Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now!
Last week, there were 115 vulnerabilities disclosed in 87 WordPress Plugins and 1 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 39 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Enterprises, Hosting Providers, and even Indivudals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 12,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
_Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published. _
Patch Status | Number of Vulnerabilities |
---|---|
Unpatched | 39 |
Patched | 76 |
Severity Rating | Number of Vulnerabilities |
---|---|
Low Severity | 3 |
Medium Severity | 90 |
High Severity | 18 |
Critical Severity | 4 |
Vulnerability Type by CWE | Number of Vulnerabilities |
---|---|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 33 |
Cross-Site Request Forgery (CSRF) | 26 |
Missing Authorization | 21 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 7 |
Unrestricted Upload of File with Dangerous Type | 5 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 4 |
Information Exposure | 3 |
Protection Mechanism Failure | 2 |
Improper Authorization | 2 |
Guessable CAPTCHA | 2 |
Improper Privilege Management | 1 |
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') | 1 |
Improper Control of Generation of Code ('Code Injection') | 1 |
Authorization Bypass Through User-Controlled Key | 1 |
Exposure of Sensitive Data Through Data Queries | 1 |
Authentication Bypass Using an Alternate Path or Channel | 1 |
URL Redirection to Untrusted Site ('Open Redirect') | 1 |
Unverified Password Change | 1 |
Incorrect Privilege Assignment | 1 |
Use of Less Trusted Source | 1 |
Researcher Name | Number of Vulnerabilities |
---|---|
István Márton | |
(Wordfence Vulnerability Researcher) | 14 |
Rafie Muhammad | 10 |
Nguyen Xuan Chien | 9 |
Abdi Pranata | 7 |
Dave Jong | 6 |
Mika | 4 |
Dmitrii Ignatyev | 4 |
Dimas Maulana | 3 |
Joshua Chan | 3 |
Jesse McNeil | 3 |
thiennv | 3 |
Ngô Thiên An (ancorn_) | 2 |
Donato Di Pasquale | 2 |
Francesco Marano | 2 |
Dateoljo of BoB 12th | 2 |
Abu Hurayra (HurayraIIT) | 2 |
Arvandy | 2 |
qilin_99 | 2 |
Skalucy | 2 |
lttn | 1 |
Joost Grunwald | 1 |
Bob Matyas | 1 |
SeungYongLee | 1 |
Tien fromVNPT-VCI | 1 |
DoYeon Park (p6rkdoye0n) | 1 |
Le Ngoc Anh | 1 |
Vladislav Pokrovsky (ΞX.MI) | 1 |
Song Hyun Bae | 1 |
resecured.io | 1 |
Naveen Muthusamy | 1 |
Luqman Hakim Y | 1 |
minhtuanact | 1 |
Muhammad Daffa | 1 |
Myungju Kim | 1 |
Francesco Carlucci | 1 |
Huynh Tien Si | 1 |
Marco Wotschka | |
(Wordfence Vulnerability Researcher) | 1 |
Phd | 1 |
Alex Sanford | 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
Software Name | Software Slug |
---|---|
AI ChatBot | chatbot |
ARI Stream Quiz – WordPress Quizzes Builder | ari-stream-quiz |
Abandoned Cart Lite for WooCommerce | woocommerce-abandoned-cart |
Accept Stripe Payments | stripe-payments |
Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) | wp-analytify |
Auto Affiliate Links | wp-auto-affiliate-links |
Autocomplete Location field Contact Form 7 | autocomplete-location-field-contact-form-7 |
Availability Calendar | availability-calendar |
Awesome Support – WordPress HelpDesk & Support Plugin | awesome-support |
BackWPup – WordPress Backup Plugin | backwpup |
BlossomThemes Email Newsletter | blossomthemes-email-newsletter |
Booster for WooCommerce | woocommerce-jetpack |
Bootstrap Shortcodes Ultimate | bs-shortcode-ultimate |
Broken Link Checker for YouTube | broken-link-checker-for-youtube |
Bulk Comment Remove | bulk-comment-remove |
Captcha Code | captcha-code-authentication |
CataBlog | catablog |
Chatbot for WordPress ![]() |
collectchat |
Community by PeepSo – Social Network, Membership, Registration, User Profiles | peepso-core |
Consensu.io | Conformidade e Consentimento de Cookies para LGPD |
Contact Form Email | contact-form-to-email |
Contact Form to Any API | contact-form-to-any-api |
Debug Log Manager | debug-log-manager |
Display Custom Post | display-custom-post |
Drop Shadow Boxes | drop-shadow-boxes |
Easy Social Feed – Social Photos Gallery – Post Feed – Like Box | easy-facebook-likebox |
Easy Social Icons | easy-social-icons |
EventPrime – Events Calendar, Bookings and Tickets | eventprime-event-calendar-management |
Events Manager | events-manager |
Export any WordPress data to XML/CSV | wp-all-export |
Fast Custom Social Share by CodeBard | fast-custom-social-share-by-codebard |
File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager |
Floating Action Button | floating-action-button |
Frontier Post | frontier-post |
Grab & Save | save-grab |
HUSKY – Products Filter for WooCommerce Professional | woocommerce-products-filter |
Hide login page, Hide wp admin – stop attack on login page | hide-login-page |
Import Spreadsheets from Microsoft Excel | import-spreadsheets-from-microsoft-excel |
Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages | page-builder-add |
League Table | league-table-lite |
License Manager for WooCommerce | license-manager-for-woocommerce |
Link Whisper Free | link-whisper |
Login Lockdown – Protect Login Form | login-lockdown |
Mail Bank – #1 Mail SMTP Plugin for WordPress | wp-mail-bank |
Maspik – Spam Blacklist | contact-forms-anti-spam |
MyBookTable Bookstore by Stormhill Media | mybooktable |
Parallax Image | parallax-image |
Parcel Pro | woo-parcel-pro |
PayTR Taksit Tablosu – WooCommerce | paytr-taksit-tablosu-woocommerce |
Perfmatters | perfmatters |
Porto Theme - Functionality | porto-functionality |
Post Meta Data Manager | post-meta-data-manager |
Preloader for Website | preloader-for-website |
Quttera Web Malware Scanner | quttera-web-malware-scanner |
Salon booking system | salon-booking-system |
Seraphinite Post .DOCX Source | seraphinite-post-docx-source |
Simple Testimonials Showcase | simple-testimonials-showcase |
Simply Exclude | simply-exclude |
SpiderVPlayer | player |
Super Progressive Web Apps | super-progressive-web-apps |
Tainacan | tainacan |
Taxonomy filter | taxonomy-filter |
Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More | gs-team-members |
TextMe SMS | textme-sms-integration |
The Events Calendar | the-events-calendar |
Theme Editor | theme-editor |
Theme My Login 2fa | tml-2fa |
TriPay Payment Gateway | tripay-payment-gateway |
UPS, Mondial Relay & Chronopost for WooCommerce – WCMultiShipping | wc-multishipping |
UserPro - Community and User Profile WordPress Plugin | userpro |
Video PopUp | video-popup |
WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors | wc-vendors |
WCFM Marketplace – Best Multivendor Marketplace for WooCommerce | wc-multivendor-marketplace |
WP ALL Export Pro | wp-all-export-pro |
WP Child Theme Generator | wp-child-theme-generator |
WP Githuber MD – WordPress Markdown Editor | wp-githuber-md |
WP Mail Log | wp-mail-log |
WP Roadmap – Product Feedback Board | wp-roadmap |
Widgets for Google Reviews | wp-reviews-plugin-for-google |
WordPress Gallery Plugin – NextGEN Gallery | nextgen-gallery |
WordPress Job Board and Recruitment Plugin – JobWP | jobwp |
WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout | gs-pinterest-portfolio |
Yoast SEO | wordpress-seo |
eDoc Employee Job Application – Best WordPress Job Manager for Employees | edoc-employee-application |
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin | mycred |
salient-core | salient-core |
wpForo Forum | wpforo |
Software Name | Software Slug |
---|---|
Enfold - Responsive Multi-Purpose Theme | [enfold](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/Enfold - Responsive Multi-Purpose Theme>) |
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you'd like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
Affected Software: UserPro - Community and User Profile WordPress Plugin CVE ID: CVE-2023-2437 CVSS Score: 9.8 (Critical) Researcher/s: István Márton Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b3cf9f38-c20e-40dc-a7a1-65b0c6ba7925>
Affected Software: UserPro - Community and User Profile WordPress Plugin CVE ID: CVE-2023-2449 CVSS Score: 9.8 (Critical) Researcher/s: István Márton Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/de9be7bc-4f8a-4393-8ebb-1b1f141b7585>
Affected Software: Porto Theme - Functionality CVE ID: CVE-2023-48738 CVSS Score: 9.8 (Critical) Researcher/s: Rafie Muhammad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fabc7ad3-1d20-493f-aacb-1832d33d8e14>
Affected Software: WP Child Theme Generator CVE ID: CVE-2023-47873 CVSS Score: 9.1 (Critical) Researcher/s: Dateoljo of BoB 12th Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/49fcd2cb-d880-4152-a736-33fd90f07083>
Affected Software: UserPro - Community and User Profile WordPress Plugin CVE ID: CVE-2023-2440 CVSS Score: 8.8 (High) Researcher/s: István Márton Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/73600498-f55c-4b8e-a625-4f292e58e0ee>
Affected Software: WP Githuber MD – WordPress Markdown Editor CVE ID: CVE-2023-47846 CVSS Score: 8.8 (High) Researcher/s: Rafie Muhammad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a6fda35d-8b82-4a7a-8db6-21dc38a841f4>
Affected Software/s: WP ALL Export Pro, Export any WordPress data to XML/CSV CVE ID: CVE-2023-5882 CVSS Score: 8.8 (High) Researcher/s: Donato Di Pasquale, Francesco Marano Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b70e8bce-1793-40f0-bdb1-100cf5f431e9>
Affected Software: Link Whisper Free CVE ID: CVE-2023-47852 CVSS Score: 8.8 (High) Researcher/s: Muhammad Daffa Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c5e26a56-bba0-4204-bcb7-c5ec123a9b2d>
Affected Software: UserPro - Community and User Profile WordPress Plugin CVE ID: CVE-2023-6009 CVSS Score: 8.8 (High) Researcher/s: István Márton Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e8bed9c0-dae3-405e-a946-5f28a3c30851>
Affected Software: UserPro - Community and User Profile WordPress Plugin CVE ID: CVE-2023-2497 CVSS Score: 8.8 (High) Researcher/s: István Márton Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fbb601ce-a884-4894-af13-dab14885c7eb>
Affected Software/s: WP ALL Export Pro, Export any WordPress data to XML/CSV CVE ID: CVE-2023-5886 CVSS Score: 8.8 (High) Researcher/s: Alex Sanford Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fdc18341-135b-4522-a9db-510e4c4d9704>
Affected Software: BackWPup – WordPress Backup Plugin CVE ID: CVE-2023-5504 CVSS Score: 8.7 (High) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e830fe1e-1171-46da-8ee7-0a6654153f18>
Affected Software: WordPress Job Board and Recruitment Plugin – JobWP CVE ID: CVE-2023-48288 CVSS Score: 7.5 (High) Researcher/s: Myungju Kim Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c73dbc40-ba54-4836-9bb1-a35f95d5a077>
Affected Software: UserPro - Community and User Profile WordPress Plugin CVE ID: CVE-2023-6007 CVSS Score: 7.3 (High) Researcher/s: István Márton Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6c4f8798-c0f9-4d05-808e-375864a0ad95>
Affected Software: License Manager for WooCommerce CVE ID: CVE-2023-48742 CVSS Score: 7.2 (High) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/09597618-8695-4631-8c3b-4e7580d58c86>
Affected Software: Login Lockdown – Protect Login Form CVE ID: CVE Unknown CVSS Score: 7.2 (High) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/09773141-883b-40e3-bd20-d3115c02e023>
Affected Software: WP Mail Log CVE ID: CVE Unknown CVSS Score: 7.2 (High) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/099cc754-6a56-498f-848a-a242733e7fb0>
Affected Software: Salon booking system CVE ID: CVE-2023-48319 CVSS Score: 7.2 (High) Researcher/s: lttn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0cac7f96-eb64-427d-9a95-b8bf1c675af0>
Affected Software: CataBlog CVE ID: CVE-2023-47842 CVSS Score: 7.2 (High) Researcher/s: Rafie Muhammad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/18d1ba80-ddf6-4076-bc78-78647b964bcf>
Affected Software: WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors CVE ID: CVE-2023-48327 CVSS Score: 7.2 (High) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/64f879af-aa8f-4edf-8369-ca032603d529>
Affected Software: Theme Editor CVE ID: CVE-2023-6091 CVSS Score: 7.2 (High) Researcher/s: Dateoljo of BoB 12th Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a6ede290-a6c4-4c13-872b-60c9601d39db>
Affected Software: AI ChatBot CVE ID: CVE-2023-48741 CVSS Score: 7.2 (High) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/db1bb11d-4752-42d0-b538-2d2a4c827226>
Affected Software: Quttera Web Malware Scanner CVE ID: CVE-2023-6222 CVSS Score: 6.8 (Medium) Researcher/s: Dmitrii Ignatyev Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a9992d0d-7c6e-4184-8f48-1515d50cc028>
Affected Software: Widgets for Google Reviews CVE ID: CVE-2023-48275 CVSS Score: 6.6 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/504c0132-530b-4184-b19a-97e68df79b48>
Affected Software: UserPro - Community and User Profile WordPress Plugin CVE ID: CVE-2023-2446 CVSS Score: 6.5 (Medium) Researcher/s: István Márton Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4072ba5f-6385-4fa3-85b6-89dac7b60a92>
Affected Software: UserPro - Community and User Profile WordPress Plugin CVE ID: CVE-2023-2448 CVSS Score: 6.5 (Medium) Researcher/s: István Márton Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7cbe9175-4a6f-4eb6-8d31-9a9fda9b4f40>
Affected Software: CataBlog CVE ID: CVE-2023-47843 CVSS Score: 6.5 (Medium) Researcher/s: Rafie Muhammad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8794854d-e931-4a85-b767-2ab81bfcb780>
Affected Software: Contact Form to Any API CVE ID: CVE-2023-47871 CVSS Score: 6.5 (Medium) Researcher/s: Arvandy Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d4a7c647-4c57-499a-8e46-ca273985bd6d>
Affected Software: Display Custom Post CVE ID: CVE-2023-48317 CVSS Score: 6.4 (Medium) Researcher/s: Tien fromVNPT-VCI Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/18531eed-3150-424c-970c-5975afe7546a>
Affected Software: Bootstrap Shortcodes Ultimate CVE ID: CVE-2023-47851 CVSS Score: 6.4 (Medium) Researcher/s: Ngô Thiên An (ancorn_) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2e93efec-371c-4050-b24b-e5e978059549>
Affected Software: salient-core CVE ID: CVE-2023-48749 CVSS Score: 6.4 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/316ffb37-47fe-47c4-8a81-5794fa12ce33>
Affected Software/s: WP ALL Export Pro, Export any WordPress data to XML/CSV CVE ID: CVE-2023-4724 CVSS Score: 6.4 (Medium) Researcher/s: Donato Di Pasquale, Francesco Marano Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/43f976ee-cba7-4f5d-b9c6-a6f66c0011d2>
Affected Software: EventPrime – Events Calendar, Bookings and Tickets CVE ID: CVE Unknown CVSS Score: 6.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5124be64-6679-4dc5-8117-55c73ae91489>
Affected Software: Parallax Image CVE ID: CVE-2023-47854 CVSS Score: 6.4 (Medium) Researcher/s: resecured.io Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/55cd02d1-7b06-427b-840b-3ced73ad4a74>
Affected Software: wpForo Forum CVE ID: CVE-2023-47872 CVSS Score: 6.4 (Medium) Researcher/s: Jesse McNeil Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5607a60e-a04a-4d28-bb04-bdacf8e97c56>
Affected Software: Video PopUp CVE ID: CVE-2023-4962 CVSS Score: 6.4 (Medium) Researcher/s: István Márton Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/670ea03e-2f76-48a4-9f40-bc4cfd987a89>
Affected Software: Community by PeepSo – Social Network, Membership, Registration, User Profiles CVE ID: CVE-2023-47850 CVSS Score: 6.4 (Medium) Researcher/s: Abu Hurayra (HurayraIIT) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/826e7e0a-79b1-4828-8eeb-159ef3cc2c65>
Affected Software: Easy Social Icons CVE ID: CVE-2023-48336 CVSS Score: 6.4 (Medium) Researcher/s: Ngô Thiên An (ancorn_) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ab888ee1-bdc2-4b8b-9b16-a7d146f123df>
Affected Software: Drop Shadow Boxes CVE ID: CVE-2023-5469 CVSS Score: 6.4 (Medium) Researcher/s: István Márton Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c0b3911c-a960-4f28-b289-389b26282741>
Affected Software: Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More CVE ID: CVE Unknown CVSS Score: 6.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c146f89c-5df3-4aaf-b880-0ce6016dfb6d>
Affected Software: myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin CVE ID: CVE-2023-47853 CVSS Score: 6.4 (Medium) Researcher/s: Abu Hurayra (HurayraIIT) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c4067e03-427c-4b03-a250-0354572ae361>
Affected Software: Perfmatters CVE ID: CVE-2023-47877 CVSS Score: 6.4 (Medium) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cc4a7efd-f4f4-44a7-bd55-a6ae3a1d3521>
Affected Software: Import Spreadsheets from Microsoft Excel CVE ID: CVE-2023-48289 CVSS Score: 6.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d337e39c-3a3d-4465-bc40-77f0b27aeab2>
Affected Software: WCFM Marketplace – Best Multivendor Marketplace for WooCommerce CVE ID: CVE-2023-4960 CVSS Score: 6.4 (Medium) Researcher/s: István Márton Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f99e9f01-cc98-4af5-bb95-f56f6a550e96>
Affected Software: UserPro - Community and User Profile WordPress Plugin CVE ID: CVE-2023-6008 CVSS Score: 6.3 (Medium) Researcher/s: István Márton Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ed6e2b9e-3d70-4c07-a779-45164816b89c>
Affected Software: UserPro - Community and User Profile WordPress Plugin CVE ID: CVE-2023-2447 CVSS Score: 6.1 (Medium) Researcher/s: István Márton Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0372efe4-b5be-4601-be43-5c12332ea1a5>
Affected Software: Enfold - Responsive Multi-Purpose Theme CVE ID: CVE-2023-38400 CVSS Score: 6.1 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/100b700f-8812-48be-8a04-28f60a57b35f>
Affected Software: Grab & Save CVE ID: CVE-2023-47844 CVSS Score: 6.1 (Medium) Researcher/s: Dimas Maulana Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2baab094-5ece-41a2-821a-b594a2c2327e>
Affected Software: Simply Exclude CVE ID: CVE-2023-48743 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2f9a3883-9755-4de8-9d60-113238b3c0ac>
Affected Software: Perfmatters CVE ID: CVE-2023-47876 CVSS Score: 6.1 (Medium) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/612fb73f-e488-453f-a2a4-32969f91122b>
Affected Software: UserPro - Community and User Profile WordPress Plugin CVE ID: CVE-2023-2438 CVSS Score: 6.1 (Medium) Researcher/s: István Márton Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7d30adc5-27a5-4549-84fc-b930f27f03e5>
Affected Software: Tainacan CVE ID: CVE-2023-47848 CVSS Score: 6.1 (Medium) Researcher/s: Dimas Maulana Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7f192811-378b-422d-8086-9a957b464bb7>
Affected Software: Events Manager CVE ID: CVE-2023-48326 CVSS Score: 6.1 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9053cf91-0af1-44f8-9fdf-7ecbd457545b>
Affected Software: salient-core CVE ID: CVE-2023-48748 CVSS Score: 6.1 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b1ae1b28-ea9e-4446-8b03-b5a8eaac1042>
Affected Software: eDoc Employee Job Application – Best WordPress Job Manager for Employees CVE ID: CVE-2023-48322 CVSS Score: 6.1 (Medium) Researcher/s: Unknown Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cbfbd7c2-7a46-4292-9173-f90298a7fcc4>
Affected Software: Maspik – Spam Blacklist CVE ID: CVE-2023-48272 CVSS Score: 6.1 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e8db52ce-fbc3-4fe1-b9b4-cb2ce7d88a67>
Affected Software: Community by PeepSo – Social Network, Membership, Registration, User Profiles CVE ID: CVE-2023-48746 CVSS Score: 6.1 (Medium) Researcher/s: Phd Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fda1be79-ba45-4e8f-bfc3-355f9cdbad82>
Affected Software: Yoast SEO CVE ID: CVE-2023-40680 CVSS Score: 5.5 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/385a82ff-50ad-4787-845b-fb5f639f6466>
Affected Software: Theme My Login 2fa CVE ID: CVE-2023-6272 CVSS Score: 5.4 (Medium) Researcher/s: Joost Grunwald Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1398e296-9b20-4f8e-85f2-896888abc67e>
Affected Software: Porto Theme - Functionality CVE ID: CVE-2023-48739 CVSS Score: 5.3 (Medium) Researcher/s: Rafie Muhammad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0e1300be-07e3-44b6-9ced-a16825274d22>
Affected Software: BlossomThemes Email Newsletter CVE ID: CVE-2023-47849 CVSS Score: 5.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1e98b763-29b9-435d-a436-d4df64234b4d>
Affected Software: Quttera Web Malware Scanner CVE ID: CVE-2023-6065 CVSS Score: 5.3 (Medium) Researcher/s: Dmitrii Ignatyev Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2163af55-1ea4-4c60-b9f0-baf99297c6bc>
Affected Software: Accept Stripe Payments CVE ID: CVE-2023-48285 CVSS Score: 5.3 (Medium) Researcher/s: Joshua Chan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2f499d5e-eb27-4611-af27-ac9fd6a9f044>
Affected Software: Accept Stripe Payments CVE ID: CVE-2023-48286 CVSS Score: 5.3 (Medium) Researcher/s: Joshua Chan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/44d14692-d90a-45f9-afb4-0666ce4b3397>
Affected Software: Preloader for Website CVE ID: CVE-2023-48273 CVSS Score: 5.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5cfc38c0-f940-4c4d-ba7b-0d772146ea2d>
Affected Software: Hide login page, Hide wp admin – stop attack on login page CVE ID: CVE-2023-48335 CVSS Score: 5.3 (Medium) Researcher/s: Naveen Muthusamy Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6d3cff57-ea8a-4082-bc05-d62b9d92f0e6>
Affected Software: The Events Calendar CVE ID: CVE Unknown CVSS Score: 5.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8291fd89-aea1-4f7b-abd8-dee8438c3ed5>
Affected Software: PayTR Taksit Tablosu – WooCommerce CVE ID: CVE-2023-47847 CVSS Score: 5.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8bfefe86-b25e-4ffe-9beb-28dc22a99d62>
Affected Software: Perfmatters CVE ID: CVE-2023-47874 CVSS Score: 5.3 (Medium) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b078e446-61e7-4ce1-b9a9-480ccc388c72>
Affected Software: Captcha Code CVE ID: CVE-2023-48745 CVSS Score: 5.3 (Medium) Researcher/s: qilin_99 Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b1dd3845-a88d-41aa-acf4-66fd1a6819ff>
Affected Software: Contact Form Email CVE ID: CVE-2023-48318 CVSS Score: 5.3 (Medium) Researcher/s: qilin_99 Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b637ebfd-c273-428b-985c-6f5b6a03f263>
Affected Software: Super Progressive Web Apps CVE ID: CVE-2023-48277 CVSS Score: 5.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d36e869a-5bd4-4f59-8e28-01fa586024c5>
Affected Software: Maspik – Spam Blacklist CVE ID: CVE-2023-48271 CVSS Score: 5.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f3a8273e-2439-4138-941e-379d130e0c74>
Affected Software: Consensu.io | Conformidade e Consentimento de Cookies para LGPD CVE ID: CVE-2023-48280 CVSS Score: 5.3 (Medium) Researcher/s: Skalucy Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fc1963cc-7e9e-4998-8338-c3e83b70d441>
Affected Software: Autocomplete Location field Contact Form 7 CVE ID: CVE-2023-5005 CVSS Score: 4.4 (Medium) Researcher/s: Bob Matyas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/13fd7509-6d61-4eb0-9f85-cc40e074b819>
Affected Software: SpiderVPlayer CVE ID: CVE-2023-48320 CVSS Score: 4.4 (Medium) Researcher/s: SeungYongLee Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1627ec2a-f91d-4ed7-acb8-a3fb63b45731>
Affected Software: WP Roadmap – Product Feedback Board CVE ID: CVE-2023-41128 CVSS Score: 4.4 (Medium) Researcher/s: DoYeon Park (p6rkdoye0n) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/24fc2554-375a-4216-91bf-41921cc4b436>
Affected Software: Fast Custom Social Share by CodeBard CVE ID: CVE-2023-48329 CVSS Score: 4.4 (Medium) Researcher/s: Song Hyun Bae Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3eece451-65a3-4c9d-a8eb-05f6f3e2d1d5>
Affected Software: TriPay Payment Gateway CVE ID: CVE-2023-48737 CVSS Score: 4.4 (Medium) Researcher/s: Luqman Hakim Y Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/946add6f-4cd5-4c55-9399-a782140f217c>
Affected Software: Chatbot for WordPress CVE ID: CVE-2023-5691 CVSS Score: 4.4 (Medium) Researcher/s: Huynh Tien Si Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/dfd67329-11b1-4f00-a422-bb4833a3181d>
Affected Software: Booster for WooCommerce CVE ID: CVE-2023-48747 CVSS Score: 4.3 (Medium) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/00ec2f57-48ee-49ea-ae8f-e7b24bf4535c>
Affected Software: MyBookTable Bookstore by Stormhill Media CVE ID: CVE-2023-48331 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/02b336ce-be41-4343-9817-0437bd2685c2>
Affected Software: Auto Affiliate Links CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/17453fa5-af14-477b-9b3d-b245511ad8ce>
Affected Software: Frontier Post CVE ID: CVE-2023-6137 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/24ef5844-93d6-4ba3-bd0a-b8837bbd7baf>
Affected Software: Mail Bank – #1 Mail SMTP Plugin for WordPress CVE ID: CVE-2023-48332 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/31a3a3c1-be0e-46d5-9fa3-563febc5569b>
Affected Software: WordPress Gallery Plugin – NextGEN Gallery CVE ID: CVE-2023-48328 CVSS Score: 4.3 (Medium) Researcher/s: Vladislav Pokrovsky (ΞX.MI) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3354b925-2e4a-4ee5-b436-2c1a502b1725>
Affected Software: Debug Log Manager CVE ID: CVE-2023-6136 CVSS Score: 4.3 (Medium) Researcher/s: Dmitrii Ignatyev, Joshua Chan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/33a54cae-0fa3-4c25-bf81-8423f5e01e84>
Affected Software: wpForo Forum CVE ID: CVE-2023-47870 CVSS Score: 4.3 (Medium) Researcher/s: Jesse McNeil Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3bce40ee-c378-4a44-9c5d-d83151975309>
Affected Software: WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3f81003b-8214-4fa3-960f-81b166623de9>
Affected Software: Bulk Comment Remove CVE ID: CVE-2023-48330 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/42303b60-cbb5-4176-94f9-b2ed29f59cc8>
Affected Software: Floating Action Button CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/42b2d840-4e8b-4027-ab3b-78b17c9ed9aa>
Affected Software: Availability Calendar CVE ID: CVE-2023-48744 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4b13388b-19f9-4f5c-9599-efd6ccf978c8>
Affected Software: UPS, Mondial Relay & Chronopost for WooCommerce – WCMultiShipping CVE ID: CVE-2023-48274 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4b19657c-3e95-42cf-8d1a-64fa50b3b82b>
Affected Software: Awesome Support – WordPress HelpDesk & Support Plugin CVE ID: CVE-2023-48324 CVSS Score: 4.3 (Medium) Researcher/s: thiennv Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4dec91d7-19cf-480d-871c-427cd1e691a6>
Affected Software: Awesome Support – WordPress HelpDesk & Support Plugin CVE ID: CVE-2023-48323 CVSS Score: 4.3 (Medium) Researcher/s: thiennv Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/579b887a-4140-4e12-9a9a-ba52d212b8a2>
Affected Software: wpForo Forum CVE ID: CVE-2023-47869 CVSS Score: 4.3 (Medium) Researcher/s: Jesse McNeil Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/71078aaf-9803-4b46-bc94-dbcb43745629>
Affected Software: Grab & Save CVE ID: CVE-2023-47845 CVSS Score: 4.3 (Medium) Researcher/s: Dimas Maulana Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7cd4b1da-faee-4c4e-b323-e77c4c033149>
Affected Software: Perfmatters CVE ID: CVE-2023-47875 CVSS Score: 4.3 (Medium) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/95f5b4df-5214-4f36-8dd5-a1a816fbc3db>
Affected Software: Broken Link Checker for YouTube CVE ID: CVE-2023-48281 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9993d84e-7337-4eda-af3c-039b6d8c8fe6>
Affected Software: TextMe SMS CVE ID: CVE-2023-48287 CVSS Score: 4.3 (Medium) Researcher/s: Arvandy Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9fb4ad52-a0b2-4645-bf0d-132b4ce8a0a1>
Affected Software: Easy Social Feed – Social Photos Gallery – Post Feed – Like Box CVE ID: CVE-2023-48740 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a4ffb3ef-9d77-463f-92c4-4bc799ac16aa>
Affected Software: Simple Testimonials Showcase CVE ID: CVE-2023-48283 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b6008237-e4a8-4757-ae14-ac20c6f1b0af>
Affected Software: ARI Stream Quiz – WordPress Quizzes Builder CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b758c8a7-6220-4b54-af88-7933a530b5ba>
Affected Software: Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages CVE ID: CVE-2023-48325 CVSS Score: 4.3 (Medium) Researcher/s: minhtuanact Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c1a4d8a3-5553-4b1c-b0f8-d6a372de3692>
Affected Software: HUSKY – Products Filter for WooCommerce Professional CVE ID: CVE-2023-40334 CVSS Score: 4.3 (Medium) Researcher/s: thiennv Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d00edaf1-2a97-4000-afd9-432ca8fa3df4>
Affected Software: Post Meta Data Manager CVE ID: CVE-2023-5776 CVSS Score: 4.3 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d49b8c44-4dad-4990-a8a8-116b424a7dfa>
Affected Software: Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) CVE ID: CVE-2023-47841 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d7362f3f-c5d9-4ba0-b9c3-282c58861e2f>
Affected Software: Booster for WooCommerce CVE ID: CVE-2023-48333 CVSS Score: 4.3 (Medium) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d94661c1-2d70-4943-9452-b51a76116ebb>
Affected Software: Parcel Pro CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/dbf54852-f3fe-4c9e-9348-44a73f9a8131>
Affected Software: Seraphinite Post .DOCX Source CVE ID: CVE-2023-48279 CVSS Score: 4.3 (Medium) Researcher/s: Skalucy Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/dfcc2ab2-504d-4151-9435-618e317ce95c>
Affected Software: Taxonomy filter CVE ID: CVE-2023-48282 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e74ff260-48af-4fc2-80d8-1ff2403f8f33>
Affected Software: League Table CVE ID: CVE-2023-48334 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ef7ec175-cee5-4559-909d-ee689158d67c>
Affected Software: Abandoned Cart Lite for WooCommerce CVE ID: CVE Unknown CVSS Score: 3.7 (Low) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4edbfeee-b668-4a85-a030-c15d6583dc82>
Affected Software: Abandoned Cart Lite for WooCommerce CVE ID: CVE Unknown CVSS Score: 3.1 (Low) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/52d1f9a3-243e-4e2c-a752-f40b6d275121>
Affected Software: File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager CVE ID: CVE-2023-5907 CVSS Score: 2.2 (Low) Researcher/s: Dmitrii Ignatyev Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/640b1800-3b59-4b06-a803-08cb76d62d99>
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (November 20, 2023 to November 26, 2023) appeared first on Wordfence.