9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.022 Low
EPSS
Percentile
87.8%
Last week, there were 90 vulnerabilities disclosed in 77 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 29 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface and vulnerability API are completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
_Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published. _
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Patch Status | Number of Vulnerabilities |
---|---|
Unpatched | 26 |
Patched | 64 |
Severity Rating | Number of Vulnerabilities |
---|---|
Low Severity | 1 |
Medium Severity | 67 |
High Severity | 16 |
Critical Severity | 6 |
Vulnerability Type by CWE | Number of Vulnerabilities |
---|---|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 35 |
Cross-Site Request Forgery (CSRF) | 23 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 11 |
Missing Authorization | 6 |
Unrestricted Upload of File with Dangerous Type | 3 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 2 |
Deserialization of Untrusted Data | 2 |
Authentication Bypass Using an Alternate Path or Channel | 2 |
Authorization Bypass Through User-Controlled Key | 1 |
Information Exposure | 1 |
Improper Authorization | 1 |
Creation of Emergent Resource | 1 |
Client-Side Enforcement of Server-Side Security | 1 |
Guessable CAPTCHA | 1 |
Researcher Name | Number of Vulnerabilities |
---|---|
Rafie Muhammad | 16 |
Lana Codes | |
(Wordfence Vulnerability Researcher) | 11 |
Alex Thomas | |
(Wordfence Vulnerability Researcher) | 6 |
Rio Darmawan | 4 |
Mika | 4 |
yuyudhn | 3 |
LEE SE HYOUNG | 3 |
Marco Wotschka | |
(Wordfence Vulnerability Researcher) | 3 |
thiennv | 3 |
Nguyen Xuan Chien | 3 |
Chien Vuong | 2 |
Hao Huynh | 2 |
Skalucy | 2 |
Erwan LR | 2 |
Cat | 2 |
Le Ngoc Anh | 2 |
dc11 | 2 |
WON JOON HWANG | 2 |
Muhammad Daffa | 2 |
Nguyen Anh Tien | 1 |
Bob Matyas | 1 |
Marco Frison | 1 |
My Le | 1 |
Nithissh S | 1 |
Emili Castells | 1 |
Yuki Haruma | 1 |
NGO VAN TU | 1 |
Abdi Pranata | 1 |
MyungJu Kim | 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
Software Name | Software Slug |
---|---|
AI ChatBot | chatbot |
Abandoned Cart Lite for WooCommerce | woocommerce-abandoned-cart |
BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net | woo-bulk-editor |
Bubble Menu – circle floating menu | bubble-menu |
Button Generator – easily Button Builder | button-generation |
Calculator Builder | calculator-builder |
Conditional Menus | conditional-menus |
Contact Form Entries – Contact Form 7, WPforms and more | contact-form-entries |
Counter Box – WordPress plugin for countdown, timer, counter | counter-box |
Custom Post Type Generator | custom-post-type-generator |
Custom Twitter Feeds (Tweets Widget) | custom-twitter-feeds |
Download Theme | download-theme |
Duplicator Pro | duplicator-pro |
Easy Admin Menu | easy-admin-menu |
Easy Captcha | easy-captcha |
Easy Google Maps | google-maps-easy |
Elementor Website Builder – More than Just a Page Builder | elementor |
EventPrime – Modern Events Calendar, Bookings and Tickets | eventprime-event-calendar-management |
File Renaming on Upload | file-renaming-on-upload |
Flickr Justified Gallery | flickr-justified-gallery |
Float menu – awesome floating side menu | float-menu |
Floating button | profit-button |
Front End Users | front-end-only-users |
Go Pricing - WordPress Responsive Pricing Tables | go_pricing |
Google Map Shortcode | google-map-shortcode |
Herd Effects – fake notifications and social proof plugin | mwp-herd-effect |
IP Metaboxes | ip-metaboxes |
Integration for Contact Form 7 and Zoho CRM, Bigin | cf7-zoho |
JetFormBuilder — Dynamic Blocks Form Builder | jetformbuilder |
LearnDash WordPress Plugin | sfwd-lms |
Leyka | leyka |
MStore API | mstore-api |
MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder | mailchimp-subscribe-sm |
Multiple Page Generator Plugin – MPG | multiple-pages-generator-by-porthas |
Novelist | novelist |
OAuth Single Sign On – SSO (OAuth Client) | miniorange-login-with-eve-online-google-facebook |
Popup Box – new WordPress popup plugin | popup-box |
Product Gallery Slider for WooCommerce | woo-product-gallery-slider |
Product Vendors | woocommerce-product-vendors |
QuBot – Chatbot Builder with Templates | qubotchat |
QueryWall: Plug'n Play Firewall | querywall |
Recently Viewed Products | recently-viewed-products |
Responsive Tabs For WPBakery Page Builder (formerly Visual Composer) | responsive-tabs-for-wpbakery |
SIS Handball | sis-handball |
SKU Label Changer For WooCommerce | woo-sku-label-changer |
Shopping Cart & eCommerce Store | wp-easycart |
Side Menu Lite – add sticky fixed buttons | side-menu-lite |
SlideOnline | slideonline |
Slider Revolution | revslider |
Sticky Buttons – floating buttons builder | sticky-buttons |
SupportCandy – Helpdesk & Support Ticket System | supportcandy |
This Day In History | this-day-in-history |
Tutor LMS – eLearning and online course solution | tutor |
UTM Tracker | utm-tracker |
Uncanny Automator – Automate everything with the #1 no-code Automation tool for WordPress | uncanny-automator |
Unite Gallery Lite | unite-gallery-lite |
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) | unlimited-elements-for-elementor |
Upload Resume | resume-upload-form |
User Activity Log | user-activity-log |
Video Contest WordPress Plugin | video-contest |
WIP Custom Login | wip-custom-login |
WP Coder – add custom html, css and js code | wp-coder |
WP Tiles | wp-tiles |
WP-Hijri | wp-hijri |
WP-Matomo Integration (WP-Piwik) | wp-piwik |
WS Form LITE – Drag & Drop Contact Form Builder for WordPress | ws-form |
WooCommerce Product Categories Selection Widget | woocommerce-product-category-selection-widget |
WooCommerce Shipping & Tax | woocommerce-services |
WordPress Backup & Migration | wp-migration-duplicator |
WordPress File Upload | wp-file-upload |
WordPress File Upload Pro | wordpress-file-upload-pro |
Wow Skype Buttons | mwp-skype |
Yoast SEO: Local | wpseo-local |
YouTube Playlist Player | youtube-playlist-player |
seo-by-rank-math-pro | seo-by-rank-math-pro |
woocommerce-follow-up-emails | woocommerce-follow-up-emails |
woocommerce-warranty | woocommerce-warranty |
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should've already been notified if your site was affected by any of these vulnerabilities.
Affected Software: Unlimited Elements For Elementor (Free Widgets, Addons, Templates) CVE ID: CVE-2023-31090 CVSS Score: 9.9 (Critical) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9a09102c-391e-4057-b883-3d2eef1671ce>
Affected Software: woocommerce-follow-up-emails CVE ID: CVE-2023-33318 CVSS Score: 9.9 (Critical) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a169934d-17ce-4d34-be00-c5ac0b488066>
Affected Software: Leyka CVE ID: CVE-2023-33327 CVSS Score: 9.8 (Critical) Researcher/s: Nguyen Anh Tien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0152bcc9-6d24-4475-848d-71fe88aa7e2a>
Affected Software: Recently Viewed Products CVE ID: CVE-2023-34027 CVSS Score: 9.8 (Critical) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/46f31a60-0a0e-449d-a10a-3cafd0492a9c>
Affected Software: MStore API CVE ID: CVE-2023-2734 CVSS Score: 9.8 (Critical) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5881d16c-84e8-4610-8233-cfa5a94fe3f9>
Affected Software: MStore API CVE ID: CVE-2023-2732 CVSS Score: 9.8 (Critical) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f00761a7-fe24-49a3-b3e3-a471e05815c1>
Affected Software: LearnDash WordPress Plugin CVE ID: CVE-2023-28777 CVSS Score: 8.8 (High) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/40a57493-b99b-4e71-8603-e668c6283a5a>
Affected Software: Contact Form Entries – Contact Form 7, WPforms and more CVE ID: CVE-2023-31212 CVSS Score: 8.8 (High) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4b475ada-3b31-40a3-9a81-5a7b1a1e190a>
Affected Software: OAuth Single Sign On – SSO (OAuth Client) CVE ID: CVE-2022-34155 CVSS Score: 8.8 (High) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5d166a77-d57b-4827-96ca-b8eb423861f0>
Affected Software: SupportCandy – Helpdesk & Support Ticket System CVE ID: CVE-2023-2719 CVSS Score: 8.8 (High) Researcher/s: dc11 Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c1d2b6bd-a75a-4a07-b2f0-8ec206d41211>
Affected Software: Go Pricing - WordPress Responsive Pricing Tables CVE ID: CVE-2023-2500 CVSS Score: 8.8 (High) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f7686b11-97a8-4f09-bbfa-d77120cc35b7>
Affected Software: Easy Captcha CVE ID: CVE-2023-33324 CVSS Score: 7.5 (High) Researcher/s: Skalucy Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8efe2ccf-33cb-4db3-bc3d-ead826adb7d0>
Affected Software: Integration for Contact Form 7 and Zoho CRM, Bigin CVE ID: CVE-2023-2527 CVSS Score: 7.2 (High) Researcher/s: Chien Vuong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0b4e6dae-f38c-4f5b-ae1d-cf998946c675>
Affected Software: QueryWall: Plug'n Play Firewall CVE ID: CVE-2023-2492 CVSS Score: 7.2 (High) Researcher/s: Chien Vuong Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/306c98ad-0d42-4ad5-b82a-bf4579865aa9>
Affected Software: Slider Revolution CVE ID: CVE-2023-2359 CVSS Score: 7.2 (High) Researcher/s: Marco Frison Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4fa00dae-c51d-4586-81da-b568cd6d8124>
Affected Software: SupportCandy – Helpdesk & Support Ticket System CVE ID: CVE-2023-2805 CVSS Score: 7.2 (High) Researcher/s: dc11 Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/75f01eb4-5d53-441d-9bee-e97857dadaf9>
Affected Software: SIS Handball CVE ID: CVE-2023-33924 CVSS Score: 7.2 (High) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cabdc9db-2d1c-4390-a4b7-65648ef9f16a>
Affected Software: Multiple Page Generator Plugin – MPG CVE ID: CVE-2023-33927 CVSS Score: 7.2 (High) Researcher/s: LEE SE HYOUNG Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d18d800b-647f-4706-9ec1-a8ea4e643965>
Affected Software: woocommerce-follow-up-emails CVE ID: CVE-2023-33330 CVSS Score: 7.2 (High) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/dc5276e2-e9de-4409-bbe0-4d0b37244367>
Affected Software: Product Vendors CVE ID: CVE-2023-33331 CVSS Score: 7.2 (High) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ed8f8984-bea6-44aa-9bde-5b40b455767f>
Affected Software: woocommerce-warranty CVE ID: CVE-2023-33317 CVSS Score: 7.1 (High) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1665fda6-005d-42ba-883d-2e3ad7abe0ba>
Affected Software: Go Pricing - WordPress Responsive Pricing Tables CVE ID: CVE-2023-2496 CVSS Score: 7.1 (High) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/477c6fa2-16a8-4461-b4d4-d087e13e3ca7>
Affected Software: User Activity Log CVE ID: CVE Unknown CVSS Score: 6.6 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/17a787da-5630-42ec-b5b0-47435db765a7>
Affected Software: WIP Custom Login CVE ID: CVE-2023-33313 CVSS Score: 6.5 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/15b93e63-5ef2-4fb1-8c6b-28fcfab8e34d>
Affected Software: BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net CVE ID: CVE-2023-33314 CVSS Score: 6.5 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a7e3818c-883f-4633-a460-a8c0446edffc>
Affected Software: Shopping Cart & eCommerce Store CVE ID: CVE-2023-2892 CVSS Score: 6.5 (Medium) Researcher/s: Alex Thomas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b36e94e4-b1e8-4803-9377-c4d710b029de>
Affected Software: Shopping Cart & eCommerce Store CVE ID: CVE-2023-2891 CVSS Score: 6.5 (Medium) Researcher/s: Alex Thomas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bcca7ade-8b35-4ba1-a8b4-b1e815b025e3>
Affected Software: Go Pricing - WordPress Responsive Pricing Tables CVE ID: CVE-2023-2498 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1c3d4c96-63a7-4f3b-a9ac-095be241f840>
Affected Software: Google Map Shortcode CVE ID: CVE-2023-2899 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2f6656e2-35f5-41d8-a330-7904c296ba29>
Affected Software: Contact Form Entries – Contact Form 7, WPforms and more CVE ID: CVE-2023-33311 CVSS Score: 6.4 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/51986a76-933b-4c25-af79-d0c3f9e1d513>
Affected Software: SlideOnline CVE ID: CVE-2023-0489 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/778e2191-d764-44a1-9f52-9698e9183fd2>
Affected Software: Yoast SEO: Local CVE ID: CVE-2023-28785 CVSS Score: 6.4 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cb6457ea-6353-4a69-ad72-cd5acd47ed8c>
Affected Software: Responsive Tabs For WPBakery Page Builder (formerly Visual Composer) CVE ID: CVE-2023-0368 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d1c3ddae-046a-4080-ac2b-90fb89fbff7b>
Affected Software: Duplicator Pro CVE ID: CVE-2023-33309 CVSS Score: 6.1 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1426bebe-d3c4-4f83-9b50-fae8c2373209>
Affected Software: EventPrime – Modern Events Calendar, Bookings and Tickets CVE ID: CVE-2023-33326 CVSS Score: 6.1 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/22479c6a-83ea-4c09-b192-4384ffbdcbf7>
Affected Software: woocommerce-follow-up-emails CVE ID: CVE-2023-33319 CVSS Score: 6.1 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4487391e-baa4-4320-a23d-b52a42e2de90>
Affected Software: This Day In History CVE ID: CVE-2023-34026 CVSS Score: 6.1 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4b88a8a9-d3e1-4c21-a4e8-d9afa34d7a2e>
Affected Software: Conditional Menus CVE ID: CVE-2023-2654 CVSS Score: 6.1 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/57d3506c-8db8-4e1b-9587-7f2bdb632890>
Affected Software: WP-Hijri CVE ID: CVE-2023-33320 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/67aaf9fa-e92b-42f2-94ac-f27c5d073002>
Affected Software/s: Herd Effects – fake notifications and social proof plugin, Popup Box – new WordPress popup plugin, Wow Skype Buttons, Float menu – awesome floating side menu, Side Menu Lite – add sticky fixed buttons, Floating button, Sticky Buttons – floating buttons builder, Counter Box – WordPress plugin for countdown, timer, counter, Bubble Menu – circle floating menu, Calculator Builder, WP Coder – add custom html, css and js code, Button Generator – easily Button Builder CVE ID: CVE-2023-2362 CVSS Score: 6.1 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8a95af34-559c-4644-9941-7bd1551aba33>
Affected Software: WooCommerce Product Categories Selection Widget CVE ID: CVE-2023-33925 CVSS Score: 6.1 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8f68c70b-9fde-43a6-8a7c-00938aa0e109>
Affected Software: Product Vendors CVE ID: CVE-2023-33332 CVSS Score: 6.1 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a93c0dd4-8341-438d-8730-470e9a230d97>
Affected Software: seo-by-rank-math-pro CVE ID: CVE-2023-32800 CVSS Score: 6.1 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b4ec9001-c4aa-4db3-b7d7-29afa243f78a>
Affected Software: Leyka CVE ID: CVE-2023-33325 CVSS Score: 6.1 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/baf54eb2-0b29-4718-a994-f722cefd7317>
Affected Software: Easy Captcha CVE ID: CVE-2023-33312 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cd73cf64-289d-4401-bef7-9a4398a85055>
Affected Software: Front End Users CVE ID: CVE-2023-33322 CVSS Score: 6.1 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e076e054-6a0b-4c08-b0cc-bd3a5b0751e5>
Affected Software: IP Metaboxes CVE ID: CVE-2023-30753 CVSS Score: 6.1 (Medium) Researcher/s: WON JOON HWANG Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f611d609-97c5-4b77-9657-c8d9d10e786a>
Affected Software: WooCommerce Shipping & Tax CVE ID: CVE Unknown CVSS Score: 5.5 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/57156ebc-2858-4295-ba08-57bcab6db229>
Affected Software: Easy Google Maps CVE ID: CVE-2023-2526 CVSS Score: 5.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4ea4ca00-185b-4f5d-9c5c-f81ba4edad05>
Affected Software: Elementor Website Builder – More than Just a Page Builder CVE ID: CVE-2023-33922 CVSS Score: 5.4 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/525cb51c-23f1-446f-a247-0f69ec5029d8>
Affected Software: IP Metaboxes CVE ID: CVE-2023-30745 CVSS Score: 5.4 (Medium) Researcher/s: WON JOON HWANG Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9163861b-735b-4007-97f7-8f9095d93ec9>
Affected Software: Uncanny Automator – Automate everything with the #1 no-code Automation tool for WordPress CVE ID: CVE Unknown CVSS Score: 5.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bd0d8661-4725-41dd-88ce-8e94e285d5b8>
Affected Software: Tutor LMS – eLearning and online course solution CVE ID: CVE-2023-25799 CVSS Score: 5.4 (Medium) Researcher/s: Rafie Muhammad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bf16617d-cec2-4943-bd20-7ade31878714>
Affected Software: Easy Google Maps CVE ID: CVE-2023-33926 CVSS Score: 5.4 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ee52c6c0-c69e-46c4-9e4b-94aa69c00737>
Affected Software: EventPrime – Modern Events Calendar, Bookings and Tickets CVE ID: CVE-2023-33321 CVSS Score: 5.3 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1fdd0a4c-ce47-44bc-b9a5-a8f2af12da85>
Affected Software: Download Theme CVE ID: CVE-2022-38062 CVSS Score: 5.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/50ca7cf8-bb47-42ea-badc-8bfe0328cbb0>
Affected Software: SKU Label Changer For WooCommerce CVE ID: CVE-2023-29174 CVSS Score: 5.3 (Medium) Researcher/s: Yuki Haruma Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/793594f7-6325-4561-ad74-a08aebc20c53>
Affected Software: Button Generator – easily Button Builder CVE ID: CVE-2023-25443 CVSS Score: 5.3 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/af803612-96ae-41ee-8ad3-8f9319b147e8>
Affected Software: WS Form LITE – Drag & Drop Contact Form Builder for WordPress CVE ID: CVE Unknown CVSS Score: 5.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d99f81ea-1e74-4b67-a6c5-3dbc7865a68a>
Affected Software: Upload Resume CVE ID: CVE-2023-2751 CVSS Score: 5.3 (Medium) Researcher/s: MyungJu Kim Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fc0acff9-6852-4ecb-84f9-98a15dd30fc6>
Affected Software: Unite Gallery Lite CVE ID: CVE-2023-33310 CVSS Score: 5 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0c2925c1-f5c6-45b9-bc61-96f325c0372f>
Affected Software/s: WordPress File Upload, WordPress File Upload Pro CVE ID: CVE-2023-2688 CVSS Score: 4.9 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/abd6eeac-0a7e-4762-809f-593cd85f303d>
Affected Software: Go Pricing - WordPress Responsive Pricing Tables CVE ID: CVE-2023-2494 CVSS Score: 4.6 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5779914a-a168-4835-8aea-e0ab2b3be4f6>
Affected Software: AI ChatBot CVE ID: CVE-2023-2811 CVSS Score: 4.4 (Medium) Researcher/s: Hao Huynh Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/114bd025-74c5-40a2-82e8-5947497fc836>
Affected Software/s: WordPress File Upload, WordPress File Upload Pro CVE ID: CVE-2023-2767 CVSS Score: 4.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/23334d94-e5b8-4c88-8765-02ad19e17248>
Affected Software: Custom Post Type Generator CVE ID: CVE-2023-33329 CVSS Score: 4.4 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/23a2b1ac-2183-48ae-8376-fb950fe83fd9>
Affected Software: QuBot – Chatbot Builder with Templates CVE ID: CVE-2023-2401 CVSS Score: 4.4 (Medium) Researcher/s: Bob Matyas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/45f98c00-0bfd-405e-a6b3-581841d803de>
Affected Software: File Renaming on Upload CVE ID: CVE-2023-2684 CVSS Score: 4.4 (Medium) Researcher/s: Hao Huynh, My Le Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/550c3f56-d188-4be1-82cd-db076c09cf61>
Affected Software: WP-Matomo Integration (WP-Piwik) CVE ID: CVE-2023-33211 CVSS Score: 4.4 (Medium) Researcher/s: Nithissh S Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/68a520bb-261a-43f0-993d-de208035afe5>
Affected Software: Novelist CVE ID: CVE-2023-32958 CVSS Score: 4.4 (Medium) Researcher/s: Emili Castells Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6b8f64ed-abf8-4a8b-b32f-75afeaccea5c>
Affected Software: Video Contest WordPress Plugin CVE ID: CVE-2022-45827 CVSS Score: 4.4 (Medium) Researcher/s: Cat Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/86079059-11c7-4545-b254-6bf524367b46>
Affected Software: MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder CVE ID: CVE-2023-33328 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/86f6e8b8-ebfd-4d9f-a285-9d0aa2e961ff>
Affected Software: AI ChatBot CVE ID: CVE-2023-2811 CVSS Score: 4.4 (Medium) Researcher/s: NGO VAN TU Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9df97805-b425-49b1-86c1-e66213dacd2b>
Affected Software: Easy Admin Menu CVE ID: CVE-2023-33929 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fefab999-12e0-4866-a5a2-60f8faa64f89>
Affected Software: Shopping Cart & eCommerce Store CVE ID: CVE-2023-2895 CVSS Score: 4.3 (Medium) Researcher/s: Alex Thomas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/02fd8469-cd99-42dc-9a28-c0ea08512bb0>
Affected Software: Shopping Cart & eCommerce Store CVE ID: CVE-2023-2896 CVSS Score: 4.3 (Medium) Researcher/s: Alex Thomas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/041830b8-f059-46f5-961b-3ba908d161f9>
Affected Software: Shopping Cart & eCommerce Store CVE ID: CVE-2023-2893 CVSS Score: 4.3 (Medium) Researcher/s: Alex Thomas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1268604c-08eb-4d86-8e97-9cdaa3e19c1f>
Affected Software: YouTube Playlist Player CVE ID: CVE-2023-33931 CVSS Score: 4.3 (Medium) Researcher/s: Skalucy Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/39aed7e9-05c6-4251-b489-de7a33ed2c2e>
Affected Software: woocommerce-follow-up-emails CVE ID: CVE-2023-33316 CVSS Score: 4.3 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4fee61cd-7359-4193-8cf2-86e0527a8ef1>
Affected Software: WP Tiles CVE ID: CVE-2023-25482 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/52876909-3d2a-480d-9c47-39e96d088ff3>
Affected Software: Video Contest WordPress Plugin CVE ID: CVE-2022-45823 CVSS Score: 4.3 (Medium) Researcher/s: Cat Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/597fe53e-769e-4edd-b0b9-2bd2cff50da6>
Affected Software: Flickr Justified Gallery CVE ID: CVE-2023-25473 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/76a1d39e-8d69-4507-b75c-d376a2122d15>
Affected Software: Abandoned Cart Lite for WooCommerce CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a1e51a99-f5d4-47d4-bead-00ca1f5f72c2>
Affected Software: Custom Twitter Feeds (Tweets Widget) CVE ID: CVE-2022-33974 CVSS Score: 4.3 (Medium) Researcher/s: Muhammad Daffa Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a5a5f8c2-3fd6-4d31-a3b5-60bdb8c18491>
Affected Software: Shopping Cart & eCommerce Store CVE ID: CVE-2023-2894 CVSS Score: 4.3 (Medium) Researcher/s: Alex Thomas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a68b8df9-9b50-4617-9308-76a2a9036d7a>
Affected Software: WordPress Backup & Migration CVE ID: CVE-2023-33928 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ce978334-42e1-4334-a2d1-c3966339e4fc>
Affected Software: Product Gallery Slider for WooCommerce CVE ID: CVE-2022-45372 CVSS Score: 4.3 (Medium) Researcher/s: Muhammad Daffa Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/df911497-8504-424e-8717-42d0bb6c90f1>
Affected Software: Abandoned Cart Lite for WooCommerce CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e743e656-2dd9-43ed-a190-b03af7c75c54>
Affected Software: JetFormBuilder — Dynamic Blocks Form Builder CVE ID: CVE-2023-33212 CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f37c4b2c-6f41-46b5-8427-b1883b39322e>
Affected Software: UTM Tracker CVE ID: CVE-2023-23822 CVSS Score: 3.3 (Low) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/077ec165-edd3-4c2c-b1ea-01ca5b80f779>
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (May 22, 2023 to May 28, 2023) appeared first on Wordfence.
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.022 Low
EPSS
Percentile
87.8%