Last week, there were 69 vulnerabilities disclosed in 60 WordPress plugins and 4 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 32 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface and vulnerability API are completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
_Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published. _
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Patch Status | Number of Vulnerabilities |
---|---|
Unpatched | 30 |
Patched | 39 |
Severity Rating | Number of Vulnerabilities |
---|---|
Low Severity | 0 |
Medium Severity | 60 |
High Severity | 6 |
Critical Severity | 3 |
Vulnerability Type by CWE | Number of Vulnerabilities |
---|---|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 31 |
Cross-Site Request Forgery (CSRF) | 16 |
Missing Authorization | 10 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 5 |
Authorization Bypass Through User-Controlled Key | 2 |
Improper Privilege Management | 1 |
Information Exposure | 1 |
Authentication Bypass Using an Alternate Path or Channel | 1 |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') | 1 |
Improper Neutralization of Formula Elements in a CSV File | 1 |
Researcher Name | Number of Vulnerabilities |
---|---|
Mika | 4 |
Lana Codes | 4 |
yuyudhn | 3 |
Erwan LR | 3 |
Dave Jong | 3 |
Shreya Pohekar | 3 |
Rio Darmawan | 2 |
Maurice Fielenbach | 2 |
Alex Thomas | 2 |
Prasanna V Balaji | 2 |
Muhammad Daffa | 2 |
Pavak Tiwari | 2 |
Cat | 2 |
Ivy | 2 |
Abdi Pranata | 2 |
Rafie Muhammad | 2 |
Mahesh Nagabhairava | 1 |
TEAM WEBoB of BoB 11th | 1 |
Skalucy | 1 |
Marc-Alexandre Montpas | 1 |
Fariq Fadillah Gusti Insani | 1 |
qilin_99 | 1 |
dc11 | 1 |
Pavitra Tiwari | 1 |
Johan Kragt | 1 |
Sajjad Shariati | 1 |
Justiice | 1 |
Yuki Haruma | 1 |
LOURCODE | 1 |
Ramuel Gall | 1 |
Padavishree | 1 |
Ameen Alkurdy | 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
Software Name | Software Slug |
---|---|
AFFILIATE Solution | affiliate-solution |
AI ChatBot | chatbot |
AdFoxly – Ad Manager, AdSense Ads & Ads.txt | adfoxly |
Affiliate Links Lite | affiliate-links |
Article Directory Redux | article-directory-redux |
Best WordPress Gallery Plugin – FooGallery | foogallery |
Better Search – Relevant search results for WordPress | better-search |
Blocksy Companion | blocksy-companion |
Booqable Rental Plugin | booqable-rental-reservations |
Cloud Manager | cloud-manager |
CoSchedule | coschedule-by-todaymade |
Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress | contact-form-to-db |
Coupon Affiliates – WooCommerce Affiliate Plugin | woo-coupon-usage |
Custom Order Numbers for WooCommerce | custom-order-numbers-for-woocommerce |
Cyr to Lat enhanced | cyr3lat |
Database Collation Fix | database-collation-fix |
Download Manager Pro | download-manager |
Easy Appointments | easy-appointments |
ElasticPress | elasticpress |
Electric Studio Client Login | electric-studio-client-login |
Enable Accessibility | enable-accessibility |
External Videos | external-videos |
Fantastic Content Protector Free | fantastic-content-protector-free |
Featured Post Creative | featured-post-creative |
Forminator – Contact Form, Payment Form & Custom Form Builder | forminator |
Kaya QR Code Generator | kaya-qr-code-generator |
Landing Page Builder – Free Landing Page Templates | ultimate-landing-page |
Limit Login Attempts | limit-login-attempts |
Motor Racing League | motor-racing-league |
Neshan Maps | neshan-maps |
Newsletters | newsletters-lite |
Optima Express + MarketBoost IDX Plugin | optima-express |
Paytm – Donation Plugin | paytm-donation |
Pickup | Delivery |
PowerPress Podcasting plugin by Blubrry | powerpress |
Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin | pretty-link |
Product Catalog Feed by PixelYourSite | product-catalog-feed |
Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress | quiz-master-next |
Restricted Site Access | restricted-site-access |
ReviewX – Multi-criteria Rating & Reviews for WooCommerce | reviewx |
Ruby Help Desk | ruby-help-desk |
ShiftController Employee Shift Scheduling | shiftcontroller |
Shortcodes by Angie Makes | wc-shortcodes |
Simple PopUp | simple-popup |
Stamped.io Product Reviews & UGC for WooCommerce | stampedio-product-reviews |
Stock Exporter for WooCommerce | stock-exporter-for-woocommerce |
SupportCandy – Helpdesk & Support Ticket System | supportcandy |
Ultimate Noindex Nofollow Tool II | ultimate-noindex-nofollow-tool-ii |
User registration & user profile – UserPlus | userplus |
Vimeotheque / Vimeo | codeflavors-vimeo-video-post-lite |
WP EasyPay – Square for WordPress | wp-easy-pay |
WP Inventory Manager | wp-inventory-manager |
WP Reroute Email | wp-reroute-email |
WP Roles at Registration | wp-roles-at-registration |
Watu Quiz | watu |
WooCommerce Wishlist by MC + (Free Elementor & Email Marketing Automation) | smart-wishlist-for-more-convert |
ZM Ajax Login & Register | zm-ajax-login-register |
a3 Portfolio | a3-portfolio |
hiWeb Migration Simple | hiweb-migration-simple |
tencentcloud-cos | tencentcloud-cos |
Software Name | Software Slug |
---|---|
Betheme | betheme |
Blogger Buzz | [blogger-buzz](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/Blogger Buzz>) |
Educenter | educenter |
Square | square |
Affected Software: SupportCandy – Helpdesk & Support Ticket System CVE ID: CVE-2023-1730 CVSS Score: 9.8 (Critical) Researcher/s: dc11 Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5ca1c55a-cd4e-429a-ab74-dd1bad1a65f5>
Affected Software: ZM Ajax Login & Register CVE ID: CVE-2023-2027 CVSS Score: 9.8 (Critical) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b10d01ec-54ef-456b-9410-ed013343a962>
Affected Software: Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress CVE ID: CVE-2023-28787 CVSS Score: 9.8 (Critical) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b29dcd7a-a0bc-4983-85ba-6ebf2c405ceb>
Affected Software: Cyr to Lat enhanced CVE ID: CVE-2022-4290 CVSS Score: 8.8 (High) Researcher/s: Ramuel Gall Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c9c29130-1b42-4edd-ad62-6f635e03ae31>
Affected Software/s: Restricted Site Access, ElasticPress CVE ID: CVE-2023-28154 CVSS Score: 8.3 (High) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1cda31a4-4c79-4567-a527-6510c31d2843>
Affected Software: WP Reroute Email CVE ID: CVE-2023-27605 CVSS Score: 7.2 (High) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/395a8ca6-78b8-43f2-8e8c-896702b5da0d>
Affected Software: Paytm – Donation Plugin CVE ID: CVE-2023-28535 CVSS Score: 7.2 (High) Researcher/s: qilin_99 Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/534e6f80-b162-4a4b-a979-72ed63a8b0dc>
Affected Software: Landing Page Builder – Free Landing Page Templates CVE ID: CVE-2023-24379 CVSS Score: 7.2 (High) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c40bf215-81c1-423a-9d41-9a231dfc8053>
Affected Software: Neshan Maps CVE ID: CVE-2022-47426 CVSS Score: 7.2 (High) Researcher/s: Unknown Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ee7eb754-27f0-47b0-a82f-4781cfbb0fa6>
Affected Software: Stamped.io Product Reviews & UGC for WooCommerce CVE ID: CVE-2023-30479 CVSS Score: 6.5 (Medium) Researcher/s: Fariq Fadillah Gusti Insani Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/490061dc-11f7-48f2-bc9a-974bedf16621>
Affected Software: ReviewX – Multi-criteria Rating & Reviews for WooCommerce CVE ID: CVE-2022-46809 CVSS Score: 6.5 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cc465757-4295-4a75-90f6-92c4be4e8944>
Affected Software: Limit Login Attempts CVE ID: CVE-2023-1861 CVSS Score: 6.4 (Medium) Researcher/s: Marc-Alexandre Montpas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3334fc78-48c5-4cfa-ac83-5690fdbf590a>
Affected Software: Affiliate Links Lite CVE ID: CVE-2023-22696 CVSS Score: 6.4 (Medium) Researcher/s: Justiice Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9511d8f1-ab96-4695-aa8c-16a3482a6de4>
Affected Software: a3 Portfolio CVE ID: CVE-2023-29097 CVSS Score: 6.4 (Medium) Researcher/s: Yuki Haruma Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9a190909-4b0f-4a44-8371-d79f64d323c2>
Affected Software: Kaya QR Code Generator CVE ID: CVE Unknown CVSS Score: 6.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ad8b5fd2-ba92-4afa-9b4a-a95936b9a18d>
Affected Software: Product Catalog Feed by PixelYourSite CVE ID: CVE-2023-1805 CVSS Score: 6.1 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/18d33d68-9719-4e74-a594-bc4add38ceee>
Affected Software: Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress CVE ID: CVE Unknown CVSS Score: 6.1 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/19b21013-136a-41b0-a667-39f23ccedf2e>
Affected Software: Watu Quiz CVE ID: CVE-2023-30483 CVSS Score: 6.1 (Medium) Researcher/s: Skalucy Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1d24dbdf-8fb0-41c3-8c35-e0d65c6b96f5>
Affected Software: WP Inventory Manager CVE ID: CVE-2023-1806 CVSS Score: 6.1 (Medium) Researcher/s: Maurice Fielenbach Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/363ece80-1fa6-4019-84c9-e0a65f02625d>
Affected Software: AdFoxly – Ad Manager, AdSense Ads & Ads.txt CVE ID: CVE-2023-30754 CVSS Score: 6.1 (Medium) Researcher/s: Prasanna V Balaji Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4d13ae87-f632-4eb0-bc71-5132ba6a9b13>
Affected Software: Cloud Manager CVE ID: CVE-2023-0421 CVSS Score: 6.1 (Medium) Researcher/s: Shreya Pohekar Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5d896366-a85d-49c9-9509-3f7454712474>
Affected Software: Coupon Affiliates – WooCommerce Affiliate Plugin CVE ID: CVE-2023-30475 CVSS Score: 6.1 (Medium) Researcher/s: Ivy Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6c6fc6be-7e9a-40cb-b9cd-bb71d4f487f7>
Affected Software: Vimeotheque / Vimeo CVE ID: CVE-2023-30498 CVSS Score: 6.1 (Medium) Researcher/s: Ivy Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/72256ac2-72a7-4c3c-a892-1f1795671c5d>
Affected Software: Best WordPress Gallery Plugin – FooGallery CVE ID: CVE-2023-29439 CVSS Score: 6.1 (Medium) Researcher/s: LOURCODE Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a7181056-d2ee-4c0f-b9a8-fdb7ad042a6b>
Affected Software: User registration & user profile – UserPlus CVE ID: CVE-2023-0824 CVSS Score: 6.1 (Medium) Researcher/s: Shreya Pohekar Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/acd0349b-7864-4e4e-84ba-6f0ec5b585f3>
Affected Software: ShiftController Employee Shift Scheduling CVE ID: CVE-2023-1978 CVSS Score: 6.1 (Medium) Researcher/s: Alex Thomas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b5c61212-e68e-4198-b078-18121576b767>
Affected Software: hiWeb Migration Simple CVE ID: CVE-2023-0769 CVSS Score: 6.1 (Medium) Researcher/s: Shreya Pohekar Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b9aacc69-aa46-4cdb-a301-c0bf2836d441>
Affected Software: Betheme CVE ID: CVE-2023-29101 CVSS Score: 6.1 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c14b948f-129d-4223-b3ee-0bef1f9fc703>
Affected Software: Product Catalog Feed by PixelYourSite CVE ID: CVE-2023-1804 CVSS Score: 6.1 (Medium) Researcher/s: Maurice Fielenbach Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d82d1dd2-b5b5-490a-92e5-1a4d4ab0085d>
Affected Software: Booqable Rental Plugin CVE ID: CVE-2023-30746 CVSS Score: 5.5 (Medium) Researcher/s: TEAM WEBoB of BoB 11th Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/16f183a6-b8db-461e-b17d-2faa528ff0ff>
Affected Software: Newsletters CVE ID: CVE-2023-30478 CVSS Score: 5.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0cd6474f-72e1-4ec2-a056-3c05a0dfa173>
Affected Software: PowerPress Podcasting plugin by Blubrry CVE ID: CVE-2023-1917 CVSS Score: 5.4 (Medium) Researcher/s: Alex Thomas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/44583cb7-bc32-4e62-8431-f5f1f6baeff2>
Affected Software: Custom Order Numbers for WooCommerce CVE ID: CVE-2022-45367 CVSS Score: 5.4 (Medium) Researcher/s: Muhammad Daffa Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7d19800a-bff3-414f-a809-0159f49d263a>
Affected Software: Featured Post Creative CVE ID: CVE-2023-30488 CVSS Score: 5.3 (Medium) Researcher/s: Cat Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/61585a02-fe7b-4a54-959f-346e4e0d6658>
Affected Software: Blogger Buzz CVE ID: CVE-2023-30476 CVSS Score: 5.3 (Medium) Researcher/s: Dave Jong Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/823dce74-2688-4573-b0c8-353f1789ea48>
Affected Software: Download Manager Pro CVE ID: CVE-2023-1809 CVSS Score: 5.3 (Medium) Researcher/s: Johan Kragt Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/88d80702-a987-4b12-a003-2fa564fda409>
Affected Software: Fantastic Content Protector Free CVE ID: CVE-2023-25048 CVSS Score: 5.3 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b93f8036-4a89-45e6-b86f-9d57e1662a35>
Affected Software: Shortcodes by Angie Makes CVE ID: CVE-2023-23725 CVSS Score: 5.3 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e20feb23-f78e-42e7-8922-e7cf37dbdcb1>
Affected Software: Optima Express + MarketBoost IDX Plugin CVE ID: CVE-2023-30749 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/059e262b-ee63-4f8b-82ab-c12bcf70f879>
Affected Software: External Videos CVE ID: CVE-2023-30752 CVSS Score: 4.4 (Medium) Researcher/s: Mahesh Nagabhairava Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/168e8512-d551-47f9-bc2b-c458180a6d13>
Affected Software: Simple PopUp CVE ID: CVE-2023-24406 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/18c0ecc5-b3e2-4ac0-b901-dae397e2d57c>
Affected Software: WP Roles at Registration CVE ID: CVE-2023-27609 CVSS Score: 4.4 (Medium) Researcher/s: Pavak Tiwari Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5a4eeb77-7a8b-489f-8ded-bbe09e881758>
Affected Software: Article Directory Redux CVE ID: CVE-2023-30751 CVSS Score: 4.4 (Medium) Researcher/s: Pavitra Tiwari Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/63c681e5-3110-4790-a075-4996fa1f2129>
Affected Software: Motor Racing League CVE ID: CVE-2023-27614 CVSS Score: 4.4 (Medium) Researcher/s: Pavak Tiwari Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8876ecc4-1a50-43ac-9c8d-354f6de4abdd>
Affected Software: Pickup | Delivery | Dine-in date time CVE ID: CVE-2023-0894 CVSS Score: 4.4 (Medium) Researcher/s: Sajjad Shariati Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/936803ab-93d5-4808-8758-6b8f7c01b3c2>
Affected Software: Easy Appointments CVE ID: CVE-2023-30748 CVSS Score: 4.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bfe8d13b-f387-4c82-ba9f-efadda18c882>
Affected Software: AI ChatBot CVE ID: CVE-2023-1649 CVSS Score: 4.4 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cdb3fbaa-4d33-4754-848b-77e902ea4a85>
Affected Software: Electric Studio Client Login CVE ID: CVE-2023-27425 CVSS Score: 4.4 (Medium) Researcher/s: Padavishree Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e797c0ca-f348-4d9c-815e-0c1756686690>
Affected Software: AFFILIATE Solution CVE ID: CVE-2023-30477 CVSS Score: 4.4 (Medium) Researcher/s: Prasanna V Balaji Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ef778a1d-d4ce-47fd-932b-9e86b38e2681>
Affected Software: tencentcloud-cos CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0be21ac7-4f61-44fc-9ffc-ab65faa549f6>
Affected Software: Forminator – Contact Form, Payment Form & Custom Form Builder CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2ef15cb1-b320-42d9-a2fd-afff2ec8a93b>
Affected Software: Database Collation Fix CVE ID: CVE-2023-23997 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/31612b4b-a75f-4fa4-831b-43f62a8d5fad>
Affected Software: Featured Post Creative CVE ID: CVE-2023-30488 CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/33a47156-ee93-4b59-9f73-56be5c9e3b00>
Affected Software: Educenter CVE ID: CVE-2023-30480 CVSS Score: 4.3 (Medium) Researcher/s: Dave Jong Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/344ad959-038a-46d1-b515-ae3473af8209>
Affected Software: Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin CVE ID: CVE-2022-47149 CVSS Score: 4.3 (Medium) Researcher/s: Muhammad Daffa Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5304da48-5d42-47ce-b1b1-dc04b8fa9dff>
Affected Software: Stock Exporter for WooCommerce CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6c4a9092-fd49-42fe-a84d-a9f7fe708122>
Affected Software: Forminator – Contact Form, Payment Form & Custom Form Builder CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/718e54f5-f040-42d6-958d-255d905615d5>
Affected Software: Ultimate Noindex Nofollow Tool II CVE ID: CVE-2023-30474 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7761fe7c-e7f5-4bab-8820-42e6fcabcb2f>
Affected Software: Stamped.io Product Reviews & UGC for WooCommerce CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7a8c4232-2e1e-4c99-83d5-d70f7ca1c879>
Affected Software: WooCommerce Wishlist by MC + (Free Elementor & Email Marketing Automation) CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7c7f6ef2-6c50-4739-8844-0db7d9ffe7f7>
Affected Software: WP Reroute Email CVE ID: CVE-2023-27606 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9c3a047f-be12-4308-a4a5-fbbbc37f674d>
Affected Software: Enable Accessibility CVE ID: CVE-2023-30484 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b0b8c4c3-eba2-4c20-b790-48eceeba898e>
Affected Software: CoSchedule CVE ID: CVE-2022-47165 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ca55a7a0-da31-4d3f-845b-80f89ffbadf5>
Affected Software: Forminator – Contact Form, Payment Form & Custom Form Builder CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d0cb4434-94c5-42a9-bd86-869058dcbf67>
Affected Software: Blocksy Companion CVE ID: CVE-2023-1911 CVSS Score: 4.3 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d31aad1c-89d4-4f71-bfed-a795f7a4f209>
Affected Software: Square CVE ID: CVE-2023-30486 CVSS Score: 4.3 (Medium) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d3ca4c3c-2b20-42d4-8dcf-77f4d52c25a3>
Affected Software: Better Search – Relevant search results for WordPress CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d7a02502-bc3c-4fd1-b6db-7b3c476c141f>
Affected Software: WP EasyPay – Square for WordPress CVE ID: CVE-2022-47177 CVSS Score: 4.3 (Medium) Researcher/s: Cat Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e2c1606e-b6b6-4f7d-8473-1015677ded7c>
Affected Software: Ruby Help Desk CVE ID: CVE-2023-1125 CVSS Score: 4.3 (Medium) Researcher/s: Ameen Alkurdy Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fd741e2d-5478-4b9a-83ab-7ccafdc5d12f>
_As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published. _
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (Apr 10, 2023 to Apr 16, 2023) appeared first on Wordfence.