9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
72.9%
Did you know we're running a Bug Bounty Extravaganza again?
Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure!
Last week, there were 84 vulnerabilities disclosed in 67 WordPress Plugins and 1 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 42 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 12,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
_Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published. _
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Patch Status | Number of Vulnerabilities |
---|---|
Unpatched | 28 |
Patched | 56 |
Severity Rating | Number of Vulnerabilities |
---|---|
Low Severity | 0 |
Medium Severity | 64 |
High Severity | 13 |
Critical Severity | 7 |
Vulnerability Type by CWE | Number of Vulnerabilities |
---|---|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 35 |
Missing Authorization | 12 |
Cross-Site Request Forgery (CSRF) | 8 |
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | 6 |
Information Exposure | 4 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 4 |
Unrestricted Upload of File with Dangerous Type | 3 |
Authorization Bypass Through User-Controlled Key | 2 |
Deserialization of Untrusted Data | 2 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 2 |
Improper Access Control | 1 |
Authentication Bypass Using an Alternate Path or Channel | 1 |
Exposure of Private Information ('Privacy Violation') | 1 |
URL Redirection to Untrusted Site ('Open Redirect') | 1 |
Guessable CAPTCHA | 1 |
Improper Control of Generation of Code ('Code Injection') | 1 |
Researcher Name | Number of Vulnerabilities |
---|---|
Ngô Thiên An (ancorn_) | 8 |
Dimas Maulana | 8 |
wesley (wcraft) | 7 |
Francesco Carlucci | 6 |
emad | 5 |
Le Ngoc Anh | 3 |
Webbernaut | 3 |
Dave Jong | 3 |
Revan Arifio | 2 |
Mika | 2 |
Daniel Ruf | 2 |
kodaichodai | 2 |
Abdi Pranata | 2 |
Asif Nawaz Minhas | 2 |
Sergen Koç | 2 |
Lucio Sá | 2 |
Yudistira Arya | 2 |
Bryan Satyamulya | 1 |
Akbar Kustirama | 1 |
rootxsudip | 1 |
thiennv | 1 |
Skalucy | 1 |
Kang SeoHee | 1 |
drop | 1 |
Muhammad Daffa | 1 |
Bence Szalai | 1 |
Thomas Sanzey | 1 |
Krzysztof Zając | 1 |
Majed Refaea | 1 |
Dmitrii Ignatyev | 1 |
István Márton | 1 |
Joshua Chan | 1 |
vollkorntomate | 1 |
Rafie Muhammad | 1 |
Dateoljo of BoB 12th | 1 |
Dhabaleshwar Das | 1 |
Myungju Kim | 1 |
LVT-tholv2k | 1 |
Ivan Spiridonov (xbz0n) | 1 |
Sean Murphy | 1 |
Nguyen Xuan Chien | 1 |
Bikram Kharal | 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
Software Name | Software Slug |
---|---|
12 Step Meeting List | 12-step-meeting-list |
AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! | ai-engine |
Advanced Custom Fields (ACF) | advanced-custom-fields |
Advanced Custom Fields Pro | advanced-custom-fields-pro |
Albo Pretorio On line | albo-pretorio-on-line |
Asgaros Forum | asgaros-forum |
Author Box, Guest Author and Co-Authors for Your Posts – Molongui | molongui-authorship |
BA Plus – Before & After Image Slider FREE | ba-plus-before-after-image-slider-free |
BP Profile Search | bp-profile-search |
Better Anchor Links | better-anchor-links |
Booking for Appointments and Events Calendar – Amelia | ameliabooking |
Browser Theme Color | browser-theme-color |
Burst Statistics – Privacy-Friendly Analytics for WordPress | burst-statistics |
CBX Map for Google Map & OpenStreetMap | cbxgooglemap |
ChatBot with AI | chatbot |
Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms | fluentform |
Contact Form builder with drag & drop for WordPress – Kali Forms | kali-forms |
Cryptocurrency Widgets – Price Ticker & Coins List | cryptocurrency-price-ticker-widget |
Custom Dashboard Widgets | custom-dashboard-widgets |
Delhivery Logistics Courier | delhivery-logistics-courier |
Display custom fields in the frontend – Post and User Profile Fields | shortcode-to-display-post-and-user-data |
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders | essential-addons-for-elementor-lite |
FastDup – Fastest WordPress Migration & Duplicator | fastdup |
FileBird – WordPress Media Library Folders & File Manager | filebird |
Formzu WP | formzu-wp |
FreshMail For WordPress | freshmail-integration |
Frontpage Manager | frontpage-manager |
GeneratePress Premium | generatepress-premium |
Getwid – Gutenberg Blocks | getwid |
GiveWP – Donation Plugin and Fundraising Platform | give |
HD Quiz | hd-quiz |
IP2Location Country Blocker | ip2location-country-blocker |
Image Tag Manager | image-tag-manager |
Import and export users and customers | import-users-from-csv-with-meta |
InstaWP Connect – 1-click WP Staging & Migration | instawp-connect |
Migration, Backup, Staging – WPvivid | wpvivid-backuprestore |
Ninja Tables – Best Data Table Plugin for WordPress | ninja-tables |
Orbit Fox by ThemeIsle | themeisle-companion |
PDF Viewer & 3D PDF Flipbook – DearPDF | dearpdf-lite |
Photo Gallery by 10Web – Mobile-Friendly Image Gallery | photo-gallery |
Photo Gallery, Images, Slider in Rbs Image Gallery | robo-gallery |
Portfolio & Image Gallery for WordPress | PowerFolio |
Post views Stats | post-views-stats |
Posts List Designer by Category – List Category Posts Or Recent Posts | post-list-designer |
Product Import Export for WooCommerce | product-import-export-for-woo |
Shield Security – Smart Bot Blocking & Intrusion Prevention Security | wp-simple-firewall |
Simple Membership | simple-membership |
SimpleMap Store Locator | simplemap |
Slider by Supsystic | slider-by-supsystic |
Splashscreen | splashscreen |
Stock Locations for WooCommerce | stock-locations-for-woocommerce |
Stripe Payment Plugin for WooCommerce | payment-gateway-stripe-and-woocommerce-integration |
Unlimited Addons for WPBakery Page Builder | unlimited-addons-for-wpbakery-page-builder |
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor | profile-builder |
VK Block Patterns | vk-block-patterns |
WOLF – WordPress Posts Bulk Editor and Manager Professional | bulk-editor |
WP Recipe Maker | wp-recipe-maker |
WP To Do | wp-todo |
WP-Lister Lite for eBay | wp-lister-for-ebay |
WPForms Pro | wpforms |
WPZOOM Shortcodes | wpzoom-shortcodes |
WooCommerce Subscription | woocommerce-subscriptions |
cformsII | cforms2 |
enigma-chartjs | enigma-chartjs |
lasTunes | lastunes |
peepso-photos | peepso-photos |
salesking | salesking |
Software Name | Software Slug |
---|---|
ColorMag | colormag |
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you'd like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
Affected Software: Asgaros Forum CVE ID: CVE-2024-22284 CVSS Score: 9.8 (Critical) Researcher/s: Le Ngoc Anh Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/02b75034-8db1-465b-837e-014e2c2e8b4d>
Affected Software: Stripe Payment Plugin for WooCommerce CVE ID: CVE-2024-0705 CVSS Score: 9.8 (Critical) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2652a7fc-b610-40f1-8b76-2129f59390ec>
Affected Software: salesking CVE ID: CVE-2024-22157 CVSS Score: 9.8 (Critical) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/52198053-206c-4002-8e26-dd5b4850e151>
Affected Software: ChatBot with AI CVE ID: CVE-2024-22309 CVSS Score: 9.8 (Critical) Researcher/s: Le Ngoc Anh Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/75432cfd-7c0d-4d93-9b62-cac0fd9b49d5>
Affected Software: FastDup – Fastest WordPress Migration & Duplicator CVE ID: CVE-2023-6592 CVSS Score: 9.8 (Critical) Researcher/s: Dmitrii Ignatyev Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7fb646c4-6269-4354-b3a6-872c6303a6d2>
Affected Software: Cryptocurrency Widgets – Price Ticker & Coins List CVE ID: CVE-2024-0709 CVSS Score: 9.8 (Critical) Researcher/s: vollkorntomate Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b0603621-4521-4eb0-b4dd-e2257c133cee>
Affected Software: Photo Gallery by 10Web – Mobile-Friendly Image Gallery CVE ID: CVE-2024-0221 CVSS Score: 9.1 (Critical) Researcher/s: Bence Szalai Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3a3b8f32-f29d-4e67-8fad-202bfc8a9918>
Affected Software: InstaWP Connect – 1-click WP Staging & Migration CVE ID: CVE-2024-22145 CVSS Score: 8.8 (High) Researcher/s: Majed Refaea Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6aa4fd08-a1b1-4f61-a9d1-9812071b61c9>
Affected Software: Delhivery Logistics Courier CVE ID: CVE-2024-22283 CVSS Score: 8.8 (High) Researcher/s: Yudistira Arya Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/90465354-0174-4f85-a66b-589d9408c3c8>
Affected Software: Display custom fields in the frontend – Post and User Profile Fields CVE ID: CVE-2023-6996 CVSS Score: 8.8 (High) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e0662c3a-5b82-4b9a-aa69-147094930d1f>
Affected Software: User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor CVE ID: CVE-2024-0324 CVSS Score: 8.2 (High) Researcher/s: kodaichodai Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/23caef95-36b6-40aa-8dd7-51a376790a40>
Affected Software: Custom Dashboard Widgets CVE ID: CVE-2024-22290 CVSS Score: 8.2 (High) Researcher/s: Dimas Maulana Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3208426a-379d-46b9-a9e7-654604169929>
Affected Software: salesking CVE ID: CVE-2024-22154 CVSS Score: 7.5 (High) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/70b00cfc-4a9b-442a-9c80-fd080924ca34>
Affected Software: cformsII CVE ID: CVE-2024-22149 CVSS Score: 7.2 (High) Researcher/s: emad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/097fdc88-9424-4de9-9a03-d4ea724da13f>
Affected Software: WPForms Pro CVE ID: CVE-2023-7063 CVSS Score: 7.2 (High) Researcher/s: drop Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/31c080b8-ba00-4e96-8961-2a1c3a017004>
Affected Software: SimpleMap Store Locator CVE ID: CVE-2024-22282 CVSS Score: 7.2 (High) Researcher/s: Dimas Maulana Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7a600f11-03c3-4777-b1fe-212b085bacba>
Affected Software: Unlimited Addons for WPBakery Page Builder CVE ID: CVE-2023-6925 CVSS Score: 7.2 (High) Researcher/s: István Márton Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a78b76d6-4068-4141-9726-7db439aa6a9f>
Affected Software: Product Import Export for WooCommerce CVE ID: CVE-2024-22152 CVSS Score: 7.2 (High) Researcher/s: Dateoljo of BoB 12th Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cee6a100-cda5-48a6-9f9c-ea17f80c4165>
Affected Software: Burst Statistics – Privacy-Friendly Analytics for WordPress CVE ID: CVE-2024-0405 CVSS Score: 7.2 (High) Researcher/s: Ivan Spiridonov (xbz0n) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e349f07d-a520-4700-a6e0-25e68c1deeae>
Affected Software: Shield Security – Smart Bot Blocking & Intrusion Prevention Security CVE ID: CVE-2024-22163 CVSS Score: 7.2 (High) Researcher/s: Yudistira Arya Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fcd02dfa-688e-4375-92cb-8d0e7cbaaa6e>
Affected Software: AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! CVE ID: CVE-2024-0699 CVSS Score: 6.6 (Medium) Researcher/s: rootxsudip Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0a86f6ed-9755-4265-bc0d-2d0e18e9982f>
Affected Software: Contact Form builder with drag & drop for WordPress – Kali Forms CVE ID: CVE-2024-22305 CVSS Score: 6.5 (Medium) Researcher/s: Revan Arifio Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/012a558c-1f80-4f36-85d9-905f4ed0b6cb>
Affected Software: Splashscreen CVE ID: CVE-2023-6501 CVSS Score: 6.5 (Medium) Researcher/s: Daniel Ruf Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1088f498-e718-41bc-866e-7027352a2a5b>
Affected Software: Booking for Appointments and Events Calendar – Amelia CVE ID: CVE-2024-22298 CVSS Score: 6.5 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/39005c38-f60d-44fa-9121-a77039dc34de>
Affected Software: lasTunes CVE ID: CVE-2023-6499 CVSS Score: 6.5 (Medium) Researcher/s: Daniel Ruf Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4f1ed4a2-eb0d-42cd-9273-10d7d127cdf9>
Affected Software: Better Anchor Links CVE ID: CVE-2024-22287 CVSS Score: 6.5 (Medium) Researcher/s: Dimas Maulana Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9f51ea60-7bda-4627-9b65-d1ff402dfc88>
Affected Software: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders CVE ID: CVE-2024-0586 CVSS Score: 6.5 (Medium) Researcher/s: Webbernaut Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c00ff4bd-d846-4e3f-95ed-2a6430c47ebf>
Affected Software: salesking CVE ID: CVE-2024-22156 CVSS Score: 6.5 (Medium) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c86f157e-e7f2-4b00-977c-c4cc7c2b3b0b>
Affected Software: ColorMag CVE ID: CVE-2024-0679 CVSS Score: 6.5 (Medium) Researcher/s: Sean Murphy Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e982d457-29db-468f-88c3-5afe04002dcf>
Affected Software: Browser Theme Color CVE ID: CVE-2024-22291 CVSS Score: 6.5 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ef4c6f76-4d3e-4ab0-9e12-1df55a8edae5>
Affected Software: Photo Gallery, Images, Slider in Rbs Image Gallery CVE ID: CVE-2024-22295 CVSS Score: 6.4 (Medium) Researcher/s: Bryan Satyamulya Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/02073716-4f6a-4a51-933f-c5ab8dfbc08c>
Affected Software: WP To Do CVE ID: CVE-2024-22292 CVSS Score: 6.4 (Medium) Researcher/s: Kang SeoHee Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1e5cbe1f-0a16-4301-a83c-af9456afe44d>
Affected Software: WP Recipe Maker CVE ID: CVE-2024-0382 CVSS Score: 6.4 (Medium) Researcher/s: wesley (wcraft) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1f463ed1-06ad-430f-b450-1a73dc54f8a7>
Affected Software: CBX Map for Google Map & OpenStreetMap CVE ID: CVE-2024-22297 CVSS Score: 6.4 (Medium) Researcher/s: Ngô Thiên An (ancorn_) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1fc860d4-fa26-489a-acd5-edbf7116d817>
Affected Software: Display custom fields in the frontend – Post and User Profile Fields CVE ID: CVE-2023-6982 CVSS Score: 6.4 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3077b84e-87af-4307-83c5-0e4b15d07ff1>
Affected Software: PDF Viewer & 3D PDF Flipbook – DearPDF CVE ID: CVE-2024-23505 CVSS Score: 6.4 (Medium) Researcher/s: Ngô Thiên An (ancorn_) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/317b2035-e5c7-47a9-a76c-11157127b6c2>
Affected Software: Posts List Designer by Category – List Category Posts Or Recent Posts CVE ID: CVE-2024-23502 CVSS Score: 6.4 (Medium) Researcher/s: Ngô Thiên An (ancorn_) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3b5decc1-cc81-4a5e-b6d8-5120cb37c93b>
Affected Software: Formzu WP CVE ID: CVE-2024-22310 CVSS Score: 6.4 (Medium) Researcher/s: Ngô Thiên An (ancorn_) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/497e0784-8953-4726-929a-7d5ef129e98e>
Affected Software: PDF Viewer & 3D PDF Flipbook – DearPDF CVE ID: CVE-2024-23505 CVSS Score: 6.4 (Medium) Researcher/s: Ngô Thiên An (ancorn_) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4b9aa41e-34bf-4bfb-a341-e101e3771f7a>
Affected Software: WP Recipe Maker CVE ID: CVE-2024-0255 CVSS Score: 6.4 (Medium) Researcher/s: wesley (wcraft) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/53a51408-e5d8-4727-9dec-8321c062c31e>
Affected Software: WP Recipe Maker CVE ID: CVE-2024-0384 CVSS Score: 6.4 (Medium) Researcher/s: wesley (wcraft) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/749c5d09-1e9a-4aa1-b7c2-6f9d24f3a09b>
Affected Software: Portfolio & Image Gallery for WordPress | PowerFolio CVE ID: CVE-2024-22150 CVSS Score: 6.4 (Medium) Researcher/s: Ngô Thiên An (ancorn_) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8b639c5c-e4ff-4e43-9088-249c75046d39>
Affected Software: Albo Pretorio On line CVE ID: CVE-2024-22302 CVSS Score: 6.4 (Medium) Researcher/s: Ngô Thiên An (ancorn_) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/92f8e3b7-a896-494b-96cd-6ecb8918ebd6>
Affected Software: GeneratePress Premium CVE ID: CVE-2023-6807 CVSS Score: 6.4 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9dcd48b8-ec9e-44b4-b531-95940adbd100>
Affected Software: WP Recipe Maker CVE ID: CVE-2024-0381 CVSS Score: 6.4 (Medium) Researcher/s: wesley (wcraft) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a7c949f0-fcd1-4984-95a2-b19fb72f04bb>
Affected Software: Booking for Appointments and Events Calendar – Amelia CVE ID: CVE-2023-6808 CVSS Score: 6.4 (Medium) Researcher/s: Ngô Thiên An (ancorn_) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/aafb5402-3553-4c89-86e0-4dd556d86074>
Affected Software: GiveWP – Donation Plugin and Fundraising Platform CVE ID: CVE-2023-51415 CVSS Score: 6.4 (Medium) Researcher/s: LVT-tholv2k Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d74d71a8-774a-4ebb-b254-0e65a8044319>
Affected Software/s: Advanced Custom Fields (ACF), Advanced Custom Fields Pro CVE ID: CVE-2023-6701 CVSS Score: 6.4 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e3593dfd-7b2a-4d01-8af0-725b444dc81b>
Affected Software: WP Recipe Maker CVE ID: CVE-2023-6958 CVSS Score: 6.4 (Medium) Researcher/s: wesley (wcraft) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ec201702-8c8c-4049-b647-422d18001b7f>
Affected Software: Orbit Fox by ThemeIsle CVE ID: CVE-2024-0508 CVSS Score: 6.4 (Medium) Researcher/s: Webbernaut Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ecc5a17e-c716-48bd-9b4d-49d870ae6bf3>
Affected Software: peepso-photos CVE ID: CVE-2024-22158 CVSS Score: 6.4 (Medium) Researcher/s: Bikram Kharal Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fad492f4-7112-4f4f-8825-c42aab552c9b>
Affected Software: WOLF – WordPress Posts Bulk Editor and Manager Professional CVE ID: CVE-2024-22159 CVSS Score: 6.1 (Medium) Researcher/s: thiennv Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/10339a77-7c1a-4030-9061-15c699545b16>
Affected Software: WP Recipe Maker CVE ID: CVE-2023-6970 CVSS Score: 6.1 (Medium) Researcher/s: wesley (wcraft) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/20842e95-4b91-4138-9e32-7c090724bf64>
Affected Software: BA Plus – Before & After Image Slider FREE CVE ID: CVE-2024-22286 CVSS Score: 6.1 (Medium) Researcher/s: Dimas Maulana Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2ab6f54d-0358-4f0c-aba5-b4053e1a345d>
Affected Software: Post views Stats CVE ID: CVE-2024-22289 CVSS Score: 6.1 (Medium) Researcher/s: Dimas Maulana Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/31eb7dd4-3bd1-41e8-875a-e40a7f16296d>
Affected Software: WP-Lister Lite for eBay CVE ID: CVE-2024-22307 CVSS Score: 6.1 (Medium) Researcher/s: Dimas Maulana Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/70d05b9e-bead-42f9-9d19-c92c8e6440cd>
Affected Software: BP Profile Search CVE ID: CVE-2024-22293 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8051fb03-7c38-4902-bbff-049c270d2be2>
Affected Software: Simple Membership CVE ID: CVE-2024-22308 CVSS Score: 6.1 (Medium) Researcher/s: Joshua Chan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b0086de8-448f-452f-89d1-84b77b2e25a8>
Affected Software: WPZOOM Shortcodes CVE ID: CVE-2024-22162 CVSS Score: 6.1 (Medium) Researcher/s: Dhabaleshwar Das Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d2a95c6f-7248-4805-af86-11fd536b5d8d>
Affected Software: Image Tag Manager CVE ID: CVE-2024-22160 CVSS Score: 6.1 (Medium) Researcher/s: Dimas Maulana Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ded4b93f-fd90-4803-9d20-3109512b1a24>
Affected Software: FileBird – WordPress Media Library Folders & File Manager CVE ID: CVE-2024-0691 CVSS Score: 5.5 (Medium) Researcher/s: Thomas Sanzey Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/47f04985-dd9b-449f-8b4c-9811fe7e4a96>
Affected Software: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders CVE ID: CVE-2024-0585 CVSS Score: 5.4 (Medium) Researcher/s: Webbernaut Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/417baa1c-29f0-4fec-8008-5b52359b3328>
Affected Software: WP Recipe Maker CVE ID: CVE-2024-0380 CVSS Score: 5.4 (Medium) Researcher/s: wesley (wcraft) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/457c4e56-c2a0-451f-a4a6-e7fb7bf7b0e0>
Affected Software: IP2Location Country Blocker CVE ID: CVE-2024-22294 CVSS Score: 5.3 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0e4aee28-d0cc-4705-9be6-fe5299f2e0fc>
Affected Software: Albo Pretorio On line CVE ID: CVE-2024-22301 CVSS Score: 5.3 (Medium) Researcher/s: Muhammad Daffa Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3535fad2-9b2d-4721-9e5d-cfe609df00ae>
Affected Software: Import and export users and customers CVE ID: CVE-2024-22151 CVSS Score: 5.3 (Medium) Researcher/s: emad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/428feddb-c8c3-49a7-8e01-dc548c184229>
Affected Software: Author Box, Guest Author and Co-Authors for Your Posts – Molongui CVE ID: CVE-2023-7014 CVSS Score: 5.3 (Medium) Researcher/s: Krzysztof Zając Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/538e9ce3-2d48-44ad-bd08-8eead3ef15c3>
Affected Software: 12 Step Meeting List CVE ID: CVE-2024-22296 CVSS Score: 5.3 (Medium) Researcher/s: emad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8269f83b-5d7d-4f01-85ee-fd7262fed5b1>
Affected Software: Ninja Tables – Best Data Table Plugin for WordPress CVE ID: CVE-2024-23503 CVSS Score: 5.3 (Medium) Researcher/s: emad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8ce784a7-6e92-4ad7-9a29-fc3a73fa26d1>
Affected Software: Ninja Tables – Best Data Table Plugin for WordPress CVE ID: CVE-2024-23504 CVSS Score: 5.3 (Medium) Researcher/s: emad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c86e5cfd-f450-48d6-819e-5345fc0fdfc8>
Affected Software: Getwid – Gutenberg Blocks CVE ID: CVE-2023-6963 CVSS Score: 5.3 (Medium) Researcher/s: Lucio Sá Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d317f2c7-06f3-4875-9f9b-eb7f450aa2f4>
Affected Software: Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms CVE ID: CVE-2024-0618 CVSS Score: 4.4 (Medium) Researcher/s: Akbar Kustirama Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0348d465-f351-4c52-b293-8b3b058292b9>
Affected Software: enigma-chartjs CVE ID: CVE-2023-6081 CVSS Score: 4.4 (Medium) Researcher/s: Asif Nawaz Minhas, Sergen Koç Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3e1864e7-bd3b-431f-9a9d-378b376298f9>
Affected Software: enigma-chartjs CVE ID: CVE-2023-6082 CVSS Score: 4.4 (Medium) Researcher/s: Asif Nawaz Minhas, Sergen Koç Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bd5a1ab9-8d59-464a-a227-9f6ee768e35c>
Affected Software: HD Quiz CVE ID: CVE-2024-22161 CVSS Score: 4.4 (Medium) Researcher/s: Myungju Kim Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d3abf6bd-bece-470e-93c7-ab9968171a3f>
Affected Software: Stock Locations for WooCommerce CVE ID: CVE-2024-22153 CVSS Score: 4.4 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e6090a49-f3dc-4b7b-bc86-eb7ec57b7ba4>
Affected Software: Display custom fields in the frontend – Post and User Profile Fields CVE ID: CVE-2023-6983 CVSS Score: 4.3 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/08d43c67-df40-4f1a-a351-803e59edee13>
Affected Software: FreshMail For WordPress CVE ID: CVE-2024-22304 CVSS Score: 4.3 (Medium) Researcher/s: Skalucy Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/10ffe689-143a-4232-8094-45844dc5262b>
Affected Software: Slider by Supsystic CVE ID: CVE-2024-22303 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/548731d5-078b-45a5-bcc5-9789b41ead44>
Affected Software: Getwid – Gutenberg Blocks CVE ID: CVE-2023-6959 CVSS Score: 4.3 (Medium) Researcher/s: Lucio Sá Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/774c00fb-82cd-44ca-bf96-3f6dfd1977d0>
Affected Software: Frontpage Manager CVE ID: CVE-2024-22285 CVSS Score: 4.3 (Medium) Researcher/s: Dimas Maulana Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/953f4838-d0d5-4546-ac97-c1b442236c5d>
Affected Software: VK Block Patterns CVE ID: CVE-2024-0623 CVSS Score: 4.3 (Medium) Researcher/s: kodaichodai Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9af6c319-7660-4368-b2f8-1ed1d01ee73a>
Affected Software: Migration, Backup, Staging – WPvivid CVE ID: CVE-2023-4637 CVSS Score: 4.3 (Medium) Researcher/s: Revan Arifio Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bad0bd6b-9c88-4d31-90b5-92d3ceb8c0af>
Affected Software: WooCommerce Subscription CVE ID: CVE-2023-50850 CVSS Score: 4.3 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c01e3a86-8a2a-4200-b328-fb71afb2b196>
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (January 15, 2024 to January 21, 2024) appeared first on Wordfence.
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
72.9%