9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
72.1%
Wordfence just launched its bug bounty program. Over the next 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now!
Last week, there were 79 vulnerabilities disclosed in 64 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 22 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Enterprises, Hosting Providers, and even Indivudals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 12,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
_Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published. _
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Patch Status | Number of Vulnerabilities |
---|---|
Unpatched | 15 |
Patched | 64 |
Severity Rating | Number of Vulnerabilities |
---|---|
Low Severity | 0 |
Medium Severity | 54 |
High Severity | 23 |
Critical Severity | 2 |
Vulnerability Type by CWE | Number of Vulnerabilities |
---|---|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 23 |
Missing Authorization | 19 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 16 |
Cross-Site Request Forgery (CSRF) | 13 |
Unrestricted Upload of File with Dangerous Type | 2 |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') | 2 |
Protection Mechanism Failure | 2 |
Improper Control of Generation of Code ('Code Injection') | 1 |
Authorization Bypass Through User-Controlled Key | 1 |
Researcher Name | Number of Vulnerabilities |
---|---|
Lana Codes | |
(Wordfence Vulnerability Researcher) | 22 |
Alex Thomas | |
(Wordfence Vulnerability Researcher) | 14 |
Abdi Pranata | 7 |
Marco Wotschka | |
(Wordfence Vulnerability Researcher) | 4 |
yuyudhn | 4 |
Duc Manh | 4 |
Naveen Muthusamy | 2 |
Mika | 2 |
Ala Arfaoui | 2 |
Vladislav Pokrovsky | 1 |
DoYeon Park (p6rkdoye0n) | 1 |
Emili Castells | 1 |
Rachit Arora | 1 |
Revan Arifio | 1 |
dc11 | 1 |
NGÔ THIÊN AN (ancorn_) | 1 |
Rafie Muhammad | 1 |
Brandon James Roldan | 1 |
lttn | 1 |
thiennv | 1 |
Cat | 1 |
Huynh Tien Si | 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
Software Name | Software Slug |
---|---|
AI ChatBot | chatbot |
Admin Bar & Dashboard Access Control | admin-bar-dashboard-control |
Ads by datafeedr.com | ads-by-datafeedrcom |
Advance Menu Manager | advance-menu-manager |
Animated Rotating Words (Interchanging Random Words in a Sentence) | css3-rotating-words |
Apollo13 Framework Extensions | apollo13-framework-extensions |
Auto Publish for Google My Business | wp-google-my-business-auto-publish |
Basic Interactive World Map | basic-interactive-world-map |
Comments Ratings | comments-ratings |
Comments – wpDiscuz | wpdiscuz |
Decorator – WooCommerce Email Customizer | decorator-woocommerce-email-customizer |
Defender Security – Malware Scanner, Login Security & Firewall | defender-security |
Digirisk | digirisk |
Drag and Drop Multiple File Upload – Contact Form 7 | drag-and-drop-multiple-file-upload-contact-form-7 |
Easy PayPal Shopping Cart | easy-paypal-shopping-cart |
Email Templates Customizer and Designer for WordPress and WooCommerce | email-templates |
Finale Lite – Sales Countdown Timer & Discount for WooCommerce | finale-woocommerce-sales-countdown-timer-discount |
Gift Up Gift Cards for WordPress and WooCommerce | gift-up |
GiveWP – Donation Plugin and Fundraising Platform | give |
HTML filter and csv-file search | hk-filter-and-search |
Icons Font Loader | icons-font-loader |
IdeaPush | ideapush |
Image horizontal reel scroll slideshow | image-horizontal-reel-scroll-slideshow |
Image vertical reel scroll slideshow | image-vertical-reel-scroll-slideshow |
Information Reel | information-reel |
Interact: Embed A Quiz On Your Site | interact-quiz-embed |
Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free | funnelforms-free |
Jquery accordion slideshow | jquery-accordion-slideshow |
Jquery news ticker | jquery-news-ticker |
Kadence WooCommerce Email Designer | kadence-woocommerce-email-designer |
Layer Slider | slider-slideshow |
Left right image slideshow gallery | left-right-image-slideshow-gallery |
Linker | linker |
Live updates from Excel | ipushpull |
Message ticker | message-ticker |
Popup with fancybox | popup-with-fancybox |
Post Sliders & Post Grids | post-slider-carousel |
Product Catalog Mode For Woocommerce | woocommerce-catalog-enquiry |
SEO Slider | seo-slider |
Short URL | shorten-url |
ShortCodes UI | shortcodes-ui |
Social Feed | All social media in one place |
Solid Security – Password, Two Factor Authentication, and Brute Force Protection | better-wp-security |
Superb slideshow gallery | superb-slideshow-gallery |
The Plus Addons for Elementor Page Builder | theplus_elementor_addon |
Top 10 – WordPress Popular posts by WebberZone | top-10 |
Top 25 Social Icons | top-25-social-icons |
Up down image slideshow gallery | up-down-image-slideshow-gallery |
UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress | userswp |
Vertical marquee plugin | vertical-marquee-plugin |
WP Affiliate Disclosure | wp-affiliate-disclosure |
WP Customer Reviews | wp-customer-reviews |
WP Meta and Date Remover | wp-meta-and-date-remover |
WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine | wp-travel |
WP fade in text news | wp-fade-in-text-news |
WooODT Lite – WooCommerce Order Delivery or Pickup with Date Time Location | byconsole-woo-order-delivery-time |
Wp anything slider | wp-anything-slider |
Wp photo text slider 50 | wp-photo-text-slider-50 |
Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress | youzify |
iPages Flipbook For WordPress | ipages-flipbook |
idbbee | idbbee |
iframe forms | iframe-forms |
video carousel slider with lightbox | wp-responsive-video-gallery-with-lightbox |
wp image slideshow | wp-image-slideshow |
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you'd like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
Affected Software: The Plus Addons for Elementor Page Builder CVE ID: CVE-2023-47178 CVSS Score: 9.8 (Critical) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4d739821-569d-42d7-a4c5-70e32d5d41a1>
Affected Software: Ads by datafeedr.com CVE ID: CVE-2023-5843 CVSS Score: 9 (Critical) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5412fd87-49bc-445c-8d16-443e38933d1e>
Affected Software: Image vertical reel scroll slideshow CVE ID: CVE-2023-5428 CVSS Score: 8.8 (High) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/01d31d8a-4459-488a-9cbe-92761faa58b4>
Affected Software: Jquery accordion slideshow CVE ID: CVE-2023-5464 CVSS Score: 8.8 (High) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0531ca34-5d7b-4071-a1aa-934f14b87728>
Affected Software: Image horizontal reel scroll slideshow CVE ID: CVE-2023-5412 CVSS Score: 8.8 (High) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/08fb698f-c87c-4200-85fe-3fe72745633e>
Affected Software: Up down image slideshow gallery CVE ID: CVE-2023-5435 CVSS Score: 8.8 (High) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0b72cf6f-4924-4fa5-8e1a-4054dfe73be0>
Affected Software: Superb slideshow gallery CVE ID: CVE-2023-5434 CVSS Score: 8.8 (High) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3a12945d-a67c-4a19-a4e7-f65f5f2a21bb>
Affected Software: Jquery news ticker CVE ID: CVE-2023-5430 CVSS Score: 8.8 (High) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3b7f8739-7f40-40a7-952e-002ea3b82ac7>
Affected Software: Wp photo text slider 50 CVE ID: CVE-2023-5439 CVSS Score: 8.8 (High) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/515502b5-c344-4855-aff1-57833233c5d2>
Affected Software: Wp anything slider CVE ID: CVE-2023-5466 CVSS Score: 8.8 (High) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/535e754e-f851-4809-a148-d9ba808b9d8a>
Affected Software: Information Reel CVE ID: CVE-2023-5429 CVSS Score: 8.8 (High) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/64db63e5-ff76-494a-be4f-d820f0cc9ab0>
Affected Software: Left right image slideshow gallery CVE ID: CVE-2023-5431 CVSS Score: 8.8 (High) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/69902627-ce79-4a43-8949-43db6a9cc0dd>
Affected Software: wp image slideshow CVE ID: CVE-2023-5438 CVSS Score: 8.8 (High) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7e24383b-5b0f-4114-908b-4c2778632f73>
Affected Software: WooODT Lite – WooCommerce Order Delivery or Pickup with Date Time Location CVE ID: CVE-2023-47179 CVSS Score: 8.8 (High) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9939f297-e3ca-4d7d-9acd-c416ee2014c9>
Affected Software: WP fade in text news CVE ID: CVE-2023-5437 CVSS Score: 8.8 (High) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b4accf10-710e-4cba-8d61-04e422324f9d>
Affected Software: Popup with fancybox CVE ID: CVE-2023-5465 CVSS Score: 8.8 (High) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c943cf0b-0e99-4d47-808d-2b803369d53a>
Affected Software: Vertical marquee plugin CVE ID: CVE-2023-5436 CVSS Score: 8.8 (High) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cd90d9c0-0cab-4fd3-b016-106032f300f7>
Affected Software: Message ticker CVE ID: CVE-2023-5433 CVSS Score: 8.8 (High) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d0b1fa88-2fc6-41af-bd39-12af92dc6533>
Affected Software: HTML filter and csv-file search CVE ID: CVE-2023-5099 CVSS Score: 8.8 (High) Researcher/s: Alex Thomas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ee2b4055-8cbd-49b7-bb0b-eddef85060fc>
Affected Software: Drag and Drop Multiple File Upload – Contact Form 7 CVE ID: CVE-2023-5822 CVSS Score: 8.1 (High) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1b3be300-5b7f-4844-8637-1bb8c939ed4c>
Affected Software: Finale Lite – Sales Countdown Timer & Discount for WooCommerce CVE ID: CVE-2023-47180 CVSS Score: 7.5 (High) Researcher/s: Unknown Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/725bce1b-ec76-411d-928c-2aea47867292>
Affected Software: WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine CVE ID: CVE-2023-47224 CVSS Score: 7.5 (High) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d23d2cdf-206e-4714-9753-198519ba737b>
Affected Software: Comments – wpDiscuz CVE ID: CVE-2023-47185 CVSS Score: 7.2 (High) Researcher/s: Vladislav Pokrovsky Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/026ff6f4-077e-4fee-8fbe-8176f8ca5af3>
Affected Software: Icons Font Loader CVE ID: CVE-2023-5860 CVSS Score: 7.2 (High) Researcher/s: Alex Thomas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/12a9fbe8-445a-478a-b6ce-cd669ccb6a2d>
Affected Software: iPages Flipbook For WordPress CVE ID: CVE Unknown CVSS Score: 7.2 (High) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/279a02e1-7b61-4edd-ab67-6a7fed4e17c1>
Affected Software: Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free CVE ID: CVE-2023-5386 CVSS Score: 6.5 (Medium) Researcher/s: Alex Thomas, Duc Manh Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/400fe58b-8203-4fd5-a3d3-d30eb1b8cd85>
Affected Software: Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free CVE ID: CVE-2023-5382 CVSS Score: 6.5 (Medium) Researcher/s: Duc Manh Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/72e4428b-d2cd-471f-9821-947f4601fd64>
Affected Software: Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress CVE ID: CVE-2023-47191 CVSS Score: 6.5 (Medium) Researcher/s: lttn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/94c98edf-6f4a-4c23-afa7-d5caaa22397f>
Affected Software: Short URL CVE ID: CVE-2023-47225 CVSS Score: 6.5 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a83061c0-d8d3-4dbe-bf2a-65350d17094b>
Affected Software: HTML filter and csv-file search CVE ID: CVE-2023-5096 CVSS Score: 6.4 (Medium) Researcher/s: Alex Thomas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/157eddd4-67f0-4a07-b3ab-11dbfb9f12aa>
Affected Software: SEO Slider CVE ID: CVE-2023-5707 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/32bc88a7-93ed-4d67-9383-b6d935a0df4d>
Affected Software: WP Meta and Date Remover CVE ID: CVE-2023-4823 CVSS Score: 6.4 (Medium) Researcher/s: dc11 Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3da0a44f-d4b4-4330-a2e3-d25a2a7df926>
Affected Software: Linker CVE ID: CVE-2023-47177 CVSS Score: 6.4 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3fd620a3-5d9e-4bc3-b026-871610df7c2d>
Affected Software: Apollo13 Framework Extensions CVE ID: CVE-2023-47190 CVSS Score: 6.4 (Medium) Researcher/s: NGÔ THIÊN AN (ancorn_) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4c5b2ce5-d3bf-4412-b329-470a1115260b>
Affected Software: Gift Up Gift Cards for WordPress and WooCommerce CVE ID: CVE-2023-5703 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4e498706-3dbe-4c48-9c0d-0d90677aba0d>
Affected Software: Interact: Embed A Quiz On Your Site CVE ID: CVE-2023-5659 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/69ba1a39-ddb0-4661-8104-d8bb71710e0c>
Affected Software: iframe forms CVE ID: CVE-2023-5073 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes, Alex Thomas Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/818de7f7-913a-4ade-927e-bba281b4709a>
Affected Software: Live updates from Excel CVE ID: CVE-2023-5116 CVSS Score: 6.4 (Medium) Researcher/s: Alex Thomas Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ab856722-e954-49de-a93f-46664da6e3e8>
Affected Software: Top 25 Social Icons CVE ID: CVE-2023-47229 CVSS Score: 6.4 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b9e3e417-d8a8-4e32-99aa-650e0a25a415>
Affected Software: Easy PayPal Shopping Cart CVE ID: CVE Unknown CVSS Score: 6.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cf6e3552-9616-4da1-8d8e-a6144ba1d0a3>
Affected Software: ShortCodes UI CVE ID: CVE-2023-47231 CVSS Score: 6.4 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f6c14c65-a47c-4dc1-9d5a-f804061152e4>
Affected Software: Digirisk CVE ID: CVE-2023-5946 CVSS Score: 6.1 (Medium) Researcher/s: Ala Arfaoui Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d41355ed-77d0-48b3-bbb3-4cc3b4df4b2a>
Affected Software: GiveWP – Donation Plugin and Fundraising Platform CVE ID: CVE-2023-4248 CVSS Score: 5.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2bff8dea-6971-47d4-bd2c-0821687033e5>
Affected Software: Auto Publish for Google My Business CVE ID: CVE Unknown CVSS Score: 5.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3d4b9f07-a4a0-4cbd-a147-281570bc7f4a>
Affected Software: idbbee CVE ID: CVE-2023-5114 CVSS Score: 5.4 (Medium) Researcher/s: Lana Codes, Alex Thomas Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ac763936-7147-4100-8a46-4c6d2f2224b4>
Affected Software: GiveWP – Donation Plugin and Fundraising Platform CVE ID: CVE-2023-4247 CVSS Score: 5.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e32d9104-5a39-4455-b76a-e24ae787bdfd>
Affected Software: GiveWP – Donation Plugin and Fundraising Platform CVE ID: CVE-2023-47183 CVSS Score: 5.3 (Medium) Researcher/s: Revan Arifio Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3b6b1b7e-2ba4-4b72-9e3d-b54c00437cac>
Affected Software: Defender Security – Malware Scanner, Login Security & Firewall CVE ID: CVE-2023-5977 CVSS Score: 5.3 (Medium) Researcher/s: Naveen Muthusamy Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/66122be6-7c28-44cc-a8dd-7b2ec64346f7>
Affected Software: Solid Security – Password, Two Factor Authentication, and Brute Force Protection CVE ID: CVE Unknown CVSS Score: 5.3 (Medium) Researcher/s: Naveen Muthusamy Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/88163d55-ab97-4697-a25b-d54615e2a843>
Affected Software: Post Sliders & Post Grids CVE ID: CVE-2023-47226 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2ddc39a8-57b7-46be-878a-2e1cf3271bd2>
Affected Software: Basic Interactive World Map CVE ID: CVE-2023-47223 CVSS Score: 4.4 (Medium) Researcher/s: DoYeon Park (p6rkdoye0n) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/321b2b0d-8169-4e80-b86f-2ae29d9b8b7d>
Affected Software: IdeaPush CVE ID: CVE-2023-47181 CVSS Score: 4.4 (Medium) Researcher/s: Emili Castells Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3673a86c-1e11-45ad-8944-84a38aad53dd>
Affected Software: Admin Bar & Dashboard Access Control CVE ID: CVE-2023-47184 CVSS Score: 4.4 (Medium) Researcher/s: Rachit Arora Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/37aa3d05-79b6-49ea-b698-afa78615e438>
Affected Software: Social Feed | All social media in one place CVE ID: CVE-2023-47227 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4a77675b-5a31-4bc1-b4bd-36dd9a612b7c>
Affected Software: Comments Ratings CVE ID: CVE-2023-23702 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5786b859-3ee9-45ab-8926-f4a09e323e3b>
Affected Software: Layer Slider CVE ID: CVE-2023-47228 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6df68d66-7294-4dff-8ba8-394932a64281>
Affected Software: AI ChatBot CVE ID: CVE-2023-5606 CVSS Score: 4.4 (Medium) Researcher/s: Huynh Tien Si Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fc305c48-8337-42b7-ad61-61aea8018def>
Affected Software: Advance Menu Manager CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/04ad816b-0ac0-44b5-928a-5bb3e36523b2>
Affected Software: WP Affiliate Disclosure CVE ID: CVE-2023-47232 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/11cc8c6e-b60e-46b3-966e-07b1fb2bf8e9>
Affected Software: Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free CVE ID: CVE-2023-5417 CVSS Score: 4.3 (Medium) Researcher/s: Alex Thomas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/148794ea-3bc9-4084-bdb9-6ee63a781a39>
Affected Software: Animated Rotating Words (Interchanging Random Words in a Sentence) CVE ID: CVE-2023-47187 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/15b7008f-07fc-4f8a-b214-8ac0c4cf6d99>
Affected Software: WP Customer Reviews CVE ID: CVE-2023-4686 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/24b9984c-ec33-4492-815b-67a21ac4da0e>
Affected Software: UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/413d3ec0-8d04-4bef-9394-f666cfed733e>
Affected Software: Animated Rotating Words (Interchanging Random Words in a Sentence) CVE ID: CVE-2023-47187 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/41d9786e-4ce3-42d6-a0d6-8eb863103d5c>
Affected Software: Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free CVE ID: CVE-2023-5419 CVSS Score: 4.3 (Medium) Researcher/s: Alex Thomas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/64248d15-e6a7-442f-b269-e9f629d297d3>
Affected Software: Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free CVE ID: CVE-2023-5415 CVSS Score: 4.3 (Medium) Researcher/s: Alex Thomas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6ec3051e-a5e4-48ee-8f8e-eb5dbc482f33>
Affected Software: Kadence WooCommerce Email Designer CVE ID: CVE-2023-47186 CVSS Score: 4.3 (Medium) Researcher/s: Brandon James Roldan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7b8483b8-07b4-436f-992f-35e16fef867b>
Affected Software: Top 10 – WordPress Popular posts by WebberZone CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7e7d3bf0-1860-45b0-b928-2291b0f98902>
Affected Software: Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free CVE ID: CVE-2023-5411 CVSS Score: 4.3 (Medium) Researcher/s: Alex Thomas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/816f5fc1-e4e6-4c0d-b222-fe733f026e33>
Affected Software: Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free CVE ID: CVE-2023-5416 CVSS Score: 4.3 (Medium) Researcher/s: Alex Thomas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/992fc98f-4b23-4596-81fb-5543d82fd615>
Affected Software: Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free CVE ID: CVE-2023-5387 CVSS Score: 4.3 (Medium) Researcher/s: Alex Thomas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ccb34b44-9fa4-4ebe-b217-b2a42920247f>
Affected Software: Advance Menu Manager CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cf34af9d-4de7-498d-8065-c3cc6818b7c4>
Affected Software: Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free CVE ID: CVE-2023-5383 CVSS Score: 4.3 (Medium) Researcher/s: Duc Manh Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d35ec0f0-fa7a-4531-b5f7-5adcf2af051c>
Affected Software: Decorator – WooCommerce Email Customizer CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: thiennv Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/db664d0a-a58d-4d8b-ae0a-074f32d8710c>
Affected Software: video carousel slider with lightbox CVE ID: CVE-2023-5945 CVSS Score: 4.3 (Medium) Researcher/s: Ala Arfaoui Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/dc052b00-65a7-4668-8bdd-b06d69d12a4a>
Affected Software: GiveWP – Donation Plugin and Fundraising Platform CVE ID: CVE-2023-4246 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/dc5c511f-dc79-468b-a107-cdf50999faf8>
Affected Software: Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free CVE ID: CVE-2023-5385 CVSS Score: 4.3 (Medium) Researcher/s: Alex Thomas, Duc Manh Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e2719afc-e52c-4fcc-b030-2f6aaddb5ab9>
Affected Software: Product Catalog Mode For Woocommerce CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e881ba2f-0e88-4c7b-aa0d-84e816019db9>
Affected Software: Email Templates Customizer and Designer for WordPress and WooCommerce CVE ID: CVE-2022-47181 CVSS Score: 4.3 (Medium) Researcher/s: Cat Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f3e1851a-9545-4687-b58b-5cdad3291525>
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (October 30, 2023 to November 5, 2023) appeared first on Wordfence.
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
72.1%