Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wordfenceChloe ChamberlandWORDFENCE:92FF0A89DCFB6B15B84D30998321C721
HistoryJun 29, 2023 - 1:24 p.m.

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 19, 2023 to June 25, 2023)

2023-06-2913:24:24
Chloe Chamberland
www.wordfence.com
74
wordfence
vulnerability database
wordpress
security
firewall rules
premium
care
response
cvss
severity
cross-site scripting
sql injection
csrf
authorization bypass

0.113 Low

EPSS

Percentile

95.2%

JSON

Last week, there were 84 vulnerabilities disclosed in 76 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 42 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface and vulnerability API are completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

_Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published. _

New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:

Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.

Total Unpatched & Patched Vulnerabilities Last Week

Patch Status Number of Vulnerabilities
Unpatched 20
Patched 64

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating Number of Vulnerabilities
Low Severity 0
Medium Severity 69
High Severity 9
Critical Severity 6

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 35
Missing Authorization 14
Cross-Site Request Forgery (CSRF) 11
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') 9
Authorization Bypass Through User-Controlled Key 5
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) 1
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') 1
Improper Neutralization of Formula Elements in a CSV File 1
URL Redirection to Untrusted Site ('Open Redirect') 1
Improper Control of Generation of Code ('Code Injection') 1
Incorrect Privilege Assignment 1
Information Exposure 1
Insufficient Verification of Data Authenticity 1
Authentication Bypass Using an Alternate Path or Channel 1
External Control of File Name or Path 1

Researchers That Contributed to WordPress Security Last Week

Researcher Name Number of Vulnerabilities
Rafie Muhammad 15
Marco Wotschka
(Wordfence Vulnerability Researcher) 7
Rafshanzani Suhada 4
Truoc Phan 4
Abdi Pranata 3
Le Ngoc Anh 3
LEE SE HYOUNG 3
Lana Codes
(Wordfence Vulnerability Researcher) 3
Miguel Santareno 2
Alex Thomas
(Wordfence Vulnerability Researcher) 2
Erwan LR 2
Mateus Machado Tesser 2
Rio Darmawan 2
Christiaan Swiers 1
drwtsn 1
Fioravante Souza 1
An Đặng 1
Nguyen Xuan Chien 1
Chien Vuong 1
Webbernaut 1
Rio Darmanwan 1
Jonas Höbenreich 1
Skalucy 1
Lucio Sá 1
Mika 1
Fariq Fadillah Gusti Insani 1
Dipak Panchal 1
yuyudhn 1
qerogram 1
Jihoon Lee 1
daniloalbuqrque 1
Taurus Omar 1
qilin_99 1
BOT 1
Robert Lockwood 1
Shunsuke Aoki 1
Bae Song Hyun 1
FearZzZz 1
Bob Matyas 1
Theodoros Malachias 1
Shreya Pohekar 1
Felipe Restrepo Rodriguez 1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.

WordPress Plugins with Reported Vulnerabilities Last Week

Software Name Software Slug
AN_GradeBook an-gradebook
About Me 3000 widget about-me-3000
All In One Redirection all-in-one-redirection
BBS e-Popup bbs-e-popup
Booking Calendar Contact Form booking-calendar-contact-form
Booking Calendar Appointment Booking
Buy Me a Coffee – Button and Widget Plugin buymeacoffee
CMS Commander – Manage Multiple Sites cms-commander-client
Colibri Page Builder colibri-page-builder
Companion Sitemap Generator – HTML & XML companion-sitemap-generator
Complianz Premium – GDPR/CCPA Cookie Consent complianz-gdpr-premium
Complianz – GDPR/CCPA Cookie Consent complianz-gdpr
Contact Form by WPForms – Drag & Drop Form Builder for WordPress wpforms-lite
Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress contact-form-to-db
Core Web Vitals & PageSpeed Booster core-web-vitals-pagespeed-booster
Customer Service Software & Support Ticket System wp-ticket
Display Custom Fields – wpView wpview
Elementor Website Builder Pro elementor-pro
Enable SVG Uploads enable-svg-uploads
Enable SVG, WebP & ICO Upload enable-svg-webp-ico-upload
EventON eventon-lite
Export All URLs export-all-urls
Extra User Details extra-user-details
Five Star Restaurant Reservations – WordPress Booking Plugin restaurant-reservations
Float menu – awesome floating side menu float-menu
Form Builder Create Responsive Contact Forms
Gallery Metabox gallery-metabox
Gravity Forms gravityforms
Greeklish-permalink greeklish-permalink
Gutenverse – Gutenberg Blocks – Page Builder for Site Editor gutenverse
HTTP Headers http-headers
Image Protector image-protector
InventoryPress inventorypress
JS Help Desk – Best Help Desk & Support Plugin js-support-ticket
Lana Shortcodes lana-shortcodes
Lana Text to Image lana-text-to-image
MStore API mstore-api
Mail Queue mail-queue
Mailtree Log Mail mailtree-log-mail
MainWP Child – Securely Connects Sites to the MainWP WordPress Manager Dashboard mainwp-child
Membership Plugin – Restrict Content restrict-content
Metform Elementor Contact Form Builder – Flexible and Design-Friendly Contact Form builder plugin for WordPress metform
MojoPlug Slide Panel mojoplug-slide-panel
MyCurator Content Curation mycurator
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress ninja-forms
OOPSpam Anti-Spam oopspam-anti-spam
Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress wp-user-avatar
Popup by Supsystic popup-by-supsystic
PostX – Gutenberg Post Grid Blocks ultimate-post
Potent Donations for WooCommerce donations-for-woocommerce
PrePost SEO prepost-seo
Product Vendors woocommerce-product-vendors
Quick Post Duplicator rduplicator
ReDi Restaurant Reservation redi-restaurant-reservation
Sermon'e – Sermons Online sermone-online-sermons-management
Simple Iframe simple-iframe
Smoothscroller smoothscroller
Social Share, Social Login and Social Comments Plugin – Super Socializer super-socializer
Spam protection, AntiSpam, FireWall by CleanTalk cleantalk-spam-protect
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) unlimited-elements-for-elementor
WP Cookie Notice for GDPR, CCPA & ePrivacy Consent gdpr-cookie-consent
WP Mail Logging wp-mail-logging
WP Sticky Social wp-sticky-social
WP-Members Membership Plugin wp-members
WPBakery Page Builder for WordPress js_composer
WPForms Pro wpforms
WooCommerce Brands woocommerce-brands
WooCommerce Bulk Stock Management woocommerce-bulk-stock-management
WooCommerce PayPal Payments woocommerce-paypal-payments
WooCommerce Payments – Fully Integrated Solution Built and Supported by Woo woocommerce-payments
WooCommerce Square woocommerce-square
WooCommerce Subscription woocommerce-subscriptions
WordPress Button Plugin MaxButtons maxbuttons
google-analytics-premium google-analytics-premium
tagDiv Cloud Library td-cloud-library
teachPress teachpress

WordPress Themes with Reported Vulnerabilities Last Week

Software Name Software Slug
Balkon balkon
Newspaper - News & WooCommerce WordPress Theme [newspaper](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/Newspaper - News & WooCommerce WordPress Theme>)

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities.

tagDiv Cloud Library < 2.7 - Missing Authorization to Arbitrary User Metadata Update

Affected Software/s: Newspaper - News & WooCommerce WordPress Theme, tagDiv Cloud Library CVE ID: CVE-2023-1597 CVSS Score: 9.8 (Critical) Researcher/s: Truoc Phan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/24e8d1a4-9853-4f60-a371-7fdbe86d554b&gt;

MStore API <= 4.0.1 - Unauthenticated SQL Injection

Affected Software: MStore API CVE ID: CVE-2023-3197 CVSS Score: 9.8 (Critical) Researcher/s: Truoc Phan, An Đặng Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/30aab1af-a78f-4bac-b3c5-30ea854ccef7&gt;

MStore API <= 3.9.7 - Unauthenticated SQL Injection

Affected Software: MStore API CVE ID: CVE-2022-47614 CVSS Score: 9.8 (Critical) Researcher/s: Lucio Sá Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/494c780d-5441-407d-8947-e56d7cac32d6&gt;

MStore API <= 3.9.8 - Unauthenticated Privilege Escalation

Affected Software: MStore API CVE ID: CVE-2023-3076 CVSS Score: 9.8 (Critical) Researcher/s: Truoc Phan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7d1cc8c4-6c14-4d0c-9420-02d709f88b2f&gt;

BookIt <= 2.3.7 - Authentication Bypass

Affected Software: Booking Calendar | Appointment Booking | BookIt CVE ID: CVE-2023-2834 CVSS Score: 9.8 (Critical) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cfd32e46-a4fc-4c10-b546-9f9da75db791&gt;

MStore API <= 3.9.7 - Unauthenticated SQL Injection

Affected Software: MStore API CVE ID: CVE-2023-3077 CVSS Score: 9.8 (Critical) Researcher/s: Truoc Phan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/da36ba83-490e-4c9d-8a34-c5c79392a09a&gt;

Quick Post Duplicator <= 2.0 - Authenticated (Contributor+) SQL Injection via post_id

Affected Software: Quick Post Duplicator CVE ID: CVE-2023-2229 CVSS Score: 8.8 (High) Researcher/s: Marco Wotschka Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/34e31a0f-27de-4536-9a7e-b8f68e557b3f&gt;

CMS Commander <= 2.287 - Authorization Bypass through Use of Insufficiently Unique Cryptographic Signature

Affected Software: CMS Commander – Manage Multiple Sites CVE ID: CVE-2023-3325 CVSS Score: 8.1 (High) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ca37d453-9f9a-46b2-a17f-65a16e3e2ed1&gt;

EventON <= 2.1 - Insecure Direct Object Reference to Unauthorized Post Access

Affected Software: EventON CVE ID: CVE-2023-3219 CVSS Score: 7.5 (High) Researcher/s: Miguel Santareno Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1485dda6-bf83-4076-80c9-dc7ea9d58155&gt;

Mailtree Log Mail <= 1.0.0 - Unauthenticated Stored Cross-Site Scripting via Email Subject

Affected Software: Mailtree Log Mail CVE ID: CVE-2023-3135 CVSS Score: 7.2 (High) Researcher/s: Alex Thomas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/24d0229c-0f1b-42df-b89a-ce0b8a3fda7e&gt;

Contact Form to DB by BestWebSoft <= 1.7.1 - Authenticated (Administrator+) SQL Injection via 's'

Affected Software: Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress CVE ID: CVE-2023-36508 CVSS Score: 7.2 (High) Researcher/s: LEE SE HYOUNG Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b0e582e3-9ca3-4601-81f2-cb6ef827a468&gt;

Colibri Page Builder <= 1.0.227 - Authenticated (Administrator+) SQL Injection via post_id

Affected Software: Colibri Page Builder CVE ID: CVE-2023-2188 CVSS Score: 7.2 (High) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c73d4b78-72aa-409a-a787-898179773b82&gt;

PostX – Gutenberg Blocks for Post Grid <= 2.9.9 - Unauthenticated Cross-Site Scripting

Affected Software: PostX – Gutenberg Post Grid Blocks CVE ID: CVE-2023-36385 CVSS Score: 7.2 (High) Researcher/s: Le Ngoc Anh Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d0c9f4c5-a4f6-4cab-8531-5b88b3f347ea&gt;

Mail Queue <= 1.1 - Unauthenticated Stored Cross-Site Scripting via Email Subject

Affected Software: Mail Queue CVE ID: CVE-2023-3167 CVSS Score: 7.2 (High) Researcher/s: Alex Thomas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d4aaca22-76b9-42ec-a960-65d44d696324&gt;

Popup by Supsystic <= 1.10.18 - Prototype Pollution

Affected Software: Popup by Supsystic CVE ID: CVE-2023-3186 CVSS Score: 7.1 (High) Researcher/s: drwtsn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/12acf651-6476-491b-84b3-afbc6c655b17&gt;

WooCommerce Product Vendors <= 2.1.78 - Authenticated (Shop manager+) SQL Injection

Affected Software: Product Vendors CVE ID: CVE-2023-35879 CVSS Score: 6.6 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1388873f-8053-4ba9-8707-093bc0e8f2f5&gt;

All In One Redirection <= 2.1.0 - Authenticated(Administrator+) SQL Injection

Affected Software: All In One Redirection CVE ID: CVE-2023-2493 CVSS Score: 6.6 (Medium) Researcher/s: Chien Vuong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/360a022d-8530-48af-be34-77d6b4b5c19d&gt;

HTTP Headers <= 1.18.10 - Authenticated(Administrator+) Remote Code Execution

Affected Software: HTTP Headers CVE ID: CVE-2023-1208 CVSS Score: 6.6 (Medium) Researcher/s: qerogram Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/75b84eae-6ff2-49af-a420-2aeef50224e3&gt;

WooCommerce Payments <= 5.9.0 - Authenticated (Shop manager+) SQL Injection via currency parameters

Affected Software: WooCommerce Payments – Fully Integrated Solution Built and Supported by Woo CVE ID: CVE-2023-35915 CVSS Score: 6.6 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e1f0ec5c-6853-4df9-816a-1790f3dc86e0&gt;

WooCommerce Payments <= 5.9.0 - Missing Authorization via redirect_pay_for_order_to_update_payment_method

Affected Software: WooCommerce Payments – Fully Integrated Solution Built and Supported by Woo CVE ID: CVE-2023-35916 CVSS Score: 6.5 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1811827d-88ae-45e0-a41e-d15fd0adf44a&gt;

Form Builder <= 1.9.9.0 - Cross-Site Request Forgery

Affected Software: Form Builder | Create Responsive Contact Forms CVE ID: CVE-2023-23795 CVSS Score: 6.5 (Medium) Researcher/s: Rafshanzani Suhada Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1f8a69ba-2663-4c54-8aef-4c5b0f851186&gt;

WooCommerce Subscriptions <= 5.1.2 - missing authorization to insecure direct object reference

Affected Software: WooCommerce Subscription CVE ID: CVE-2023-35914 CVSS Score: 6.5 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a45a6b3d-49e1-4e25-aa66-15b396da8986&gt;

Ninja Forms <= 3.6.24 - Authenticated (Admin+) Arbitrary File Deletion

Affected Software: Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress CVE ID: CVE-2023-36505 CVSS Score: 6.5 (Medium) Researcher/s: Theodoros Malachias Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e97479b1-06a0-4e24-9d2b-005bdfec9eaf&gt;

Sermon'e <= 1.0.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

Affected Software: Sermon'e – Sermons Online CVE ID: CVE-2023-35776 CVSS Score: 6.4 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0e1bfb29-80e7-4122-ab61-ef7c1dd8ebaa&gt;

Lana Shortcodes <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Affected Software: Lana Shortcodes CVE ID: CVE-2023-3372 CVSS Score: 6.4 (Medium) Researcher/s: Webbernaut Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/36806418-ae4e-4981-b9c5-dadb5e92e69a&gt;

Super Socializer <= 7.13.52 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Affected Software: Social Share, Social Login and Social Comments Plugin – Super Socializer CVE ID: CVE-2023-35882 CVSS Score: 6.4 (Medium) Researcher/s: Rafshanzani Suhada Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/558679ea-a8ee-4329-8ad7-34b708476b53&gt;

Enable SVG Uploads <= 2.1.5 - Authenticated (Author+) Stored Cross-Site Scripting via SVG

Affected Software: Enable SVG Uploads CVE ID: CVE-2023-2529 CVSS Score: 6.4 (Medium) Researcher/s: Mateus Machado Tesser Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/58354ce0-e166-431a-9fac-6c6d81e39e88&gt;

WP Cookie Notice for GDPR, CCPA & ePrivacy Consent <= 2.2.5 - Authenticated(Administrator+) CSV Injection

Affected Software: WP Cookie Notice for GDPR, CCPA & ePrivacy Consent CVE ID: CVE-2023-23678 CVSS Score: 6.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5d178852-53bc-440b-8217-67ae68749349&gt;

MonsterInsights Pro <= 8.14.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Affected Software: google-analytics-premium CVE ID: CVE-2023-32291 CVSS Score: 6.4 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/72c5d1b1-00bf-4352-b885-a8a7875c2bc6&gt;

WPBakery Page Builder for WordPress <= 6.12.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Affected Software: WPBakery Page Builder for WordPress CVE ID: CVE-2023-31213 CVSS Score: 6.4 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/78579ed9-1540-44be-9884-51fc2afec2bd&gt;

Simple Iframe <= 1.1.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via block attributes

Affected Software: Simple Iframe CVE ID: CVE-2023-2964 CVSS Score: 6.4 (Medium) Researcher/s: Jihoon Lee Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/810faad2-b63d-497c-af00-b57a07705608&gt;

InventoryPress <= 1.7 - Authenticated(Author+) Stored Cross-Site Scripting

Affected Software: InventoryPress CVE ID: CVE-2023-2579 CVSS Score: 6.4 (Medium) Researcher/s: daniloalbuqrque Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/83603d33-b616-4332-aa05-b8ac61424614&gt;

Lana Text to Image <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Affected Software: Lana Text to Image CVE ID: CVE-2023-3387 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8acb7893-85b2-404a-b3fe-b4c1a835b3eb&gt;

MaxButtons <= 9.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Affected Software: WordPress Button Plugin MaxButtons CVE ID: CVE-2023-36503 CVSS Score: 6.4 (Medium) Researcher/s: Rafshanzani Suhada Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/af478e73-a2b8-468a-9075-9c1db1a97d7c&gt;

Elementor Pro <= 3.13.0 - Missing Authorization

Affected Software: Elementor Website Builder Pro CVE ID: CVE-2023-35050 CVSS Score: 6.3 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0cba362e-c1e3-4840-941f-b8af8469f771&gt;

JS Help Desk – Best Help Desk & Support Plugin <= 2.7.7 - Missing Authorization via ajaxhandler to Insecure Direct Object Reference

Affected Software: JS Help Desk – Best Help Desk & Support Plugin CVE ID: CVE-2023-23679 CVSS Score: 6.3 (Medium) Researcher/s: Fariq Fadillah Gusti Insani Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/594004eb-d32c-4b96-9afd-ae6470d9ddcc&gt;

Spam protection, AntiSpam, FireWall by CleanTalk <= 6.10 - Missing Authorization

Affected Software: Spam protection, AntiSpam, FireWall by CleanTalk CVE ID: CVE-2023-33996 CVSS Score: 6.3 (Medium) Researcher/s: Rafshanzani Suhada Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/89dab433-91e9-4500-ab40-f4b500e66983&gt;

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.65 - Missing Authorization

Affected Software: Unlimited Elements For Elementor (Free Widgets, Addons, Templates) CVE ID: CVE-2023-31080 CVSS Score: 6.3 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9d49e28b-8b5e-4c67-a36d-c78ee33ffc6e&gt;

ProfilePress <= 4.10.3 - Reflected Cross-Site Scripting via error message

Affected Software: Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress CVE ID: CVE Unknown CVSS Score: 6.1 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/041e635a-9f97-4f54-8ecb-57bbbc321cfc&gt;

Export All URLs <= 4.5 - Reflected Cross-Site Scripting

Affected Software: Export All URLs CVE ID: CVE-2023-3118 CVSS Score: 6.1 (Medium) Researcher/s: Christiaan Swiers Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/066c9327-6d72-41f9-895e-d14fe6471832&gt;

Gravity Forms <= 2.7.4 - Reflected Cross-Site Scripting

Affected Software: Gravity Forms CVE ID: CVE-2023-2701 CVSS Score: 6.1 (Medium) Researcher/s: Fioravante Souza Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/234df0e5-d1be-4354-8bfc-761bed1e9aa9&gt;

WooCommerce Bulk Stock Management <= 2.2.33 - Cross-Site Scripting

Affected Software: WooCommerce Bulk Stock Management CVE ID: CVE-2023-35918 CVSS Score: 6.1 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2f5d874a-d70e-4d3f-a9aa-d24707a3f7f4&gt;

Complianz <= 6.4.4 (Premium <= 6.4.6.1) - Cross-Site Request Forgery to Stored Cross-Site Scripting

Affected Software/s: Complianz Premium – GDPR/CCPA Cookie Consent, Complianz – GDPR/CCPA Cookie Consent CVE ID: CVE-2023-33333 CVSS Score: 6.1 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/47941722-acaf-4f72-a64d-d01dc5e84adf&gt;

Companion Sitemap Generator <= 4.5.1.1 - Reflected Cross-Site Scripting

Affected Software: Companion Sitemap Generator – HTML & XML CVE ID: CVE-2023-1780 CVSS Score: 6.1 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4a9df582-0ead-45ff-aeaa-1bee9d470b41&gt;

Five Star Restaurant Reservations <= 2.6.7 - Reflected Cross-Site Scripting

Affected Software: Five Star Restaurant Reservations – WordPress Booking Plugin CVE ID: CVE-2023-34017 CVSS Score: 6.1 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6d420e73-24d5-4da8-8257-e0c7f0273031&gt;

Booking Calendar Contact Form <= 1.2.40 - Reflected Cross-Site Scripting

Affected Software: Booking Calendar Contact Form CVE ID: CVE-2023-36384 CVSS Score: 6.1 (Medium) Researcher/s: BOT Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9f4a3d17-d9fd-4ff4-a4b2-43030cdc7739&gt;

WP Sticky Social <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Affected Software: WP Sticky Social CVE ID: CVE-2023-3320 CVSS Score: 6.1 (Medium) Researcher/s: Shunsuke Aoki Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a272e12b-97a2-421a-a703-3acce2ed8313&gt;

teachPress <= 9.0.2 - Reflected Cross-Site Scripting via meta_field_id and cite_id

Affected Software: teachPress CVE ID: CVE-2023-36501 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a33cc275-aa0d-4b8b-863a-6a32fac37512&gt;

Contact Form by WPForms (Free and Premium) <= 1.8.1.2 - Reflected Cross-Site Scripting

Affected Software/s: Contact Form by WPForms – Drag & Drop Form Builder for WordPress, WPForms Pro CVE ID: CVE-2023-30500 CVSS Score: 6.1 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b10303e0-c864-4088-91d1-d38c24094812&gt;

Restrict Content <= 3.2.2 - Reflected Cross-Site Scripting

Affected Software: Membership Plugin – Restrict Content CVE ID: CVE-2023-3182 CVSS Score: 6.1 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cfbd41fa-15f0-473a-be5a-862e8a14b287&gt;

Balkon <= 1.3.2 - Reflected Cross-Site Scripting

Affected Software: Balkon CVE ID: CVE-2023-36502 CVSS Score: 6.1 (Medium) Researcher/s: FearZzZz Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cfcc1a4d-c6c7-4ca8-afe5-79298e7ad3d7&gt;

MainWP Child <= 4.4.1.1 - Information Disclosure via Back-Up Files

Affected Software: MainWP Child – Securely Connects Sites to the MainWP WordPress Manager Dashboard CVE ID: CVE-2023-3132 CVSS Score: 5.9 (Medium) Researcher/s: Robert Lockwood Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a1fadba1-674f-4f3d-997f-d29d3a887414&gt;

OOPSpam Anti-Spam <= 1.1.44 - Cross-Site Request Forgery via empty_ham_entries and empty_spam_entries

Affected Software: OOPSpam Anti-Spam CVE ID: CVE-2023-35913 CVSS Score: 5.4 (Medium) Researcher/s: Skalucy Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/479f7e9c-8918-4b87-b33d-a396276fb637&gt;

Enable SVG, WebP & ICO Upload <= 1.0.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG

Affected Software: Enable SVG, WebP & ICO Upload CVE ID: CVE-2023-2143 CVSS Score: 5.4 (Medium) Researcher/s: Mateus Machado Tesser Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6df7bd57-7d2f-4098-b2d0-ffb2e8ed5868&gt;

Metform Elementor Contact Form Builder <= 3.3.2 - Cross-Site Request Forgery via permalink_setup

Affected Software: Metform Elementor Contact Form Builder – Flexible and Design-Friendly Contact Form builder plugin for WordPress CVE ID: CVE-2023-2517 CVSS Score: 5.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ca66afc3-a749-4ddc-8e2f-959f65cebd45&gt;

Greeklish-permalink <= 3.3 - Missing Authorization via cyrtrans_ajax_old AJAX action

Affected Software: Greeklish-permalink CVE ID: CVE-2023-2495 CVSS Score: 5.3 (Medium) Researcher/s: Jonas Höbenreich Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3be0e82c-f9a8-42a5-9abb-24cc60e03944&gt;

Gutenverse <= 1.8.5 - Missing Authorization via 'data/update' API Endpoint

Affected Software: Gutenverse – Gutenberg Blocks – Page Builder for Site Editor CVE ID: CVE-2023-35875 CVSS Score: 5.3 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4c4e1d2c-bb20-40b7-90a3-96df68d083b8&gt;

Restrict Content <= 3.2.2 - Missing Authorization to Notice Dismissal

Affected Software: Membership Plugin – Restrict Content CVE ID: CVE Unknown CVSS Score: 5.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/79bb311d-d10d-4e4e-b690-84c0051b9911&gt;

BBS e-Popup <= 2.4.5 - Missing Authorization

Affected Software: BBS e-Popup CVE ID: CVE-2023-36504 CVSS Score: 5.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7ae5bbd0-2f95-41f3-a484-a9bb21b23b0e&gt;

EventON <= 2.1 - Missing Authorization to Event Access

Affected Software: EventON CVE ID: CVE-2023-2796 CVSS Score: 5.3 (Medium) Researcher/s: Miguel Santareno Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/dba3f3a6-3f55-4f4e-98e4-bb98d9c94bdd&gt;

ReDi Restaurant Reservation <= 23.0211 - Missing Authorization

Affected Software: ReDi Restaurant Reservation CVE ID: CVE-2023-36510 CVSS Score: 5.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e7ebf975-0fa7-43cd-a4fe-99284ad3aaf6&gt;

Core Web Vitals & PageSpeed Booster <= 1.0.12 - Open Redirect via _wp_http_referer

Affected Software: Core Web Vitals & PageSpeed Booster CVE ID: CVE-2023-35883 CVSS Score: 4.7 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5fe374ff-85eb-4285-8d51-71e9275613cc&gt;

Smoothscroller <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Smoothscroller CVE ID: CVE-2023-23811 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmanwan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3aca1995-2408-423d-afb6-6cf452fbee37&gt;

Float menu <= 5.0.2 - Authenticated(Administrator+) Stored Cross-Site Scripting

Affected Software: Float menu – awesome floating side menu CVE ID: CVE-2023-3225 CVSS Score: 4.4 (Medium) Researcher/s: Dipak Panchal Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5b6739b5-0df4-49b2-a655-4f0cff5886b7&gt;

MojoPlug Slide Panel <= 1.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: MojoPlug Slide Panel CVE ID: CVE-2023-23807 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/639a46b3-d19f-4ab4-995e-fd3de556b76e&gt;

PrePost SEO <= 3.0 - Authenticated(Administrator+) Stored Cross-Site Scripting

Affected Software: PrePost SEO CVE ID: CVE-2023-2029 CVSS Score: 4.4 (Medium) Researcher/s: Taurus Omar Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/93385acc-aede-4948-b64e-d1ab23167d17&gt;

Extra User Details <= 0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Extra User Details CVE ID: CVE-2023-35878 CVSS Score: 4.4 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a2362dea-8c4a-426f-9482-b7e19b8f5f4e&gt;

Customer Service Software & Support Ticket System <= 5.12.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Customer Service Software & Support Ticket System CVE ID: CVE Unknown CVSS Score: 4.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b27338c7-2fbc-4985-a25e-8e2a9fdef8c3&gt;

About Me 3000 widget <= 2.2.6 - Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: About Me 3000 widget CVE ID: CVE-2023-3369 CVSS Score: 4.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/be6f660f-041a-42f2-ab5b-72aedf75727d&gt;

wpView <= 1.3.0 - Authenticated(Administrator+) Stored Cross-Site Scripting

Affected Software: Display Custom Fields – wpView CVE ID: CVE-2023-33213 CVSS Score: 4.4 (Medium) Researcher/s: Bae Song Hyun Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c4cad108-6574-4f14-8a37-89c4c10279d6&gt;

AN_GradeBook <= 5.0.1 - Authenticated(Administrator+) Stored Cross-Site Scripting

Affected Software: AN_GradeBook CVE ID: CVE-2023-2709 CVSS Score: 4.4 (Medium) Researcher/s: Bob Matyas Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d574ed8b-2887-4a56-9fca-914148095ba1&gt;

Image Protector <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Image Protector CVE ID: CVE-2023-2026 CVSS Score: 4.4 (Medium) Researcher/s: Shreya Pohekar Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f8a2a23c-23bf-4f23-8b9d-1d6fe869d705&gt;

Buy Me a Coffee – Button and Widget Plugin <= 3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Buy Me a Coffee – Button and Widget Plugin CVE ID: CVE-2023-2578 CVSS Score: 4.4 (Medium) Researcher/s: Felipe Restrepo Rodriguez Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f8f3ce3d-ae8a-4c0f-a74d-657225a932f1&gt;

WooCommerce Square <= 3.8.1 - Missing Authorization via multiple AJAX actions

Affected Software: WooCommerce Square CVE ID: CVE-2023-35876 CVSS Score: 4.3 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0660d753-177e-419a-9e81-3ee2d08cfbc0&gt;

WooCommerce PayPal Payments <= 2.0.4 - Cross-Site Request Forgery

Affected Software: WooCommerce PayPal Payments CVE ID: CVE-2023-35917 CVSS Score: 4.3 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1023edcb-9879-4dde-b62e-3ce65d7fef2f&gt;

Complianz <= 6.4.5 (Premium <= 6.4.7) - Cross-Site Request Forgery

Affected Software/s: Complianz Premium – GDPR/CCPA Cookie Consent, Complianz – GDPR/CCPA Cookie Consent CVE ID: CVE-2023-34030 CVSS Score: 4.3 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/17ab4800-0afd-4c39-970a-bd8dcc6a8b93&gt;

MyCurator Content Curation <= 3.74 - Cross-Site Request Forgery

Affected Software: MyCurator Content Curation CVE ID: CVE-2023-32104 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3301899e-5c38-4ecd-b095-6e00b0f7582e&gt;

Extra User Details <= 0.5 - Cross-Site Request Forgery

Affected Software: Extra User Details CVE ID: CVE-2023-35877 CVSS Score: 4.3 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/81463022-c075-40e8-962d-b2ca27fd4f70&gt;

Gallery Metabox <= 1.5 - Missing Authorization via refresh_metabox

Affected Software: Gallery Metabox CVE ID: CVE-2023-2562 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/951e4651-56d6-474d-84b3-5a7cfc357b9f&gt;

Potent Donations for WooCommerce <= 1.1.9 - Cross-Site Request Forgery in hm_wcdon_admin_page

Affected Software: Potent Donations for WooCommerce CVE ID: CVE-2023-35912 CVSS Score: 4.3 (Medium) Researcher/s: qilin_99 Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/98358366-7cb0-40ae-a931-10985c916af1&gt;

WooCommerce Brands <= 1.6.49 - Cross-Site Request Forgery

Affected Software: WooCommerce Brands CVE ID: CVE-2023-35880 CVSS Score: 4.3 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a26a6f28-4a7f-421d-a69e-2afbe1367106&gt;

WP-Members Membership <= 3.4.7.3 - Cross-Site Request Forgery to Settings Update

Affected Software: WP-Members Membership Plugin CVE ID: CVE-2023-2869 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/dabc2ae0-6005-4287-b1b0-385bc6d5c467&gt;

WP Mail Logging <= 1.11.2 - Missing Authorization to Notice Dismissal

Affected Software: WP Mail Logging CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/de00d13b-fab9-4284-9594-abd000fbb7ef&gt;

Gallery Metabox <= 1.5 - Missing Authorization via gallery_remove

Affected Software: Gallery Metabox CVE ID: CVE-2023-2561 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/faad339f-96d6-4937-a1f3-9d2d19bc6395&gt;

As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (June 19, 2023 to June 25, 2023) appeared first on Wordfence.

Related

openvas 6
cvelist 44
cve 43
wpvulndb 19
prion 39
nvd 40
wpexploit 4
vulnrichment 2
zdt 1
packetstorm 1
openvas
openvas
WordPress WooPayments Plugin < 5.9.1 Multiple Vulnerabilities
2023-12-28 00:00:00
WordPress Complianz - GDPR/CCPA Cookie Consent Premium Plugin < 6.4.7 CSRF Vulnerability
2023-12-01 00:00:00
WordPress Complianz - GDPR/CCPA Cookie Consent Premium Plugin < 6.4.8 CSRF Vulnerability
2023-12-01 00:00:00
cvelist
cvelist
CVE-2023-23678 WordPress WP Cookie Notice for GDPR, CCPA & ePrivacy Consent Plugin <= 2.2.5 is vulnerable to CSV Injection
2023-11-07 15:48:28
CVE-2023-32291 WordPress MonsterInsights Pro Plugin <= 8.14.1 is vulnerable to Cross Site Scripting (XSS)
2023-11-30 12:29:50
CVE-2023-36501 WordPress teachPress Plugin <= 9.0.2 is vulnerable to Cross Site Scripting (XSS)
2023-07-25 13:23:14
cve
cve
CVE-2023-23678
2023-11-07 16:15:28
CVE-2023-36508
2023-10-31 15:15:08
CVE-2023-36504
2024-06-14 00:15:10
wpvulndb
wpvulndb
MStore API < 3.9.8 - Unauthenticated SQL Injection
2023-06-23 00:00:00
Form Builder <= 1.9.9.0 - CSRF
2023-06-19 00:00:00
Contact Form to DB by BestWebSoft < 1.7.2 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
2023-10-31 00:00:00
prion
prion
Cross site scripting
2023-11-30 13:15:00
Input validation
2023-11-07 16:15:00
Cross site request forgery (csrf)
2023-11-30 14:15:00
nvd
nvd
CVE-2023-36504
2024-06-14 00:15:10
CVE-2023-34017
2023-07-25 14:15:10
CVE-2022-47614
2023-06-23 15:15:08
wpexploit
wpexploit
WooCommerce Bulk Stock Management < 2.2.34 - Reflected XSS
2023-06-20 00:00:00
WooCommerce Product Vendors < 2.1.79 - ShopManager+ SQLi
2023-06-19 00:00:00
Gravity Forms < 2.7.5 - Reflected XSS
2023-06-21 00:00:00
vulnrichment
vulnrichment
CVE-2023-36504 WordPress BBS e-Popup plugin <= 2.4.5 - Broken Access Control vulnerability
2024-06-13 23:48:53
CVE-2023-36505 WordPress Ninja Forms Plugin <= 3.6.24 is vulnerable to Arbitrary File Deletion
2024-04-17 09:09:33
zdt
zdt
WP Sticky Social 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting Exploit
2023-06-26 00:00:00
packetstorm
packetstorm
WordPress WP Sticky Social 1.0.1 CSRF / Cross Site Scripting
2023-06-21 00:00:00

0.113 Low

EPSS

Percentile

95.2%

JSON
Related for WORDFENCE:92FF0A89DCFB6B15B84D30998321C721
openvas6cvelist44cve43wpvulndb19prion39nvd40wpexploit4vulnrichment2zdt1packetstorm1