Chloe ChamberlandWORDFENCE:57C828B96C85C27B38938AE50AED0254Wordfence Intelligence Weekly WordPress Vulnerability Report (January 15, 2024 to January 21, 2024)
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
72.9%
Did you know we're running a Bug Bounty Extravaganza again?
Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure!
Last week, there were 84 vulnerabilities disclosed in 67 WordPress Plugins and 1 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 42 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 12,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
_Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published. _
New Firewall Rules Deployed Last Week
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
- Popup Builder <= 4.2.2 - Unauthenticated Stored Cross-Site Scripting
- ColorMag <= 3.1.2 - Missing Authorization to Arbitrary Plugin Installation
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
|---|---|
| Unpatched | 28 |
| Patched | 56 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
|---|---|
| Low Severity | 0 |
| Medium Severity | 64 |
| High Severity | 13 |
| Critical Severity | 7 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
|---|---|
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 35 |
| Missing Authorization | 12 |
| Cross-Site Request Forgery (CSRF) | 8 |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | 6 |
| Information Exposure | 4 |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 4 |
| Unrestricted Upload of File with Dangerous Type | 3 |
| Authorization Bypass Through User-Controlled Key | 2 |
| Deserialization of Untrusted Data | 2 |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 2 |
| Improper Access Control | 1 |
| Authentication Bypass Using an Alternate Path or Channel | 1 |
| Exposure of Private Information ('Privacy Violation') | 1 |
| URL Redirection to Untrusted Site ('Open Redirect') | 1 |
| Guessable CAPTCHA | 1 |
| Improper Control of Generation of Code ('Code Injection') | 1 |
Researchers That Contributed to WordPress Security Last Week
| Researcher Name | Number of Vulnerabilities |
|---|---|
| Ngô Thiên An (ancorn_) | 8 |
| Dimas Maulana | 8 |
| wesley (wcraft) | 7 |
| Francesco Carlucci | 6 |
| emad | 5 |
| Le Ngoc Anh | 3 |
| Webbernaut | 3 |
| Dave Jong | 3 |
| Revan Arifio | 2 |
| Mika | 2 |
| Daniel Ruf | 2 |
| kodaichodai | 2 |
| Abdi Pranata | 2 |
| Asif Nawaz Minhas | 2 |
| Sergen Koç | 2 |
| Lucio Sá | 2 |
| Yudistira Arya | 2 |
| Bryan Satyamulya | 1 |
| Akbar Kustirama | 1 |
| rootxsudip | 1 |
| thiennv | 1 |
| Skalucy | 1 |
| Kang SeoHee | 1 |
| drop | 1 |
| Muhammad Daffa | 1 |
| Bence Szalai | 1 |
| Thomas Sanzey | 1 |
| Krzysztof Zając | 1 |
| Majed Refaea | 1 |
| Dmitrii Ignatyev | 1 |
| István Márton | 1 |
| Joshua Chan | 1 |
| vollkorntomate | 1 |
| Rafie Muhammad | 1 |
| Dateoljo of BoB 12th | 1 |
| Dhabaleshwar Das | 1 |
| Myungju Kim | 1 |
| LVT-tholv2k | 1 |
| Ivan Spiridonov (xbz0n) | 1 |
| Sean Murphy | 1 |
| Nguyen Xuan Chien | 1 |
| Bikram Kharal | 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| 12 Step Meeting List | 12-step-meeting-list |
| AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! | ai-engine |
| Advanced Custom Fields (ACF) | advanced-custom-fields |
| Advanced Custom Fields Pro | advanced-custom-fields-pro |
| Albo Pretorio On line | albo-pretorio-on-line |
| Asgaros Forum | asgaros-forum |
| Author Box, Guest Author and Co-Authors for Your Posts – Molongui | molongui-authorship |
| BA Plus – Before & After Image Slider FREE | ba-plus-before-after-image-slider-free |
| BP Profile Search | bp-profile-search |
| Better Anchor Links | better-anchor-links |
| Booking for Appointments and Events Calendar – Amelia | ameliabooking |
| Browser Theme Color | browser-theme-color |
| Burst Statistics – Privacy-Friendly Analytics for WordPress | burst-statistics |
| CBX Map for Google Map & OpenStreetMap | cbxgooglemap |
| ChatBot with AI | chatbot |
| Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms | fluentform |
| Contact Form builder with drag & drop for WordPress – Kali Forms | kali-forms |
| Cryptocurrency Widgets – Price Ticker & Coins List | cryptocurrency-price-ticker-widget |
| Custom Dashboard Widgets | custom-dashboard-widgets |
| Delhivery Logistics Courier | delhivery-logistics-courier |
| Display custom fields in the frontend – Post and User Profile Fields | shortcode-to-display-post-and-user-data |
| Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders | essential-addons-for-elementor-lite |
| FastDup – Fastest WordPress Migration & Duplicator | fastdup |
| FileBird – WordPress Media Library Folders & File Manager | filebird |
| Formzu WP | formzu-wp |
| FreshMail For WordPress | freshmail-integration |
| Frontpage Manager | frontpage-manager |
| GeneratePress Premium | generatepress-premium |
| Getwid – Gutenberg Blocks | getwid |
| GiveWP – Donation Plugin and Fundraising Platform | give |
| HD Quiz | hd-quiz |
| IP2Location Country Blocker | ip2location-country-blocker |
| Image Tag Manager | image-tag-manager |
| Import and export users and customers | import-users-from-csv-with-meta |
| InstaWP Connect – 1-click WP Staging & Migration | instawp-connect |
| Migration, Backup, Staging – WPvivid | wpvivid-backuprestore |
| Ninja Tables – Best Data Table Plugin for WordPress | ninja-tables |
| Orbit Fox by ThemeIsle | themeisle-companion |
| PDF Viewer & 3D PDF Flipbook – DearPDF | dearpdf-lite |
| Photo Gallery by 10Web – Mobile-Friendly Image Gallery | photo-gallery |
| Photo Gallery, Images, Slider in Rbs Image Gallery | robo-gallery |
| Portfolio & Image Gallery for WordPress | PowerFolio |
| Post views Stats | post-views-stats |
| Posts List Designer by Category – List Category Posts Or Recent Posts | post-list-designer |
| Product Import Export for WooCommerce | product-import-export-for-woo |
| Shield Security – Smart Bot Blocking & Intrusion Prevention Security | wp-simple-firewall |
| Simple Membership | simple-membership |
| SimpleMap Store Locator | simplemap |
| Slider by Supsystic | slider-by-supsystic |
| Splashscreen | splashscreen |
| Stock Locations for WooCommerce | stock-locations-for-woocommerce |
| Stripe Payment Plugin for WooCommerce | payment-gateway-stripe-and-woocommerce-integration |
| Unlimited Addons for WPBakery Page Builder | unlimited-addons-for-wpbakery-page-builder |
| User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor | profile-builder |
| VK Block Patterns | vk-block-patterns |
| WOLF – WordPress Posts Bulk Editor and Manager Professional | bulk-editor |
| WP Recipe Maker | wp-recipe-maker |
| WP To Do | wp-todo |
| WP-Lister Lite for eBay | wp-lister-for-ebay |
| WPForms Pro | wpforms |
| WPZOOM Shortcodes | wpzoom-shortcodes |
| WooCommerce Subscription | woocommerce-subscriptions |
| cformsII | cforms2 |
| enigma-chartjs | enigma-chartjs |
| lasTunes | lastunes |
| peepso-photos | peepso-photos |
| salesking | salesking |
WordPress Themes with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| ColorMag | colormag |
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you'd like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
Asgaros Forum <= 2.7.2 - Unauthenticated PHP Object Injection in prepare_unread_status
Affected Software: Asgaros Forum CVE ID: CVE-2024-22284 CVSS Score: 9.8 (Critical) Researcher/s: Le Ngoc Anh Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/02b75034-8db1-465b-837e-014e2c2e8b4d>
Stripe Payment Plugin for WooCommerce <= 3.7.9 - Unauthenticated SQL Injection
Affected Software: Stripe Payment Plugin for WooCommerce CVE ID: CVE-2024-0705 CVSS Score: 9.8 (Critical) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2652a7fc-b610-40f1-8b76-2129f59390ec>
SalesKing <= 1.6.15 - Unauthenticated Privilege Escalation
Affected Software: salesking CVE ID: CVE-2024-22157 CVSS Score: 9.8 (Critical) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/52198053-206c-4002-8e26-dd5b4850e151>
ChatBot <= 5.1.0 - Unauthenticated PHP Object Injection
Affected Software: ChatBot with AI CVE ID: CVE-2024-22309 CVSS Score: 9.8 (Critical) Researcher/s: Le Ngoc Anh Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/75432cfd-7c0d-4d93-9b62-cac0fd9b49d5>
FastDup <= 2.1.9 - Sensitive Information Exposure via Directory Listing
Affected Software: FastDup – Fastest WordPress Migration & Duplicator CVE ID: CVE-2023-6592 CVSS Score: 9.8 (Critical) Researcher/s: Dmitrii Ignatyev Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7fb646c4-6269-4354-b3a6-872c6303a6d2>
Cryptocurrency Widgets – Price Ticker & Coins List 2.0 - 2.6.5 - Unauthenticated SQL Injection
Affected Software: Cryptocurrency Widgets – Price Ticker & Coins List CVE ID: CVE-2024-0709 CVSS Score: 9.8 (Critical) Researcher/s: vollkorntomate Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b0603621-4521-4eb0-b4dd-e2257c133cee>
Photo Gallery by 10Web - Mobile-Friendly Image Gallery <= 1.8.19 - Directory Traversal to Arbitrary File Rename
Affected Software: Photo Gallery by 10Web – Mobile-Friendly Image Gallery CVE ID: CVE-2024-0221 CVSS Score: 9.1 (Critical) Researcher/s: Bence Szalai Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3a3b8f32-f29d-4e67-8fad-202bfc8a9918>
InstaWP Connect <= 0.1.0.8 - Missing Authorization to Arbitrary Options Update
Affected Software: InstaWP Connect – 1-click WP Staging & Migration CVE ID: CVE-2024-22145 CVSS Score: 8.8 (High) Researcher/s: Majed Refaea Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6aa4fd08-a1b1-4f61-a9d1-9812071b61c9>
Delhivery Logistics Courier <= 1.0.107 - Authenticated (Subscriber+) SQL Injection
Affected Software: Delhivery Logistics Courier CVE ID: CVE-2024-22283 CVSS Score: 8.8 (High) Researcher/s: Yudistira Arya Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/90465354-0174-4f85-a66b-589d9408c3c8>
Display custom fields in the frontend – Post and User Profile Fields <= 1.2.1 - Authenticated (Contributor+) Code Injection
Affected Software: Display custom fields in the frontend – Post and User Profile Fields CVE ID: CVE-2023-6996 CVSS Score: 8.8 (High) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e0662c3a-5b82-4b9a-aa69-147094930d1f>
User Profile Builder <= 3.10.8 - Missing Authorization to Plugin Settings Change via wppb_two_factor_authentication_settings_update
Affected Software: User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor CVE ID: CVE-2024-0324 CVSS Score: 8.2 (High) Researcher/s: kodaichodai Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/23caef95-36b6-40aa-8dd7-51a376790a40>
Custom Dashboard Widgets <= 1.3.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via cdw_DashboardWidgets
Affected Software: Custom Dashboard Widgets CVE ID: CVE-2024-22290 CVSS Score: 8.2 (High) Researcher/s: Dimas Maulana Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3208426a-379d-46b9-a9e7-654604169929>
SalesKing <= 1.6.15 - Unauthenticated Sensitive Information Exposure
Affected Software: salesking CVE ID: CVE-2024-22154 CVSS Score: 7.5 (High) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/70b00cfc-4a9b-442a-9c80-fd080924ca34>
CformsII <= 15.0.5 - Unauthenticated stored Cross-Site Scripting
Affected Software: cformsII CVE ID: CVE-2024-22149 CVSS Score: 7.2 (High) Researcher/s: emad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/097fdc88-9424-4de9-9a03-d4ea724da13f>
WPForms Pro <= 1.8.5.3 - Unauthenticated Stored Cross-Site Scripting via Form Submission
Affected Software: WPForms Pro CVE ID: CVE-2023-7063 CVSS Score: 7.2 (High) Researcher/s: drop Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/31c080b8-ba00-4e96-8961-2a1c3a017004>
SimpleMap Store Locator <= 2.6.1 - Unauthenticated Stored Cross-Site Scripting
Affected Software: SimpleMap Store Locator CVE ID: CVE-2024-22282 CVSS Score: 7.2 (High) Researcher/s: Dimas Maulana Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7a600f11-03c3-4777-b1fe-212b085bacba>
Unlimited Addons for WPBakery Page Builder <= 1.0.42 - Authenticated (Editor+) Arbitrary File Upload
Affected Software: Unlimited Addons for WPBakery Page Builder CVE ID: CVE-2023-6925 CVSS Score: 7.2 (High) Researcher/s: István Márton Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a78b76d6-4068-4141-9726-7db439aa6a9f>
Product Import Export for WooCommerce <= 2.3.7 - Authenticated(Shop Manager+) Arbitrary File Upload via upload_import_file
Affected Software: Product Import Export for WooCommerce CVE ID: CVE-2024-22152 CVSS Score: 7.2 (High) Researcher/s: Dateoljo of BoB 12th Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cee6a100-cda5-48a6-9f9c-ea17f80c4165>
Burst Statistics Really Simple Plugins <= 1.5.3 - Authenticated (Editor+) SQL Injection
Affected Software: Burst Statistics – Privacy-Friendly Analytics for WordPress CVE ID: CVE-2024-0405 CVSS Score: 7.2 (High) Researcher/s: Ivan Spiridonov (xbz0n) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e349f07d-a520-4700-a6e0-25e68c1deeae>
Shield Security <= 18.5.7 - Unauthenticated Stored Cross-Site Scripting via getColumnContent_Page
Affected Software: Shield Security – Smart Bot Blocking & Intrusion Prevention Security CVE ID: CVE-2024-22163 CVSS Score: 7.2 (High) Researcher/s: Yudistira Arya Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fcd02dfa-688e-4375-92cb-8d0e7cbaaa6e>
AI Engine <= 2.1.4 - Authenticated(Editor+) Arbitrary File Upload via add_image_from_url
Affected Software: AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! CVE ID: CVE-2024-0699 CVSS Score: 6.6 (Medium) Researcher/s: rootxsudip Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0a86f6ed-9755-4265-bc0d-2d0e18e9982f>
Contact Form builder with drag & drop - Kali Forms <= 2.3.38 - Insecure Direct Object Reference
Affected Software: Contact Form builder with drag & drop for WordPress – Kali Forms CVE ID: CVE-2024-22305 CVSS Score: 6.5 (Medium) Researcher/s: Revan Arifio Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/012a558c-1f80-4f36-85d9-905f4ed0b6cb>
Splashscreen <= 0.20 - Cross-Site Request Forgery
Affected Software: Splashscreen CVE ID: CVE-2023-6501 CVSS Score: 6.5 (Medium) Researcher/s: Daniel Ruf Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1088f498-e718-41bc-866e-7027352a2a5b>
Amelia <= 1.0.96 - Missing Authorization
Affected Software: Booking for Appointments and Events Calendar – Amelia CVE ID: CVE-2024-22298 CVSS Score: 6.5 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/39005c38-f60d-44fa-9121-a77039dc34de>
lasTunes <= 3.6.1 - Cross-Site Request Forgery
Affected Software: lasTunes CVE ID: CVE-2023-6499 CVSS Score: 6.5 (Medium) Researcher/s: Daniel Ruf Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4f1ed4a2-eb0d-42cd-9273-10d7d127cdf9>
Better Anchor Links <= 1.7.5 - Cross-Site Request Forgery via admin/options.php
Affected Software: Better Anchor Links CVE ID: CVE-2024-22287 CVSS Score: 6.5 (Medium) Researcher/s: Dimas Maulana Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9f51ea60-7bda-4627-9b65-d1ff402dfc88>
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.4 - Authenticated (Contributor+) Stored Cross-Site Scritping
Affected Software: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders CVE ID: CVE-2024-0586 CVSS Score: 6.5 (Medium) Researcher/s: Webbernaut Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c00ff4bd-d846-4e3f-95ed-2a6430c47ebf>
SalesKing <= 1.6.15 - Missing Authorization to Settings Change
Affected Software: salesking CVE ID: CVE-2024-22156 CVSS Score: 6.5 (Medium) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c86f157e-e7f2-4b00-977c-c4cc7c2b3b0b>
ColorMag <= 3.1.2 - Missing Authorization to Arbitrary Plugin Installation
Affected Software: ColorMag CVE ID: CVE-2024-0679 CVSS Score: 6.5 (Medium) Researcher/s: Sean Murphy Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e982d457-29db-468f-88c3-5afe04002dcf>
Browser Theme Color <= 1.3 - Cross-Site Request Forgery via btc_settings_page
Affected Software: Browser Theme Color CVE ID: CVE-2024-22291 CVSS Score: 6.5 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ef4c6f76-4d3e-4ab0-9e12-1df55a8edae5>
Robo Gallery <= 3.2.17 - Authenticated (Author+) Stored Cross-Site Scripting
Affected Software: Photo Gallery, Images, Slider in Rbs Image Gallery CVE ID: CVE-2024-22295 CVSS Score: 6.4 (Medium) Researcher/s: Bryan Satyamulya Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/02073716-4f6a-4a51-933f-c5ab8dfbc08c>
WP To Do <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
Affected Software: WP To Do CVE ID: CVE-2024-22292 CVSS Score: 6.4 (Medium) Researcher/s: Kang SeoHee Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1e5cbe1f-0a16-4301-a83c-af9456afe44d>
WP Recipe Maker <= 9.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via header_tag
Affected Software: WP Recipe Maker CVE ID: CVE-2024-0382 CVSS Score: 6.4 (Medium) Researcher/s: wesley (wcraft) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1f463ed1-06ad-430f-b450-1a73dc54f8a7>
CBX Map for Google Map & OpenStreetMap <= 1.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting
Affected Software: CBX Map for Google Map & OpenStreetMap CVE ID: CVE-2024-22297 CVSS Score: 6.4 (Medium) Researcher/s: Ngô Thiên An (ancorn_) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1fc860d4-fa26-489a-acd5-edbf7116d817>
Display custom fields in the frontend – Post and User Profile Fields <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via vg_display_data
Affected Software: Display custom fields in the frontend – Post and User Profile Fields CVE ID: CVE-2023-6982 CVSS Score: 6.4 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3077b84e-87af-4307-83c5-0e4b15d07ff1>
PDF Viewer & 3D PDF Flipbook – DearPDF <= 2.0.38 - Authenticated (Contributor+) Stored Cross-Site Scripting
Affected Software: PDF Viewer & 3D PDF Flipbook – DearPDF CVE ID: CVE-2024-23505 CVSS Score: 6.4 (Medium) Researcher/s: Ngô Thiên An (ancorn_) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/317b2035-e5c7-47a9-a76c-11157127b6c2>
Posts List Designer by Category – List Category Posts Or Recent Posts <= 3.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Affected Software: Posts List Designer by Category – List Category Posts Or Recent Posts CVE ID: CVE-2024-23502 CVSS Score: 6.4 (Medium) Researcher/s: Ngô Thiên An (ancorn_) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3b5decc1-cc81-4a5e-b6d8-5120cb37c93b>
Formzu WP <= 1.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
Affected Software: Formzu WP CVE ID: CVE-2024-22310 CVSS Score: 6.4 (Medium) Researcher/s: Ngô Thiên An (ancorn_) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/497e0784-8953-4726-929a-7d5ef129e98e>
PDF Viewer & 3D PDF Flipbook – DearPDF <= 2.0.38 - Authenticated (Contributor+) Stored Cross-Site Scripting
Affected Software: PDF Viewer & 3D PDF Flipbook – DearPDF CVE ID: CVE-2024-23505 CVSS Score: 6.4 (Medium) Researcher/s: Ngô Thiên An (ancorn_) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4b9aa41e-34bf-4bfb-a341-e101e3771f7a>
WP Recipe Maker <= 9.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via icon_color
Affected Software: WP Recipe Maker CVE ID: CVE-2024-0255 CVSS Score: 6.4 (Medium) Researcher/s: wesley (wcraft) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/53a51408-e5d8-4727-9dec-8321c062c31e>
WP Recipe Maker <= 9.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Recipe Notes
Affected Software: WP Recipe Maker CVE ID: CVE-2024-0384 CVSS Score: 6.4 (Medium) Researcher/s: wesley (wcraft) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/749c5d09-1e9a-4aa1-b7c2-6f9d24f3a09b>
Post Grid, Image Gallery & Portfolio for Elementor | PowerFolio <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
Affected Software: Portfolio & Image Gallery for WordPress | PowerFolio CVE ID: CVE-2024-22150 CVSS Score: 6.4 (Medium) Researcher/s: Ngô Thiên An (ancorn_) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8b639c5c-e4ff-4e43-9088-249c75046d39>
Albo Pretorio Online <= 4.6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
Affected Software: Albo Pretorio On line CVE ID: CVE-2024-22302 CVSS Score: 6.4 (Medium) Researcher/s: Ngô Thiên An (ancorn_) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/92f8e3b7-a896-494b-96cd-6ecb8918ebd6>
GeneratePress Premium <= 2.3.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Custom Meta
Affected Software: GeneratePress Premium CVE ID: CVE-2023-6807 CVSS Score: 6.4 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9dcd48b8-ec9e-44b4-b531-95940adbd100>
WP Recipe Maker <= 9.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tag'
Affected Software: WP Recipe Maker CVE ID: CVE-2024-0381 CVSS Score: 6.4 (Medium) Researcher/s: wesley (wcraft) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a7c949f0-fcd1-4984-95a2-b19fb72f04bb>
Booking for Appointments and Events Calendar – Amelia <= 1.0.93 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode
Affected Software: Booking for Appointments and Events Calendar – Amelia CVE ID: CVE-2023-6808 CVSS Score: 6.4 (Medium) Researcher/s: Ngô Thiên An (ancorn_) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/aafb5402-3553-4c89-86e0-4dd556d86074>
GiveWP <= 3.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Affected Software: GiveWP – Donation Plugin and Fundraising Platform CVE ID: CVE-2023-51415 CVSS Score: 6.4 (Medium) Researcher/s: LVT-tholv2k Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d74d71a8-774a-4ebb-b254-0e65a8044319>
Advanced Custom Fields <= 6.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field
Affected Software/s: Advanced Custom Fields (ACF), Advanced Custom Fields Pro CVE ID: CVE-2023-6701 CVSS Score: 6.4 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e3593dfd-7b2a-4d01-8af0-725b444dc81b>
WP Recipe Maker <= 9.1.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: WP Recipe Maker CVE ID: CVE-2023-6958 CVSS Score: 6.4 (Medium) Researcher/s: wesley (wcraft) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ec201702-8c8c-4049-b647-422d18001b7f>
Orbit Fox by ThemeIsle <= 2.10.27 - Authenticated(Contributor+) Stored Cross-site Scripting via Pricing Table Elementor Widget
Affected Software: Orbit Fox by ThemeIsle CVE ID: CVE-2024-0508 CVSS Score: 6.4 (Medium) Researcher/s: Webbernaut Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ecc5a17e-c716-48bd-9b4d-49d870ae6bf3>
PeepSo Core: Photos < 6.3.1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Affected Software: peepso-photos CVE ID: CVE-2024-22158 CVSS Score: 6.4 (Medium) Researcher/s: Bikram Kharal Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fad492f4-7112-4f4f-8825-c42aab552c9b>
WOLF <= 1.0.8 - Unauthenticated Stored Cross-Site Scripting via profile_title
Affected Software: WOLF – WordPress Posts Bulk Editor and Manager Professional CVE ID: CVE-2024-22159 CVSS Score: 6.1 (Medium) Researcher/s: thiennv Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/10339a77-7c1a-4030-9061-15c699545b16>
WP Recipe Maker <= 9.1.0 - Reflected Cross-Site Scripting via Referer
Affected Software: WP Recipe Maker CVE ID: CVE-2023-6970 CVSS Score: 6.1 (Medium) Researcher/s: wesley (wcraft) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/20842e95-4b91-4138-9e32-7c090724bf64>
BA Plus <= 1.0.3 - Reflected Cross-Site Scripting
Affected Software: BA Plus – Before & After Image Slider FREE CVE ID: CVE-2024-22286 CVSS Score: 6.1 (Medium) Researcher/s: Dimas Maulana Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2ab6f54d-0358-4f0c-aba5-b4053e1a345d>
Post views Stats <= 1.3 - Reflected Cross-Site Scripting via from and to
Affected Software: Post views Stats CVE ID: CVE-2024-22289 CVSS Score: 6.1 (Medium) Researcher/s: Dimas Maulana Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/31eb7dd4-3bd1-41e8-875a-e40a7f16296d>
WP-Lister Lite for eBay <= 3.5.7 - Reflected Cross-Site Scripting via 's'
Affected Software: WP-Lister Lite for eBay CVE ID: CVE-2024-22307 CVSS Score: 6.1 (Medium) Researcher/s: Dimas Maulana Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/70d05b9e-bead-42f9-9d19-c92c8e6440cd>
BP Profile Search <= 5.5 - Reflected Cross-Site Scripting via BPS_FORM
Affected Software: BP Profile Search CVE ID: CVE-2024-22293 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8051fb03-7c38-4902-bbff-049c270d2be2>
Simple Membership <= 4.4.1 - Open Redirect
Affected Software: Simple Membership CVE ID: CVE-2024-22308 CVSS Score: 6.1 (Medium) Researcher/s: Joshua Chan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b0086de8-448f-452f-89d1-84b77b2e25a8>
WPZOOM Shortcodes <= 1.0.1 - Reflected Cross-Site Scripting
Affected Software: WPZOOM Shortcodes CVE ID: CVE-2024-22162 CVSS Score: 6.1 (Medium) Researcher/s: Dhabaleshwar Das Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d2a95c6f-7248-4805-af86-11fd536b5d8d>
Image Tag Manager <= 1.5 - Reflected Cross-Site Scripting via default_class
Affected Software: Image Tag Manager CVE ID: CVE-2024-22160 CVSS Score: 6.1 (Medium) Researcher/s: Dimas Maulana Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ded4b93f-fd90-4803-9d20-3109512b1a24>
FileBird <= 5.6.0 - Authenticated(Administrator+) Stored Cross-Site Scripting via Folder Import
Affected Software: FileBird – WordPress Media Library Folders & File Manager CVE ID: CVE-2024-0691 CVSS Score: 5.5 (Medium) Researcher/s: Thomas Sanzey Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/47f04985-dd9b-449f-8b4c-9811fe7e4a96>
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image URl
Affected Software: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders CVE ID: CVE-2024-0585 CVSS Score: 5.4 (Medium) Researcher/s: Webbernaut Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/417baa1c-29f0-4fec-8008-5b52359b3328>
WP Recipe Maker <= 9.1.0 - Directory Traversal
Affected Software: WP Recipe Maker CVE ID: CVE-2024-0380 CVSS Score: 5.4 (Medium) Researcher/s: wesley (wcraft) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/457c4e56-c2a0-451f-a4a6-e7fb7bf7b0e0>
IP2Location Country Blocker <= 2.33.3 - Unauthenticated Sensitive Information Exposure via Debug Log File
Affected Software: IP2Location Country Blocker CVE ID: CVE-2024-22294 CVSS Score: 5.3 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0e4aee28-d0cc-4705-9be6-fe5299f2e0fc>
Albo Pretorio Online <= 4.6.6 - Unauthenticated Sensitive Information Disclosure
Affected Software: Albo Pretorio On line CVE ID: CVE-2024-22301 CVSS Score: 5.3 (Medium) Researcher/s: Muhammad Daffa Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3535fad2-9b2d-4721-9e5d-cfe609df00ae>
Import and export users and customers <= 1.24.6 - Missing Authorization via fire_cron REST endpoint
Affected Software: Import and export users and customers CVE ID: CVE-2024-22151 CVSS Score: 5.3 (Medium) Researcher/s: emad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/428feddb-c8c3-49a7-8e01-dc548c184229>
Author Box, Guest Author and Co-Authors for Your Posts – Molongui <= 4.7.4 - Information Exposure via ma_debug
Affected Software: Author Box, Guest Author and Co-Authors for Your Posts – Molongui CVE ID: CVE-2023-7014 CVSS Score: 5.3 (Medium) Researcher/s: Krzysztof Zając Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/538e9ce3-2d48-44ad-bd08-8eead3ef15c3>
12 Step Meeting List <= 3.14.26 - Missing Authorization
Affected Software: 12 Step Meeting List CVE ID: CVE-2024-22296 CVSS Score: 5.3 (Medium) Researcher/s: emad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8269f83b-5d7d-4f01-85ee-fd7262fed5b1>
Ninja Tables <= 5.0.5 - Missing Authorization
Affected Software: Ninja Tables – Best Data Table Plugin for WordPress CVE ID: CVE-2024-23503 CVSS Score: 5.3 (Medium) Researcher/s: emad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8ce784a7-6e92-4ad7-9a29-fc3a73fa26d1>
Ninja Tables <= 5.0.5 - Missing Authorization
Affected Software: Ninja Tables – Best Data Table Plugin for WordPress CVE ID: CVE-2024-23504 CVSS Score: 5.3 (Medium) Researcher/s: emad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c86e5cfd-f450-48d6-819e-5345fc0fdfc8>
Getwid – Gutenberg Blocks <= 2.0.4 - Captcha Bypass
Affected Software: Getwid – Gutenberg Blocks CVE ID: CVE-2023-6963 CVSS Score: 5.3 (Medium) Researcher/s: Lucio Sá Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d317f2c7-06f3-4875-9f9b-eb7f450aa2f4>
Fluent Forms <= 5.1.5 - Authenticated(Administrator+) Stored Cross-Site Scripting via imported form title
Affected Software: Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms CVE ID: CVE-2024-0618 CVSS Score: 4.4 (Medium) Researcher/s: Akbar Kustirama Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0348d465-f351-4c52-b293-8b3b058292b9>
Chartjs <= 2023.2 - Authenticated(Editor+) Stored Cross-Site Scripting
Affected Software: enigma-chartjs CVE ID: CVE-2023-6081 CVSS Score: 4.4 (Medium) Researcher/s: Asif Nawaz Minhas, Sergen Koç Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3e1864e7-bd3b-431f-9a9d-378b376298f9>
Chartjs <= 2023.2 - Authenticated(Editor+) Stored Cross-Site Scripting via chart
Affected Software: enigma-chartjs CVE ID: CVE-2023-6082 CVSS Score: 4.4 (Medium) Researcher/s: Asif Nawaz Minhas, Sergen Koç Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bd5a1ab9-8d59-464a-a227-9f6ee768e35c>
HD Quiz <= 1.8.11 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
Affected Software: HD Quiz CVE ID: CVE-2024-22161 CVSS Score: 4.4 (Medium) Researcher/s: Myungju Kim Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d3abf6bd-bece-470e-93c7-ab9968171a3f>
Stock Locations for WooCommerce <= 2.5.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
Affected Software: Stock Locations for WooCommerce CVE ID: CVE-2024-22153 CVSS Score: 4.4 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e6090a49-f3dc-4b7b-bc86-eb7ec57b7ba4>
Display custom fields in the frontend – Post and User Profile Fields <= 1.2.1 - Insecure Direct Object Reference to Authenticated (Contributor+) Post Meta Disclosure
Affected Software: Display custom fields in the frontend – Post and User Profile Fields CVE ID: CVE-2023-6983 CVSS Score: 4.3 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/08d43c67-df40-4f1a-a351-803e59edee13>
FreshMail For WordPress <= 2.3.2 - Cross-Site Request Forgery
Affected Software: FreshMail For WordPress CVE ID: CVE-2024-22304 CVSS Score: 4.3 (Medium) Researcher/s: Skalucy Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/10ffe689-143a-4232-8094-45844dc5262b>
Slider by Supsystic <= 1.8.6 - Missing Authorization
Affected Software: Slider by Supsystic CVE ID: CVE-2024-22303 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/548731d5-078b-45a5-bcc5-9789b41ead44>
Getwid – Gutenberg Blocks <= 2.0.4 - Missing Authorization to Recaptcha API Key Modification
Affected Software: Getwid – Gutenberg Blocks CVE ID: CVE-2023-6959 CVSS Score: 4.3 (Medium) Researcher/s: Lucio Sá Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/774c00fb-82cd-44ca-bf96-3f6dfd1977d0>
Frontpage Manager <= 1.3 - Cross-Site Request Forgery via admin_page
Affected Software: Frontpage Manager CVE ID: CVE-2024-22285 CVSS Score: 4.3 (Medium) Researcher/s: Dimas Maulana Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/953f4838-d0d5-4546-ac97-c1b442236c5d>
VK Block Patterns <= 1.31.1.1 - Cross-Site Request Forgery
Affected Software: VK Block Patterns CVE ID: CVE-2024-0623 CVSS Score: 4.3 (Medium) Researcher/s: kodaichodai Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9af6c319-7660-4368-b2f8-1ed1d01ee73a>
WPvivid <= 0.9.94 - Missing Authorization
Affected Software: Migration, Backup, Staging – WPvivid CVE ID: CVE-2023-4637 CVSS Score: 4.3 (Medium) Researcher/s: Revan Arifio Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bad0bd6b-9c88-4d31-90b5-92d3ceb8c0af>
WooCommerce Subscriptions < 5.8.0 - Missing Authorization
Affected Software: WooCommerce Subscription CVE ID: CVE-2023-50850 CVSS Score: 4.3 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c01e3a86-8a2a-4200-b328-fb71afb2b196>
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (January 15, 2024 to January 21, 2024) appeared first on Wordfence.
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
72.9%