Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wordfenceChloe ChamberlandWORDFENCE:74C438C272D6B6A1635FE85C3F3198E6
HistoryFeb 16, 2023 - 3:21 p.m.

Wordfence Intelligence CE Weekly Vulnerability Report (Feb 6, 2023 to Feb 12, 2023)

2023-02-1615:21:24
Chloe Chamberland
www.wordfence.com
66

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

JSON

In case you missed it, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence Community Edition.

This database is continuously updated, maintained, and populated by Wordfence's highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Our mission with Wordfence Intelligence Community Edition is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence Community Edition user interface and vulnerability API are completely free to access and utilize both personally and commercially.

Last week, there were 71 vulnerabilities disclosed in WordPress based software that have been added to the Wordfence Intelligence Community Edition Vulnerability Database. You can find those vulnerabilities below.

ImageMagick Engine <= 1.7.5 - Cross-Site Request Forgery to PHAR Deserialization

CVE ID: CVE-2022-3568 CVSS Score: 8.8 (High) Researcher/s: Rasoul Jahanshahi Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4a2ca2f0-1d4a-4614-86ba-a46e765f4a9f&gt;

Plugin for Google Reviews <= 2.2.3 - Authenticated (Subscriber+) SQL Injection

CVE ID: CVE-2022-44580 CVSS Score: 8.8 (High) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/75aa7541-d9d4-4526-9831-238327d0f3ae&gt;

GigPress <= 2.3.28 - Authenticated (Subscriber+) SQL Injection

CVE ID: CVE-2023-0381 CVSS Score: 8.8 (High) Researcher/s: Erwan LR Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cb1dc7e4-a339-4760-9f63-aaa6590bd5e0&gt;

Auto Featured Image (Auto Post Thumbnail) <= 3.9.15 - Authenticated (Author+) Arbitrary File Upload

CVE ID: CVE-2023-0477 CVSS Score: 7.2 (High) Researcher/s: dc11 Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/18ff2556-9e20-42f6-a8fb-b81473c42576&gt;

My Sticky Elements <= 2.0.8 - Authenticated (Admin+) SQL Injection

CVE ID: CVE-2023-0487 CVSS Score: 7.2 (High) Researcher/s: qerogram Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2b1933a5-48f3-4707-8e3d-824b60ce2635&gt;

Redirection for Contact Form 7 <= 2.7.0 - Authenticated(Editor+) Privilege Escalation

CVE ID: CVE-2023-23990 CVSS Score: 7.2 (High) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/527c344e-870e-4bd9-b111-86cc2821367d&gt;

Monolit <= 2.0.6 - Unauthenticated Stored Cross-Site Scripting

CVE ID: CVE-2023-25041 CVSS Score: 7.2 (High) Researcher/s: FearZzZz Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/60a574c7-47de-4427-8d38-d510ea996f75&gt;

Gutenberg Forms <= 2.2.8.3 - Authenticated(Subscriber+) Sensitive Information Disclosure

CVE ID: CVE-2022-45803 CVSS Score: 6.5 (Medium) Researcher/s: Nguyen Anh Tien Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5964dd2a-e388-4454-89f6-aa71e1734d35&gt;

Shortcodes Ultimate <= 5.12.6 - Authenticated (Subscriber+) Arbitrary File Read via Shortcode

CVE ID: CVE-2023-25050 CVSS Score: 6.5 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5dad7348-39ba-4163-a5eb-939601645edb&gt;

Shortcodes Ultimate <= 5.12.6 - Authenticated (Subscriber+) Server-Side Request Forgery

CVE ID: CVE-2023-25050 CVSS Score: 6.5 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7bb6caf6-5676-49cd-8577-5a41b44b00c0&gt;

Cost of Goods for WooCommerce <= 2.8.6 - Missing Authorization in save_costs

CVE ID: CVE-2023-23868 CVSS Score: 6.5 (Medium) Researcher/s: Cat Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/984ca0d3-26c3-40cf-8e77-2ec1e3b89ce2&gt;

Icegram Express <= 5.5.2 - Unauthenticated CSV Injection

CVE ID: CVE-2022-45810 CVSS Score: 6.5 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a8077d07-acaf-40f2-bc0f-e28a44ead94c&gt;

Quick Contact Form <= 8.0.3.1 - Cross-Site Request Forgery to Sensitive Information Disclosure

CVE ID: CVE-2023-25035 CVSS Score: 6.5 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b930ddd7-a2a3-4b83-a1a6-ea08bbcb07a3&gt;

WP-Optimize <= 3.2.11 - Cross-Site Request Forgery

CVE ID: CVE Unknown CVSS Score: 6.5 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c3190f9f-8b2f-4251-8804-f386e2c5678f&gt;

Cost of Goods for WooCommerce <= 2.8.6 - Cross-Site Request Forgery in save_costs

CVE ID: CVE Unknown CVSS Score: 6.5 (Medium) Researcher/s: Cat Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ee50731f-696f-4e9f-a930-05b2b23752de&gt;

Scriptless Social Sharing <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Options

CVE ID: CVE-2023-0377 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/84c79b0e-01d2-4710-9a02-edceab8db22d&gt;

Quick Contact Form <= 8.0.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE ID: CVE-2023-23885 CVSS Score: 6.4 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/90654fac-b9c7-422f-8472-2a7c7fd0de0d&gt;

Icegram Collect <= 1.3.8 - Authenticated(Contributor+) Cross-Site Scripting via Shortcode

CVE ID: CVE-2023-25024 CVSS Score: 6.4 (Medium) Researcher/s: Rafshanzani Suhada Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/93920201-fd53-45ad-983a-a2b04b96db77&gt;

Interactive Geo Maps <= 1.5.9 - Authenticated (Editor+) Stored Cross-Site Scripting

CVE ID: CVE-2023-0731 CVSS Score: 6.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/95ce515a-377c-49b4-8d1b-7ac22769c759&gt;

Quebely <= 1.8.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'className' Block Option

CVE ID: CVE-2023-0376 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/991aefb4-2e6b-48e6-bd19-98b21a57f6db&gt;

Visualizer <= 3.9.1 - Authenticated(Contributor+) Stored Cross-Site Scripting

CVE ID: CVE-2022-46848 CVSS Score: 6.4 (Medium) Researcher/s: Muhammad Daffa Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d32ceb67-8ad1-4f59-b4a8-63c9c3e8b90c&gt;

Shortcodes Ultimate <= 5.12.6 - Authenticated (Contributor+) Stored Cross Site Scripting

CVE ID: CVE-2023-25040 CVSS Score: 6.4 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d449466d-e78a-48a3-8eff-90b56646dd6b&gt;

WordPress Comments Import & Export <= 2.3.1 - CSV Injection

CVE ID: CVE-2022-45370 CVSS Score: 6.1 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5196a9f2-177d-48e1-b0dc-72e0727132d6&gt;

Pie Register <= 3.8.2.2 - Open Redirect

CVE ID: CVE-2023-0552 CVSS Score: 6.1 (Medium) Researcher/s: Omar Amin Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8bbcbefa-f38d-4752-acca-3545976cc59f&gt;

微信机器人高级版 <= 6.0.1 - Reflectedite Scripting

CVE ID: CVE-2022-45837 CVSS Score: 6.1 (Medium) Researcher/s: minhtuanact Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9d2a238f-7192-49f0-be2e-3a35fca651d9&gt;

Link Juice Keeper <= 2.0.2 - Authenticated(Admin+) Stored Cross-Site Scripting

CVE ID: CVE Unknown CVSS Score: 5.5 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/06511129-fb43-4ac1-9f5d-c637c9577293&gt;

Chained Quiz <= 1.3.2.5 - Authenticated(Admin+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25027 CVSS Score: 5.5 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/68ec28e8-345c-4017-ab0d-04ac4facd60c&gt;

Quick Paypal Payments <= 5.7.25 - Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE Unknown CVSS Score: 5.5 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/99e61ed1-df56-4e95-b4f9-3027ee7b7793&gt;

Arigato Autoresponder and Newsletter <= 2.7.1 - Authenticated(Admin+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25031 CVSS Score: 5.5 (Medium) Researcher/s: Rafshanzani Suhada Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b1db421d-d935-4441-ae5e-cc01123e80e8&gt;

Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_add_folder

CVE ID: CVE-2023-0724 CVSS Score: 5.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/08c0ea6c-7e2f-482f-b30c-0e3bcd992159&gt;

0mk Shortener <= 0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

CVE ID: CVE-2022-2933 CVSS Score: 5.4 (Medium) Researcher/s: Juampa Rodríguez Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3b798c64-3434-427d-b578-5abbdac8cd0e&gt;

Wicked Folders <= 2.18.16 - Missing Authorization on ajax_move_object

CVE ID: CVE-2023-0712 CVSS Score: 5.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0be428ae-40ae-4cc0-82ad-d121b6d2d27e&gt;

Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_save_state

CVE ID: CVE-2023-0722 CVSS Score: 5.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/261a1bf0-a147-48c8-878e-f9b725ac74d8&gt;

Wicked Folders <= 2.18.16 - Missing Authorization on ajax_add_folder

CVE ID: CVE-2023-0713 CVSS Score: 5.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2764b360-228d-48c1-8a29-d3764e532799&gt;

Wicked Folders <= 2.18.16 - Missing Authorization via ajax_unassign_folders

CVE ID: CVE-2023-0684 CVSS Score: 5.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/29358ea9-21b7-4294-8fc9-0d38e689cf53&gt;

Wicked Folders <= 2.18.16 - Missing Authorization on ajax_save_folder

CVE ID: CVE-2023-0718 CVSS Score: 5.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2c26d6de-5653-4be8-9526-39b30cb61625&gt;

Wicked Folders <= 2.18.16 - Missing Authorization via ajax_delete_folder

CVE ID: CVE-2023-0717 CVSS Score: 5.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/35fb658f-6ffa-4df7-bfcd-25307d89fc26&gt;

Wicked Folders <= 2.18.16 - Missing Authorization on ajax_edit_folder

CVE ID: CVE-2023-0716 CVSS Score: 5.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3ad60a11-e307-4ec9-9099-091a87ff1d3b&gt;

Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_save_folder_order

CVE ID: CVE-2023-0730 CVSS Score: 5.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4104f69f-b185-498a-aabf-2126ffb94ab3&gt;

Wicked Folders <= 2.18.16 - Cross-Site Request Forgery on ajax_save_folder

CVE ID: CVE-2023-0728 CVSS Score: 5.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/43b43802-f301-4748-98b9-eea78a249355&gt;

Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_edit_folder

CVE ID: CVE-2023-0726 CVSS Score: 5.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/51b88442-3961-42e2-8ff4-7726819a7f0f&gt;

Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_delete_folder

CVE ID: CVE-2023-0727 CVSS Score: 5.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/62b56928-7125-4211-b233-07b5b51881c1&gt;

Auto Affiliate Links <= 6.2.1.5 - Authenticated(Subscriber+) Plugin Settings Change

CVE ID: CVE-2022-45840 CVSS Score: 5.4 (Medium) Researcher/s: Nguyen Anh Tien Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7f787c75-7b27-4256-ac0c-abc2988ea7c8&gt;

Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_clone_folder

CVE ID: CVE-2023-0725 CVSS Score: 5.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/80797183-c69f-4dce-a2e0-52a395ceffaa&gt;

Wicked Folders <= 2.18.16 - Missing Authorization on ajax_save_folder_order

CVE ID: CVE-2023-0720 CVSS Score: 5.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8d392d0b-f286-44da-aa32-a08d0279baed&gt;

Wicked Folders <= 2.18.16 - Missing Authorization on ajax_save_sort_order

CVE ID: CVE-2023-0719 CVSS Score: 5.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9b26604b-2423-4130-b0ef-8f63a392c760&gt;

Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_save_sort_order

CVE ID: CVE-2023-0729 CVSS Score: 5.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ae8dbf54-ea62-4901-b34f-079b708ca0b5&gt;

Wicked Folders <= 2.18.16 - Missing Authorization on ajax_clone_folder

CVE ID: CVE-2023-0715 CVSS Score: 5.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c3728280-3487-4cb2-8e37-f33811bc0a22&gt;

WPCode <= 2.0.6 - Missing Authorization to Sensitive Key Disclosure/Update

CVE ID: CVE-2023-0328 CVSS Score: 5.4 (Medium) Researcher/s: Sanjay Das Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c4b1cae3-dc08-43b1-9a20-62b7263efeba&gt;

Quiz And Survey Master <= 8.0.8 - Cross-Site Request Forgery to Arbitrary Media Deletion

CVE ID: CVE-2023-0292 CVSS Score: 5.4 (Medium) Researcher/s: Julien Ahrens Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c75e6d27-7f6b-4bec-b653-c2024504f427&gt;

Wicked Folders <= 2.18.16 - Missing Authorization via ajax_save_state

CVE ID: CVE-2023-0711 CVSS Score: 5.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d1c43e93-69a3-407e-860e-ab25af5d7177&gt;

ShopLentor <= 2.5.1 - Cross-Site Request Forgery to Post Updates

CVE ID: CVE-2022-46798 CVSS Score: 5.4 (Medium) Researcher/s: Muhammad Daffa Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/db952443-2588-4da0-87d8-5bd2d3be039c&gt;

Wicked Folders <= 2.18.16 - Cross-Site Request Forgery on ajax_move_object

CVE ID: CVE-2023-0723 CVSS Score: 5.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/dc01108f-e781-484b-997a-c1d4e218a3f4&gt;

Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_unassign_folders

CVE ID: CVE-2023-0685 CVSS Score: 5.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e52b27fa-10e8-43d0-be29-774c2f5487ae&gt;

CURCY <= 2.1.25 - Missing Authorization to Currency Exchange Retrieval

CVE ID: CVE-2022-46796 CVSS Score: 5.3 (Medium) Researcher/s: Muhammad Daffa Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ca24aa2f-5d31-4128-af75-68bd24637ee7&gt;

Vulnerability: eCommerce Product Catalog plugin for WordPress <= 3.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25049 CVSS Score: 4.4 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/46db2d07-66a6-4d9e-b0fd-ddf6119ba5be&gt;

Under Construction <= 3.96 - Cross-Site Request Forgery via admin_action_ucp_dismiss_notice

CVE ID: CVE-2023-0831 CVSS Score: 4.3 (Medium) Researcher/s: Ramuel Gall, Alex Thomas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/031a1203-6b0d-453b-be8a-12e7f55cb401&gt;

Booking Calendar Contact Form <= 1.2.34 - Missing Authorization to Authenticated (Subscriber+) Feedback Form Submission

CVE ID: CVE-2023-25037 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0563d2f0-fb29-4030-8d01-c257dda78241&gt;

Booking Calendar Contact Form <= 1.2.34 - Cross-Site Request Forgery via cpdexbccf_feedback

CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/09932277-8af3-4790-96f0-fe5af0a0ed29&gt;

Podlove Podcast Publisher <= 3.8.3 - Cross-Site Request Forgery

CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/17f2b07d-82de-4e25-9b17-ef4a1132e6c0&gt;

A2 Optimized WP <= 3.0.4 - Cross Site Request Forgery

CVE ID: CVE-2023-23711 CVSS Score: 4.3 (Medium) Researcher/s: Muhammad Daffa Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/463fdbde-1d98-4f52-b835-cba1ae567f4f&gt;

Under Construction <= 3.96 - Cross-Site Request Forgery via admin_action_install_weglot

CVE ID: CVE-2023-0832 CVSS Score: 4.3 (Medium) Researcher/s: Ramuel Gall, Alex Thomas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4fa84388-3597-4a54-9ae8-d6e04afe9061&gt;

Void Contact Form 7 Widget For Elementor Page Builder <= 2.1.1 - Cross-Site Request Forgery in void_cf7_opt_in_user_data_track

CVE ID: CVE-2022-47166 CVSS Score: 4.3 (Medium) Researcher/s: Muhammad Daffa Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/56a2084c-5120-4115-a027-625900d23ebc&gt;

Ajax Search Lite <= 4.10.3 - Missing Authorization leading to Authenticated (Subscriber+) Sensitive Information Disclosure

CVE ID: CVE-2022-38456 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5f2c157b-cd5a-459d-8e26-859e686148dc&gt;

Google Maps CP <= 1.0.43 - Cross-Site Request Forgery via feedback_action

CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a4aed6ba-23a2-46b6-b7e1-7b7e462b1f5b&gt;

All-in-one Google Analytics, Pixels and Product Feed Manager for WooCommerce <= 5.2.3 - Cross-Site Request Forgery

CVE ID: CVE-2022-46797 CVSS Score: 4.3 (Medium) Researcher/s: Muhammad Daffa Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/aae70da2-fcd8-4e33-8f38-5e19e0c14733&gt;

PayPal Brasil para WooCommerce <= 1.4.2 - Cross-Site Request Forgery

CVE ID: CVE-2023-25026 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b4a44a8a-740b-45dd-962c-945238f6ddee&gt;

Google Maps CP <= 1.0.43 - Missing Authorization to Authenticated (Subscriber+) Feedback Form Submission

CVE ID: CVE-2023-25039 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bc9a2639-cec8-408e-9ba2-ffb6c8c7da21&gt;

Mercado Pago payments for WooCommerce <= 6.3.1 - Cross-Site Request Forgery

CVE ID: CVE-2022-45068 CVSS Score: 4.3 (Medium) Researcher/s: Muhammad Daffa Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ce30649a-c1a0-42d5-b2e7-1ebe7989efa3&gt;

Album and Image Gallery plus Lightbox <= 1.6.2 - Cross-Site Request Forgery

CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/df1a3425-b1d7-4914-ab19-c215d4e845ea&gt;

ColorWay <= 4.2.3 - Cross Site Request Forgery

CVE ID: CVE-2023-25447 CVSS Score: 4.3 (Medium) Researcher/s: Dave Jong Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ecfa530c-a164-4215-b68a-7be81be3fd48&gt;

If you'd like to receive this weekly vulnerability report by email, along with Wordfence Intelligence CE product updates, sign up to the Wordfence Intelligence Community Edition Newsletter by filling out this form below.

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence Community Edition leaderboard along with being mentioned in our weekly vulnerability report.

The post Wordfence Intelligence CE Weekly Vulnerability Report (Feb 6, 2023 to Feb 12, 2023) appeared first on Wordfence.

Related

wpvulndb 27
openvas 4
prion 52
cve 54
wpexploit 5
nuclei 1
osv 4
cnvd 1
zdt 1
packetstorm 1
wpvulndb
wpvulndb
Wicked Folders < 2.18.17 - Subscriber+ Folder Structure Update
2023-02-07 00:00:00
Wicked Folders < 2.18.17 - Folder Structure Update via CSRF
2023-02-07 00:00:00
Quick Contact Form < 8.0.4 - Contributor+ Stored XSS
2023-02-06 00:00:00
openvas
openvas
WordPress Under Construction Plugin < 3.97 Multiple CSRF Vulnerabilities
2023-07-13 00:00:00
WordPress ShopLentor Plugin < 2.5.2 CSRF Vulnerability
2023-07-18 00:00:00
WordPress Mercado Pago payments for WooCommerce Plugin < 6.4.0 CSRF Vulnerability
2023-05-23 00:00:00
prion
prion
Cross site request forgery (csrf)
2023-03-13 10:15:00
Cross site request forgery (csrf)
2023-03-01 14:15:00
Cross site scripting
2023-04-25 12:15:00
cve
cve
CVE-2022-44580
2023-03-15 15:15:09
CVE-2022-45370
2023-11-07 17:15:08
CVE-2022-46797
2023-03-01 14:15:16
wpexploit
wpexploit
Scriptless Social Sharing < 3.2.2 - Contributor+ Stored XSS
2023-02-09 00:00:00
GigPress <= 2.3.28 - Subscriber+ SQLi
2023-02-06 00:00:00
WPCode < 2.0.7 - Contributor+ WPCode Library Auth Key Update/Deletion
2023-02-09 00:00:00
nuclei
nuclei
WordPress Pie Register <3.8.2.3 - Open Redirect
2023-03-31 11:28:24
osv
osv
CVE-2023-0377
2023-03-06 14:15:10
CVE-2022-46848
2023-03-28 08:15:07
CVE-2022-3568
2023-02-10 00:15:10
cnvd
cnvd
WordPress plugin 0mk Shortener cross-site request forgery vulnerability
2023-02-08 00:00:00
zdt
zdt
WordPress Quiz And Survey Master 8.0.8 Cross Site Request Forgery Vulnerability
2023-02-15 00:00:00
packetstorm
packetstorm
WordPress Quiz And Survey Master 8.0.8 Cross Site Request Forgery
2023-02-15 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

JSON
Related for WORDFENCE:74C438C272D6B6A1635FE85C3F3198E6
wpvulndb27openvas4prion52cve54wpexploit5nuclei1osv4cnvd1zdt1packetstorm1