 CVSS Score: 5.4 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c4c2689d-be51-4907-b624-c85da39f545d>
Affected Software: Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms CVE ID: CVE-2023-41952 CVSS Score: 5.3 (Medium) Researcher/s: Revan Arifio Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/20f31e48-0dbb-498a-a400-681cacea7c9c>
Affected Software: Sunshine Photo Cart CVE ID: CVE-2023-41796 CVSS Score: 5.3 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2eae7c33-2347-4b34-8b5f-7f4a6ee3e9c1>
Affected Software: TelSender – Сontact form 7, Events, Wpforms and wooccommerce to telegram bot CVE ID: CVE-2023-41683 CVSS Score: 5.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/39193ebd-005a-4497-9939-99947323a1a0>
Affected Software: WP Directory Kit CVE ID: CVE-2023-41875 CVSS Score: 5.3 (Medium) Researcher/s: Debangshu Kundu, Arpeet Rathi Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/60083262-198d-4a7d-bb0a-717a744e20f9>
Affected Software: Email posts to subscribers CVE ID: CVE-2023-41735 CVSS Score: 5.3 (Medium) Researcher/s: Rafshanzani Suhada Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7730d670-d270-4755-bc9a-550498a28edb>
Affected Software: WRC Pricing Tables – WordPress Responsive CSS3 Pricing Tables CVE ID: CVE-2023-32293 CVSS Score: 5.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/823dc422-12f4-4f7d-a305-2e4db18bafdf>
Affected Software: WiserNotify Social Proof & FOMO Notification, WooCommerce Sales Popup, Review Popups, Notification Bars & Urgency Widgets CVE ID: CVE-2023-41690 CVSS Score: 5.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/86055b1b-23a6-4e33-8818-0af58c8e6383>
Affected Software: EWWW Image Optimizer CVE ID: CVE Unknown CVSS Score: 5.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d7d08bfd-9861-4e21-a696-25b00233ad94>
Affected Software: VS Contact Form CVE ID: CVE-2023-41862 CVSS Score: 5.3 (Medium) Researcher/s: qilin_99 Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e3f665b8-fbd5-4100-baf6-3fa99332a5dc>
Affected Software: BitPay Checkout for WooCommerce CVE ID: CVE-2023-41803 CVSS Score: 5.3 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ea489c69-d4d9-4e05-8cac-25fd17d48506>
Affected Software: UniConsent CMP for GDPR CPRA GPP TCF CVE ID: CVE-2023-41800 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/19c9cf3e-553b-4cbd-9f2c-803e188a2581>
Affected Software: WordPress File Sharing Plugin CVE ID: CVE-2023-4636 CVSS Score: 4.4 (Medium) Researcher/s: Shuning Xu Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1df04293-87e9-4ab4-975d-54d36a993ab0>
Affected Software: Insert Estimated Reading Time CVE ID: CVE-2023-41734 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/45426cdd-2721-4959-8f0b-13025f775d62>
Affected Software: Cookie Notice & Consent CVE ID: CVE-2023-41948 CVSS Score: 4.4 (Medium) Researcher/s: DoYeon Park Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/489dc156-b8cb-4e08-a847-73a891398d5c>
Affected Software: SendPress Newsletters CVE ID: CVE-2023-41729 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5d173077-06c4-4a23-a664-0be8516053ec>
Affected Software: Swifty Bar, sticky bar by WPGens CVE ID: CVE-2023-41737 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/66c90387-af23-48fc-94da-708b9c223fe3>
Affected Software: wordpress publish post email notification CVE ID: CVE-2023-41731 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/705d11b1-0924-46ae-a6e6-8fab16a4df00>
Affected Software: iFolders – Ultimate Folder Manager for Media, Pages, Posts & etc CVE ID: CVE-2023-41949 CVSS Score: 4.4 (Medium) Researcher/s: emad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d1f957ce-7bb0-4701-8b2a-522211c408d8>
Affected Software: Order Delivery Date for WP e-Commerce CVE ID: CVE-2023-41859 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d74f5813-cf7a-4ffb-9306-56f29b3a7d04>
Affected Software: Email posts to subscribers CVE ID: CVE-2023-41736 CVSS Score: 4.4 (Medium) Researcher/s: Rafshanzani Suhada Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e818a5db-acb7-4b16-80b1-939904e93791>
Affected Software: Back To The Top Button CVE ID: CVE-2023-41733 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ed8cd92a-c791-4781-a7bc-9b2a4d559d7d>
Affected Software: Regpack CVE ID: CVE-2023-41855 CVSS Score: 4.4 (Medium) Researcher/s: Pavitra Tiwari Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f3cdc0ba-d28f-488c-a703-f9d880f0582e>
Affected Software: BackupBliss – Backup Migration Staging CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/00274313-9079-4877-b72e-310e312aa814>
Affected Software: Automatic YouTube Gallery CVE ID: CVE-2023-41866 CVSS Score: 4.3 (Medium) Researcher/s: Rafshanzani Suhada Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0a58d45b-c91b-4141-992e-336650d7252b>
Affected Software: rtMedia for WordPress, BuddyPress and bbPress CVE ID: CVE-2023-41951 CVSS Score: 4.3 (Medium) Researcher/s: thiennv Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0cb5df54-a6a7-4c2e-8df0-5d050218622e>
Affected Software: Social Share, Social Login and Social Comments Plugin – Super Socializer CVE ID: CVE-2023-41802 CVSS Score: 4.3 (Medium) Researcher/s: Rafshanzani Suhada Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/101dd211-c3eb-4d27-9194-841bc2a968e6>
Affected Software: Laposta Signup Embed CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/12b81441-d22c-4211-a8da-811182de622d>
Affected Software: CP Blocks CVE ID: CVE-2023-41732 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/35cd1788-1756-4d03-8f6f-e5e4153e3f4f>
Affected Software: Leadster CVE ID: CVE-2023-41668 CVSS Score: 4.3 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/361216af-b939-4ac1-ae06-97552d283670>
Affected Software: EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/36ba23ea-7e79-4048-8030-7ed6b2ff45a6>
Affected Software: Live News CVE ID: CVE-2023-41669 CVSS Score: 4.3 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3ee59570-85c3-4394-bebb-c3f49c08be67>
Affected Software: WP Gallery Metabox CVE ID: CVE-2023-41876 CVSS Score: 4.3 (Medium) Researcher/s: Skalucy Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/46c4b7f7-e3e6-46b8-b959-07775db8bb6c>
Affected Software: wpCentral CVE ID: CVE-2023-41854 CVSS Score: 4.3 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/49d03254-7399-4a5d-9ce9-7d4736b8b2ee>
Affected Software: Laposta Signup Embed CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4c0cbf44-f6b4-408d-9a96-98f45d890822>
Affected Software: POEditor CVE ID: CVE-2023-32091 CVSS Score: 4.3 (Medium) Researcher/s: Elliot Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4e81e947-4892-4028-8a09-6a048bf6a572>
Affected Software: Carousel Slider CVE ID: CVE-2023-41848 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Anh Tien Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5465eaab-03c0-438a-8553-c1f8b06b82bc>
Affected Software: SIS Handball CVE ID: CVE-2023-41684 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5973afaa-5a64-4db1-8e32-3b39d1367eb8>
Affected Software: Bulk NoIndex & NoFollow Toolkit CVE ID: CVE-2023-41688 CVSS Score: 4.3 (Medium) Researcher/s: Skalucy Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5cb79fbc-705a-4fb4-b441-7fe7ab6dea10>
Affected Software: rtMedia for WordPress, BuddyPress and bbPress CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5dfc145e-d2d4-4137-a5c6-dec2ebb41876>
Affected Software: WP-dTree CVE ID: CVE-2023-41667 CVSS Score: 4.3 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/61808624-b2c7-4e86-b5a1-56f32fca9eaa>
Affected Software: Realbig For WordPress CVE ID: CVE-2023-41694 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/70ae0f3e-75a8-41c7-91c0-52d672809835>
Affected Software: Order Delivery Date for WP e-Commerce CVE ID: CVE-2023-41858 CVSS Score: 4.3 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/74a74817-30ff-42ec-9bd4-7d0638d6643c>
Affected Software: Click To Tweet CVE ID: CVE-2023-41857 CVSS Score: 4.3 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7f765327-3872-46cc-a4f9-40219bf0dd99>
Affected Software: Outbound Link Manager CVE ID: CVE-2023-41850 CVSS Score: 4.3 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8dfc0d5e-bdc4-4f71-8aa3-0a4fbd7ef37d>
Affected Software: Analytify – Google Analytics Dashboard For WordPress (GA4 made easy) CVE ID: CVE-2023-41695 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/970b3a0f-c1cc-4d85-8271-a523ccdbcc39>
Affected Software: WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds CVE ID: CVE-2023-41801 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b06a1b66-9057-4f16-878c-4fa66489f0ff>
Affected Software: Use Memcached CVE ID: CVE-2023-41670 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b63f4de2-32e1-4c5e-a64d-fb66d2e2b3a8>
Affected Software: WP Custom Post Template CVE ID: CVE-2023-41851 CVSS Score: 4.3 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b796b514-b6ca-4a22-9340-df02fec97075>
Affected Software: Laposta Signup Basic CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b7e417c2-bf9c-4c88-be2b-9c2324897b07>
Affected Software: WP Accessibility Helper (WAH) CVE ID: CVE-2023-41869 CVSS Score: 4.3 (Medium) Researcher/s: thiennv Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b97b84a8-cf4e-4648-8d58-b81a71b7988c>
Affected Software: Hide admin notices – Admin Notification Center CVE ID: CVE-2023-41672 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b98c5623-15fe-4937-9a0e-770aa0ab06f3>
Affected Software: WP iCal Availability CVE ID: CVE-2023-41853 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bc3f1d4e-84f7-4878-8b06-10444caa7dcf>
Affected Software: Social Share, Social Login and Social Comments Plugin – Super Socializer CVE ID: CVE-2023-41802 CVSS Score: 4.3 (Medium) Researcher/s: Rafshanzani Suhada Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bc6cfad1-d23a-4a96-9d6c-841b6d795a01>
Affected Software: rtMedia for WordPress, BuddyPress and bbPress CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/be837a77-9b25-43af-aaba-94a8aa59e7e3>
Affected Software: SAML Single Sign On – SSO Login Standard CVE ID: CVE-2023-41873 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c3114906-fac1-42b9-9ba1-0a5d44c2fb3a>
Affected Software: WP Crowdfunding CVE ID: CVE-2023-41870 CVSS Score: 4.3 (Medium) Researcher/s: Elliot Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cddf4aa1-5c7d-4aa1-9384-1c352f0c6da9>
Affected Software: Laposta Signup Basic CVE ID: CVE-2023-41950 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d1ba4b18-ff46-45ef-b7d4-0a314cf2d74c>
Affected Software: Duplicate Post Page Menu & Custom Post Type CVE ID: CVE-2023-4792 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d6bb08e8-9ef5-41db-a111-c377a5dfae77>
Affected Software: Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress CVE ID: CVE-2023-41953 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e103f59a-00fa-4d4c-b4fc-834754886d49>
Affected Software: WP Crowdfunding CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e4dc8f18-d990-4e41-8bf8-dfa9de4c0f6e>
Affected Software: MyCryptoCheckout – Bitcoin, Ethereum, and 100+ altcoins for WooCommerce CVE ID: CVE-2023-41693 CVSS Score: 4.3 (Medium) Researcher/s: qilin_99 Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e5575725-99ba-4499-93e5-f7648c82ac52>
Affected Software/s: Starter Templates — Elementor, WordPress & Beaver Builder Templates, Premium Starter Templates CVE ID: CVE-2023-41805 CVSS Score: 4.3 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ebd78e52-f20d-42be-8f68-3d09d5abf837>
Affected Software: Easy Form by AYS CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ee595f48-b72f-4569-a248-7dbd0b9152ae>
Affected Software: MailMunch – Grow your Email List CVE ID: CVE-2023-41852 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f6409626-c8cb-412c-aff3-cbb2da212e5d>
Affected Software: Slider Pro CVE ID: CVE-2023-41865 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f813cb1a-5922-48a5-a026-66ec9aaac294>
Affected Software: SendPress Newsletters CVE ID: CVE-2023-41730 CVSS Score: 4.3 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fb70339c-0f1a-4acc-af7a-8a0320fdfe71>
Affected Software: Directorist – WordPress Business Directory Plugin with Classified Ads Listings CVE ID: CVE-2023-41798 CVSS Score: 3.8 (Low) Researcher/s: Rafshanzani Suhada Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ab233ceb-270c-4694-9cf9-2de8ddfcbbfd>
Affected Software: Customizable WordPress Gallery Plugin – Modula Image Gallery CVE ID: CVE Unknown CVSS Score: 2.2 (Low) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f029bd86-d979-45d1-97fe-75c43fb71148>
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (September 4, 2023 to September 10, 2023) appeared first on Wordfence.
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.057 Low
EPSS
Percentile
92.4%