9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
49.8%
Last week, there were 82 vulnerabilities disclosed in 59 WordPress Plugins and 11 WordPress themes, along with 6 in WordPress Core, that have been added to the Wordfence Intelligence Vulnerability Database, and there were 26 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface and vulnerability API are completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
_Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published. _
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Patch Status | Number of Vulnerabilities |
---|---|
Unpatched | 15 |
Patched | 67 |
Severity Rating | Number of Vulnerabilities |
---|---|
Low Severity | 3 |
Medium Severity | 68 |
High Severity | 8 |
Critical Severity | 3 |
Vulnerability Type by CWE | Number of Vulnerabilities |
---|---|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 35 |
Cross-Site Request Forgery (CSRF) | 17 |
Missing Authorization | 15 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 3 |
Authentication Bypass Using an Alternate Path or Channel | 3 |
Authorization Bypass Through User-Controlled Key | 2 |
Acceptance of Extraneous Untrusted Data With Trusted Data | 2 |
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | 1 |
Server-Side Request Forgery (SSRF) | 1 |
Improper Authentication | 1 |
Deserialization of Untrusted Data | 1 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 1 |
Researcher Name | Number of Vulnerabilities |
---|---|
Rafie Muhammad | 16 |
Lana Codes | |
(Wordfence Vulnerability Researcher) | 12 |
Marco Wotschka | |
(Wordfence Vulnerability Researcher) | 10 |
Erwan LR | 6 |
Mika | 4 |
Dave Jong | 3 |
Emili Castells | 2 |
Liam Gladdy | 2 |
Prasanna V Balaji | 2 |
LEE SE HYOUNG | 2 |
yuyudhn | 2 |
Le Ngoc Anh | 1 |
John Blackbourn | 1 |
LOURCODE | 1 |
Jonas Höbenreich | 1 |
Rio Darmawan | 1 |
WPScanTeam | 1 |
Muhammad Daffa | 1 |
Nguyen Xuan Chien | 1 |
konagash | 1 |
thiennv | 1 |
Jakub Zoczek | 1 |
Nithissh S | 1 |
Ramuel Gall | |
(Wordfence Vulnerability Researcher) | 1 |
Matt Rusnak | |
(Wordfence Vulnerability Researcher) | 1 |
Pavitra Tiwari | 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
Software Name | Software Slug |
---|---|
AI Engine: ChatGPT Chatbot, Content Generator, GPT 3 & 4, Ultra-Customizable | ai-engine |
AutomateWoo | automatewoo |
BP Social Connect | bp-social-connect |
Baidu Tongji generator | baidu-tongji-generator |
Contact Form by Supsystic | contact-form-by-supsystic |
ConvertKit – Email Marketing, Newsletter, Subscribers and Landing Pages | convertkit |
Cookie Monster | cookiemonster |
Custom 404 Pro | custom-404-pro |
Customize WordPress Emails and Alerts – Better Notifications for WP | bnfw |
Drop Shadow Boxes | drop-shadow-boxes |
Easing Slider | easing-slider |
Easy Forms for Mailchimp | yikes-inc-easy-mailchimp-extender |
Essential Addons for Elementor Pro | essential-addons-elementor |
File Away | file-away |
Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty | chaty |
Jazz Popups | jazz-popups |
MStore API | mstore-api |
Multiple Page Generator Plugin – MPG | multiple-pages-generator-by-porthas |
OTP Login Woocommerce & Gravity Forms | mobile-login-woocommerce |
Performance Lab | performance-lab |
Photo Gallery by Ays – Responsive Image Gallery | gallery-photo-gallery |
PixelYourSite Pro – Your smart PIXEL (TAG) Manager | pixelyoursite-pro |
PixelYourSite – Your smart PIXEL (TAG) Manager | pixelyoursite |
Predictive Search | predictive-search |
Predictive Search for WooCommerce | woocommerce-predictive-search |
Quiz Maker | quiz-maker |
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | custom-registration-form-builder-with-submission-manager |
Ricerca – advanced search | ricerca-smart-search |
SEO Change Monitor – Track Website Changes | seo-change-monitor |
Scripts n Styles | scripts-n-styles |
Simple Page Ordering | simple-page-ordering |
Smart App Banner | smart-app-banner |
Stop Referrer Spam | stop-referrer-spam |
Stop Spammers Security | Block Spam Users, Comments, Forms |
Survey Maker – Best WordPress Survey Plugin | survey-maker |
Ultimate Dashboard – Custom WordPress Dashboard | ultimate-dashboard |
UpdraftPlus WordPress Backup Plugin | updraftplus |
Video Gallery | video-slider-with-thumbnails |
WP Activity Log | wp-security-audit-log |
WP Activity Log Premium | wp-security-audit-log-premium |
WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc | wp-sms |
WP htaccess Control | wp-htaccess-control |
Waiting: One-click countdowns | waiting |
WeSecur Security – Antivirus, Malware Scanner and Protection for your WordPress | wesecur-security |
WishSuite – Wishlist for WooCommerce | wishsuite |
WooCommerce Bookings | woocommerce-bookings |
WooCommerce Brands | woocommerce-brands |
WooCommerce Composite Products | woocommerce-composite-products |
WooCommerce Pre-Orders | woocommerce-pre-orders |
WooCommerce Product Add-ons | woocommerce-product-addons |
WooCommerce Ship to Multiple Addresses | woocommerce-shipping-multiple-addresses |
WooDiscuz – WooCommerce Comments | woodiscuz-woocommerce-comments |
WordPress | wordpress |
WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg |
Zotpress | zotpress |
nuajik | nuajik-cdn |
reCAPTCHA and Cloudflare Turnstile For All Pages, to Block Spam and Hackers Attack, Block Visitors from China | recaptcha-for-all |
video carousel slider with lightbox | wp-responsive-video-gallery-with-lightbox |
woocommerce-product-recommendations | woocommerce-product-recommendations |
Software Name | Software Slug |
---|---|
Appzend | appzend |
BuzzStore | buzzstore |
Craft Blog | [craft-blog](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/Craft Blog>) |
Fitness Park | [fitness-park](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/Fitness Park>) |
Kathmag | kathmag |
Kingcabs | kingcabs |
Medical Heed | [medical-heed](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/Medical Heed>) |
MetroStore | metrostore |
Online eStore | [online-estore](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/Online eStore>) |
SparkleStore | sparklestore |
SpiderMag | spidermag |
Affected Software: BP Social Connect CVE ID: CVE-2023-2704 CVSS Score: 9.8 (Critical) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/44c96df2-530a-4ebe-b722-c606a7b135f9>
Affected Software: RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login CVE ID: CVE-2023-2499 CVSS Score: 9.8 (Critical) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/87ec5542-b6e7-4b18-a3ec-c258e749d32e>
Affected Software: MStore API CVE ID: CVE-2023-2733 CVSS Score: 9.8 (Critical) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c726d8f0-7f2a-414b-9d73-a053921074d9>
Affected Software: SEO Change Monitor – Track Website Changes CVE ID: CVE-2023-33209 CVSS Score: 8.8 (High) Researcher/s: Nithissh S Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c4f19302-70a5-4132-b841-fba1dd86a0d3>
Affected Software: OTP Login Woocommerce & Gravity Forms CVE ID: CVE-2023-2706 CVSS Score: 8.1 (High) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b1b7b653-496f-467a-9513-4be1891f38ae>
Affected Software: WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg CVE ID: CVE-2023-2736 CVSS Score: 7.5 (High) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9bf472f1-5980-48ee-aa10-aad19b6f2456>
Affected Software: Waiting: One-click countdowns CVE ID: CVE-2023-2757 CVSS Score: 7.4 (High) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/38cc5a39-6ec3-4ce9-b9ad-d4ca5dafe9a7>
Affected Software: Essential Addons for Elementor Pro CVE ID: CVE-2023-32245 CVSS Score: 7.3 (High) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b1a193b7-21e5-4f57-aaa6-e55c79f8e957>
Affected Software: Multiple Page Generator Plugin – MPG CVE ID: CVE-2023-2607 CVSS Score: 7.2 (High) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1575f0ad-0a77-4047-844c-48db4c8b4e91>
Affected Software: WooCommerce Pre-Orders CVE ID: CVE-2023-32802 CVSS Score: 7.2 (High) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b93f66ac-5c9b-483a-a7ad-0a404d3935e0>
Affected Software: WooCommerce Product Add-ons CVE ID: CVE-2023-32795 CVSS Score: 7.2 (High) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d77666b5-956d-420b-93ed-a15cdbfcced7>
Affected Software: Predictive Search CVE ID: CVE Unknown CVSS Score: 6.5 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/340e98bf-6484-4634-b2f8-e02f14de67de>
Affected Software: WordPress CVE ID: CVE Unknown CVSS Score: 6.5 (Medium) Researcher/s: Liam Gladdy Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4e3a6fe2-6292-44ff-8925-a4aeb77c2a7f>
Affected Software: WordPress CVE ID: CVE Unknown CVSS Score: 6.5 (Medium) Researcher/s: Liam Gladdy Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6300c8c2-f539-46b2-9ee0-80bebbe4cad3>
Affected Software: Predictive Search CVE ID: CVE Unknown CVSS Score: 6.5 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ca481a37-8c45-499c-bf68-3af6795af827>
Affected Software: Predictive Search CVE ID: CVE Unknown CVSS Score: 6.5 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d396e90b-c113-4534-8ce3-27bea3bd7296>
Affected Software: File Away CVE ID: CVE-2023-0431 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5f78dd75-d853-4b16-843e-e0c9c55a103c>
Affected Software: Drop Shadow Boxes CVE ID: CVE Unknown CVSS Score: 6.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6f2b4ac7-f888-408b-a77a-bd73ac8e967d>
Affected Software: WordPress CVE ID: CVE Unknown CVSS Score: 6.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/834c92ba-8b48-4ae3-9073-085e8f559762>
Affected Software: WooCommerce Brands CVE ID: CVE-2023-32746 CVSS Score: 6.4 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/accdcff0-f361-4632-b0b7-e55975adeebb>
Affected Software: WordPress CVE ID: CVE Unknown CVSS Score: 6.4 (Medium) Researcher/s: Jakub Zoczek Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bba3eeeb-5e7e-4ec3-9db0-02c44585647a>
Affected Software: WooCommerce Pre-Orders CVE ID: CVE-2023-32793 CVSS Score: 6.4 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c3915c2f-400d-433d-bbc8-4d88258123dc>
Affected Software: WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc CVE ID: CVE-2023-32742 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/04970416-06db-4339-ac22-34fde5a48f2a>
Affected Software: Survey Maker – Best WordPress Survey Plugin CVE ID: CVE-2023-2572 CVSS Score: 6.1 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/15b57809-6062-48ca-8572-26032928cd16>
Affected Software: WooCommerce Composite Products CVE ID: CVE-2023-32801 CVSS Score: 6.1 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1d45bd32-d693-40e6-9b30-9e0b91eb4660>
Affected Software: Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty CVE ID: CVE-2023-25019 CVSS Score: 6.1 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/36741b46-57ac-402e-bfb1-8424c7e70598>
Affected Software: Easy Forms for Mailchimp CVE ID: CVE-2023-23900 CVSS Score: 6.1 (Medium) Researcher/s: Rafie Muhammad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4afb25d5-dce1-4a7a-8afe-0fc2a384b945>
Affected Software: UpdraftPlus WordPress Backup Plugin CVE ID: CVE-2023-32960 CVSS Score: 6.1 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/597f06ac-f9c7-4dcb-bb72-15ed7e9d8ac6>
Affected Software: Custom 404 Pro CVE ID: CVE-2023-32740 CVSS Score: 6.1 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7d90dad3-d7ef-4060-8328-fd551cee92e2>
Affected Software: Stop Spammers Security | Block Spam Users, Comments, Forms CVE ID: CVE-2023-2489 CVSS Score: 6.1 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/889cb1d5-7f5c-4904-9b5f-cc8a505eb65c>
Affected Software: Video Gallery CVE ID: CVE-2023-2708 CVSS Score: 6.1 (Medium) Researcher/s: Marco Wotschka, yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8cfbad9f-61ba-4216-9078-c1e7e809899a>
Affected Software: Jazz Popups CVE ID: CVE-2023-32965 CVSS Score: 6.1 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ba8c5db5-48d4-4ce1-84b9-5743c7444a3a>
Affected Software: Photo Gallery by Ays – Responsive Image Gallery CVE ID: CVE-2023-2568 CVSS Score: 6.1 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ca62b54e-dde6-440f-bed9-db320179269e>
Affected Software: ConvertKit – Email Marketing, Newsletter, Subscribers and Landing Pages CVE ID: CVE-2023-2337 CVSS Score: 6.1 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cf3a16b6-7256-4fad-b3f2-d1d9d833f45e>
Affected Software: video carousel slider with lightbox CVE ID: CVE-2023-2710 CVSS Score: 6.1 (Medium) Researcher/s: Marco Wotschka, yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e88bb3a8-de24-46fb-a3e4-9ca3fdd4cca7>
Affected Software: Quiz Maker CVE ID: CVE-2023-2571 CVSS Score: 6.1 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f70d0bea-3ac2-4235-92a2-09458b85bddd>
Affected Software: Essential Addons for Elementor Pro CVE ID: CVE-2023-32241 CVSS Score: 6.1 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f8f86293-a32f-49a6-8c8c-d37354ab040a>
Affected Software: AutomateWoo CVE ID: CVE-2023-32743 CVSS Score: 5.5 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9202cb4d-7fd4-444d-ab44-8f6d9e68d869>
Affected Software: Contact Form by Supsystic CVE ID: CVE-2023-2528 CVSS Score: 5.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1c387b07-baf6-4c62-943e-4bd121160ceb>
Affected Software: WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg CVE ID: CVE-2023-2716 CVSS Score: 5.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3c5bde0e-3138-4995-92ae-6deaf6b7be5b>
Affected Software: Zotpress CVE ID: CVE-2023-32961 CVSS Score: 5.4 (Medium) Researcher/s: LOURCODE Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/617dcc0e-e212-4da0-8918-e55e6b3895fa>
Affected Software: Simple Page Ordering CVE ID: CVE-2023-32798 CVSS Score: 5.4 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/77d8d29b-b730-46be-a354-7abfa83ac664>
Affected Software: Stop Referrer Spam CVE ID: CVE-2023-33207 CVSS Score: 5.4 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a5deac61-031f-452a-a478-d5d0c7953817>
Affected Software: WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg CVE ID: CVE-2023-2717 CVSS Score: 5.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/af73240c-b711-4e91-9998-5f7e6a9a4fb9>
Affected Software: WordPress CVE ID: CVE-2023-2745 CVSS Score: 5.4 (Medium) Researcher/s: Ramuel Gall, Matt Rusnak Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/edcf46b6-368e-49c0-b2c3-99bf6e2d358f>
Affected Software: Smart App Banner CVE ID: CVE Unknown CVSS Score: 5.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f71453d9-8bbf-4546-b69f-e86cc41da9bd>
Affected Software/s: Kathmag, Online eStore, SpiderMag, Medical Heed, Appzend, BuzzStore, Craft Blog, Fitness Park, Kingcabs, MetroStore, SparkleStore CVE ID: CVE-2023-32959 CVSS Score: 5.3 (Medium) Researcher/s: Dave Jong Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/62e30cef-ce5d-4450-989e-f08f09b7638f>
Affected Software: Predictive Search for WooCommerce CVE ID: CVE-2023-32963 CVSS Score: 5.3 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7ea2726a-a601-45ac-9f20-c34b82edf441>
Affected Software: Easing Slider CVE ID: CVE-2023-30490 CVSS Score: 5.3 (Medium) Researcher/s: Dave Jong Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9e04a2f8-5071-4c85-b4f8-cb914ee509b5>
Affected Software/s: Kathmag, Online eStore, SpiderMag, Medical Heed, Appzend, BuzzStore, Craft Blog, Fitness Park, Kingcabs, MetroStore, SparkleStore CVE ID: CVE-2023-32959 CVSS Score: 5.3 (Medium) Researcher/s: Dave Jong Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c37bfdeb-2d0c-4ace-94cc-b85c16985994>
Affected Software: Predictive Search for WooCommerce CVE ID: CVE-2023-32963 CVSS Score: 5.3 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/dc428f4b-fe82-419a-aee3-38f0bb582506>
Affected Software: WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg CVE ID: CVE-2023-2735 CVSS Score: 4.9 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4938206e-2ea4-47ed-a307-87cf67dd74a4>
Affected Software: WooDiscuz – WooCommerce Comments CVE ID: CVE-2023-33216 CVSS Score: 4.4 (Medium) Researcher/s: Emili Castells Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/01bd8a24-5580-4b16-94b3-c231d5fe7a01>
Affected Software: Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty CVE ID: CVE Unknown CVSS Score: 4.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3baa0543-cdfb-4699-97ca-eaa83c2494a1>
Affected Software: Cookie Monster CVE ID: CVE-2023-33208 CVSS Score: 4.4 (Medium) Researcher/s: Prasanna V Balaji Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4f040075-83a0-4c9a-8d93-99aa36606b31>
Affected Software/s: PixelYourSite Pro – Your smart PIXEL (TAG) Manager, PixelYourSite – Your smart PIXEL (TAG) Manager CVE ID: CVE-2023-2584 CVSS Score: 4.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5ebf1e83-50b8-4f56-ba76-10100375edda>
Affected Software: WP htaccess Control CVE ID: CVE-2023-25462 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6741b770-79d3-4797-8f8f-4ca83fde4705>
Affected Software: AI Engine: ChatGPT Chatbot, Content Generator, GPT 3 & 4, Ultra-Customizable CVE ID: CVE Unknown CVSS Score: 4.4 (Medium) Researcher/s: WPScanTeam Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6d8f59b0-da92-43aa-990d-5271aa40d6b4>
Affected Software: WishSuite – Wishlist for WooCommerce CVE ID: CVE-2023-32962 CVSS Score: 4.4 (Medium) Researcher/s: Emili Castells Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b515782a-d7ec-41a6-92f8-91823f2c0dcf>
Affected Software: Stop Spammers Security | Block Spam Users, Comments, Forms CVE ID: CVE-2023-2489 CVSS Score: 4.4 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c83df43e-286d-4695-9c37-bee2870fd3b5>
Affected Software: WeSecur Security – Antivirus, Malware Scanner and Protection for your WordPress CVE ID: CVE-2023-24390 CVSS Score: 4.4 (Medium) Researcher/s: Prasanna V Balaji Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d732ea2d-c763-4735-b541-6c5fd5167cb4>
Affected Software: Ultimate Dashboard – Custom WordPress Dashboard CVE ID: CVE Unknown CVSS Score: 4.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e5103e60-771f-46cf-b432-21d131e30bcc>
Affected Software: nuajik CVE ID: CVE-2023-33210 CVSS Score: 4.4 (Medium) Researcher/s: Pavitra Tiwari Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fcf09793-1277-41a0-9ce4-b85b13721729>
Affected Software: WordPress CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: John Blackbourn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0da1cc3b-5d6b-4ca0-9d8a-31c63ab5b9c9>
Affected Software: WooCommerce Ship to Multiple Addresses CVE ID: CVE-2023-32799 CVSS Score: 4.3 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/163328e9-2918-4bc0-8bbc-90d7e992754d>
Affected Software: WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg CVE ID: CVE-2023-2715 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/24747507-8f24-499e-a257-d379dc171e18>
Affected Software: WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg CVE ID: CVE-2023-2714 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/29700844-b41d-4f10-90a7-06c8574d8d2a>
Affected Software: WooCommerce Bookings CVE ID: CVE-2023-32747 CVSS Score: 4.3 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2b365fb8-7a93-4306-b2b1-ce47dc19457a>
Affected Software: Ricerca – advanced search CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2fefcc8c-3864-4764-86e7-678d8604fd67>
Affected Software: WP Activity Log Premium CVE ID: CVE-2023-2285 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4c659f6d-e02b-42ab-ba02-eb9b00602ad4>
Affected Software: AutomateWoo CVE ID: CVE-2023-32745 CVSS Score: 4.3 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/540de1b8-eb1f-4f9d-b45c-d3d5f11b642d>
Affected Software: reCAPTCHA and Cloudflare Turnstile For All Pages, to Block Spam and Hackers Attack, Block Visitors from China CVE ID: CVE-2023-32599 CVSS Score: 4.3 (Medium) Researcher/s: Jonas Höbenreich Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/66585943-cb70-4296-af66-5b786d1bafb9>
Affected Software: WP Activity Log Premium CVE ID: CVE-2023-2284 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6e29fd6b-462a-42be-9a2a-b6717b20a937>
Affected Software: Performance Lab CVE ID: CVE-2022-47174 CVSS Score: 4.3 (Medium) Researcher/s: Muhammad Daffa Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6f1e3586-99f7-4cac-bbb2-1a6406c4f8a4>
Affected Software: Customize WordPress Emails and Alerts – Better Notifications for WP CVE ID: CVE-2023-32964 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7ddabda2-1e27-4b87-b643-b0166112a890>
Affected Software: woocommerce-product-recommendations CVE ID: CVE-2023-32744 CVSS Score: 4.3 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/826fe5a8-3290-4f70-b9bb-8bd4aec3634c>
Affected Software: WooCommerce Product Add-ons CVE ID: CVE-2023-32794 CVSS Score: 4.3 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b5bd3852-c1a5-4d7d-b4fb-59911fba4873>
Affected Software/s: WP Activity Log, WP Activity Log Premium CVE ID: CVE-2023-2286 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e2008e0b-32c6-46fb-93b9-2b0004f478e8>
Affected Software/s: WP Activity Log, WP Activity Log Premium CVE ID: CVE-2023-2261 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f51f0919-498e-4f86-a933-1b7f2c4a10a4>
Affected Software: Scripts n Styles CVE ID: CVE-2023-31236 CVSS Score: 3.3 (Low) Researcher/s: konagash Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a86d8f97-54dc-4c6b-92c0-05a8625cc073>
Affected Software: Baidu Tongji generator CVE ID: CVE-2023-31233 CVSS Score: 3.3 (Low) Researcher/s: LEE SE HYOUNG Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e2b9b6f4-6ee7-498d-9693-a5ae5f7f4719>
Affected Software: Multiple Page Generator Plugin – MPG CVE ID: CVE-2023-2608 CVSS Score: 3.1 (Low) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d900584c-0f58-4abc-92ff-841f898d02fc>
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (May 15, 2023 to May 21, 2023) appeared first on Wordfence.
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
49.8%