Chloe ChamberlandWORDFENCE:816A14B73D4323528E6EB1BC5763EE95Wordfence Intelligence Weekly WordPress Vulnerability Report (May 8, 2023 to May 14, 2023)
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
79.8%
Last week, there were 139 vulnerabilities disclosed in 105 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 47 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface and vulnerability API are completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
_Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published. _
New Firewall Rules Deployed Last Week
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
- Essential Addons for Elementor <= 5.7.1 - Unauthenticated Arbitrary Password Reset to Privilege Escalation
- This vulnerability is being actively exploited. We have blocked over 600 exploit attempts in the past 24 hours, and expect this to continue. You can read more about this here.
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
|---|---|
| Unpatched | 47 |
| Patched | 92 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
|---|---|
| Low Severity | 2 |
| Medium Severity | 119 |
| High Severity | 13 |
| Critical Severity | 5 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
|---|---|
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 64 |
| Cross-Site Request Forgery (CSRF) | 31 |
| Missing Authorization | 23 |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 8 |
| Deserialization of Untrusted Data | 2 |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 2 |
| URL Redirection to Untrusted Site ('Open Redirect') | 2 |
| Use of Less Trusted Source | 1 |
| Incorrect Authorization | 1 |
| Unrestricted Upload of File with Dangerous Type | 1 |
| Improper Authorization | 1 |
| Authorization Bypass Through User-Controlled Key | 1 |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') | 1 |
| Unverified Password Change | 1 |
Researchers That Contributed to WordPress Security Last Week
| Researcher Name | Number of Vulnerabilities |
|---|---|
| Lana Codes | |
| Wordfence Vulnerability Researcher | 14 |
| Rafie Muhammad | 12 |
| minhtuanact | 7 |
| thiennv | 6 |
| Dave Jong | 5 |
| Mika | 5 |
| apple502j | 4 |
| Rio Darmawan | 4 |
| Abdi Pranata | 4 |
| yuyudhn | 4 |
| Marco Wotschka | |
| Wordfence Vulnerability Researcher | 4 |
| Taihei Shimamine | 4 |
| Alex Thomas | |
| Wordfence Vulnerability Researcher | 4 |
| Pavak Tiwari | 3 |
| Lokesh Dachepalli | 3 |
| Darius Sveikauskas | 2 |
| OZ1NG (TOOR, LISA) | 2 |
| Justiice | 2 |
| konagash | 2 |
| Jonas Höbenreich | 2 |
| Yash Kanchhal | 2 |
| Nguyen Xuan Chien | 2 |
| Chloe Chamberland | |
| Wordfence Vulnerability Researcher | 2 |
| Yuki Haruma | 1 |
| Taurus Omar | 1 |
| Nguyen Anh Tien | 1 |
| Ilyase Dehy | 1 |
| Aymane Mazguiti | 1 |
| Emili Castells | 1 |
| LEE SE HYOUNG | 1 |
| rezaduty | 1 |
| Le Ngoc Anh | 1 |
| Monkey Wrench Inc. | 1 |
| deokhunKim | 1 |
| Simone Onofri | 1 |
| Donato Onofri | 1 |
| Skalucy | 1 |
| Badromance 1337 | 1 |
| Johan Kragt | 1 |
| Felipe Restrepo Rodriguez | 1 |
| WPScanTeam | 1 |
| Erwan LR | 1 |
| Mahesh Nagabhairava | 1 |
| rSolutions Security Team | 1 |
| easyBug | 1 |
| Shuya Ota | 1 |
| TEAM WEBoB of BoB 11th | 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| 10Web Social Post Feed | wd-facebook-feed |
| Active Directory Integration / LDAP Integration | ldap-login-for-intranet-sites |
| Add Posts to Pages | add-posts-to-pages |
| Announcement & Notification Banner – Bulletin | bulletin-announcements |
| Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection | stopbadbots |
| Block Referer Spam | block-referer-spam |
| Booking Ultra Pro Appointments Booking Calendar Plugin | booking-ultra-pro |
| Brands for WooCommerce | brands-for-woocommerce |
| Button | button |
| CALL ME NOW | lokalyze-call-now |
| CM On Demand Search And Replace | cm-on-demand-search-and-replace |
| Column-Matic | column-matic |
| Community by PeepSo – Social Network, Membership, Registration, User Profiles | peepso-core |
| Complianz – GDPR/CCPA Cookie Consent | complianz-gdpr |
| Custom Base Terms | custom-base-terms |
| Custom Field Suite | custom-field-suite |
| DBargain | d-bargain |
| DevBuddy Twitter Feed | devbuddy-twitter-feed |
| Directorist – WordPress Business Directory Plugin with Classified Ads Listings | directorist |
| Don8 | don8 |
| Donations Made Easy – Smart Donations | smart-donations |
| Download Manager | download-manager |
| Download Monitor | download-monitor |
| Dyslexiefont Free | dyslexiefont |
| Easy Form by AYS | easy-form |
| Easy Hide Login | easy-hide-login |
| Elementor Website Builder | elementor |
| Essential Addons for Elementor | essential-addons-for-elementor-lite |
| ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) | google-analytics-dashboard-for-wp |
| Featured Image Pro Post Grid | featured-image-pro |
| Forget About Shortcode Buttons | forget-about-shortcode-buttons |
| Free WordPress Lead Generation Opt in, Free Popups, Generated Lead Email Popup, Exit-Intent Popup – NotifyVisitors | notifyvisitors-lead-form |
| Frontend Post WordPress Plugin – AccessPress Anonymous Post | accesspress-anonymous-post |
| GTmetrix for WordPress | gtmetrix-for-wordpress |
| Get your number | get-your-number |
| GiveWP – Donation Plugin and Fundraising Platform | give |
| Google Site Verification plugin using Meta Tag | google-site-verification-using-meta-tag |
| Hide My WP Ghost – Security Plugin | hide-my-wp |
| Hostel | hostel |
| Hyphenator | hyphenator |
| Injection Guard | injection-guard |
| LetterPress – E-Mail campaigns, marketing and newsletter Plugin for WordPress | letterpress |
| Link Whisper Free | link-whisper |
| Locatoraid Store Locator | locatoraid |
| MW WP Form | mw-wp-form |
| MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder | mailchimp-subscribe-sm |
| Manager for Icomoon | manager-for-icomoon |
| MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) | google-analytics-for-wordpress |
| My WP Customize Admin/Frontend | my-wp |
| Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue | mailin |
| Order Your Posts Manually | order-your-posts-manually |
| Owl Carousel | owl-carousel |
| Pinterest RSS Widget | pinterest-rss-widget |
| Portfolio Gallery – Responsive Image Gallery | gallery-portfolio |
| Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User Submissions | buddyforms |
| Post Snippets – Custom WordPress Code Snippets Customizer | post-snippets |
| Post State Tags | post-state-tags |
| Pricing Table Builder – AP Pricing Tables Lite | ap-pricing-tables-lite |
| Pro Mime Types | pro-mime-types |
| Product page shipping calculator for WooCommerce | product-page-shipping-calculator-for-woocommerce |
| QuBot – Chatbot Builder with Templates | qubotchat |
| Quick Page/Post Redirect Plugin | quick-pagepost-redirect-plugin |
| Radio Station by netmix® – Manage and play your Show Schedule in WordPress! | radio-station |
| RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | custom-registration-form-builder-with-submission-manager |
| Restaurant Menu – Food Ordering System – Table Reservation | menu-ordering-reservations |
| SALERT – Fake Sales Notification WooCommerce | salert |
| SEO by 10Web | seo-by-10web |
| ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization | shortpixel-adaptive-images |
| Simple Calendar – Google Calendar Plugin | google-calendar-events |
| Slimstat Analytics | wp-slimstat |
| Snow Monkey Forms | snow-monkey-forms |
| SoundCloud Is Gold | soundcloud-is-gold |
| Sunny Search | fast-search-powered-by-solr |
| Team Circle Image Slider With Lightbox | circle-image-slider-with-lightbox |
| Ultimate Addons for Contact Form 7 | ultimate-addons-for-contact-form-7 |
| VK All in One Expansion Unit | vk-all-in-one-expansion-unit |
| VK Blocks | vk-blocks |
| VK Blocks Pro | vk-blocks-pro |
| WCP Contact Form | wcp-contact-form |
| WP Abstracts | wp-abstracts-manuscripts-manager |
| WP All Backup | wp-all-backup |
| WP Category Post List Widget | wp-category-posts-list |
| WP Chinese Conversion | wp-chinese-conversion |
| WP Multi Store Locator | wp-multi-store-locator |
| WP Reactions Lite | wp-reactions-lite |
| WP Register Profile With Shortcode | wp-register-profile-with-shortcode |
| WP Replicate Post | wp-replicate-post |
| WP Responsive Tabs horizontal vertical and accordion Tabs | responsive-horizontal-vertical-and-accordion-tabs |
| WP-Chatbot for Messenger | wp-chatbot |
| WPCS – WordPress Currency Switcher Professional | currency-switcher |
| Web Stories for WordPress | UNKNOWN-CVE-2023-1979-1 |
| Whydonate – FREE Donate button – Crowdfunding – Fundraising | wp-whydonate |
| Wise Chat | wise-chat |
| Woo Custom Emails | woo-custom-emails |
| Woodmart Core | woodmart-core |
| WordPress Online Booking and Scheduling Plugin – Bookly | bookly-responsive-appointment-booking-tool |
| YITH WooCommerce Gift Cards Premium | yith-woocommerce-gift-cards-premium |
| Yoast SEO Premium | wordpress-seo-premium |
| Yoast SEO: Local | wpseo-local |
| Zero Spam for WordPress | zero-spam |
| eBecas | ebecas |
| iframe popup | iframe-popup |
| itemprop WP for SERP/SEO Rich snippets | itempropwp |
| weebotLite | weebotlite |
| wordpress vertical image slider plugin | wp-vertical-image-slider |
WordPress Themes with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| Divi | Divi |
| Woodmart | woodmart |
Vulnerability Details
Woodmart Core <= 1.0.36 - Missing Authorization to Privilege Escalation
Affected Software: Woodmart Core CVE ID: CVE-2023-32244 CVSS Score: 9.8 (Critical) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/60f043e9-7947-4fff-a9a8-94a1f421db7c>
Manager for Icomoon <= 2.0 - Unauthenticated Arbitrary File Upload via 'upload'
Affected Software: Manager for Icomoon CVE ID: CVE-2023-29386 CVSS Score: 9.8 (Critical) Researcher/s: deokhunKim Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/854ab1f3-5f7c-40a4-85a5-db4e20dc72cc>
Essential Addons for Elementor <= 5.7.1 - Unauthenticated Arbitrary Password Reset to Privilege Escalation
Affected Software: Essential Addons for Elementor CVE ID: CVE-2023-32243 CVSS Score: 9.8 (Critical) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e988d042-147c-4782-b728-71f5a50cecd8>
Woodmart Core <= 1.0.36 - PHP Object Injection
Affected Software: Woodmart Core CVE ID: CVE-2023-32242 CVSS Score: 9.8 (Critical) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ef79e5a8-8bac-42b3-a064-6eea597701c9>
Ultimate Addons for Contact Form 7 <= 3.1.23 - Unauthenticated SQL Injection via form_id
Affected Software: Ultimate Addons for Contact Form 7 CVE ID: CVE-2022-47586 CVSS Score: 9.8 (Critical) Researcher/s: minhtuanact Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f10e5eef-1ccf-4f98-b0e9-5ed05b3881a6>
WP Replicate Post <= 4.0.2 - Authenticated (Contributor+) SQL Injection
Affected Software: WP Replicate Post CVE ID: CVE-2023-2237 CVSS Score: 8.8 (High) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/916e6f8b-cb29-4062-9a05-0337cfdb382a>
Bookly <= 21.7.1 - Arbitrary File Deletion
Affected Software: WordPress Online Booking and Scheduling Plugin – Bookly CVE ID: CVE-2023-26526 CVSS Score: 8.1 (High) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5a7609bf-5b20-440c-9984-eeb26962ada8>
Booking Ultra Pro <= 1.1.4 - Unauthenticated Stored Cross-Site Scripting
Affected Software: Booking Ultra Pro Appointments Booking Calendar Plugin CVE ID: CVE-2023-32511 CVSS Score: 7.2 (High) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/01370a71-2611-4826-b08b-485839ca606a>
Zero Spam for WordPress <= 5.4.4 - Authenticated(Administrator+) SQL Injection
Affected Software: Zero Spam for WordPress CVE ID: CVE Unknown CVSS Score: 7.2 (High) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/03d8b8e7-5702-42d4-8cd9-ae3ff1a74a7e>
Active Directory Integration / LDAP Integration <= 4.1.4 - Authenticated (Administrator+) SQL Injection
Affected Software: Active Directory Integration / LDAP Integration CVE ID: CVE-2023-2484 CVSS Score: 7.2 (High) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3eedc57b-79cc-4569-b6d6-676a22aa1e06>
Slimstat Analytics <= 5.0.4 - Authenticated (Administrator+) SQL Injection
Affected Software: Slimstat Analytics CVE ID: CVE-2022-45373 CVSS Score: 7.2 (High) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6334b02e-ffab-49f9-969b-d015c2babc29>
Order Your Posts Manually <= 2.2.5 - Authenticated (Administrator+) SQL Injection via 'sortdata'
Affected Software: Order Your Posts Manually CVE ID: CVE-2023-32508 CVSS Score: 7.2 (High) Researcher/s: minhtuanact Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/66da0ad7-18a3-42b9-b59a-5927c6bc836b>
AP Pricing Tables Lite <= 1.1.6 - Authenticated (Admin+) SQL Injection
Affected Software: Pricing Table Builder – AP Pricing Tables Lite CVE ID: CVE-2023-0900 CVSS Score: 7.2 (High) Researcher/s: Simone Onofri, Donato Onofri Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/869e57f8-7524-497a-8d24-bb9f2ee3898b>
WP Chinese Conversion <= 1.1.16 - Unauthenticated Stored Cross-Site Scripting
Affected Software: WP Chinese Conversion CVE ID: CVE-2023-32518 CVSS Score: 7.2 (High) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/95c47c7b-df83-43ee-9091-136b6622e88c>
Zero Spam <= 5.4.4 - Authenticated (Administrator+) SQL Injection
Affected Software: Zero Spam for WordPress CVE ID: CVE-2023-32121 CVSS Score: 7.2 (High) Researcher/s: OZ1NG (TOOR, LISA) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d7576dd9-198b-49a7-950e-fc301e4bc5f8>
QuBotChat <= 1.1.5 - Unauthenticated Stored Cross-Site Scripting
Affected Software: QuBot – Chatbot Builder with Templates CVE ID: CVE Unknown CVSS Score: 7.2 (High) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/dd27aeb9-4257-4b15-8f14-8a8c89522c32>
Directorist <= 7.5.3 - Authenticated (Administrator+) Local File Inclusion
Affected Software: Directorist – WordPress Business Directory Plugin with Classified Ads Listings CVE ID: CVE-2023-2252 CVSS Score: 7.2 (High) Researcher/s: rSolutions Security Team Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e571ded0-ea7a-40ec-b90b-c5009b463d87>
Booking Ultra Pro <= 1.1.4 - Unauthenticated Stored Cross-Site Scripting
Affected Software: Booking Ultra Pro Appointments Booking Calendar Plugin CVE ID: CVE-2023-32236 CVSS Score: 7.2 (High) Researcher/s: TEAM WEBoB of BoB 11th Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fd8fb3e9-34eb-4b37-9a7e-00309a1ca81d>
GiveWP <= 2.25.3 - Authenticated (Admin+) PHP Object Injection
Affected Software: GiveWP – Donation Plugin and Fundraising Platform CVE ID: CVE-2023-32513 CVSS Score: 6.6 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7fa8c406-e64d-4093-a102-436ecfb7dd76>
RegistrationMagic <= 5.2.0.5 - Authenticated (Admin+) Insecure Direct Object Reference to Arbitrary User Password Change
Affected Software: RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login CVE ID: CVE-2023-2548 CVSS Score: 6.6 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bfbc406b-49af-419e-adeb-0510794b7e3f>
YITH WooCommerce Gift Cards Premium <= 3.23.1 - Missing Authorization
Affected Software: YITH WooCommerce Gift Cards Premium CVE ID: CVE-2022-44633 CVSS Score: 6.5 (Medium) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1e77760b-4e61-462c-9245-0e40f161d565>
Portfolio Gallery – Responsive Image Gallery <= 1.4.5 - Missing Authorization to Arbitrary Gallery Deletion
Affected Software: Portfolio Gallery – Responsive Image Gallery CVE ID: CVE-2023-32585 CVSS Score: 6.5 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2a4e66e0-85a6-4e9f-8ed7-b7ee8e75aae6>
Hide My WP Ghost – Security Plugin <= 5.0.18 - IP Address Spoofing to Protection Mechanism Bypass
Affected Software: Hide My WP Ghost – Security Plugin CVE ID: CVE-2022-4537 CVSS Score: 6.5 (Medium) Researcher/s: rezaduty Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4cf89f94-587a-4fed-a6e4-3876b7dbc9ba>
Pro Mime Types - Manage file media types <= 1.0.7 - Cross-Site Request Forgery via pmt_settings_section_callback_tab_1
Affected Software: Pro Mime Types CVE ID: CVE Unknown CVSS Score: 6.5 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f68ac2b8-33dc-4cc2-b0f3-8777450e39f9>
VK Blocks <= 1.53.0.1 - Stored (Contributor+) Cross-Site Scripting in Post
Affected Software/s: VK Blocks Pro, VK Blocks CVE ID: CVE-2023-27925 CVSS Score: 6.4 (Medium) Researcher/s: apple502j Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/03d05c74-da50-4175-86f5-f39a89dbffd4>
Add Posts to Pages <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: Add Posts to Pages CVE ID: CVE-2023-23826 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/139b081d-17b1-4e1f-9d22-cf3f9de123f5>
WP Category Post List Widget <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
Affected Software: WP Category Post List Widget CVE ID: CVE-2023-23828 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/15d61530-5ef9-4dce-8ace-6d8cc07c7b5e>
VK All in One Expansion Unit <= 9.88.1.0 - Stored (Contributor+) Cross-Site Scripting in CTA Post
Affected Software: VK All in One Expansion Unit CVE ID: CVE-2023-28367 CVSS Score: 6.4 (Medium) Researcher/s: apple502j Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1da39f3d-512c-49e0-89cb-672783e5ca4e>
Pinterest RSS Widget <= 2.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: Pinterest RSS Widget CVE ID: CVE-2023-23877 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1ec186b0-72f0-4017-ad24-1c82247a23ec>
Post, Registration and Profile Form Builder – FrontEnd Editor BuddyForms – Easy WordPress Forms <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User Submissions CVE ID: CVE-2023-25981 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/20793de1-468f-4b9d-8e1f-b05dc204c0fb>
VK All in One Expansion Unit <= 9.88.1.0 - Stored (Contributor+) Cross-Site Scripting in Profile Setting
Affected Software: VK All in One Expansion Unit CVE ID: CVE-2023-27926 CVSS Score: 6.4 (Medium) Researcher/s: apple502j Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/40c5dd26-6063-4ab2-a370-464e84d806b7>
SALERT <= 1.2.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Affected Software: SALERT – Fake Sales Notification WooCommerce CVE ID: CVE-2023-32118 CVSS Score: 6.4 (Medium) Researcher/s: Jonas Höbenreich Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6748841a-0984-4840-90ba-0eeff8564198>
ExactMetrics <= 7.14.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Affected Software: ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) CVE ID: CVE-2023-23880 CVSS Score: 6.4 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/687c86af-915e-4028-910e-ab83bcd86a1a>
Brands for WooCommerce <= 3.7.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: Brands for WooCommerce CVE ID: CVE-2023-23667 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6b6dc426-7066-46fb-886a-0bf005829abf>
Owl Carousel <= 0.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
Affected Software: Owl Carousel CVE ID: CVE-2023-23829 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/92bcdbd9-1f41-4990-9bea-587fb0e7355a>
Download Manager <= 3.2.70 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: Download Manager CVE ID: CVE-2023-2305 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a66bc196-e5f8-46b4-a81c-c888eb64021c>
WP Multi Store Locator <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Affected Software: WP Multi Store Locator CVE ID: CVE-2023-0152 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b9da31ff-4173-4aee-a3a6-8eebaa0d71ab>
WPCS – WordPress Currency Switcher Professional <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: WPCS – WordPress Currency Switcher Professional CVE ID: CVE-2023-2558 CVSS Score: 6.4 (Medium) Researcher/s: Alex Thomas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/be054481-89b4-47d8-ad06-8622edea367f>
Divi <= 4.20.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Affected Software: Divi CVE ID: CVE-2023-29099 CVSS Score: 6.4 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c01cbc25-bdf7-4525-8c7b-194bd0aeb32b>
Google Analytics by Monster Insights <= 8.14.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Affected Software: MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) CVE ID: CVE-2023-23999 CVSS Score: 6.4 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c87a80ad-27bf-404d-8adf-9acc91354515>
VK Blocks <= 1.53.0.1 - Stored (Contributor+) Cross-Site Scripting in Tag Edit
Affected Software/s: VK Blocks Pro, VK Blocks CVE ID: CVE-2023-27923 CVSS Score: 6.4 (Medium) Researcher/s: apple502j Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e01f5bd8-de0f-48aa-8007-61a0ebd0ebf3>
Locatoraid Store Locator <= 3.9.18 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Affected Software: Locatoraid Store Locator CVE ID: CVE-2023-32576 CVSS Score: 6.4 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e40cba5c-455c-44ba-bba2-c825697b837a>
WoodMart <= 7.2.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Affected Software: Woodmart CVE ID: CVE-2023-32239 CVSS Score: 6.4 (Medium) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f9a60c4e-a524-4a99-858a-14787f37d60c>
Announcement & Notification Banner – Bulletin <= 3.7.0 - Cross-Site Request Forgery
Affected Software: Announcement & Notification Banner – Bulletin CVE ID: CVE-2023-2067 CVSS Score: 6.3 (Medium) Researcher/s: Chloe Chamberland Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b808450f-0ebf-4c49-a9e3-f1c1f2b1f632>
Announcement & Notification Banner – Bulletin <= 3.6.0 - Missing Authorization Checks
Affected Software: Announcement & Notification Banner – Bulletin CVE ID: CVE-2023-2066 CVSS Score: 6.3 (Medium) Researcher/s: Chloe Chamberland Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d242a466-0611-4e64-8145-29f64100e62b>
Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via ajax_script_save
Affected Software: Complianz – GDPR/CCPA Cookie Consent CVE ID: CVE Unknown CVSS Score: 6.1 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1034f0f4-52e4-4f4c-81fc-51b4720f306a>
Featured Image Pro Post Grid <= 5.14 - Reflected Cross-Site Scripting via page
Affected Software: Featured Image Pro Post Grid CVE ID: CVE-2023-32598 CVSS Score: 6.1 (Medium) Researcher/s: OZ1NG (TOOR, LISA) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1efb9215-542b-46a1-b358-f3d27339a920>
Team Circle Image Slider With Lightbox <= 1.0.17 - Reflected Cross-Site Scripting
Affected Software: Team Circle Image Slider With Lightbox CVE ID: CVE-2023-2604 CVSS Score: 6.1 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2627ac2b-25a8-480d-ac83-ee0ca323b3a1>
Radio Station <= 2.4.0.9 - Reflected Cross-Site Scripting
Affected Software: Radio Station by netmix® – Manage and play your Show Schedule in WordPress! CVE ID: CVE-2023-32499 CVSS Score: 6.1 (Medium) Researcher/s: minhtuanact Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/36b2992d-4d1b-456d-94a0-54794ba59435>
WP Abstracts <= 2.6.1 - Reflected Cross-Site Scripting
Affected Software: WP Abstracts CVE ID: CVE-2023-29385 CVSS Score: 6.1 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/495df695-864e-4a77-bcd1-d1845c55a6c9>
wordpress vertical image slider plugin <= 1.2.16 - Reflected Cross-Site Scripting
Affected Software: wordpress vertical image slider plugin CVE ID: CVE-2023-24413 CVSS Score: 6.1 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/59c40a86-ea1c-4015-ac47-2b7b91cc3519>
Menu - Ordering - Reservations <= 2.3.6 - Reflected Cross-Site Scripting via 'redirect'
Affected Software: Restaurant Menu – Food Ordering System – Table Reservation CVE ID: CVE-2023-32516 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/640f0b06-9af2-4b79-8f87-97f93b2c51c0>
Donations Made Easy – Smart Donations <= 4.0.12 - Reflected Cross-Site Scripting
Affected Software: Donations Made Easy – Smart Donations CVE ID: CVE-2023-32603 CVSS Score: 6.1 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7cce2f9f-5f47-4e10-a846-0aab4bcad616>
Slimstat Analytics <= 5.0.4 - Reflected Cross-Site Scripting
Affected Software: Slimstat Analytics CVE ID: CVE-2022-45366 CVSS Score: 6.1 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/875c6474-5bf3-4556-b529-299cd2f65afe>
Order Your Posts Manually <= 2.2.5 - Reflected Cross-Site Scripting via '_user_request'
Affected Software: Order Your Posts Manually CVE ID: CVE-2023-32510 CVSS Score: 6.1 (Medium) Researcher/s: minhtuanact Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8d98a961-bef3-4bce-b493-410eee688bc6>
Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via ajax_script_add
Affected Software: Complianz – GDPR/CCPA Cookie Consent CVE ID: CVE Unknown CVSS Score: 6.1 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9ef8f39e-6e5d-4ef6-a81d-0b2be3506ec1>
MailChimp Subscribe Forms <= 4.0.9.1 - Open Redirect
Affected Software: MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder CVE ID: CVE-2023-32517 CVSS Score: 6.1 (Medium) Researcher/s: minhtuanact Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/aba1ca3a-a937-400b-b175-2ca4e67a107d>
GTmetrix for WordPress <= 0.4.6 - Reflected Cross-Site Scripting via 'report_id' and 'event_id'
Affected Software: GTmetrix for WordPress CVE ID: CVE-2023-32503 CVSS Score: 6.1 (Medium) Researcher/s: thiennv Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/abe50539-f6a9-476a-a408-4f94f7f31fcc>
Yoast SEO: Local <= 14.8 - Reflected Cross-Site Scripting
Affected Software: Yoast SEO: Local CVE ID: CVE-2023-32300 CVSS Score: 6.1 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b239185f-c368-4768-8f6a-ef9bc593929d>
Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue <= 3.1.60 - Reflected Cross-Site Scripting via 'lang'
Affected Software: Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue CVE ID: CVE Unknown CVSS Score: 6.1 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b6ad08fb-d029-4f84-818c-911ae2d97f33>
10Web Social Post Feed <= 1.2.8 - Reflected Cross-Site Scripting
Affected Software: 10Web Social Post Feed CVE ID: CVE-2023-2503 CVSS Score: 6.1 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/db959eaf-300c-4ecd-ac15-216a17ec5a50>
WP Responsive Tabs horizontal vertical and accordion Tabs <= 1.1.15 - Reflected Cross-Site Scripting
Affected Software: WP Responsive Tabs horizontal vertical and accordion Tabs CVE ID: CVE-2023-24409 CVSS Score: 6.1 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/de331d1d-b2f8-4cc6-a998-779595eca70c>
Post State Tags <= 2.0.6 - Cross-Site Request Forgery to Settings Reset
Affected Software: Post State Tags CVE ID: CVE-2023-32588 CVSS Score: 5.4 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2a938325-45f5-455b-b2b7-e19e6e22cd0c>
WP-Chatbot for Messenger <= 4.7 - Missing Authorization
Affected Software: WP-Chatbot for Messenger CVE ID: CVE-2023-32581 CVSS Score: 5.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/432df51f-2855-4bf2-8be1-77a893e3aa29>
Hyphenator <= 5.1.5 - Cross-Site Request Forgery to Settings Update
Affected Software: Hyphenator CVE ID: CVE-2023-32594 CVSS Score: 5.4 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6b87f741-4115-4ded-8dff-dc36cfdf1df1>
ShortPixel Adaptive Images <= 3.7.1 - Cross-Site Request Forgery via shortpixel_ai_handle_page_action
Affected Software: ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization CVE ID: CVE-2023-32512 CVSS Score: 5.4 (Medium) Researcher/s: konagash Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/94ed918c-8f6f-4e1f-ab1d-e16632831951>
Elementor <= 3.13.1 - Missing Authorization to Settings Update
Affected Software: Elementor Website Builder CVE ID: CVE Unknown CVSS Score: 5.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b66e2537-f187-4237-b248-f8a361f9cb00>
Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via ajax_delete_snapshot
Affected Software: Complianz – GDPR/CCPA Cookie Consent CVE ID: CVE Unknown CVSS Score: 5.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c1c106e8-9642-4294-90fd-6838cc551b90>
Order Your Posts Manually <= 2.2.5 - Reflected Cross-Site Scripting via 'cat_id'
Affected Software: Order Your Posts Manually CVE ID: CVE-2023-32509 CVSS Score: 5.4 (Medium) Researcher/s: minhtuanact Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d5688bb7-cd2d-42c6-b8cf-d908448ccfc1>
Download Monitor <= 4.7.60 - Sensitive Information Exposure via REST API
Affected Software: Download Monitor CVE ID: CVE-2022-45354 CVSS Score: 5.4 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ddf67d69-f362-4380-a396-300c7edbd9f3>
WP All Backup <= 2.4.3 - Cross-Site Request Forgery to Backup Storage Modification
Affected Software: WP All Backup CVE ID: CVE-2023-32583 CVSS Score: 5.4 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e087817e-9edb-4c93-96c6-e8d8e99d4d9b>
WCP Contact Form <= 3.1.0 - Missing Authorization
Affected Software: WCP Contact Form CVE ID: CVE-2023-32519 CVSS Score: 5.4 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f9844b47-427a-4f2f-9f42-00adcbcf133c>
WCP Contact Form <= 3.1.0 - Missing Authorization via downloadCsv
Affected Software: WCP Contact Form CVE ID: CVE-2023-32520 CVSS Score: 5.3 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/17a4bd5c-0cd3-46e4-b6ee-edf87f0e92ca>
Link Whisper Free <= 0.6.3 - Missing Authorization via init()
Affected Software: Link Whisper Free CVE ID: CVE-2023-32506 CVSS Score: 5.3 (Medium) Researcher/s: Nguyen Anh Tien Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/29b09367-6a27-4024-a71c-233aaee6c310>
Woo Custom Emails <= 2.2 - Missing Authorization to Unauthenticated Settings Change
Affected Software: Woo Custom Emails CVE ID: CVE-2023-32507 CVSS Score: 5.3 (Medium) Researcher/s: minhtuanact Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7ee1660e-10c0-447b-8562-c3af07997f56>
Snow Monkey Forms <= 5.0.6 - Directory Traversal via 'view' REST endpiont
Affected Software: Snow Monkey Forms CVE ID: CVE-2023-28413 CVSS Score: 5.3 (Medium) Researcher/s: Monkey Wrench Inc. Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/83d935fc-7d7b-4c25-97f8-d3fe35307c7a>
Injection Guard <= 1.2.1 - Missing Authorization to Whitelist Update
Affected Software: Injection Guard CVE ID: CVE Unknown CVSS Score: 5.3 (Medium) Researcher/s: Darius Sveikauskas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a9c41797-b256-47de-a783-18df36dd2234>
Yoast SEO Premium <= 20.4 - Missing Authorization to Zapier Key Reset
Affected Software: Yoast SEO Premium CVE ID: CVE-2023-28775 CVSS Score: 5.3 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c54770f1-1409-4208-a4ab-0ff3dbc3835d>
MW WP Form <= 4.4.2 - Directory Traversal via _file_upload
Affected Software: MW WP Form CVE ID: CVE-2023-28409 CVSS Score: 5.3 (Medium) Researcher/s: Shuya Ota Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f7adeee0-30ff-4759-b42e-1ac2dea5a8a4>
WP Register Profile With Shortcode <= 3.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: WP Register Profile With Shortcode CVE ID: CVE-2023-23818 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0c20f87e-3670-444c-aa8a-28988dfe2fd9>
Post Snippets <= 4.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'snippet_content'
Affected Software: Post Snippets – Custom WordPress Code Snippets Customizer CVE ID: CVE-2023-25459 CVSS Score: 4.4 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0d10f5cd-d449-46f1-a347-f45a1db65999>
SEO By 10Web <= 1.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting
Affected Software: SEO by 10Web CVE ID: CVE-2023-2224 CVSS Score: 4.4 (Medium) Researcher/s: Taurus Omar Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1a850176-973c-49aa-a420-e379223b6dc3>
iframe popup <= 3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
Affected Software: iframe popup CVE ID: CVE-2023-24394 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1d2c6f19-025e-4c17-b5d9-4bbddbaf66d1>
Get Your Number <= 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Get your number CVE ID: CVE-2023-2634 CVSS Score: 4.4 (Medium) Researcher/s: Ilyase Dehy, Aymane Mazguiti Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2fb9dc9f-1ba5-4a2c-bead-3c3a6deb61b1>
eBecas <= 3.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
Affected Software: eBecas CVE ID: CVE-2023-32584 CVSS Score: 4.4 (Medium) Researcher/s: Pavak Tiwari Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/33770bfd-c481-4e18-838b-89a5fb5b15f0>
Product page shipping calculator for WooCommerce <= 1.3.25 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings
Affected Software: Product page shipping calculator for WooCommerce CVE ID: CVE-2023-32575 CVSS Score: 4.4 (Medium) Researcher/s: Emili Castells Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3663b35d-13ac-4d65-80bd-5800ed74f759>
StopBadBots <= 7.31 - Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection CVE ID: CVE-2023-32496 CVSS Score: 4.4 (Medium) Researcher/s: Taihei Shimamine Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/38e536a5-b538-498c-b19d-adda36f76164>
itemprop WP for SERP/SEO Rich snippets <= 3.5.201706131 - Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: itemprop WP for SERP/SEO Rich snippets CVE ID: CVE-2023-23819 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5975a107-8083-4f9e-b2b2-8c6ae1ac8f39>
weebotLite <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
Affected Software: weebotLite CVE ID: CVE-2023-32596 CVSS Score: 4.4 (Medium) Researcher/s: Lokesh Dachepalli Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/66518929-d5e7-4b4d-a04c-a96ad0df308c>
My WP Customize Admin/Frontend <= 1.21.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
Affected Software: My WP Customize Admin/Frontend CVE ID: CVE Unknown CVSS Score: 4.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6a830fb8-de5f-40c7-bb6c-464ed916b440>
Easy Hide Login <= 1.0.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Easy Hide Login CVE ID: CVE-2023-32505 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/745cf98c-ad3a-4ec9-9ee8-ae817d5d7358>
Easy Form by AYS <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Easy Form by AYS CVE ID: CVE-2023-32498 CVSS Score: 4.4 (Medium) Researcher/s: Taihei Shimamine Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/765b09ef-dd6d-4c4e-a381-7bb0dc8d6652>
DevBuddy Twitter Feed <= 4.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
Affected Software: DevBuddy Twitter Feed CVE ID: CVE-2023-32577 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/92a20a1f-6403-4561-acd8-5b076fe2999f>
Button <= 1.1.20 - Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Button CVE ID: CVE-2023-23871 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9905517f-236c-4e98-8026-8d54bf64c7c9>
Custom Field Suite <= 2.6.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Custom Field Suite CVE ID: CVE-2023-32515 CVSS Score: 4.4 (Medium) Researcher/s: Taihei Shimamine Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9a15946b-c4df-43e8-9e1d-7a8367cfda6b>
Column-Matic <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Affected Software: Column-Matic CVE ID: CVE-2023-32578 CVSS Score: 4.4 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9dc640c8-3740-4770-b729-fb45ecec2b45>
Don8 <= 0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
Affected Software: Don8 CVE ID: CVE-2023-32582 CVSS Score: 4.4 (Medium) Researcher/s: Yash Kanchhal Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a9b2b094-9a2d-4c73-be5f-b2a6f3da9233>
Sunny Search <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
Affected Software: Sunny Search CVE ID: CVE-2023-32595 CVSS Score: 4.4 (Medium) Researcher/s: Lokesh Dachepalli Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b977e3f8-46e7-4294-ab5c-e42e81c900e0>
Hostel <= 1.1.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Hostel CVE ID: CVE-2023-0545 CVSS Score: 4.4 (Medium) Researcher/s: Felipe Restrepo Rodriguez Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bb98b2ee-5c51-453f-9e55-52027237e732>
Quick Page/Post Redirect <= 5.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
Affected Software: Quick Page/Post Redirect Plugin CVE ID: CVE-2023-25063 CVSS Score: 4.4 (Medium) Researcher/s: Justiice Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/be841d6b-e3b6-46d2-aba8-fee20c21e933>
LetterPress <= 1.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
Affected Software: LetterPress – E-Mail campaigns, marketing and newsletter Plugin for WordPress CVE ID: CVE-2023-27415 CVSS Score: 4.4 (Medium) Researcher/s: Pavak Tiwari Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d3f9e624-c176-403c-a3c5-7bd11027ebe5>
NotifyVisitors <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
Affected Software: Free WordPress Lead Generation Opt in, Free Popups, Generated Lead Email Popup, Exit-Intent Popup – NotifyVisitors CVE ID: CVE-2023-27426 CVSS Score: 4.4 (Medium) Researcher/s: Pavak Tiwari Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/dad9b612-5575-4e64-a1b3-52a2cf3f05a7>
DBargain <= 3.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
Affected Software: DBargain CVE ID: CVE-2023-32591 CVSS Score: 4.4 (Medium) Researcher/s: Mahesh Nagabhairava Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e3ab817c-3677-4251-adaf-f340bf4c5336>
Custom Base Terms <= 1.0.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'base'
Affected Software: Custom Base Terms CVE ID: CVE Unknown CVSS Score: 4.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e6292935-a67e-4b59-9b3c-0b71365193b7>
CALL ME NOW <= 3.0 - Cross-Site Request Forgery
Affected Software: CALL ME NOW CVE ID: CVE-2023-32602 CVSS Score: 4.3 (Medium) Researcher/s: Yuki Haruma Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/05828bdc-74aa-4477-9178-f8cc6a34da42>
Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via maybe_install_suggested_plugins
Affected Software: Complianz – GDPR/CCPA Cookie Consent CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/07300429-c445-4d2a-90aa-5072a17f8113>
WoodMart <= 7.2.1 - Missing Authorization
Affected Software: Woodmart CVE ID: CVE-2023-32240 CVSS Score: 4.3 (Medium) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0e0e0c15-caf6-4166-a365-a2a73cd9ebc4>
Soundcloud Is Gold <= 2.5.1 - Missing Authorization to Soundcloud User Add
Affected Software: SoundCloud Is Gold CVE ID: CVE-2023-32586 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/14b2fa77-dc51-47b4-913a-9129f95ba766>
Injection Guard <= 1.2.1 - Cross-Site Request Forgery to Whitelist Update
Affected Software: Injection Guard CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Darius Sveikauskas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1a6bc58f-9cf3-4d3f-a10e-0ccde0b890a3>
Forget About Shortcode Buttons <= 2.1.2 - Missing Authorization via fasc_buttons
Affected Software: Forget About Shortcode Buttons CVE ID: CVE-2023-32579 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/212dd123-42d4-4dd2-a2e2-bf0c43e805bf>
Simple Calendar <= 3.1.43 - Cross-Site Request Forgery to Transient Cache Clearing
Affected Software: Simple Calendar – Google Calendar Plugin CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/248b74d3-5228-473d-a79a-743566898606>
Wise Chat <= 3.1.3 - Cross-Site Request Forgery
Affected Software: Wise Chat CVE ID: CVE-2023-32504 CVSS Score: 4.3 (Medium) Researcher/s: Justiice Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2a9ed6f2-3def-420c-b6d5-6343fcd7b147>
Easy Hide Login <= 1.0.8 - Cross-Site Request Forgery
Affected Software: Easy Hide Login CVE ID: CVE-2023-31075 CVSS Score: 4.3 (Medium) Researcher/s: konagash Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/42fff63c-62ec-466e-9a05-60d76f80039e>
Injection Guard <= 1.2.1 - Cross-Site Request Forgery via ig_update
Affected Software: Injection Guard CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4a5c4bef-f871-4e6b-9b6e-85079f1233a2>
WP Reactions Lite <= 1.3.8 - Cross-Site Request Forgery via AJAX action
Affected Software: WP Reactions Lite CVE ID: CVE-2023-32587 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/558b4b31-fd4f-4265-bddc-baf484d48fc5>
Injection Guard <= 1.2.1 - Missing Authorization via ig_update
Affected Software: Injection Guard CVE ID: CVE-2023-32574 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5c6a9cfc-0b30-456e-bac5-4ad79cd08dce>
Web Stories for WordPress <= 1.31.0 - Insufficient Authorization
Affected Software: Web Stories for WordPress CVE ID: CVE-2023-1979 CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/63f2e02c-baa4-446c-bf1c-96ce099ad02e>
Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via ajax_create_pages
Affected Software: Complianz – GDPR/CCPA Cookie Consent CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/74f92bd4-c752-4620-b506-d7588ff2e586>
Yoast SEO: Local <= 14.8 - Cross-Site Request Forgery
Affected Software: Yoast SEO: Local CVE ID: CVE-2023-28780 CVSS Score: 4.3 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7d536acc-b297-4acd-97e2-87eae2e2b95a>
Community by PeepSo <= 6.0.9.0 - Cross-Site Request Forgery to Field Duplication
Affected Software: Community by PeepSo – Social Network, Membership, Registration, User Profiles CVE ID: CVE-2023-32092 CVSS Score: 4.3 (Medium) Researcher/s: Skalucy Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8a8ac15a-9f9b-4bb8-81a4-1fdd11670a07>
Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via ajax_edit_item
Affected Software: Complianz – GDPR/CCPA Cookie Consent CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8edaf5ce-6a26-44cc-b4d8-e3b0ccfa9c11>
Sunny Search <= 1.0.2 - Cross-Site Request Forgery to Settings Update
Affected Software: Sunny Search CVE ID: CVE-2023-32592 CVSS Score: 4.3 (Medium) Researcher/s: Lokesh Dachepalli Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9f1902e7-66e9-417f-97ba-4db766cf29f1>
Booking Ultra Pro <= 1.1.4 - Missing Authorization via save_fields_settings
Affected Software: Booking Ultra Pro Appointments Booking Calendar Plugin CVE ID: CVE-2023-32601 CVSS Score: 4.3 (Medium) Researcher/s: Badromance 1337 Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b1c0f8f3-22fe-4139-93bb-0e9bacf9dafb>
Download Manager <= 3.2.70 - Insufficient Authorization to Information Disclosure
Affected Software: Download Manager CVE ID: CVE-2023-1524 CVSS Score: 4.3 (Medium) Researcher/s: Johan Kragt Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b48bc632-c825-48e0-8766-3ac59e5b87c6>
Pro Mime Types <= 1.0.7 - Cross-Site Request Forgery
Affected Software: Pro Mime Types CVE ID: CVE-2023-32502 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b7db3d45-2b96-4ba4-b258-08ee5e0b947b>
WPCS – WordPress Currency Switcher Professional <= 1.1.9 - Missing Authorization to Arbitrary Custom Drop-Down Currency Switcher Deletion
Affected Software: WPCS – WordPress Currency Switcher Professional CVE ID: CVE-2023-2556 CVSS Score: 4.3 (Medium) Researcher/s: Alex Thomas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bc44c95e-9ca0-46d0-8315-72612ef3f855>
SALERT <= 1.2.1 - Missing Authorization via salert_save_settings_with_ajax()
Affected Software: SALERT – Fake Sales Notification WooCommerce CVE ID: CVE-2023-32126 CVSS Score: 4.3 (Medium) Researcher/s: Jonas Höbenreich Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c9e45ae8-e5b5-460b-80f8-de562ae7c56a>
AccessPress Anonymous Post <= 2.8.4 - Authenticated (Contributor+) Arbitrary Redirect
Affected Software: Frontend Post WordPress Plugin – AccessPress Anonymous Post CVE ID: CVE-2022-4946 CVSS Score: 4.3 (Medium) Researcher/s: WPScanTeam Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cc727156-28dc-4b0a-b777-52a1bbc72f79>
WPCS – WordPress Currency Switcher Professional <= 1.1.9 - Missing Authorization to Arbitrary Custom Drop-Down Currency Switcher Editing
Affected Software: WPCS – WordPress Currency Switcher Professional CVE ID: CVE-2023-2557 CVSS Score: 4.3 (Medium) Researcher/s: Alex Thomas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d4c79242-5c89-40c0-abcc-c112f7a64a74>
Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via run_sync
Affected Software: Complianz – GDPR/CCPA Cookie Consent CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d5c704f9-4fcb-455e-a1c7-f48d47b12dec>
Dyslexiefont Free <= 1.0.0 - Cross-Site Request Forgery
Affected Software: Dyslexiefont Free CVE ID: CVE-2023-32589 CVSS Score: 4.3 (Medium) Researcher/s: Yash Kanchhal Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d75f6c80-ffbf-47a5-9180-5153b705cb28>
WPCS – WordPress Currency Switcher Professional <= 1.1.9 - Missing Authorization to Custom Drop-Down Currency Switcher Creation
Affected Software: WPCS – WordPress Currency Switcher Professional CVE ID: CVE-2023-2555 CVSS Score: 4.3 (Medium) Researcher/s: Alex Thomas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/dd6b5d6d-5f5b-4b38-a25a-02cc1c041d37>
Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via cmplz_duplicate_cookiebanner
Affected Software: Complianz – GDPR/CCPA Cookie Consent CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e7b81559-93a2-4e50-b213-0e22eea8a219>
Whydonate – FREE Donate button <= 3.12.13 - Cross-Site Request Forgery
Affected Software: Whydonate – FREE Donate button – Crowdfunding – Fundraising CVE ID: CVE-2023-29238 CVSS Score: 4.3 (Medium) Researcher/s: easyBug Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ec1461a9-4504-4e60-9e38-a7257666e699>
Google Site Verification plugin using Meta Tag <= 1.2 - Cross-Site Request Forgery
Affected Software: Google Site Verification plugin using Meta Tag CVE ID: CVE-2023-32514 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ecfdd114-b7bb-45bf-84df-a92f10b2fd81>
Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via cmplz_delete_cookiebanner
Affected Software: Complianz – GDPR/CCPA Cookie Consent CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f55af49e-82c8-462b-8c0b-a25e966a27af>
CM On Demand Search And Replace <= 1.3.0 - Cross-Site Request Forgery
Affected Software: CM On Demand Search And Replace CVE ID: CVE-2023-28749 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fde1157b-5b99-4e9c-9c51-ebaa0eddfd73>
Block Referer Spam <= 1.1.9.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Block Referer Spam CVE ID: CVE-2023-32497 CVSS Score: 3.3 (Low) Researcher/s: Taihei Shimamine Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fd97fba9-513b-46e1-9613-2f64c4272f34>
Active Directory Integration / LDAP Integration <= 4.1.4 - Cross-Site Request Forgery to SQL Injection
Affected Software: Active Directory Integration / LDAP Integration CVE ID: CVE-2023-2599 CVSS Score: 3.1 (Low) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/74089b16-76fa-4654-9007-3f0c2e894894>
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (May 8, 2023 to May 14, 2023) appeared first on Wordfence.
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
79.8%