Chloe ChamberlandWORDFENCE:63F0B688B303AD0EDE14C20EB5327A90Wordfence Intelligence Weekly WordPress Vulnerability Report (October 2, 2023 to October 8, 2023)
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
22.4%
Last week, there were 92 vulnerabilities disclosed in 88 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 37 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API and webhook integration are completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Individuals and Enterprises can use the vulnerability Database API to receive a complete dump of our database of over 12,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
_Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published. _
New Firewall Rules Deployed Last Week
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
|---|---|
| Unpatched | 57 |
| Patched | 35 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
|---|---|
| Low Severity | 1 |
| Medium Severity | 80 |
| High Severity | 11 |
| Critical Severity | 0 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
|---|---|
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 37 |
| Cross-Site Request Forgery (CSRF) | 30 |
| Missing Authorization | 11 |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 7 |
| Information Exposure | 3 |
| URL Redirection to Untrusted Site ('Open Redirect') | 1 |
| Unrestricted Upload of File with Dangerous Type | 1 |
| Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') | 1 |
| Guessable CAPTCHA | 1 |
Researchers That Contributed to WordPress Security Last Week
| Researcher Name | Number of Vulnerabilities |
|---|---|
| Mika | 19 |
| Rio Darmawan | 7 |
| yuyudhn | 5 |
| Lana Codes | |
| (Wordfence Vulnerability Researcher) | 5 |
| Abdi Pranata | 5 |
| Rafie Muhammad | 3 |
| Vladislav Pokrovsky | 2 |
| Taihei Shimamine | 2 |
| minhtuanact | 2 |
| spacecroupier | 2 |
| Prasanna V Balaji | 2 |
| Le Ngoc Anh | 2 |
| deokhunKim | 2 |
| Alex Thomas | |
| (Wordfence Vulnerability Researcher) | 2 |
| LEE SE HYOUNG | 2 |
| BuShiYue | 1 |
| Phd | 1 |
| TomS | 1 |
| OZ1NG (TOOR, LISA) | 1 |
| thiennv | 1 |
| konagash | 1 |
| Robert DeVore | 1 |
| qilin_99 | 1 |
| Jonas Höbenreich | 1 |
| NeginNrb | 1 |
| emad | 1 |
| Joshua Chan | 1 |
| An Đặng | 1 |
| Emili Castells | 1 |
| resecured.io | 1 |
| Marco Wotschka | |
| (Wordfence Vulnerability Researcher) | 1 |
| Nguyen Anh Tien | 1 |
| n0paew | 1 |
| Ravi Dharmawan | 1 |
| Truoc Phan | 1 |
| Yebin Lee | 1 |
| Nithissh S | 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| AI ChatBot | chatbot |
| AI Content Writing Assistant (Content Writer, GPT 3 & 4, ChatGPT, Image Generator) All in One | ai-content-writing-assistant |
| Abandoned Cart Lite for WooCommerce | woocommerce-abandoned-cart |
| Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress | advanced-page-visit-counter |
| AmpedSense – AdSense Split Tester | ampedsense-adsense-split-tester |
| Automated Editor | automated-editor |
| Blog Filter – Advanced Post Filtering with Categories Or Tags, Post Portfolio Gallery, Blog Design Template, Post Layout | blog-filter |
| Blog Manager Light | blog-manager-light |
| Bold Timeline Lite | bold-timeline-lite |
| Booster for WooCommerce | woocommerce-jetpack |
| Bulk NoIndex & NoFollow Toolkit | bulk-noindex-nofollow-toolkit-by-mad-fish |
| Captcha/Honeypot (CF7, Avada, Elementor, Comments, WPForms) – GDPR ready | captcha-for-contact-form-7 |
| Category Meta plugin | wp-category-meta |
| Comment Reply Email | comment-reply-email |
| Complete Open Graph | complete-open-graph |
| Connect to external APIs – WPGetAPI | wpgetapi |
| Contact Form by Supsystic | contact-form-by-supsystic |
| Contact form Form For All – Easy to use, fast, 37 languages. | formforall |
| Copy or Move Comments | copy-or-move-comments |
| Customer Reviews for WooCommerce | customer-reviews-woocommerce |
| Dropshipping & Affiliation with Amazon | wp-amazon-shop |
| Export All Posts, Products, Orders, Refunds & Users | wp-ultimate-exporter |
| Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder | form-maker |
| Fotomoto | fotomoto |
| Geo Controller | cf-geoplugin |
| GoodBarber | goodbarber |
| Gumroad | gumroad |
| Hitsteps Web Analytics | hitsteps-visitor-manager |
| Hotjar | hotjar |
| IRivYou – Add reviews from AliExpress and Amazon to woocommerce | wooreviews-importer |
| Image vertical reel scroll slideshow | image-vertical-reel-scroll-slideshow |
| Instagram for WordPress | instagram-for-wordpress |
| Interactive World Map | interactive-world-map |
| LeadSquared Suite | leadsquared-suite |
| MStore API | mstore-api |
| Mailrelay | mailrelay |
| Marker.io – Visual Website Feedback | marker-io |
| Media Library Assistant | media-library-assistant |
| Mendeley Plugin | mendeleyplugin |
| OPcache Dashboard | opcache |
| Open User Map | open-user-map |
| Optimize Database after Deleting Revisions | rvg-optimize-database |
| Order auto complete for WooCommerce | order-auto-complete-for-woocommerce |
| POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress | post-smtp |
| Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | wp-user-avatar |
| Permalinks Customizer | permalinks-customizer |
| Pinpoint Booking System – #1 WordPress Booking Plugin | booking-system |
| Podcast Subscribe Buttons | podcast-subscribe-buttons |
| Post View Count | wp-simple-post-view |
| Pressference Exporter | pressference-exporter |
| Product Category Tree | product-category-tree |
| Profile Extra Fields by BestWebSoft | profile-extra-fields |
| Publish Confirm Message | publish-confirm-message |
| Redirection for Contact Form 7 | wpcf7-redirect |
| RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | custom-registration-form-builder-with-submission-manager |
| SendPulse Free Web Push | sendpulse-web-push |
| Seriously Simple Stats | seriously-simple-stats |
| Sharkdropship for AliExpress Dropship and Affiliate | wooshark-aliexpress-importer |
| Short URL | shorten-url |
| ShortCodes UI | shortcodes-ui |
| Simple SEO | cds-simple-seo |
| Smart Cookie Kit | smart-cookie-kit |
| Social Feed | Custom Feed for Social Media Networks |
| Social Metrics | social-metrics |
| Social proof testimonials and reviews by Repuso | social-testimonials-and-reviews-widget |
| Sp*tify Play Button for WordPress | spotify-play-button-for-wordpress |
| Stout Google Calendar | stout-google-calendar |
| Timely Booking Button | timely-booking-button |
| Urvanov Syntax Highlighter | urvanov-syntax-highlighter |
| User Location and IP | user-location-and-ip |
| Video Gallery – Best WordPress YouTube Gallery Plugin | gallery-videos |
| WOLF – WordPress Posts Bulk Editor and Manager Professional | bulk-editor |
| WP Bing Map Pro | api-bing-map-2018 |
| WP Content Pilot – Autoblogging & Affiliate Marketing Plugin | wp-content-pilot |
| WP Custom Widget area | wp-custom-widget-area |
| WP Forms Puzzle Captcha | wp-forms-puzzle-captcha |
| WP Mail SMTP Pro | wp-mail-smtp-pro |
| WP Power Stats | wp-power-stats |
| WP Responsive header image slider | responsive-header-image-slider |
| WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission Plugin | wp-user-frontend |
| WhitePage | white-page-publication |
| WooCommerce Login Redirect | woo-login-redirect |
| WooODT Lite – WooCommerce Order Delivery or Pickup with Date Time Location | byconsole-woo-order-delivery-time |
| WordPress Popular Posts | wordpress-popular-posts |
| WordPress Simple HTML Sitemap | wp-simple-html-sitemap |
| YouTube Playlist Player | youtube-playlist-player |
| affiliate-toolkit – WordPress Affiliate Plugin | affiliate-toolkit-starter |
| canvasio3D Light | canvasio3d-light |
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you'd like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
Dropshipping & Affiliation with Amazon <= 2.1.2 - Authenticated (Subscriber+) Arbitrary File Upload
Affected Software: Dropshipping & Affiliation with Amazon CVE ID: CVE-2023-31215 CVSS Score: 8.8 (High) Researcher/s: spacecroupier Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/17240c75-4e2a-45d2-8114-414c7e81af87>
Advanced Page Visit Counter <= 7.1.1 - Authenticated (Contributor+) SQL Injection
Affected Software: Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress CVE ID: CVE-2023-45074 CVSS Score: 8.8 (High) Researcher/s: TomS Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1810cea5-cfca-4699-bf09-0e474d04acb6>
MStore API <= 4.0.6 - Authenticated (Subscriber+) SQL Injection
Affected Software: MStore API CVE ID: CVE-2023-45055 CVSS Score: 8.8 (High) Researcher/s: Truoc Phan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a8b10d0c-e2fc-47a3-9df9-8df58eee964c>
Copy Or Move Comments <= 5.0.4 - Authenticated (Subscriber+) SQL Injection
Affected Software: Copy or Move Comments CVE ID: CVE-2023-28748 CVSS Score: 8.8 (High) Researcher/s: minhtuanact Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e2b020c3-0eb9-4ff1-b94e-e32452695b5d>
Sharkdropship for AliExpress Dropship and Affiliate <= 2.2.3 - Missing Authorization
Affected Software: Sharkdropship for AliExpress Dropship and Affiliate CVE ID: CVE-2023-30870 CVSS Score: 7.3 (High) Researcher/s: spacecroupier Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f8812cfe-4bbe-44ba-9513-7f81bad68d11>
Form Maker by 10Web <= 1.15.18 - Unauthenticated Stored Cross-Site Scripting
Affected Software: Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder CVE ID: CVE-2023-45071 CVSS Score: 7.2 (High) Researcher/s: Vladislav Pokrovsky Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/05b434f7-6bce-4ad0-bd12-db5b01f14953>
AmpedSense – AdSense Split Tester <= 4.68 - Unauthenticated Cross-Site Scripting
Affected Software: AmpedSense – AdSense Split Tester CVE ID: CVE-2023-25476 CVSS Score: 7.2 (High) Researcher/s: Prasanna V Balaji Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/266bbcab-7d41-4c38-b136-24da61728977>
Post SMTP <= 2.6.0 - Authenticated (Administrator+) SQL Injection
Affected Software: POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress CVE ID: CVE Unknown CVSS Score: 7.2 (High) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3816a6cf-8157-4ad9-83f6-93c9b6c6275f>
Seriously Simple Stats <= 1.5.0 - Authenticated (Podcast manager+) SQL Injection via order_by
Affected Software: Seriously Simple Stats CVE ID: CVE-2023-45001 CVSS Score: 7.2 (High) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/46150f65-e662-4539-ae99-eaee297a2608>
Video Gallery – YouTube Gallery <= 2.0.2 - Authenticated (Administrator+) SQL Injection
Affected Software: Video Gallery – Best WordPress YouTube Gallery Plugin CVE ID: CVE-2023-45069 CVSS Score: 7.2 (High) Researcher/s: Ravi Dharmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a8382051-ae17-4719-94b5-3cfb0b5e82b1>
Pressference Exporter <= 1.0.3 - Authenticated (Administrator+) SQL Injection
Affected Software: Pressference Exporter CVE ID: CVE-2023-45046 CVSS Score: 7.2 (High) Researcher/s: Nithissh S Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c12ba39f-03bc-4a45-b2f4-368f48c0a57b>
YouTube Playlist Player <= 4.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
Affected Software: YouTube Playlist Player CVE ID: CVE-2023-45049 CVSS Score: 6.4 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/02cffe63-dad2-4f6b-9530-7f494e3071d7>
Podcast Subscribe Buttons <= 1.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: Podcast Subscribe Buttons CVE ID: CVE-2023-5308 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/17dbfb82-e380-464a-bfaf-2d0f6bf07f25>
Instagram for WordPress <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: Instagram for WordPress CVE ID: CVE-2023-5357 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3991d8d0-57a8-42e7-a53c-97508f7e137f>
WP Responsive header image slider <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: WP Responsive header image slider CVE ID: CVE-2023-5334 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6953dea2-ca2d-4283-97c2-45c3420d9390>
User Location and IP <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
Affected Software: User Location and IP CVE ID: CVE-2023-31217 CVSS Score: 6.4 (Medium) Researcher/s: deokhunKim Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7e501592-4411-4c0a-aa67-e2d0a29d5d35>
Smart Cookie Kit <= 2.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Affected Software: Smart Cookie Kit CVE ID: CVE-2023-45608 CVSS Score: 6.4 (Medium) Researcher/s: resecured.io Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9b726e21-ff76-43ea-beb1-f68e94d3b7a4>
Media Library Assistant <= 3.11 - Authenticated (Author+) Stored Cross-Site Scripting
Affected Software: Media Library Assistant CVE ID: CVE-2023-24385 CVSS Score: 6.4 (Medium) Researcher/s: n0paew Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a1603dc9-7f5e-47e1-8a81-27bb4df1aa4f>
WordPress Popular Posts <= 6.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: WordPress Popular Posts CVE ID: CVE-2023-45607 CVSS Score: 6.4 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a91e8713-a760-4acd-9987-2a6b11dbdd56>
Contact form Form For All <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: Contact form Form For All – Easy to use, fast, 37 languages. CVE ID: CVE-2023-5337 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/abe2f596-b2c3-49d3-b646-0f4b64f15674>
Blog Filter <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: Blog Filter – Advanced Post Filtering with Categories Or Tags, Post Portfolio Gallery, Blog Design Template, Post Layout CVE ID: CVE-2023-5291 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b95c1bf7-bb05-44d3-a185-7e38e62b7201>
Gumroad <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Affected Software: Gumroad CVE ID: CVE-2023-45059 CVSS Score: 6.4 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cd2abab4-f93c-454d-928d-128a490da0e2>
WP Simple HTML Sitemap <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Affected Software: WordPress Simple HTML Sitemap CVE ID: CVE-2023-45067 CVSS Score: 6.4 (Medium) Researcher/s: deokhunKim Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fca6d469-60e7-4866-a53c-d207817c9204>
WPGetAPI 2.1.0 - 2.2.1 - Authenticated (Subscriber+) Arbitrary Options Update
Affected Software: Connect to external APIs – WPGetAPI CVE ID: CVE Unknown CVSS Score: 6.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/39003835-80df-49c7-982a-346bf328565c>
Bulk NoIndex & NoFollow Toolkit <= 1.42 - Reflected Cross-Site Scripting via 's'
Affected Software: Bulk NoIndex & NoFollow Toolkit CVE ID: CVE-2023-45065 CVSS Score: 6.1 (Medium) Researcher/s: Phd Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0e4f6305-d003-478e-a8ef-0b254084f56f>
Form Maker by 10Web <= 1.15.18 - Reflected Cross-Site Scripting
Affected Software: Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder CVE ID: CVE-2023-45070 CVSS Score: 6.1 (Medium) Researcher/s: Vladislav Pokrovsky Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1b1db6b8-f005-488f-b2cc-667acc700b0a>
RegistrationMagic <= 5.2.4.1 - Reflected Cross-Site Scripting via section_id
Affected Software: RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login CVE ID: CVE Unknown CVSS Score: 6.1 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2d010e55-d57a-49f7-a991-76b676b88f1e>
Fotomoto <= 1.2.8 - Reflected Cross-Site Scripting
Affected Software: Fotomoto CVE ID: CVE-2023-45007 CVSS Score: 6.1 (Medium) Researcher/s: OZ1NG (TOOR, LISA) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2fbeee6b-cbc0-462e-96ba-2fd4f54786b0>
Download canvasio3D Light <= 2.4.6 - Reflected Cross-Site Scripting
Affected Software: canvasio3D Light CVE ID: CVE-2023-45062 CVSS Score: 6.1 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/39b8f6d8-bca2-4bf2-93ab-868270df8752>
Product Category Tree <= 2.5 - Reflected Cross-Site Scripting
Affected Software: Product Category Tree CVE ID: CVE-2023-45054 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3e03ecc0-5ca1-4d64-a6d7-257325bcc5cb>
Seriously Simple Stats <= 1.5.1 - Reflected Cross-Site Scripting
Affected Software: Seriously Simple Stats CVE ID: CVE-2023-45005 CVSS Score: 6.1 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/92734acf-2021-4217-8cdd-a9d269198db3>
OPcache Dashboard <= 0.3.1 - Reflected Cross-Site Scripting via 'page'
Affected Software: OPcache Dashboard CVE ID: CVE-2023-45064 CVSS Score: 6.1 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d3d6104b-eb2d-4e7e-98bd-6a46bd69ef5c>
WooODT Lite <= 2.4.6 - Reflected Cross-Site Scripting
Affected Software: WooODT Lite – WooCommerce Order Delivery or Pickup with Date Time Location CVE ID: CVE-2023-45006 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ede4b8ad-3c12-4ed8-9eda-806afa580bad>
Social Feed <= 2.2.0 - Reflected Cross-Site Scripting
Affected Software: Social Feed | Custom Feed for Social Media Networks CVE ID: CVE-2023-45003 CVSS Score: 6.1 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f124b5a0-b58b-45ff-bd22-7a09a9abd9bd>
Simple SEO <= 2.0.23 - Cross-Site Request Forgery via multiple admin_post functions
Affected Software: Simple SEO CVE ID: CVE-2023-45269 CVSS Score: 5.4 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/053b72c6-07bb-4e9f-ae25-da4bce91ae6e>
Post View Count <= 1.8.2 - Cross-Site Request Forgery
Affected Software: Post View Count CVE ID: CVE-2023-44996 CVSS Score: 5.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/114cf149-e923-4e21-9eb0-e38941799304>
WP Forms Puzzle Captcha <= 4.1 - Cross-Site Request Forgery
Affected Software: WP Forms Puzzle Captcha CVE ID: CVE-2023-44997 CVSS Score: 5.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1c75edd2-fc38-48b1-b58c-1d19c95c3db8>
Urvanov Syntax Highlighter <= 2.8.33 - Cross-Site Request Forgery via init_ajax
Affected Software: Urvanov Syntax Highlighter CVE ID: CVE-2023-45106 CVSS Score: 5.4 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3c85fa64-4761-4b92-bd4f-7c220cf18288>
Social proof testimonials and reviews by Repuso <= 5.00 - Cross-Site Request Forgery
Affected Software: Social proof testimonials and reviews by Repuso CVE ID: CVE-2023-45048 CVSS Score: 5.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/526aa2e5-06bd-4b4c-a331-315f8ab37858>
LeadSquared Suite <= 0.7.4 - Cross-Site Request Forgery
Affected Software: LeadSquared Suite CVE ID: CVE-2023-45047 CVSS Score: 5.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8da42003-f2d8-4837-84b2-e0e7171fa3fe>
Customer Reviews for WooCommerce <= 5.36.0 - Missing Authorization in Reviews Exporter
Affected Software: Customer Reviews for WooCommerce CVE ID: CVE-2023-45101 CVSS Score: 5.4 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d60f3da1-1184-4629-880c-ce3893fb55a5>
Pinpoint Booking System <= 2.9.9.4.0 - Cross-Site Request Forgery via initBackEndAJAX
Affected Software: Pinpoint Booking System – #1 WordPress Booking Plugin CVE ID: CVE-2023-45270 CVSS Score: 5.4 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f4dfb4b5-b2a5-40bd-9dfb-863baa563d06>
Optimize Database after Deleting Revisions <= 5.0.110 - Missing Authorization via 'odb_csv_download'
Affected Software: Optimize Database after Deleting Revisions CVE ID: CVE Unknown CVSS Score: 5.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/09050c1e-26e0-46e7-b5f0-ebaff4066b0a>
Captcha/Honeypot for Contact Form 7 <= 1.11.3 - Captcha Bypass
Affected Software: Captcha/Honeypot (CF7, Avada, Elementor, Comments, WPForms) – GDPR ready CVE ID: CVE-2023-45009 CVSS Score: 5.3 (Medium) Researcher/s: qilin_99 Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/60e9351a-302b-4a31-8a9c-c0a0b6ee3fcd>
WP Ultimate Exporter <= 2.2 - Unauthenticated Information Disclosure
Affected Software: Export All Posts, Products, Orders, Refunds & Users CVE ID: CVE-2023-2487 CVSS Score: 5.3 (Medium) Researcher/s: Jonas Höbenreich Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/61f7e01e-c9ce-47f6-96d0-de908ce7e90c>
ProfilePress <= 4.13.2 - Information Disclosure via Debug Log
Affected Software: Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress CVE ID: CVE-2023-44150 CVSS Score: 5.3 (Medium) Researcher/s: Joshua Chan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8f5357e0-1e1b-4090-a6ae-9587c6a8d290>
Profile Extra Fields by BestWebSoft <= 1.2.7 - Missing Authorization to Sensitive Information Exposure
Affected Software: Profile Extra Fields by BestWebSoft CVE ID: CVE-2023-4469 CVSS Score: 5.3 (Medium) Researcher/s: Alex Thomas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/916c73e8-a150-4b35-8773-ea0ec29f7fd1>
Redirection for Contact Form 7 <= 2.9.2 - Missing Authorization
Affected Software: Redirection for Contact Form 7 CVE ID: CVE-2023-39920 CVSS Score: 5.3 (Medium) Researcher/s: Nguyen Anh Tien Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9cf17c08-25b7-450d-acd9-963a1f79e495>
WP Mail SMTP Pro <= 3.8.0 - Missing Authorization to Information Dislcosure via is_print_page
Affected Software: WP Mail SMTP Pro CVE ID: CVE-2023-3213 CVSS Score: 5.3 (Medium) Researcher/s: Alex Thomas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a813251b-a4c1-4b23-ad03-dcc1f4f19eb9>
ChatBot <= 4.7.8 - Cross-Site Request Forgery via qc_wp_latest_update_check
Affected Software: AI ChatBot CVE ID: CVE-2023-44993 CVSS Score: 5.3 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/be9522c8-3561-48fe-89ef-62e0fcb085b0>
Open User Map | Everybody can add locations <= 1.3.26 - Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Open User Map CVE ID: CVE-2023-45056 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/08593415-bbc9-4159-b5d5-84e4dde6c2c9>
Complete Open Graph <= 3.4.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Complete Open Graph CVE ID: CVE-2023-45010 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0f3303db-9ba6-4638-ba96-151cf91db85b>
Timely Booking Button <= 2.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Timely Booking Button CVE ID: CVE-2023-44987 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2eb3b568-8689-4184-8091-0b84aa6b472d>
Abandoned Cart Lite for WooCommerce <= 5.15.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Abandoned Cart Lite for WooCommerce CVE ID: CVE-2023-44986 CVSS Score: 4.4 (Medium) Researcher/s: Robert DeVore Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/524e9ec1-9c7c-4b06-915c-8122ea6c3601>
Geo Controller <= 8.5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Geo Controller CVE ID: CVE Unknown CVSS Score: 4.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6faf7e36-52d7-4578-bb71-2b64a761692b>
Mendeley <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Mendeley Plugin CVE ID: CVE-2023-45073 CVSS Score: 4.4 (Medium) Researcher/s: NeginNrb Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7b56c684-90f6-4e8b-86fc-355a13b5368c>
WOLF <= 1.0.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: WOLF – WordPress Posts Bulk Editor and Manager Professional CVE ID: CVE-2023-44990 CVSS Score: 4.4 (Medium) Researcher/s: emad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/85b439ea-08f9-4b4e-80da-7c5f80bc2818>
Image vertical reel scroll slideshow <= 9.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Image vertical reel scroll slideshow CVE ID: CVE-2023-45051 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/91b06d7d-7e92-49f0-b161-9b25318edfeb>
Order auto complete for WooCommerce <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Order auto complete for WooCommerce CVE ID: CVE-2023-45072 CVSS Score: 4.4 (Medium) Researcher/s: Emili Castells Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9521ad5b-83c3-487e-a69e-ca057777bc9e>
Hotjar <= 1.0.15 - Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Hotjar CVE ID: CVE-2023-1259 CVSS Score: 4.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9c640bcb-b6bf-4865-b713-32ca846e4ed9>
Social Metrics <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Social Metrics CVE ID: CVE-2023-44263 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b3267339-2f28-40b9-b6ff-fdfe0d67bdc8>
Comment Reply Email <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Comment Reply Email CVE ID: CVE-2023-45008 CVSS Score: 4.4 (Medium) Researcher/s: Yebin Lee Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ba7d0ab4-55a5-47f4-b66e-27e963ab2268>
Hitsteps Web Analytics <= 5.86 - Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Hitsteps Web Analytics CVE ID: CVE-2023-45057 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f68a386b-544f-4aa2-8ae5-4d57ddd07b63>
Publish Confirm Message <= 1.3.1 - Cross-Site Request Forgery
Affected Software: Publish Confirm Message CVE ID: CVE-2023-32124 CVSS Score: 4.3 (Medium) Researcher/s: Taihei Shimamine Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/05c2707c-c737-4f95-83e0-b0a4e0883d4b>
Sp*tify Play Button for WordPress <= 2.10 - Cross-Site Request Forgery
Affected Software: Sp*tify Play Button for WordPress CVE ID: CVE-2023-41131 CVSS Score: 4.3 (Medium) Researcher/s: BuShiYue Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0b82fae0-4eec-41ea-90e2-9d08258805b3>
Contact Form by Supsystic <= 1.7.27 - Cross-Site Request Forgery
Affected Software: Contact Form by Supsystic CVE ID: CVE-2023-45068 CVSS Score: 4.3 (Medium) Researcher/s: Taihei Shimamine Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/16dc1927-2171-4234-805b-6e4eed99fa90>
WhitePage <= 1.1.5 - Cross-Site Request Forgery via params_api_form.php
Affected Software: WhitePage CVE ID: CVE-2023-45109 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1b377236-bb56-4d31-837a-c5064d46a6c6>
Automated Editor <= 1.3 - Cross-Site Request Forgery via admin menu pages
Affected Software: Automated Editor CVE ID: CVE-2023-45276 CVSS Score: 4.3 (Medium) Researcher/s: Prasanna V Balaji Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/27799988-cb2b-41c7-ad9a-aade59d31fa3>
Stout Google Calendar <= 1.2.3 - Cross-Site Request Forgery via sgc_plugin_options
Affected Software: Stout Google Calendar CVE ID: CVE-2023-45273 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/33efcbb4-2bb9-4414-bc95-55bedb92c551>
WP Content Pilot – Autoblogging & Affiliate Marketing Plugin <= 1.3.3 - Authenticated (Contributor+) Content Injection
Affected Software: WP Content Pilot – Autoblogging & Affiliate Marketing Plugin CVE ID: CVE-2023-45053 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/373c10df-0d9c-4f76-8d1f-cad6bcfed141>
Blog Manager Light <= 1.20 - Cross-Site Request Forgery via bml_settings
Affected Software: Blog Manager Light CVE ID: CVE-2023-45102 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/38307432-399e-4887-867c-9eb2a0d90d70>
Mailrelay <= 2.1.1 - Cross-Site Request Forgery via render_admin_page
Affected Software: Mailrelay CVE ID: CVE-2023-45108 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3c07a2fe-97b1-45ec-bbd9-9353d679ed49>
AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One <= 1.1.5 - Cross-Site Request Forgery
Affected Software: AI Content Writing Assistant (Content Writer, GPT 3 & 4, ChatGPT, Image Generator) All in One CVE ID: CVE-2023-45063 CVSS Score: 4.3 (Medium) Researcher/s: konagash Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3de1bcd7-24a8-4566-819b-d6653344e132>
IRivYou <= 2.2.1 - Cross-Site Request Forgery via saveOptionsReviewsPlugin
Affected Software: IRivYou – Add reviews from AliExpress and Amazon to woocommerce CVE ID: CVE-2023-45267 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5607cc07-5104-45d0-8279-ba0ef3ebcbe9>
GoodBarber <= 1.0.22 - Cross-Site Request Forgery via admin_options
Affected Software: GoodBarber CVE ID: CVE-2023-45107 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/57774f93-e6c0-46e6-8019-eab00b2b48ff>
WP Bing Map Pro <= 4.1.4 - Cross-Site Request Forgery via AJAX actions
Affected Software: WP Bing Map Pro CVE ID: CVE-2023-45052 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5abc627d-2d8e-44e6-8e8e-ad9f55cbb0d8>
Interactive World Map <= 3.2.0 - Cross-Site Request Forgery
Affected Software: Interactive World Map CVE ID: CVE-2023-45060 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5b559a48-3c8b-4f8a-9627-c4f838d20af3>
WP Custom Widget area <= 1.2.5 - Missing Authorization
Affected Software: WP Custom Widget area CVE ID: CVE-2023-45045 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/64559d37-0c6b-45f5-8a2a-6e70cb5e423c>
SendPulse Free Web Push <= 1.3.1 - Cross-Site Request Forgery via sendpulse_config
Affected Software: SendPulse Free Web Push CVE ID: CVE-2023-45274 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/654727e0-6129-47c7-94f3-10567b1a42d4>
Hitsteps Web Analytics <= 5.86 - Cross-Site Request Forgery via hst_optionpage
Affected Software: Hitsteps Web Analytics CVE ID: CVE-2023-45268 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7252075f-9326-4f04-bdd9-b244609c9cd3>
WP User Frontend <= 3.6.8 - Missing Authorization via AJAX actions
Affected Software: WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission Plugin CVE ID: CVE-2023-45002 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8e8e967f-f627-4c0c-ac0f-0a66ae25c602>
ShortCodes UI <= 1.9.8 - Cross-Site Request Forgery
Affected Software: ShortCodes UI CVE ID: CVE-2023-44994 CVSS Score: 4.3 (Medium) Researcher/s: An Đặng Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/90e69e43-597c-4c18-b581-d99dacefb9b8>
Short URL <= 1.6.8 - Cross-Site Request Forgery
Affected Software: Short URL CVE ID: CVE-2023-45058 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/95c5a219-0b04-424c-a3dd-d705b1b41ddc>
Bold Timeline Lite <= 1.1.9 - Missing Authorization to Admin Notice Dismissal
Affected Software: Bold Timeline Lite CVE ID: CVE-2023-45110 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9bbabf5e-dbfc-4b01-94ae-0e8fd6b3cc26>
Booster for WooCommerce <= 7.1.1 - Authenticated (Subscriber+) Information Disclosure via Shortcode
Affected Software: Booster for WooCommerce CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a1426809-b245-4868-be87-c96b3c5c05f9>
WP Power Stats <= 2.2.3 - Cross-Site Request Forgery
Affected Software: WP Power Stats CVE ID: CVE-2023-45011 CVSS Score: 4.3 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a86a694b-5e45-4e94-a22c-2c5faa7172a2>
WooCommerce Login Redirect <= 2.2.4 - Cross-Site Request Forgery
Affected Software: WooCommerce Login Redirect CVE ID: CVE-2023-44995 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a8b0d708-4f74-4e6d-9581-f65caf976d45>
Permalinks Customizer <= 2.8.2 - Cross-Site Request Forgery via post_settings
Affected Software: Permalinks Customizer CVE ID: CVE-2023-45103 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bf1f402d-98d7-42d7-8d8d-ff74a65e5293>
Category Meta <= 1.2.8 - Cross-Site Request Forgery
Affected Software: Category Meta plugin CVE ID: CVE-2023-44998 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bf2ddc42-9910-40e5-9546-89f229b852da>
Marker.io <= 1.1.6 - Cross-Site Request Forgery
Affected Software: Marker.io – Visual Website Feedback CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c49b3841-370b-42ed-9545-e69c2544642d>
Customer Reviews for WooCommerce <= 5.36.0 - Missing Authorization
Affected Software: Customer Reviews for WooCommerce CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c5429fb1-7072-4a00-8fb3-48d4f876417f>
affiliate-toolkit – WordPress Affiliate Plugin <= 3.3.9 - Open Redirect via atkpout.php
Affected Software: affiliate-toolkit – WordPress Affiliate Plugin CVE ID: CVE-2023-45105 CVSS Score: 3.4 (Low) Researcher/s: minhtuanact Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/06b332de-4f94-47dc-a573-53514adaf5c0>
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (October 2, 2023 to October 8, 2023) appeared first on Wordfence.
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
22.4%