Last week, there were 97 vulnerabilities disclosed in 63 WordPress Plugins and 5 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 28 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface and vulnerability API are completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
_Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published. _
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Patch Status | Number of Vulnerabilities |
---|---|
Unpatched | 25 |
Patched | 72 |
Severity Rating | Number of Vulnerabilities |
---|---|
Low Severity | 0 |
Medium Severity | 79 |
High Severity | 14 |
Critical Severity | 4 |
Vulnerability Type by CWE | Number of Vulnerabilities |
---|---|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 37 |
Cross-Site Request Forgery (CSRF) | 29 |
Missing Authorization | 17 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 6 |
Deserialization of Untrusted Data | 3 |
Improper Authorization | 2 |
Incorrect Privilege Assignment | 1 |
Unrestricted Upload of File with Dangerous Type | 1 |
Authorization Bypass Through User-Controlled Key | 1 |
Researcher Name | Number of Vulnerabilities |
---|---|
Marco Wotschka | 24 |
Chloe Chamberland | 8 |
Mika | 7 |
minhtuanact | 5 |
Lana Codes | 5 |
yuyudhn | 3 |
Ramuel Gall | 3 |
MyungJu Kim | 3 |
Rafshanzani Suhada | 3 |
Erwan LR | 3 |
Ameen Alkurdy | 2 |
Rafie Muhammad | 2 |
Simone Onofri | 2 |
Donato Onofri | 2 |
Rio Darmawan | 2 |
Shreya Pohekar | 2 |
FearZzZz | 2 |
Nguyen Huu Do | 2 |
Abdi Pranata | 2 |
Elliot | 1 |
jidle | 1 |
xplo1t | 1 |
Taliya Bilal | 1 |
Dave Jong | 1 |
Pablo Sanchez | 1 |
Romés Akhan | 1 |
Yogesh Verma | 1 |
abdi paranata | 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
Software Name | Software Slug |
---|---|
Advanced Custom Fields (ACF) | advanced-custom-fields |
Ajax Search Lite | ajax-search-lite |
Ajax Search Pro | ajax-search-pro |
Albo Pretorio On line | albo-pretorio-on-line |
Appointment and Event Booking Calendar for WordPress – Amelia | ameliabooking |
Call Now Accessibility Button | accessibility-help-button |
Cancel order request / Return order / Repeat Order / Reorder for WooCommerce | cancel-order-request-woocommerce |
Comment Reply Notification | comment-reply-notification |
Comments Ratings | comments-ratings |
Connections Business Directory | connections |
CopySafe Web Protection | wp-copysafe-web |
Cryptocurrency All-in-One | cryptocurrency-prices |
Dynamics 365 Integration | integration-dynamics |
Easy Sign Up | easy-sign-up |
Email Subscription Popup | email-subscribe |
Fancy Product Designer | fancy-product-designer |
Formidable Forms – Contact Form, Survey, Quiz, Calculator & Custom Form Builder | formidable |
Front End Users | front-end-only-users |
HT Builder – WordPress Theme Builder for Elementor | ht-builder |
Hustle – Email Marketing, Lead Generation, Optins, Popups | wordpress-popup |
IFrame Shortcode | flynsarmy-iframe-shortcode |
IMPress Listings | wp-listings |
Libsyn Publisher Hub | libsyn-podcasting |
Limit Login Attempts | limit-login-attempts |
Magic Post Thumbnail | magic-post-thumbnail |
MapPress Maps for WordPress | mappress-google-maps-for-wordpress |
Maps Widget for Google Maps | google-maps-widget |
MasterStudy LMS WordPress Plugin – for Online Courses and Education | masterstudy-lms-learning-management-system |
MyCryptoCheckout – Bitcoin, Ethereum, and 175+ altcoins for WooCommerce | mycryptocheckout |
Optin Forms – Simple List Building Plugin for WordPress | optin-forms |
PHP Compatibility Checker | php-compatibility-checker |
PixTypes | pixtypes |
Product Catalog Simple | post-type-x |
Product Enquiry for WooCommerce, WooCommerce product catalog | enquiry-quotation-for-woocommerce |
Product Feed PRO for WooCommerce | woo-product-feed-pro |
Product page shipping calculator for WooCommerce | product-page-shipping-calculator-for-woocommerce |
PropertyHive | propertyhive |
Random Text | randomtext |
SEOPress – On-site SEO | wp-seopress |
SMTP Mailing Queue | smtp-mailing-queue |
Simple Job Board | simple-job-board |
SimpleModal Contact Form (SMCF) | simplemodal-contact-form-smcf |
Site Reviews | site-reviews |
Sp*tify Play Button for WordPress | spotify-play-button-for-wordpress |
Spreadshop Plugin | spreadshop |
StagTools | stagtools |
Steveas WP Live Chat Shoutbox | wp-shoutbox-live-chat |
Superb Social Media Share Buttons and Follow Buttons for WordPress | superb-social-share-and-follow-buttons |
Tiny carousel horizontal slider plus | tiny-carousel-horizontal-slider-plus |
Transbank Webpay REST | transbank-webpay-plus-rest |
User Registration – Custom Registration Form, Login Form And User Profile For WordPress | user-registration |
WCFM Marketplace – Best Multivendor Marketplace for WooCommerce | wc-multivendor-marketplace |
WCFM Membership – WooCommerce Memberships for Multivendor Marketplace | wc-multivendor-membership |
WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible | wc-frontend-manager |
WP Data Access | wp-data-access |
WP FEvents Book | wp-fevents-book |
WP Fastest Cache | wp-fastest-cache |
WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager | insert-headers-and-footers |
YourChannel: Everything you want in a YouTube plugin. | yourchannel |
ZYREX POPUP | popup-zyrex |
amr ical events lists | amr-ical-events-list |
qTranslate X Cleanup and WPML Import | qtranslate-to-wpml-export |
tencentcloud-cos | tencentcloud-cos |
Software Name | Software Slug |
---|---|
Houzez | houzez |
The7 — Website and eCommerce Builder for WordPress | [dt-the7](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/The7 — Website and eCommerce Builder for WordPress>) |
TheRoof | theroof |
Weaver Xtreme | [weaver-xtreme](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/Weaver Xtreme>) |
outdoor | outdoor |
Affected Software: WCFM Membership – WooCommerce Memberships for Multivendor Marketplace CVE ID: CVE-2022-4939 CVSS Score: 9.8 (Critical) Researcher/s: Chloe Chamberland Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0870de2d-bca5-4d57-a07f-877a416ce0d5>
Affected Software: Houzez CVE ID: CVE-2023-29432 CVSS Score: 9.8 (Critical) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/64087631-3514-4fec-ad2f-b095d7c727bd>
Affected Software: Formidable Forms – Contact Form, Survey, Quiz, Calculator & Custom Form Builder CVE ID: CVE-2023-1405 CVSS Score: 9.8 (Critical) Researcher/s: Nguyen Huu Do Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7db04a93-a384-4093-8cab-6f1d6822f625>
Affected Software: Steveas WP Live Chat Shoutbox CVE ID: CVE-2023-1020 CVSS Score: 9.8 (Critical) Researcher/s: Simone Onofri, Donato Onofri Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d4e1ca02-4eb5-4a46-99d5-89630f37d9ed>
Affected Software: WCFM Marketplace – Best Multivendor Marketplace for WooCommerce CVE ID: CVE-2022-4935 CVSS Score: 8.8 (High) Researcher/s: Chloe Chamberland Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/85730e9b-c5da-473c-a324-891c5c9f7ba3>
Affected Software: MapPress Maps for WordPress CVE ID: CVE-2023-26015 CVSS Score: 8.8 (High) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/aab16b6f-4daf-4eb1-9526-dd05b2b41dee>
Affected Software: Advanced Custom Fields (ACF) CVE ID: CVE-2023-1196 CVSS Score: 8.8 (High) Researcher/s: Nguyen Huu Do Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b13e1916-2a02-4a91-acf1-6e5d7c55bd57>
Affected Software: Fancy Product Designer CVE ID: CVE-2021-4334 CVSS Score: 8.8 (High) Researcher/s: Ramuel Gall Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ea097cb7-85f4-4b6d-9f29-bc2636993f21>
Affected Software: WP Data Access CVE ID: CVE-2023-1874 CVSS Score: 7.5 (High) Researcher/s: Chloe Chamberland Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8f562e33-2aef-46f0-8a65-691155ede9e7>
Affected Software: WCFM Membership – WooCommerce Memberships for Multivendor Marketplace CVE ID: CVE-2022-4940 CVSS Score: 7.3 (High) Researcher/s: Chloe Chamberland Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9c6577a2-6722-4d3b-958d-1143dca414cd>
Affected Software: CopySafe Web Protection CVE ID: CVE-2023-29098 CVSS Score: 7.2 (High) Researcher/s: Elliot Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/07e110b3-ef10-482d-a564-c9f23631e5f3>
Affected Software: Magic Post Thumbnail CVE ID: CVE-2023-29171 CVSS Score: 7.2 (High) Researcher/s: minhtuanact Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/08bbde25-bb9a-469c-83de-b680bb501ad6>
Affected Software: Steveas WP Live Chat Shoutbox CVE ID: CVE-2023-0899 CVSS Score: 7.2 (High) Researcher/s: Simone Onofri, Donato Onofri Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2630dbfe-2e11-4671-9a75-377237ac1ea1>
Affected Software: Transbank Webpay REST CVE ID: CVE-2023-27610 CVSS Score: 7.2 (High) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2b737a26-e4ae-4c9f-a98a-a22a31ac4f99>
Affected Software: Albo Pretorio On line CVE ID: CVE-2023-28993 CVSS Score: 7.2 (High) Researcher/s: Romés Akhan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8fbcd728-d2a2-4787-841d-0ce77356f737>
Affected Software: Limit Login Attempts CVE ID: CVE-2023-1912 CVSS Score: 7.2 (High) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cb8c80fc-3b51-4003-b221-6f02e74bead0>
Affected Software: ZYREX POPUP CVE ID: CVE-2023-0924 CVSS Score: 7.2 (High) Researcher/s: Yogesh Verma Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cf992c75-a1ae-49c3-8110-2f3b31b23f6c>
Affected Software: Ajax Search Lite CVE ID: CVE-2023-1420 CVSS Score: 7.2 (High) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f5e6cb50-8262-406b-b01e-37d62a4bd394>
Affected Software: SEOPress – On-site SEO CVE ID: CVE Unknown CVSS Score: 6.6 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/06863974-e428-418b-891a-ade59ee46c4f>
Affected Software: amr ical events lists CVE ID: CVE-2023-1021 CVSS Score: 6.6 (Medium) Researcher/s: Shreya Pohekar Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a4531261-d76e-4419-b915-749c72830608>
Affected Software: YourChannel: Everything you want in a YouTube plugin. CVE ID: CVE-2023-1865 CVSS Score: 6.5 (Medium) Researcher/s: Marco Wotschka Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/34817e32-d5a3-403a-85f0-1d60af8945de>
Affected Software: YourChannel: Everything you want in a YouTube plugin. CVE ID: CVE-2023-1868 CVSS Score: 6.5 (Medium) Researcher/s: Marco Wotschka Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/541d202b-f3ed-44d8-93a6-e158209db885>
Affected Software: Front End Users CVE ID: CVE Unknown CVSS Score: 6.5 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5ccfafaf-902f-4142-90b3-9f70800eb377>
Affected Software: WP FEvents Book CVE ID: CVE-2023-1126 CVSS Score: 6.4 (Medium) Researcher/s: Ameen Alkurdy Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/088aead8-37bb-4277-81e0-b7e2c13e9072>
Affected Software: IFrame Shortcode CVE ID: CVE-2023-29436 CVSS Score: 6.4 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3f28b1b2-e751-423e-b4c5-893778eebf3f>
Affected Software: StagTools CVE ID: CVE-2023-0891 CVSS Score: 6.4 (Medium) Researcher/s: xplo1t Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/45754b5b-8f94-4806-a931-bb423450682c>
Affected Software: Weaver Xtreme CVE ID: CVE-2023-1403 CVSS Score: 6.4 (Medium) Researcher/s: Ramuel Gall Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5b2bef63-c871-45e4-bb05-12bbba20ca5e>
Affected Software: Cryptocurrency All-in-One CVE ID: CVE-2023-29435 CVSS Score: 6.4 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7492cffe-6e17-4c59-8979-2fa168b4f41d>
Affected Software: Easy Sign Up CVE ID: CVE-2023-23701 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/af718d65-9f8f-4ed8-80ed-e7ed34169016>
Affected Software: WCFM Membership – WooCommerce Memberships for Multivendor Marketplace CVE ID: CVE-2022-4941 CVSS Score: 6.3 (Medium) Researcher/s: Chloe Chamberland Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3758db41-a3c5-436a-bb9a-5886f10d1519>
Affected Software: WCFM Marketplace – Best Multivendor Marketplace for WooCommerce CVE ID: CVE-2022-4936 CVSS Score: 6.3 (Medium) Researcher/s: Chloe Chamberland Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5c2cc9a3-cd20-4c9e-baa4-1aea69f84331>
Affected Software: Fancy Product Designer CVE ID: CVE-2021-4335 CVSS Score: 6.3 (Medium) Researcher/s: Ramuel Gall Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/644624d8-c193-4ee6-bc82-7ccda5d7f2ac>
Affected Software: WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible CVE ID: CVE-2022-4938 CVSS Score: 6.3 (Medium) Researcher/s: Chloe Chamberland Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/798b57ad-0922-435c-8b4d-8a96b388b314>
Affected Software: WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible CVE ID: CVE-2022-4937 CVSS Score: 6.3 (Medium) Researcher/s: Chloe Chamberland Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d946d4b5-bed7-4808-b133-783b2dcd7992>
Affected Software: WP FEvents Book CVE ID: CVE-2023-1129 CVSS Score: 6.3 (Medium) Researcher/s: Ameen Alkurdy Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f63d494c-1d1e-4faa-930a-3fcf2b136182>
Affected Software: The7 — Website and eCommerce Builder for WordPress CVE ID: CVE-2023-29100 CVSS Score: 6.1 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/24c67243-0452-4820-bfb4-b7ac4804aa4b>
Affected Software: TheRoof CVE ID: CVE-2023-29430 CVSS Score: 6.1 (Medium) Researcher/s: FearZzZz Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/624d9627-0ffc-409f-beb7-60e80177aa9b>
Affected Software: Product Catalog Simple CVE ID: CVE-2023-29388 CVSS Score: 6.1 (Medium) Researcher/s: minhtuanact Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6cd58adb-31cd-49e2-9c9d-e248b4b0a778>
Affected Software: MyCryptoCheckout – Bitcoin, Ethereum, and 175+ altcoins for WooCommerce CVE ID: CVE-2023-1546 CVSS Score: 6.1 (Medium) Researcher/s: Pablo Sanchez Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7633b5cd-0e8f-4744-bfee-d6d54a44c143>
Affected Software: Appointment and Event Booking Calendar for WordPress – Amelia CVE ID: CVE-2023-29427 CVSS Score: 6.1 (Medium) Researcher/s: minhtuanact Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8a41f96d-216f-4e5a-a28d-665b052666fb>
Affected Software: PropertyHive CVE ID: CVE-2023-29172 CVSS Score: 6.1 (Medium) Researcher/s: minhtuanact Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9f395100-cf1f-4a3e-a353-1aec6b4e7448>
Affected Software: Ajax Search Pro CVE ID: CVE-2023-1435 CVSS Score: 6.1 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c1a0d54f-08f7-4ec5-8cfe-6c4a6eb26748>
Affected Software: outdoor CVE ID: CVE-2023-29236 CVSS Score: 6.1 (Medium) Researcher/s: FearZzZz Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ef60f4c3-e38f-4f95-80cd-5e1f5512ebf5>
Affected Software: YourChannel: Everything you want in a YouTube plugin. CVE ID: CVE-2023-1869 CVSS Score: 5.5 (Medium) Researcher/s: Marco Wotschka Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a81d5615-0b96-4d89-a525-7e80a10a9317>
Affected Software: YourChannel: Everything you want in a YouTube plugin. CVE ID: CVE-2023-1866 CVSS Score: 5.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/45851efe-2584-4b5e-8e4c-24f289d3bc32>
Affected Software: YourChannel: Everything you want in a YouTube plugin. CVE ID: CVE-2023-1867 CVSS Score: 5.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4c20db2d-f73d-4e52-a275-ab1975ae4b17>
Affected Software: Random Text CVE ID: CVE-2023-0388 CVSS Score: 5.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6badba6d-1ff1-4d6f-bccf-1f0278edb17d>
Affected Software: Connections Business Directory CVE ID: CVE-2023-29437 CVSS Score: 5.4 (Medium) Researcher/s: Rafshanzani Suhada Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ae40fd4a-8448-48ea-9b31-067643972b44>
Affected Software: IMPress Listings CVE ID: CVE-2023-22711 CVSS Score: 5.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d31b9022-ae45-4bc2-b820-fb88faf0796f>
Affected Software: YourChannel: Everything you want in a YouTube plugin. CVE ID: CVE-2023-1871 CVSS Score: 5.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f7ae863c-4638-49ab-bb1f-52346884c3aa>
Affected Software: User Registration – Custom Registration Form, Login Form And User Profile For WordPress CVE ID: CVE-2023-29429 CVSS Score: 5.3 (Medium) Researcher/s: Rafshanzani Suhada Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a671128a-74e6-4f92-94af-9e5e37ed7b7a>
Affected Software: Libsyn Publisher Hub CVE ID: CVE-2023-25057 CVSS Score: 5.3 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cbafdc15-cf42-4a12-bd79-5c602ce10625>
Affected Software: Email Subscription Popup CVE ID: CVE Unknown CVSS Score: 4.7 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/63b30d03-43d2-4696-aa36-8b39ec2c4ed0>
Affected Software: WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager CVE ID: CVE-2023-1624 CVSS Score: 4.7 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e52c53c1-4f04-4075-9329-d93fabf5a6ce>
Affected Software: Tiny carousel horizontal slider plus CVE ID: CVE-2023-24418 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/167ae586-1f18-43ac-a7c1-e67a00ce8787>
Affected Software: SMTP Mailing Queue CVE ID: CVE-2023-1090 CVSS Score: 4.4 (Medium) Researcher/s: jidle Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1a0ba31d-d2d8-4614-8f77-a041c25c0519>
Affected Software: Sp*tify Play Button for WordPress CVE ID: CVE-2023-1840 CVSS Score: 4.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/308f6887-7c1c-4efd-85e2-b71bb6d26dab>
Affected Software: Optin Forms – Simple List Building Plugin for WordPress CVE ID: CVE-2023-29434 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3971c145-6dca-49af-bbb3-7ef4ce51507f>
Affected Software: Call Now Accessibility Button CVE ID: CVE Unknown CVSS Score: 4.4 (Medium) Researcher/s: Taliya Bilal Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/561821b3-e667-428a-9900-e93cab6019b6>
Affected Software: Site Reviews CVE ID: CVE-2023-1525 CVSS Score: 4.4 (Medium) Researcher/s: Shreya Pohekar Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5c31072d-9921-4bef-809c-b97a1020a2cf>
Affected Software: Cancel order request / Return order / Repeat Order / Reorder for WooCommerce CVE ID: CVE-2023-29423 CVSS Score: 4.4 (Medium) Researcher/s: MyungJu Kim Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7f49477f-7a43-489b-8d3c-db8d0efeb596>
Affected Software: Product Enquiry for WooCommerce, WooCommerce product catalog CVE ID: CVE-2023-29170 CVSS Score: 4.4 (Medium) Researcher/s: MyungJu Kim Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/889986f8-224e-4af4-a1d2-ef4b04a7e83f>
Affected Software: SimpleModal Contact Form (SMCF) CVE ID: CVE-2023-29438 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d8c19868-49c2-4ee2-883a-93549e65d41a>
Affected Software: Maps Widget for Google Maps CVE ID: CVE-2023-1913 CVSS Score: 4.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/de871598-e4e7-49f6-8530-68243544c06c>
Affected Software: Hustle – Email Marketing, Lead Generation, Optins, Popups CVE ID: CVE Unknown CVSS Score: 4.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e74be387-1413-49c5-91c6-66e620562b42>
Affected Software: Product page shipping calculator for WooCommerce CVE ID: CVE-2023-29094 CVSS Score: 4.4 (Medium) Researcher/s: MyungJu Kim Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ed0a37cc-49db-4919-8d0d-cb7739332229>
Affected Software: Dynamics 365 Integration CVE ID: CVE-2023-29422 CVSS Score: 4.3 (Medium) Researcher/s: minhtuanact Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/01cc3955-ef2f-4e2b-8dc6-b26f5a3d2f89>
Affected Software: WP Fastest Cache CVE ID: CVE-2023-1919 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/024f4058-065b-48b4-a08a-d9732d4375cd>
Affected Software: WP Fastest Cache CVE ID: CVE-2023-1925 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/096257a4-6ee9-41e1-8a59-4ffcd309f83c>
Affected Software: WP Fastest Cache CVE ID: CVE-2023-1921 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/17c7c61d-c110-448e-ad8a-bc1c00393524>
Affected Software: WP Fastest Cache CVE ID: CVE-2023-1918 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1c8034ff-cf36-498f-9efc-a4e6bbb92b2c>
Affected Software: MasterStudy LMS WordPress Plugin – for Online Courses and Education CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1ddcd2eb-fd7a-48b7-b9ea-3632d49e9734>
Affected Software: WP Fastest Cache CVE ID: CVE-2023-1929 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1e567aec-07e5-494a-936d-93b40d3e3043>
Affected Software: Comment Reply Notification CVE ID: CVE-2023-25051 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/27eb0101-b3d1-458d-b7d7-69d92e3a4bb8>
Affected Software: PixTypes CVE ID: CVE-2023-25487 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2ac7414c-8035-406a-ab1e-94d9f64e52fa>
Affected Software: Comments Ratings CVE ID: CVE-2023-23704 CVSS Score: 4.3 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2bbf9526-1a82-496e-b762-6fa114ba8d46>
Affected Software: PHP Compatibility Checker CVE ID: CVE-2023-24421 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/41fada19-c697-4078-825b-0bdf6a827b02>
Affected Software: qTranslate X Cleanup and WPML Import CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/43d534f8-fb1c-4170-a66e-2cef72cd40de>
Affected Software: WP Fastest Cache CVE ID: CVE-2023-1923 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/49ba5cfa-c2cc-49ac-b22d-7e36ccca6ac5>
Affected Software: WP Fastest Cache CVE ID: CVE-2023-1927 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4d3858f5-3f13-400c-acf4-eb3dc3a43308>
Affected Software: WP Fastest Cache CVE ID: CVE-2023-1928 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/56a90042-a6c0-4487-811b-ced23c97f9f4>
Affected Software: Spreadshop Plugin CVE ID: CVE-2023-29426 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7f15ac06-b5d3-4265-b69b-1d46b12a0522>
Affected Software: tencentcloud-cos CVE ID: CVE-2023-29433 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/91ea157f-7a74-427f-b1eb-a9187f2d9096>
Affected Software: Simple Job Board CVE ID: CVE-2023-29440 CVSS Score: 4.3 (Medium) Researcher/s: Rafshanzani Suhada Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9bbd528a-94fe-4979-b30f-02c6872db086>
Affected Software: WP Fastest Cache CVE ID: CVE-2023-1922 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a1743b26-861e-4a61-80de-b8cc82308228>
Affected Software: WP Fastest Cache CVE ID: CVE-2023-1924 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a87f610a-c1ef-4365-bd74-569989587d41>
Affected Software: WP Fastest Cache CVE ID: CVE-2023-1931 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b4bb2d72-ff31-4220-acb3-ed17bb9229b5>
Affected Software: WP Fastest Cache CVE ID: CVE-2023-1926 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b793a4cb-3130-428e-9b61-8ce29fcdaf70>
Affected Software: WP Fastest Cache CVE ID: CVE-2023-1930 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bae67a68-4bd1-4b52-b3dd-af0eef014028>
Affected Software: qTranslate X Cleanup and WPML Import CVE ID: CVE-2023-29431 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bbe973a3-a8bf-4037-9067-7cc0987291fe>
Affected Software: YourChannel: Everything you want in a YouTube plugin. CVE ID: CVE-2023-1870 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c1cec0b1-b77c-4d21-a3d2-c79fd3250bb0>
Affected Software: Product Feed PRO for WooCommerce CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c80833c3-8ffc-41a1-8d11-dafa962191fd>
Affected Software: WP Fastest Cache CVE ID: CVE-2023-1920 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c8e90994-3b5c-4ae6-a27f-890a9101b440>
Affected Software: Superb Social Media Share Buttons and Follow Buttons for WordPress CVE ID: CVE-2023-29428 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ca4dead2-c6da-4613-8ce6-13699a7495a1>
Affected Software: HT Builder – WordPress Theme Builder for Elementor CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/df413b9d-5c22-4276-a11b-4f193c48740d>
Affected Software: Superb Social Media Share Buttons and Follow Buttons for WordPress CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: abdi paranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ebea0ec0-f7ee-41c5-b0a5-a78e9cd11d41>
Affected Software: Front End Users CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ee13399f-0fc9-40f3-93f5-34c913d54aa0>
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (Apr 3, 2023 to Apr 9, 2023) appeared first on Wordfence.