9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
79.8%
Last week, there were 139 vulnerabilities disclosed in 105 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 47 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface and vulnerability API are completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
_Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published. _
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Patch Status | Number of Vulnerabilities |
---|---|
Unpatched | 47 |
Patched | 92 |
Severity Rating | Number of Vulnerabilities |
---|---|
Low Severity | 2 |
Medium Severity | 119 |
High Severity | 13 |
Critical Severity | 5 |
Vulnerability Type by CWE | Number of Vulnerabilities |
---|---|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 64 |
Cross-Site Request Forgery (CSRF) | 31 |
Missing Authorization | 23 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 8 |
Deserialization of Untrusted Data | 2 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 2 |
URL Redirection to Untrusted Site ('Open Redirect') | 2 |
Use of Less Trusted Source | 1 |
Incorrect Authorization | 1 |
Unrestricted Upload of File with Dangerous Type | 1 |
Improper Authorization | 1 |
Authorization Bypass Through User-Controlled Key | 1 |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') | 1 |
Unverified Password Change | 1 |
Researcher Name | Number of Vulnerabilities |
---|---|
Lana Codes | |
Wordfence Vulnerability Researcher | 14 |
Rafie Muhammad | 12 |
minhtuanact | 7 |
thiennv | 6 |
Dave Jong | 5 |
Mika | 5 |
apple502j | 4 |
Rio Darmawan | 4 |
Abdi Pranata | 4 |
yuyudhn | 4 |
Marco Wotschka | |
Wordfence Vulnerability Researcher | 4 |
Taihei Shimamine | 4 |
Alex Thomas | |
Wordfence Vulnerability Researcher | 4 |
Pavak Tiwari | 3 |
Lokesh Dachepalli | 3 |
Darius Sveikauskas | 2 |
OZ1NG (TOOR, LISA) | 2 |
Justiice | 2 |
konagash | 2 |
Jonas Höbenreich | 2 |
Yash Kanchhal | 2 |
Nguyen Xuan Chien | 2 |
Chloe Chamberland | |
Wordfence Vulnerability Researcher | 2 |
Yuki Haruma | 1 |
Taurus Omar | 1 |
Nguyen Anh Tien | 1 |
Ilyase Dehy | 1 |
Aymane Mazguiti | 1 |
Emili Castells | 1 |
LEE SE HYOUNG | 1 |
rezaduty | 1 |
Le Ngoc Anh | 1 |
Monkey Wrench Inc. | 1 |
deokhunKim | 1 |
Simone Onofri | 1 |
Donato Onofri | 1 |
Skalucy | 1 |
Badromance 1337 | 1 |
Johan Kragt | 1 |
Felipe Restrepo Rodriguez | 1 |
WPScanTeam | 1 |
Erwan LR | 1 |
Mahesh Nagabhairava | 1 |
rSolutions Security Team | 1 |
easyBug | 1 |
Shuya Ota | 1 |
TEAM WEBoB of BoB 11th | 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
Software Name | Software Slug |
---|---|
10Web Social Post Feed | wd-facebook-feed |
Active Directory Integration / LDAP Integration | ldap-login-for-intranet-sites |
Add Posts to Pages | add-posts-to-pages |
Announcement & Notification Banner – Bulletin | bulletin-announcements |
Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection | stopbadbots |
Block Referer Spam | block-referer-spam |
Booking Ultra Pro Appointments Booking Calendar Plugin | booking-ultra-pro |
Brands for WooCommerce | brands-for-woocommerce |
Button | button |
CALL ME NOW | lokalyze-call-now |
CM On Demand Search And Replace | cm-on-demand-search-and-replace |
Column-Matic | column-matic |
Community by PeepSo – Social Network, Membership, Registration, User Profiles | peepso-core |
Complianz – GDPR/CCPA Cookie Consent | complianz-gdpr |
Custom Base Terms | custom-base-terms |
Custom Field Suite | custom-field-suite |
DBargain | d-bargain |
DevBuddy Twitter Feed | devbuddy-twitter-feed |
Directorist – WordPress Business Directory Plugin with Classified Ads Listings | directorist |
Don8 | don8 |
Donations Made Easy – Smart Donations | smart-donations |
Download Manager | download-manager |
Download Monitor | download-monitor |
Dyslexiefont Free | dyslexiefont |
Easy Form by AYS | easy-form |
Easy Hide Login | easy-hide-login |
Elementor Website Builder | elementor |
Essential Addons for Elementor | essential-addons-for-elementor-lite |
ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) | google-analytics-dashboard-for-wp |
Featured Image Pro Post Grid | featured-image-pro |
Forget About Shortcode Buttons | forget-about-shortcode-buttons |
Free WordPress Lead Generation Opt in, Free Popups, Generated Lead Email Popup, Exit-Intent Popup – NotifyVisitors | notifyvisitors-lead-form |
Frontend Post WordPress Plugin – AccessPress Anonymous Post | accesspress-anonymous-post |
GTmetrix for WordPress | gtmetrix-for-wordpress |
Get your number | get-your-number |
GiveWP – Donation Plugin and Fundraising Platform | give |
Google Site Verification plugin using Meta Tag | google-site-verification-using-meta-tag |
Hide My WP Ghost – Security Plugin | hide-my-wp |
Hostel | hostel |
Hyphenator | hyphenator |
Injection Guard | injection-guard |
LetterPress – E-Mail campaigns, marketing and newsletter Plugin for WordPress | letterpress |
Link Whisper Free | link-whisper |
Locatoraid Store Locator | locatoraid |
MW WP Form | mw-wp-form |
MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder | mailchimp-subscribe-sm |
Manager for Icomoon | manager-for-icomoon |
MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) | google-analytics-for-wordpress |
My WP Customize Admin/Frontend | my-wp |
Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue | mailin |
Order Your Posts Manually | order-your-posts-manually |
Owl Carousel | owl-carousel |
Pinterest RSS Widget | pinterest-rss-widget |
Portfolio Gallery – Responsive Image Gallery | gallery-portfolio |
Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User Submissions | buddyforms |
Post Snippets – Custom WordPress Code Snippets Customizer | post-snippets |
Post State Tags | post-state-tags |
Pricing Table Builder – AP Pricing Tables Lite | ap-pricing-tables-lite |
Pro Mime Types | pro-mime-types |
Product page shipping calculator for WooCommerce | product-page-shipping-calculator-for-woocommerce |
QuBot – Chatbot Builder with Templates | qubotchat |
Quick Page/Post Redirect Plugin | quick-pagepost-redirect-plugin |
Radio Station by netmix® – Manage and play your Show Schedule in WordPress! | radio-station |
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | custom-registration-form-builder-with-submission-manager |
Restaurant Menu – Food Ordering System – Table Reservation | menu-ordering-reservations |
SALERT – Fake Sales Notification WooCommerce | salert |
SEO by 10Web | seo-by-10web |
ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization | shortpixel-adaptive-images |
Simple Calendar – Google Calendar Plugin | google-calendar-events |
Slimstat Analytics | wp-slimstat |
Snow Monkey Forms | snow-monkey-forms |
SoundCloud Is Gold | soundcloud-is-gold |
Sunny Search | fast-search-powered-by-solr |
Team Circle Image Slider With Lightbox | circle-image-slider-with-lightbox |
Ultimate Addons for Contact Form 7 | ultimate-addons-for-contact-form-7 |
VK All in One Expansion Unit | vk-all-in-one-expansion-unit |
VK Blocks | vk-blocks |
VK Blocks Pro | vk-blocks-pro |
WCP Contact Form | wcp-contact-form |
WP Abstracts | wp-abstracts-manuscripts-manager |
WP All Backup | wp-all-backup |
WP Category Post List Widget | wp-category-posts-list |
WP Chinese Conversion | wp-chinese-conversion |
WP Multi Store Locator | wp-multi-store-locator |
WP Reactions Lite | wp-reactions-lite |
WP Register Profile With Shortcode | wp-register-profile-with-shortcode |
WP Replicate Post | wp-replicate-post |
WP Responsive Tabs horizontal vertical and accordion Tabs | responsive-horizontal-vertical-and-accordion-tabs |
WP-Chatbot for Messenger | wp-chatbot |
WPCS – WordPress Currency Switcher Professional | currency-switcher |
Web Stories for WordPress | UNKNOWN-CVE-2023-1979-1 |
Whydonate – FREE Donate button – Crowdfunding – Fundraising | wp-whydonate |
Wise Chat | wise-chat |
Woo Custom Emails | woo-custom-emails |
Woodmart Core | woodmart-core |
WordPress Online Booking and Scheduling Plugin – Bookly | bookly-responsive-appointment-booking-tool |
YITH WooCommerce Gift Cards Premium | yith-woocommerce-gift-cards-premium |
Yoast SEO Premium | wordpress-seo-premium |
Yoast SEO: Local | wpseo-local |
Zero Spam for WordPress | zero-spam |
eBecas | ebecas |
iframe popup | iframe-popup |
itemprop WP for SERP/SEO Rich snippets | itempropwp |
weebotLite | weebotlite |
wordpress vertical image slider plugin | wp-vertical-image-slider |
Software Name | Software Slug |
---|---|
Divi | Divi |
Woodmart | woodmart |
Affected Software: Woodmart Core CVE ID: CVE-2023-32244 CVSS Score: 9.8 (Critical) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/60f043e9-7947-4fff-a9a8-94a1f421db7c>
Affected Software: Manager for Icomoon CVE ID: CVE-2023-29386 CVSS Score: 9.8 (Critical) Researcher/s: deokhunKim Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/854ab1f3-5f7c-40a4-85a5-db4e20dc72cc>
Affected Software: Essential Addons for Elementor CVE ID: CVE-2023-32243 CVSS Score: 9.8 (Critical) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e988d042-147c-4782-b728-71f5a50cecd8>
Affected Software: Woodmart Core CVE ID: CVE-2023-32242 CVSS Score: 9.8 (Critical) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ef79e5a8-8bac-42b3-a064-6eea597701c9>
Affected Software: Ultimate Addons for Contact Form 7 CVE ID: CVE-2022-47586 CVSS Score: 9.8 (Critical) Researcher/s: minhtuanact Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f10e5eef-1ccf-4f98-b0e9-5ed05b3881a6>
Affected Software: WP Replicate Post CVE ID: CVE-2023-2237 CVSS Score: 8.8 (High) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/916e6f8b-cb29-4062-9a05-0337cfdb382a>
Affected Software: WordPress Online Booking and Scheduling Plugin – Bookly CVE ID: CVE-2023-26526 CVSS Score: 8.1 (High) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5a7609bf-5b20-440c-9984-eeb26962ada8>
Affected Software: Booking Ultra Pro Appointments Booking Calendar Plugin CVE ID: CVE-2023-32511 CVSS Score: 7.2 (High) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/01370a71-2611-4826-b08b-485839ca606a>
Affected Software: Zero Spam for WordPress CVE ID: CVE Unknown CVSS Score: 7.2 (High) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/03d8b8e7-5702-42d4-8cd9-ae3ff1a74a7e>
Affected Software: Active Directory Integration / LDAP Integration CVE ID: CVE-2023-2484 CVSS Score: 7.2 (High) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3eedc57b-79cc-4569-b6d6-676a22aa1e06>
Affected Software: Slimstat Analytics CVE ID: CVE-2022-45373 CVSS Score: 7.2 (High) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6334b02e-ffab-49f9-969b-d015c2babc29>
Affected Software: Order Your Posts Manually CVE ID: CVE-2023-32508 CVSS Score: 7.2 (High) Researcher/s: minhtuanact Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/66da0ad7-18a3-42b9-b59a-5927c6bc836b>
Affected Software: Pricing Table Builder – AP Pricing Tables Lite CVE ID: CVE-2023-0900 CVSS Score: 7.2 (High) Researcher/s: Simone Onofri, Donato Onofri Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/869e57f8-7524-497a-8d24-bb9f2ee3898b>
Affected Software: WP Chinese Conversion CVE ID: CVE-2023-32518 CVSS Score: 7.2 (High) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/95c47c7b-df83-43ee-9091-136b6622e88c>
Affected Software: Zero Spam for WordPress CVE ID: CVE-2023-32121 CVSS Score: 7.2 (High) Researcher/s: OZ1NG (TOOR, LISA) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d7576dd9-198b-49a7-950e-fc301e4bc5f8>
Affected Software: QuBot – Chatbot Builder with Templates CVE ID: CVE Unknown CVSS Score: 7.2 (High) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/dd27aeb9-4257-4b15-8f14-8a8c89522c32>
Affected Software: Directorist – WordPress Business Directory Plugin with Classified Ads Listings CVE ID: CVE-2023-2252 CVSS Score: 7.2 (High) Researcher/s: rSolutions Security Team Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e571ded0-ea7a-40ec-b90b-c5009b463d87>
Affected Software: Booking Ultra Pro Appointments Booking Calendar Plugin CVE ID: CVE-2023-32236 CVSS Score: 7.2 (High) Researcher/s: TEAM WEBoB of BoB 11th Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fd8fb3e9-34eb-4b37-9a7e-00309a1ca81d>
Affected Software: GiveWP – Donation Plugin and Fundraising Platform CVE ID: CVE-2023-32513 CVSS Score: 6.6 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7fa8c406-e64d-4093-a102-436ecfb7dd76>
Affected Software: RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login CVE ID: CVE-2023-2548 CVSS Score: 6.6 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bfbc406b-49af-419e-adeb-0510794b7e3f>
Affected Software: YITH WooCommerce Gift Cards Premium CVE ID: CVE-2022-44633 CVSS Score: 6.5 (Medium) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1e77760b-4e61-462c-9245-0e40f161d565>
Affected Software: Portfolio Gallery – Responsive Image Gallery CVE ID: CVE-2023-32585 CVSS Score: 6.5 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2a4e66e0-85a6-4e9f-8ed7-b7ee8e75aae6>
Affected Software: Hide My WP Ghost – Security Plugin CVE ID: CVE-2022-4537 CVSS Score: 6.5 (Medium) Researcher/s: rezaduty Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4cf89f94-587a-4fed-a6e4-3876b7dbc9ba>
Affected Software: Pro Mime Types CVE ID: CVE Unknown CVSS Score: 6.5 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f68ac2b8-33dc-4cc2-b0f3-8777450e39f9>
Affected Software/s: VK Blocks Pro, VK Blocks CVE ID: CVE-2023-27925 CVSS Score: 6.4 (Medium) Researcher/s: apple502j Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/03d05c74-da50-4175-86f5-f39a89dbffd4>
Affected Software: Add Posts to Pages CVE ID: CVE-2023-23826 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/139b081d-17b1-4e1f-9d22-cf3f9de123f5>
Affected Software: WP Category Post List Widget CVE ID: CVE-2023-23828 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/15d61530-5ef9-4dce-8ace-6d8cc07c7b5e>
Affected Software: VK All in One Expansion Unit CVE ID: CVE-2023-28367 CVSS Score: 6.4 (Medium) Researcher/s: apple502j Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1da39f3d-512c-49e0-89cb-672783e5ca4e>
Affected Software: Pinterest RSS Widget CVE ID: CVE-2023-23877 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1ec186b0-72f0-4017-ad24-1c82247a23ec>
Affected Software: Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User Submissions CVE ID: CVE-2023-25981 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/20793de1-468f-4b9d-8e1f-b05dc204c0fb>
Affected Software: VK All in One Expansion Unit CVE ID: CVE-2023-27926 CVSS Score: 6.4 (Medium) Researcher/s: apple502j Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/40c5dd26-6063-4ab2-a370-464e84d806b7>
Affected Software: SALERT – Fake Sales Notification WooCommerce CVE ID: CVE-2023-32118 CVSS Score: 6.4 (Medium) Researcher/s: Jonas Höbenreich Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6748841a-0984-4840-90ba-0eeff8564198>
Affected Software: ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) CVE ID: CVE-2023-23880 CVSS Score: 6.4 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/687c86af-915e-4028-910e-ab83bcd86a1a>
Affected Software: Brands for WooCommerce CVE ID: CVE-2023-23667 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6b6dc426-7066-46fb-886a-0bf005829abf>
Affected Software: Owl Carousel CVE ID: CVE-2023-23829 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/92bcdbd9-1f41-4990-9bea-587fb0e7355a>
Affected Software: Download Manager CVE ID: CVE-2023-2305 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a66bc196-e5f8-46b4-a81c-c888eb64021c>
Affected Software: WP Multi Store Locator CVE ID: CVE-2023-0152 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b9da31ff-4173-4aee-a3a6-8eebaa0d71ab>
Affected Software: WPCS – WordPress Currency Switcher Professional CVE ID: CVE-2023-2558 CVSS Score: 6.4 (Medium) Researcher/s: Alex Thomas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/be054481-89b4-47d8-ad06-8622edea367f>
Affected Software: Divi CVE ID: CVE-2023-29099 CVSS Score: 6.4 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c01cbc25-bdf7-4525-8c7b-194bd0aeb32b>
Affected Software: MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) CVE ID: CVE-2023-23999 CVSS Score: 6.4 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c87a80ad-27bf-404d-8adf-9acc91354515>
Affected Software/s: VK Blocks Pro, VK Blocks CVE ID: CVE-2023-27923 CVSS Score: 6.4 (Medium) Researcher/s: apple502j Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e01f5bd8-de0f-48aa-8007-61a0ebd0ebf3>
Affected Software: Locatoraid Store Locator CVE ID: CVE-2023-32576 CVSS Score: 6.4 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e40cba5c-455c-44ba-bba2-c825697b837a>
Affected Software: Woodmart CVE ID: CVE-2023-32239 CVSS Score: 6.4 (Medium) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f9a60c4e-a524-4a99-858a-14787f37d60c>
Affected Software: Announcement & Notification Banner – Bulletin CVE ID: CVE-2023-2067 CVSS Score: 6.3 (Medium) Researcher/s: Chloe Chamberland Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b808450f-0ebf-4c49-a9e3-f1c1f2b1f632>
Affected Software: Announcement & Notification Banner – Bulletin CVE ID: CVE-2023-2066 CVSS Score: 6.3 (Medium) Researcher/s: Chloe Chamberland Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d242a466-0611-4e64-8145-29f64100e62b>
Affected Software: Complianz – GDPR/CCPA Cookie Consent CVE ID: CVE Unknown CVSS Score: 6.1 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1034f0f4-52e4-4f4c-81fc-51b4720f306a>
Affected Software: Featured Image Pro Post Grid CVE ID: CVE-2023-32598 CVSS Score: 6.1 (Medium) Researcher/s: OZ1NG (TOOR, LISA) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1efb9215-542b-46a1-b358-f3d27339a920>
Affected Software: Team Circle Image Slider With Lightbox CVE ID: CVE-2023-2604 CVSS Score: 6.1 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2627ac2b-25a8-480d-ac83-ee0ca323b3a1>
Affected Software: Radio Station by netmix® – Manage and play your Show Schedule in WordPress! CVE ID: CVE-2023-32499 CVSS Score: 6.1 (Medium) Researcher/s: minhtuanact Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/36b2992d-4d1b-456d-94a0-54794ba59435>
Affected Software: WP Abstracts CVE ID: CVE-2023-29385 CVSS Score: 6.1 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/495df695-864e-4a77-bcd1-d1845c55a6c9>
Affected Software: wordpress vertical image slider plugin CVE ID: CVE-2023-24413 CVSS Score: 6.1 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/59c40a86-ea1c-4015-ac47-2b7b91cc3519>
Affected Software: Restaurant Menu – Food Ordering System – Table Reservation CVE ID: CVE-2023-32516 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/640f0b06-9af2-4b79-8f87-97f93b2c51c0>
Affected Software: Donations Made Easy – Smart Donations CVE ID: CVE-2023-32603 CVSS Score: 6.1 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7cce2f9f-5f47-4e10-a846-0aab4bcad616>
Affected Software: Slimstat Analytics CVE ID: CVE-2022-45366 CVSS Score: 6.1 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/875c6474-5bf3-4556-b529-299cd2f65afe>
Affected Software: Order Your Posts Manually CVE ID: CVE-2023-32510 CVSS Score: 6.1 (Medium) Researcher/s: minhtuanact Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8d98a961-bef3-4bce-b493-410eee688bc6>
Affected Software: Complianz – GDPR/CCPA Cookie Consent CVE ID: CVE Unknown CVSS Score: 6.1 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9ef8f39e-6e5d-4ef6-a81d-0b2be3506ec1>
Affected Software: MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder CVE ID: CVE-2023-32517 CVSS Score: 6.1 (Medium) Researcher/s: minhtuanact Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/aba1ca3a-a937-400b-b175-2ca4e67a107d>
Affected Software: GTmetrix for WordPress CVE ID: CVE-2023-32503 CVSS Score: 6.1 (Medium) Researcher/s: thiennv Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/abe50539-f6a9-476a-a408-4f94f7f31fcc>
Affected Software: Yoast SEO: Local CVE ID: CVE-2023-32300 CVSS Score: 6.1 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b239185f-c368-4768-8f6a-ef9bc593929d>
Affected Software: Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue CVE ID: CVE Unknown CVSS Score: 6.1 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b6ad08fb-d029-4f84-818c-911ae2d97f33>
Affected Software: 10Web Social Post Feed CVE ID: CVE-2023-2503 CVSS Score: 6.1 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/db959eaf-300c-4ecd-ac15-216a17ec5a50>
Affected Software: WP Responsive Tabs horizontal vertical and accordion Tabs CVE ID: CVE-2023-24409 CVSS Score: 6.1 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/de331d1d-b2f8-4cc6-a998-779595eca70c>
Affected Software: Post State Tags CVE ID: CVE-2023-32588 CVSS Score: 5.4 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2a938325-45f5-455b-b2b7-e19e6e22cd0c>
Affected Software: WP-Chatbot for Messenger CVE ID: CVE-2023-32581 CVSS Score: 5.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/432df51f-2855-4bf2-8be1-77a893e3aa29>
Affected Software: Hyphenator CVE ID: CVE-2023-32594 CVSS Score: 5.4 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6b87f741-4115-4ded-8dff-dc36cfdf1df1>
Affected Software: ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization CVE ID: CVE-2023-32512 CVSS Score: 5.4 (Medium) Researcher/s: konagash Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/94ed918c-8f6f-4e1f-ab1d-e16632831951>
Affected Software: Elementor Website Builder CVE ID: CVE Unknown CVSS Score: 5.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b66e2537-f187-4237-b248-f8a361f9cb00>
Affected Software: Complianz – GDPR/CCPA Cookie Consent CVE ID: CVE Unknown CVSS Score: 5.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c1c106e8-9642-4294-90fd-6838cc551b90>
Affected Software: Order Your Posts Manually CVE ID: CVE-2023-32509 CVSS Score: 5.4 (Medium) Researcher/s: minhtuanact Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d5688bb7-cd2d-42c6-b8cf-d908448ccfc1>
Affected Software: Download Monitor CVE ID: CVE-2022-45354 CVSS Score: 5.4 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ddf67d69-f362-4380-a396-300c7edbd9f3>
Affected Software: WP All Backup CVE ID: CVE-2023-32583 CVSS Score: 5.4 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e087817e-9edb-4c93-96c6-e8d8e99d4d9b>
Affected Software: WCP Contact Form CVE ID: CVE-2023-32519 CVSS Score: 5.4 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f9844b47-427a-4f2f-9f42-00adcbcf133c>
Affected Software: WCP Contact Form CVE ID: CVE-2023-32520 CVSS Score: 5.3 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/17a4bd5c-0cd3-46e4-b6ee-edf87f0e92ca>
Affected Software: Link Whisper Free CVE ID: CVE-2023-32506 CVSS Score: 5.3 (Medium) Researcher/s: Nguyen Anh Tien Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/29b09367-6a27-4024-a71c-233aaee6c310>
Affected Software: Woo Custom Emails CVE ID: CVE-2023-32507 CVSS Score: 5.3 (Medium) Researcher/s: minhtuanact Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7ee1660e-10c0-447b-8562-c3af07997f56>
Affected Software: Snow Monkey Forms CVE ID: CVE-2023-28413 CVSS Score: 5.3 (Medium) Researcher/s: Monkey Wrench Inc. Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/83d935fc-7d7b-4c25-97f8-d3fe35307c7a>
Affected Software: Injection Guard CVE ID: CVE Unknown CVSS Score: 5.3 (Medium) Researcher/s: Darius Sveikauskas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a9c41797-b256-47de-a783-18df36dd2234>
Affected Software: Yoast SEO Premium CVE ID: CVE-2023-28775 CVSS Score: 5.3 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c54770f1-1409-4208-a4ab-0ff3dbc3835d>
Affected Software: MW WP Form CVE ID: CVE-2023-28409 CVSS Score: 5.3 (Medium) Researcher/s: Shuya Ota Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f7adeee0-30ff-4759-b42e-1ac2dea5a8a4>
Affected Software: WP Register Profile With Shortcode CVE ID: CVE-2023-23818 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0c20f87e-3670-444c-aa8a-28988dfe2fd9>
Affected Software: Post Snippets – Custom WordPress Code Snippets Customizer CVE ID: CVE-2023-25459 CVSS Score: 4.4 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0d10f5cd-d449-46f1-a347-f45a1db65999>
Affected Software: SEO by 10Web CVE ID: CVE-2023-2224 CVSS Score: 4.4 (Medium) Researcher/s: Taurus Omar Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1a850176-973c-49aa-a420-e379223b6dc3>
Affected Software: iframe popup CVE ID: CVE-2023-24394 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1d2c6f19-025e-4c17-b5d9-4bbddbaf66d1>
Affected Software: Get your number CVE ID: CVE-2023-2634 CVSS Score: 4.4 (Medium) Researcher/s: Ilyase Dehy, Aymane Mazguiti Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2fb9dc9f-1ba5-4a2c-bead-3c3a6deb61b1>
Affected Software: eBecas CVE ID: CVE-2023-32584 CVSS Score: 4.4 (Medium) Researcher/s: Pavak Tiwari Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/33770bfd-c481-4e18-838b-89a5fb5b15f0>
Affected Software: Product page shipping calculator for WooCommerce CVE ID: CVE-2023-32575 CVSS Score: 4.4 (Medium) Researcher/s: Emili Castells Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3663b35d-13ac-4d65-80bd-5800ed74f759>
Affected Software: Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection CVE ID: CVE-2023-32496 CVSS Score: 4.4 (Medium) Researcher/s: Taihei Shimamine Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/38e536a5-b538-498c-b19d-adda36f76164>
Affected Software: itemprop WP for SERP/SEO Rich snippets CVE ID: CVE-2023-23819 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5975a107-8083-4f9e-b2b2-8c6ae1ac8f39>
Affected Software: weebotLite CVE ID: CVE-2023-32596 CVSS Score: 4.4 (Medium) Researcher/s: Lokesh Dachepalli Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/66518929-d5e7-4b4d-a04c-a96ad0df308c>
Affected Software: My WP Customize Admin/Frontend CVE ID: CVE Unknown CVSS Score: 4.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6a830fb8-de5f-40c7-bb6c-464ed916b440>
Affected Software: Easy Hide Login CVE ID: CVE-2023-32505 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/745cf98c-ad3a-4ec9-9ee8-ae817d5d7358>
Affected Software: Easy Form by AYS CVE ID: CVE-2023-32498 CVSS Score: 4.4 (Medium) Researcher/s: Taihei Shimamine Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/765b09ef-dd6d-4c4e-a381-7bb0dc8d6652>
Affected Software: DevBuddy Twitter Feed CVE ID: CVE-2023-32577 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/92a20a1f-6403-4561-acd8-5b076fe2999f>
Affected Software: Button CVE ID: CVE-2023-23871 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9905517f-236c-4e98-8026-8d54bf64c7c9>
Affected Software: Custom Field Suite CVE ID: CVE-2023-32515 CVSS Score: 4.4 (Medium) Researcher/s: Taihei Shimamine Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9a15946b-c4df-43e8-9e1d-7a8367cfda6b>
Affected Software: Column-Matic CVE ID: CVE-2023-32578 CVSS Score: 4.4 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9dc640c8-3740-4770-b729-fb45ecec2b45>
Affected Software: Don8 CVE ID: CVE-2023-32582 CVSS Score: 4.4 (Medium) Researcher/s: Yash Kanchhal Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a9b2b094-9a2d-4c73-be5f-b2a6f3da9233>
Affected Software: Sunny Search CVE ID: CVE-2023-32595 CVSS Score: 4.4 (Medium) Researcher/s: Lokesh Dachepalli Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b977e3f8-46e7-4294-ab5c-e42e81c900e0>
Affected Software: Hostel CVE ID: CVE-2023-0545 CVSS Score: 4.4 (Medium) Researcher/s: Felipe Restrepo Rodriguez Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bb98b2ee-5c51-453f-9e55-52027237e732>
Affected Software: Quick Page/Post Redirect Plugin CVE ID: CVE-2023-25063 CVSS Score: 4.4 (Medium) Researcher/s: Justiice Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/be841d6b-e3b6-46d2-aba8-fee20c21e933>
Affected Software: LetterPress – E-Mail campaigns, marketing and newsletter Plugin for WordPress CVE ID: CVE-2023-27415 CVSS Score: 4.4 (Medium) Researcher/s: Pavak Tiwari Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d3f9e624-c176-403c-a3c5-7bd11027ebe5>
Affected Software: Free WordPress Lead Generation Opt in, Free Popups, Generated Lead Email Popup, Exit-Intent Popup – NotifyVisitors CVE ID: CVE-2023-27426 CVSS Score: 4.4 (Medium) Researcher/s: Pavak Tiwari Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/dad9b612-5575-4e64-a1b3-52a2cf3f05a7>
Affected Software: DBargain CVE ID: CVE-2023-32591 CVSS Score: 4.4 (Medium) Researcher/s: Mahesh Nagabhairava Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e3ab817c-3677-4251-adaf-f340bf4c5336>
Affected Software: Custom Base Terms CVE ID: CVE Unknown CVSS Score: 4.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e6292935-a67e-4b59-9b3c-0b71365193b7>
Affected Software: CALL ME NOW CVE ID: CVE-2023-32602 CVSS Score: 4.3 (Medium) Researcher/s: Yuki Haruma Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/05828bdc-74aa-4477-9178-f8cc6a34da42>
Affected Software: Complianz – GDPR/CCPA Cookie Consent CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/07300429-c445-4d2a-90aa-5072a17f8113>
Affected Software: Woodmart CVE ID: CVE-2023-32240 CVSS Score: 4.3 (Medium) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0e0e0c15-caf6-4166-a365-a2a73cd9ebc4>
Affected Software: SoundCloud Is Gold CVE ID: CVE-2023-32586 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/14b2fa77-dc51-47b4-913a-9129f95ba766>
Affected Software: Injection Guard CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Darius Sveikauskas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1a6bc58f-9cf3-4d3f-a10e-0ccde0b890a3>
Affected Software: Forget About Shortcode Buttons CVE ID: CVE-2023-32579 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/212dd123-42d4-4dd2-a2e2-bf0c43e805bf>
Affected Software: Simple Calendar – Google Calendar Plugin CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/248b74d3-5228-473d-a79a-743566898606>
Affected Software: Wise Chat CVE ID: CVE-2023-32504 CVSS Score: 4.3 (Medium) Researcher/s: Justiice Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2a9ed6f2-3def-420c-b6d5-6343fcd7b147>
Affected Software: Easy Hide Login CVE ID: CVE-2023-31075 CVSS Score: 4.3 (Medium) Researcher/s: konagash Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/42fff63c-62ec-466e-9a05-60d76f80039e>
Affected Software: Injection Guard CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4a5c4bef-f871-4e6b-9b6e-85079f1233a2>
Affected Software: WP Reactions Lite CVE ID: CVE-2023-32587 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/558b4b31-fd4f-4265-bddc-baf484d48fc5>
Affected Software: Injection Guard CVE ID: CVE-2023-32574 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5c6a9cfc-0b30-456e-bac5-4ad79cd08dce>
Affected Software: Web Stories for WordPress CVE ID: CVE-2023-1979 CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/63f2e02c-baa4-446c-bf1c-96ce099ad02e>
Affected Software: Complianz – GDPR/CCPA Cookie Consent CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/74f92bd4-c752-4620-b506-d7588ff2e586>
Affected Software: Yoast SEO: Local CVE ID: CVE-2023-28780 CVSS Score: 4.3 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7d536acc-b297-4acd-97e2-87eae2e2b95a>
Affected Software: Community by PeepSo – Social Network, Membership, Registration, User Profiles CVE ID: CVE-2023-32092 CVSS Score: 4.3 (Medium) Researcher/s: Skalucy Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8a8ac15a-9f9b-4bb8-81a4-1fdd11670a07>
Affected Software: Complianz – GDPR/CCPA Cookie Consent CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8edaf5ce-6a26-44cc-b4d8-e3b0ccfa9c11>
Affected Software: Sunny Search CVE ID: CVE-2023-32592 CVSS Score: 4.3 (Medium) Researcher/s: Lokesh Dachepalli Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9f1902e7-66e9-417f-97ba-4db766cf29f1>
Affected Software: Booking Ultra Pro Appointments Booking Calendar Plugin CVE ID: CVE-2023-32601 CVSS Score: 4.3 (Medium) Researcher/s: Badromance 1337 Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b1c0f8f3-22fe-4139-93bb-0e9bacf9dafb>
Affected Software: Download Manager CVE ID: CVE-2023-1524 CVSS Score: 4.3 (Medium) Researcher/s: Johan Kragt Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b48bc632-c825-48e0-8766-3ac59e5b87c6>
Affected Software: Pro Mime Types CVE ID: CVE-2023-32502 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b7db3d45-2b96-4ba4-b258-08ee5e0b947b>
Affected Software: WPCS – WordPress Currency Switcher Professional CVE ID: CVE-2023-2556 CVSS Score: 4.3 (Medium) Researcher/s: Alex Thomas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bc44c95e-9ca0-46d0-8315-72612ef3f855>
Affected Software: SALERT – Fake Sales Notification WooCommerce CVE ID: CVE-2023-32126 CVSS Score: 4.3 (Medium) Researcher/s: Jonas Höbenreich Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c9e45ae8-e5b5-460b-80f8-de562ae7c56a>
Affected Software: Frontend Post WordPress Plugin – AccessPress Anonymous Post CVE ID: CVE-2022-4946 CVSS Score: 4.3 (Medium) Researcher/s: WPScanTeam Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cc727156-28dc-4b0a-b777-52a1bbc72f79>
Affected Software: WPCS – WordPress Currency Switcher Professional CVE ID: CVE-2023-2557 CVSS Score: 4.3 (Medium) Researcher/s: Alex Thomas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d4c79242-5c89-40c0-abcc-c112f7a64a74>
Affected Software: Complianz – GDPR/CCPA Cookie Consent CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d5c704f9-4fcb-455e-a1c7-f48d47b12dec>
Affected Software: Dyslexiefont Free CVE ID: CVE-2023-32589 CVSS Score: 4.3 (Medium) Researcher/s: Yash Kanchhal Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d75f6c80-ffbf-47a5-9180-5153b705cb28>
Affected Software: WPCS – WordPress Currency Switcher Professional CVE ID: CVE-2023-2555 CVSS Score: 4.3 (Medium) Researcher/s: Alex Thomas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/dd6b5d6d-5f5b-4b38-a25a-02cc1c041d37>
Affected Software: Complianz – GDPR/CCPA Cookie Consent CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e7b81559-93a2-4e50-b213-0e22eea8a219>
Affected Software: Whydonate – FREE Donate button – Crowdfunding – Fundraising CVE ID: CVE-2023-29238 CVSS Score: 4.3 (Medium) Researcher/s: easyBug Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ec1461a9-4504-4e60-9e38-a7257666e699>
Affected Software: Google Site Verification plugin using Meta Tag CVE ID: CVE-2023-32514 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ecfdd114-b7bb-45bf-84df-a92f10b2fd81>
Affected Software: Complianz – GDPR/CCPA Cookie Consent CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f55af49e-82c8-462b-8c0b-a25e966a27af>
Affected Software: CM On Demand Search And Replace CVE ID: CVE-2023-28749 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fde1157b-5b99-4e9c-9c51-ebaa0eddfd73>
Affected Software: Block Referer Spam CVE ID: CVE-2023-32497 CVSS Score: 3.3 (Low) Researcher/s: Taihei Shimamine Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fd97fba9-513b-46e1-9613-2f64c4272f34>
Affected Software: Active Directory Integration / LDAP Integration CVE ID: CVE-2023-2599 CVSS Score: 3.1 (Low) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/74089b16-76fa-4654-9007-3f0c2e894894>
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (May 8, 2023 to May 14, 2023) appeared first on Wordfence.
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
79.8%