Last week, there were 109 vulnerabilities disclosed in 102 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 37 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 12,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
_Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published. _
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Patch Status | Number of Vulnerabilities |
---|---|
Unpatched | 59 |
Patched | 50 |
Severity Rating | Number of Vulnerabilities |
---|---|
Low Severity | 0 |
Medium Severity | 92 |
High Severity | 14 |
Critical Severity | 3 |
Vulnerability Type by CWE | Number of Vulnerabilities |
---|---|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 42 |
Missing Authorization | 24 |
Cross-Site Request Forgery (CSRF) | 22 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 7 |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') | 3 |
URL Redirection to Untrusted Site ('Open Redirect') | 3 |
Deserialization of Untrusted Data | 2 |
Improper Authentication | 1 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 1 |
Guessable CAPTCHA | 1 |
Improper Access Control | 1 |
Protection Mechanism Failure | 1 |
Authorization Bypass Through User-Controlled Key | 1 |
Researcher Name | Number of Vulnerabilities |
---|---|
Lana Codes | |
(Wordfence Vulnerability Researcher) | 25 |
Nguyen Xuan Chien | 10 |
Mika | 8 |
Abdi Pranata | 7 |
Skalucy | 3 |
Dmitrii Ignatyev | 3 |
qilin_99 | 3 |
Abu Hurayra | 2 |
Muhammad Daffa | 2 |
thiennv | 2 |
Jonas Höbenreich | 2 |
LEE SE HYOUNG | 2 |
Ala Arfaoui | 2 |
Francesco Carlucci | 2 |
Revan Arifio | 1 |
Le Ngoc Anh | 1 |
Rio Darmawan | 1 |
Enrico Marcolini | 1 |
Claudio Marchesini | 1 |
Florian Hauser | 1 |
emad | 1 |
Vaishnav Rajeevan | 1 |
Tien from VNPT-VCI | 1 |
Nithissh S | 1 |
Abhijith A | 1 |
Nicolas Surribas | 1 |
konagash | 1 |
Elliot | 1 |
GiongfNef | 1 |
TP Cyber Security | 1 |
Erwan LR | 1 |
Krzysztof Zając | 1 |
Emili Castells | 1 |
SeungYongLee | 1 |
NGÔ THIÊN AN | 1 |
Hamoud Al Helmani | 1 |
Jerome Bruandet | 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
Software Name | Software Slug |
---|---|
10Web Booster – Website speed optimization, Cache & Page Speed optimizer | tenweb-speed-optimizer |
404 Solution | 404-solution |
Accordion | accordions-wp |
Admin and Site Enhancements (ASE) | admin-site-enhancements |
Advanced Menu Widget | advanced-menu-widget |
All-In-One Security (AIOS) – Security and Firewall | all-in-one-wp-security-and-firewall |
Alter | alter |
Animated Counters | animated-counters |
Article analytics | article-analytics |
Auto Excerpt everywhere | auto-excerpt-everywhere |
Auto Limit Posts Reloaded | auto-limit-posts-reloaded |
Autolinks Manager | daext-autolinks-manager |
BSK PDF Manager | bsk-pdf-manager |
Bellows Accordion Menu | bellows-accordion-menu |
Bonus for Woo | bonus-for-woo |
Booking calendar, Appointment Booking System | booking-calendar |
Buzzsprout Podcasting | buzzsprout-podcasting |
CallRail Phone Call Tracking | callrail-phone-call-tracking |
Category SEO Meta Tags | category-seo-meta-tags |
CloudNet360 | cloudnet-sync |
Convertful – Your Ultimate On-Site Conversion Tool | convertful |
Cookie Bar | cookie-bar |
Current Menu Item for Custom Post Types | current-menu-item-for-custom-post-types |
Custom Header Images | custom-header-images |
Custom Login Page | Temporary Users |
Custom My Account for Woocommerce | custom-my-account-for-woocommerce |
DeepL API translation plugin | wpdeepl |
Deeper Comments | deeper-comments |
Delete Me | delete-me |
DoLogin Security | dologin |
EasyRecipe | easyrecipe |
Export WP Page to Static HTML/CSS | export-wp-page-to-static-html |
FLOWFACT WP Connector | flowfact-wp-connector |
FareHarbor for WordPress | fareharbor |
Fathom Analytics for WP | fathom-analytics |
FeedFocal | feedfocal |
GD Security Headers | gd-security-headers |
Generate Dummy Posts | generate-dummy-posts |
Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers | rafflepress |
Google Maps made Simple | wp-gmappity-easy-google-maps |
Grid Plus – Unlimited grid layout | grid-plus |
Group Chat & Video Chat by AtomChat | atomchat |
ICS Calendar | ics-calendar |
ImageLinks Interactive Image Builder for WordPress | imagelinks-interactive-image-builder-lite |
Interactive Image Map Plugin – Draw Attention | draw-attention |
KD Coming Soon | kd-coming-soon |
LiteSpeed Cache | litespeed-cache |
Live Chat with Facebook Messenger | wp-facebook-messenger |
Magic Embeds | wp-embed-facebook |
Mail logging – WP Mail Catcher | wp-mail-catcher |
Mediabay – Media Library Folders | mediabay-lite |
Medialist | media-list |
MomentoPress for Momento360 | cmyee-momentopress |
My Shortcodes | my-shortcodes |
Neon text | neon-text |
News & Blog Designer Pack – WordPress Blog Plugin — (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry) | blog-designer-pack |
Ni WooCommerce Sales Report | ni-woocommerce-sales-report |
Original texts Yandex WebMaster | original-texts-yandex-webmaster |
PHP to Page | php-to-page |
Parcel Pro | woo-parcel-pro |
Post Meta Data Manager | post-meta-data-manager |
Pre-Orders for WooCommerce | pre-orders-for-woocommerce |
Product Recommendation Quiz for eCommerce | product-recommendation-quiz-for-ecommerce |
PubyDoc – Data Tables and Charts | pubydoc-data-tables-and-charts |
Quill Forms | The Best Typeform Alternative |
Related Products for WooCommerce | woo-related-products-refresh-on-reload |
Remove Add to Cart WooCommerce | remove-add-to-cart-woocommerce |
Reusable Text Blocks | reusable-text-blocks |
SAHU TikTok Pixel for E-Commerce | sahu-tiktok-pixel |
Seraphinite Accelerator | seraphinite-accelerator |
Shortcode Menu | shortcode-menu |
Simple Shortcodes | smpl-shortcodes |
Simple User Listing | simple-user-listing |
Slick Popup: Contact Form 7 Popup Plugin | slick-popup |
Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More | woocommerce-exporter |
TK Google Fonts GDPR Compliant | tk-google-fonts |
Thumbnail Slider With Lightbox | wp-responsive-slider-with-lightbox |
Thumbnail carousel slider | wp-responsive-thumbnail-slider |
User Avatar | user-avatar |
VK Blocks | vk-blocks |
VK Filter Search | vk-filter-search |
Very Simple Google Maps | very-simple-google-maps |
WCP OpenWeather | wcp-openweather |
WDContactFormBuilder | contact-form-builder |
WDSocialWidgets | spider-facebook |
WP EXtra | wp-extra |
WP Font Awesome | wp-font-awesome |
WP Glossary | wp-glossary |
WP Helper Premium | wp-helper-lite |
WP Post Popup | wp-post-modal |
WP Simple Galleries | wp-simple-galleries |
WP Word Count | wp-word-count |
WP iCal Availability | wp-ical-availability |
WPPizza – A Restaurant Plugin | wppizza |
Weather Atlas Widget | weather-atlas |
WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg |
WordPress CTA – WordPress Call To Action, Sticky CTA, Floating Buttons, Floating Tab Plugin | easy-sticky-sidebar |
WordPress Knowledge base & Documentation Plugin – WP Knowledgebase | wp-knowledgebase |
WordPress Simple HTML Sitemap | wp-simple-html-sitemap |
YITH WooCommerce Product Add-Ons | yith-woocommerce-product-add-ons |
YOP Poll | yop-poll |
kk Star Ratings | kk-star-ratings |
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you'd like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
Affected Software: PHP to Page CVE ID: CVE-2023-5199 CVSS Score: 9.9 (Critical) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/83e5a0dc-fc51-4565-945f-190cf9175874>
Affected Software: Article analytics CVE ID: CVE-2023-5640 CVSS Score: 9.8 (Critical) Researcher/s: Nicolas Surribas Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6abbdecd-782a-44a2-981a-ae6caa50dd6a>
Affected Software: Thumbnail Slider With Lightbox CVE ID: CVE-2023-5820 CVSS Score: 9.6 (Critical) Researcher/s: Ala Arfaoui Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e51e1cd2-6de9-4820-8bba-1c6b5053e2c1>
Affected Software: WP Simple Galleries CVE ID: CVE-2023-5583 CVSS Score: 8.8 (High) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0dc8f7cf-d8be-4229-b823-3bd9bc9f6eda>
Affected Software: Google Maps made Simple CVE ID: CVE-2023-5315 CVSS Score: 8.8 (High) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/262db9aa-0db5-48cd-a85b-3e6302e88a42>
Affected Software: WP EXtra CVE ID: CVE-2023-5311 CVSS Score: 8.8 (High) Researcher/s: GiongfNef Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/87e3dd5e-0d77-4d78-8171-0beaf9482699>
Affected Software: Post Meta Data Manager CVE ID: CVE-2023-5425 CVSS Score: 8.8 (High) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d7f4e710-99a2-49df-a513-725e1daaa18a>
Affected Software: Deeper Comments CVE ID: CVE Unknown CVSS Score: 8.8 (High) Researcher/s: Jerome Bruandet Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f1cbe675-4c0f-430a-b2db-85ba8605d172>
Affected Software: KD Coming Soon CVE ID: CVE-2023-46615 CVSS Score: 8.1 (High) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0f831d48-733a-4e79-8559-92b03b8d0356>
Affected Software: News & Blog Designer Pack – WordPress Blog Plugin — (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry) CVE ID: CVE-2023-5815 CVSS Score: 8.1 (High) Researcher/s: Florian Hauser Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2f2bdf11-401a-48af-b1dc-aeeb40b9a384>
Affected Software: Admin and Site Enhancements (ASE) CVE ID: CVE-2023-46630 CVSS Score: 7.5 (High) Researcher/s: Abu Hurayra Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0abad47f-a806-4cdd-a11f-015b997b5e86>
Affected Software: Post Meta Data Manager CVE ID: CVE-2023-5426 CVSS Score: 7.5 (High) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d6a7f882-4582-4b08-9597-329d140ad782>
Affected Software: 404 Solution CVE ID: CVE Unknown CVSS Score: 7.2 (High) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/14958861-305e-4a9b-b428-de204cd6781e>
Affected Software: ImageLinks Interactive Image Builder for WordPress CVE ID: CVE Unknown CVSS Score: 7.2 (High) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9f678700-f266-4740-a98d-19f8e9734563>
Affected Software: GD Security Headers CVE ID: CVE Unknown CVSS Score: 7.2 (High) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b556bb3b-0fea-48a9-a893-3ad015559f3d>
Affected Software: Booking calendar, Appointment Booking System CVE ID: CVE Unknown CVSS Score: 7.2 (High) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/caa39613-aaf3-4e47-8866-8fda1f7fc15b>
Affected Software: Mail logging – WP Mail Catcher CVE ID: CVE Unknown CVSS Score: 7.2 (High) Researcher/s: Muhammad Daffa Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f3ebbf7f-61f2-403f-8131-8cedeb13c2d4>
Affected Software: ICS Calendar CVE ID: CVE-2023-46784 CVSS Score: 6.5 (Medium) Researcher/s: Muhammad Daffa Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0f18a1c5-a0b7-49f9-acc1-5604304fd72f>
Affected Software: WordPress CTA – WordPress Call To Action, Sticky CTA, Floating Buttons, Floating Tab Plugin CVE ID: CVE-2023-46644 CVSS Score: 6.5 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a65a1f25-04e5-4ca3-9b2d-1b78254a8871>
Affected Software: DoLogin Security CVE ID: CVE-2023-46608 CVSS Score: 6.5 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/af93f4f5-4c6d-4178-b7f7-c66c341bde87>
Affected Software: 10Web Booster – Website speed optimization, Cache & Page Speed optimizer CVE ID: CVE Unknown CVSS Score: 6.5 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e4d9c659-ec6a-43ca-b484-02afd06f3c13>
Affected Software: Product Recommendation Quiz for eCommerce CVE ID: CVE-2023-46631 CVSS Score: 6.5 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f10ae2b6-1580-418c-9cf7-e75ed71bb309>
Affected Software: VK Filter Search CVE ID: CVE-2023-5705 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/012946d4-82ce-48b9-9b9a-1fc49846dca6>
Affected Software: VK Blocks CVE ID: CVE-2023-5706 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/05dd7c96-7880-44a8-a06f-037bc627fd8d>
Affected Software: LiteSpeed Cache CVE ID: CVE-2023-4372 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/27026f0f-c85e-4409-9973-4b9cb8a90da5>
Affected Software: Animated Counters CVE ID: CVE-2023-5774 CVSS Score: 6.4 (Medium) Researcher/s: Dmitrii Ignatyev Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/33c2756d-c300-479f-b3aa-8f22c3a70278>
Affected Software: CallRail Phone Call Tracking CVE ID: CVE-2023-5051 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/35def866-7460-4cad-8d86-7b9e4905cbe4>
Affected Software: FareHarbor for WordPress CVE ID: CVE-2023-5252 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/42ad6fef-4280-45db-a3e2-6d7522751fa7>
Affected Software: Shortcode Menu CVE ID: CVE-2023-5565 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/438b9c13-4059-4671-ab4a-07a8cf6f6122>
Affected Software: Medialist CVE ID: CVE-2023-46640 CVSS Score: 6.4 (Medium) Researcher/s: Tien from VNPT-VCI Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/45c7f8fb-3fd0-425f-89a1-8971f67d5755>
Affected Software: Bellows Accordion Menu CVE ID: CVE-2023-5164 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/50283a4f-ea59-488a-bab0-dd6bc5718556>
Affected Software: WP Font Awesome CVE ID: CVE-2023-5127 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/59ee0b56-c11f-4951-aac0-8344200e4484>
Affected Software: Advanced Menu Widget CVE ID: CVE-2023-5085 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5da2dac6-940c-419e-853f-6cfd5d53d427>
Affected Software: BSK PDF Manager CVE ID: CVE-2023-5110 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/60de55c6-e4fa-453e-84bd-309f2887e3cb>
Affected Software: WDContactFormBuilder CVE ID: CVE-2023-5048 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7152253a-7bb8-4b5c-bffd-86e46df54b7e>
Affected Software: Magic Embeds CVE ID: CVE-2023-4799 CVSS Score: 6.4 (Medium) Researcher/s: Dmitrii Ignatyev Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/88ade7a7-da31-4752-b100-40dae81735b0>
Affected Software: Simple Shortcodes CVE ID: CVE-2023-5566 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a153d6b2-e3fd-42db-90ba-d899a07d60c1>
Affected Software: Grid Plus – Unlimited grid layout CVE ID: CVE-2023-5250 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a6407792-2c76-4149-a9f9-d53002135bec>
Affected Software: Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers CVE ID: CVE-2023-5049 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a6d663a9-3185-4c36-b9d1-878297965379>
Affected Software: Accordion CVE ID: CVE-2023-5666 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a8ada876-4a8b-494f-9132-d88a71b42c44>
Affected Software: Related Products for WooCommerce CVE ID: CVE-2023-5234 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a98498b8-9397-42e9-9c99-a576975c9ac9>
Affected Software: Live Chat with Facebook Messenger CVE ID: CVE-2023-5740 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/aa32a790-242f-4142-9f4d-e1b2a07045bb>
Affected Software: Buzzsprout Podcasting CVE ID: CVE-2023-5335 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/be7f8b73-801d-46e8-81c1-8bb0bb576700>
Affected Software: Weather Atlas Widget CVE ID: CVE-2023-5163 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c2324caa-f804-4f76-9d08-8951fbee4669>
Affected Software: MomentoPress for Momento360 CVE ID: CVE-2023-46782 CVSS Score: 6.4 (Medium) Researcher/s: NGÔ THIÊN AN Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e0fdee40-9d60-4657-9e2b-42d548dea1c0>
Affected Software: Pre-Orders for WooCommerce CVE ID: CVE-2023-46783 CVSS Score: 6.4 (Medium) Researcher/s: Abu Hurayra Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/eb2776d8-1e2f-46fb-9d3b-693c8fa115b3>
Affected Software: Neon text CVE ID: CVE-2023-5817 CVSS Score: 6.4 (Medium) Researcher/s: Dmitrii Ignatyev Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f9998485-e272-48fc-b2f1-9e30158d0d16>
Affected Software: Very Simple Google Maps CVE ID: CVE-2023-5744 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fca7837c-ad24-44ce-b073-7df3f8bc4300>
Affected Software: Interactive Image Map Plugin – Draw Attention CVE ID: CVE-2023-46616 CVSS Score: 6.3 (Medium) Researcher/s: thiennv Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5d635669-ee85-4fb5-8238-3edb3bbb8fb4>
Affected Software: WordPress Simple HTML Sitemap CVE ID: CVE-2023-46627 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/26e52072-9465-4b56-9794-f17861b7c70c>
Affected Software: Bonus for Woo CVE ID: CVE-2023-5140 CVSS Score: 6.1 (Medium) Researcher/s: Enrico Marcolini, Claudio Marchesini Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2b959b65-16ad-45f9-9ad9-dfc97bda571e>
Affected Software: CloudNet360 CVE ID: CVE-2023-46643 CVSS Score: 6.1 (Medium) Researcher/s: Nithissh S Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/54b88702-ec41-414b-87f1-1859b130a713>
Affected Software: User Avatar CVE ID: CVE-2023-46621 CVSS Score: 6.1 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6903e37e-5251-47bb-8023-755821af4689>
Affected Software: Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More CVE ID: CVE Unknown CVSS Score: 6.1 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/947286b0-347f-47ab-885a-7805b50f0be8>
Affected Software: Seraphinite Accelerator CVE ID: CVE-2023-5609 CVSS Score: 6.1 (Medium) Researcher/s: Krzysztof Zając Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9dc90b13-2f36-45bc-991c-f1927ae9253d>
Affected Software: FLOWFACT WP Connector CVE ID: CVE-2023-46626 CVSS Score: 6.1 (Medium) Researcher/s: Jonas Höbenreich Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b4b61b5b-e5e8-41d4-bf37-d9427a204ea6>
Affected Software: Simple User Listing CVE ID: CVE-2023-32298 CVSS Score: 6.1 (Medium) Researcher/s: Emili Castells Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c7035903-d598-4db3-ba77-6e836229c5de>
Affected Software: WPPizza – A Restaurant Plugin CVE ID: CVE-2023-46622 CVSS Score: 6.1 (Medium) Researcher/s: SeungYongLee Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ccfdb5f5-8417-44a3-a27c-157a9619c68b>
Affected Software: Reusable Text Blocks CVE ID: CVE-2023-5745 CVSS Score: 5.5 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0d627ee7-1175-4621-a477-1e9ec2d05eee>
Affected Software: My Shortcodes CVE ID: CVE-2023-46632 CVSS Score: 5.4 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7a931496-f130-4910-9116-6c2c4df760f5>
Affected Software: Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress CVE ID: CVE-2023-46610 CVSS Score: 5.4 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8ea4617a-6211-4f8d-ab51-10ca509aaacf>
Affected Software: Seraphinite Accelerator CVE ID: CVE-2023-5610 CVSS Score: 5.4 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9d6dd532-008b-4ce9-beca-baf5b3678a0b>
Affected Software: WDSocialWidgets CVE ID: CVE-2023-46619 CVSS Score: 5.4 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a94accad-27c7-462b-b26f-0dde2036a7ba>
Affected Software: Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress CVE ID: CVE-2023-46610 CVSS Score: 5.4 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b6846688-5716-4b22-8a1d-b96b230b0742>
Affected Software: Grid Plus – Unlimited grid layout CVE ID: CVE-2023-5251 CVSS Score: 5.4 (Medium) Researcher/s: Unknown Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d2d34c84-473c-49f8-b55c-c869b5479974>
Affected Software: Alter CVE ID: CVE-2023-46780 CVSS Score: 5.4 (Medium) Researcher/s: Skalucy Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e58a45c4-06cb-4b2b-97f2-a614fc230942>
Affected Software: kk Star Ratings CVE ID: CVE-2023-46639 CVSS Score: 5.3 (Medium) Researcher/s: Revan Arifio Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1af442f7-b57c-47bd-9733-5e6bb5c89443>
Affected Software: Group Chat & Video Chat by AtomChat CVE ID: CVE-2023-46606 CVSS Score: 5.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/21f917a4-efee-421b-98b1-a9b18c7527d2>
Affected Software: YOP Poll CVE ID: CVE-2023-46611 CVSS Score: 5.3 (Medium) Researcher/s: qilin_99 Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/33f8f75d-c57e-456c-a48a-82fa668adb1c>
Affected Software: FeedFocal CVE ID: CVE-2023-46609 CVSS Score: 5.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/489fe6ac-5437-44a2-93dc-00e75eefbc45>
Affected Software: Convertful – Your Ultimate On-Site Conversion Tool CVE ID: CVE-2023-46605 CVSS Score: 5.3 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4e8c311e-7cf2-4aaf-8059-30f872475ee5>
Affected Software: All-In-One Security (AIOS) – Security and Firewall CVE ID: CVE Unknown CVSS Score: 5.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/63fc381e-ce72-4c90-bb35-daba520be40d>
Affected Software: Generate Dummy Posts CVE ID: CVE-2023-46637 CVSS Score: 5.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6d797f36-f485-4049-83f0-01d0cb409a92>
Affected Software: YITH WooCommerce Product Add-Ons CVE ID: CVE-2023-46635 CVSS Score: 5.3 (Medium) Researcher/s: Elliot Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7e95773c-b968-47b3-8ae7-9a8d3389666c>
Affected Software: WP Glossary CVE ID: CVE-2023-46633 CVSS Score: 5.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fca34e4e-3324-4942-854b-a4511f88af8b>
Affected Software: Delete Me CVE ID: CVE-2023-5126 CVSS Score: 4.9 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7a5123a7-8eb4-481e-88fe-6310be37a077>
Affected Software: Parcel Pro CVE ID: CVE-2023-46624 CVSS Score: 4.7 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/95d4fbf6-e21a-48db-bfb3-32fc9116afa0>
Affected Software: SAHU TikTok Pixel for E-Commerce CVE ID: CVE-2023-46642 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/28cddb4c-32a1-4ea9-936d-5ec7ffd84753>
Affected Software: PubyDoc – Data Tables and Charts CVE ID: CVE-2023-4970 CVSS Score: 4.4 (Medium) Researcher/s: Vaishnav Rajeevan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3badf9b8-7558-4a46-9eb2-cd119a77c903>
Affected Software: Slick Popup: Contact Form 7 Popup Plugin CVE ID: CVE Unknown CVSS Score: 4.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/54019f42-488d-484f-b34e-2b5bd5b0a1dd>
Affected Software: WP Post Popup CVE ID: CVE-2023-4808 CVSS Score: 4.4 (Medium) Researcher/s: Abhijith A Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5fe46da6-add5-42d4-a2db-7a8bada2968c>
Affected Software: Cookie Bar CVE ID: CVE Unknown CVSS Score: 4.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/80afca9d-8f9c-412f-b2dd-f0078ec8173c>
Affected Software: Fathom Analytics for WP CVE ID: CVE Unknown CVSS Score: 4.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d3343d96-ca52-46a6-b464-cd2e5375d10f>
Affected Software: WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg CVE ID: CVE-2023-40681 CVSS Score: 4.4 (Medium) Researcher/s: Hamoud Al Helmani Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/edafc213-a95f-483e-ac5f-d5b56817d046>
Affected Software: TK Google Fonts GDPR Compliant CVE ID: CVE-2023-5823 CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0bc772a6-95a1-4420-bd97-1778002e2168>
Affected Software: Custom Header Images CVE ID: CVE-2023-46636 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0beaa7ce-40aa-429e-80fd-d04e75489b92>
Affected Software: Autolinks Manager CVE ID: CVE-2023-46625 CVSS Score: 4.3 (Medium) Researcher/s: Skalucy Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2ec5d29e-43e2-4cd3-8164-94b01fab4d64>
Affected Software: Auto Excerpt everywhere CVE ID: CVE-2023-46776 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/32647c44-389a-4a6d-a32b-e19a35bc2aeb>
Affected Software: EasyRecipe CVE ID: CVE-2023-46779 CVSS Score: 4.3 (Medium) Researcher/s: Skalucy Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/35906df7-5eaf-494a-8184-48e2ca22301e>
Affected Software: Mediabay – Media Library Folders CVE ID: CVE-2023-46612 CVSS Score: 4.3 (Medium) Researcher/s: emad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3a923f58-f6c7-47ee-87f6-27453b39d1cf>
Affected Software: Remove Add to Cart WooCommerce CVE ID: CVE-2023-46629 CVSS Score: 4.3 (Medium) Researcher/s: qilin_99 Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4938c1be-2356-4a9c-9795-108a2d5a6cc7>
Affected Software: WP Word Count CVE ID: CVE-2023-46628 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/55dfd822-9034-4982-bfe7-eb86119e1f07>
Affected Software: WP Helper Premium CVE ID: CVE-2023-46614 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/73e2c5bd-c81d-48ee-a5fc-346dd820d0a4>
Affected Software: TK Google Fonts GDPR Compliant CVE ID: CVE-2023-5823 CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7546b0b7-8081-4762-9e20-76dfb3c8a8a7>
Affected Software: Export WP Page to Static HTML/CSS CVE ID: CVE-2023-31077 CVSS Score: 4.3 (Medium) Researcher/s: konagash Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7781e20b-c258-4bfd-9050-75a50a335628>
Affected Software: Ni WooCommerce Sales Report CVE ID: CVE-2023-32299 CVSS Score: 4.3 (Medium) Researcher/s: Jonas Höbenreich Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7b509887-6d32-4e7f-bdff-fd4f6c76f6f2>
Affected Software: WP EXtra CVE ID: CVE-2023-5314 CVSS Score: 4.3 (Medium) Researcher/s: TP Cyber Security Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/93c10a58-c5f2-440b-a88e-5314143fdd90>
Affected Software: Original texts Yandex WebMaster CVE ID: CVE-2023-46775 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a9c500fc-0d85-41b1-a2b8-9c8ba372a6e3>
Affected Software: WordPress Knowledge base & Documentation Plugin – WP Knowledgebase CVE ID: CVE-2023-5802 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/aa5ee133-e38a-4dfe-975c-f194aa6e90b8>
Affected Software: Custom Login Page | Temporary Users | Rebrand Login | Login Captcha CVE ID: CVE-2023-46777 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b1a85bc2-0b00-4635-86f6-26e96cc0616e>
Affected Software: DeepL API translation plugin CVE ID: CVE-2023-46620 CVSS Score: 4.3 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b60cb1af-c9f3-4cea-9699-d66a52eb87eb>
Affected Software: Thumbnail carousel slider CVE ID: CVE-2023-5821 CVSS Score: 4.3 (Medium) Researcher/s: Ala Arfaoui Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bde75c5a-b0b7-4f26-91e9-dd4816e276c9>
Affected Software: WP iCal Availability CVE ID: CVE-2023-46607 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c38ac30d-95dc-415e-8ea6-507ed87d34db>
Affected Software: Seraphinite Accelerator CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d2b32fdc-b73f-48e5-88bf-e836ec2f791f>
Affected Software: WCP OpenWeather CVE ID: CVE-2023-46638 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d5b573e2-373f-41bc-8d9a-ea42e908ac4e>
Affected Software: Current Menu Item for Custom Post Types CVE ID: CVE-2023-46781 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d75f1475-fa81-4eed-87da-0a0fa48ac082>
Affected Software: Category SEO Meta Tags CVE ID: CVE-2023-46618 CVSS Score: 4.3 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/de6048e7-75c6-44b1-bc68-e36dce936c78>
Affected Software: Custom My Account for Woocommerce CVE ID: CVE-2023-46634 CVSS Score: 4.3 (Medium) Researcher/s: qilin_99 Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fd00c5cc-1a28-4d94-815d-46219ce0e0e9>
Affected Software: Auto Limit Posts Reloaded CVE ID: CVE-2023-46778 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fedf20b2-6c21-4c91-8f79-9cac334a1313>
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (October 23, 2023 to October 29, 2023) appeared first on Wordfence.