Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wordfenceChloe ChamberlandWORDFENCE:CA83B9E9A036EA58D3F11BD18AC563B8
HistoryMar 09, 2023 - 2:32 p.m.

Wordfence Intelligence Weekly WordPress Vulnerability Report (Feb 27, 2023 to Mar 5, 2023)

2023-03-0914:32:10
Chloe Chamberland
www.wordfence.com
88

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

JSON

Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence's highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface and vulnerability API are completely free to access and utilize both personally and commercially.

Last week, there were 117 vulnerabilities disclosed in WordPress based software that have been added to the Wordfence Intelligence Vulnerability Database, and there were 30 Vulnerability Researchers that contributed to WordPress Security last week. You can find those vulnerabilities below along with some data about the vulnerabilities that were added.

_Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published. _

Total Unpatched & Patched Vulnerabilities Last Week

Patch Status Number of Vulnerabilities
Unpatched 44
Patched 73

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating Number of Vulnerabilities
Low Severity 1
Medium Severity 104
High Severity 10
Critical Severity 2

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE Number of Vulnerabilities
Cross-Site Request Forgery (CSRF) 53
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 34
Missing Authorization 16
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') 2
Information Exposure 2
Authorization Bypass Through User-Controlled Key 2
Server-Side Request Forgery (SSRF) 2
Incorrect Privilege Assignment 1
Unrestricted Upload of File with Dangerous Type 1
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') 1
Protection Mechanism Failure 1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') 1
Improper Validation of Integrity Check Value 1

Researchers That Contributed to WordPress Security Last Week

Researcher Name Number of Vulnerabilities
Lana Codes 27
Rio Darmawan 20
Mika 13
Dave Jong 6
FearZzZz 4
Erwan LR 4
yuyudhn 4
WPScanTeam 3
Prasanna V Balaji 3
Marco Wotschka 3
Rafie Muhammad 3
TEAM WEBoB of BoB 11th 2
Abdi Pranata 2
Muhammad Daffa 2
Nguyen Xuan Chien 2
Marc-Alexandre Montpas 1
TaeEun Lee 1
Pounraj Chinnasamy 1
Jarko Piironen 1
dc11 1
rezaduty 1
Mohammed El Amin, Chemouri 1
Universe 1
Alex Sanford 1
Vaibhav Rajput 1
MyungJu Kim 1
Mahesh Nagabhairava 1
Leonidas Milosis 1
Shreya Pohekar 1
Nguyen Thuc Tuyen 1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.

Vulnerability Details

Houzez <= 2.7.1 - Privilege Escalation

CVE ID: CVE-2023-26540 CVSS Score: 9.8 (Critical) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0578f4d1-5953-4fbe-8bc3-0569bee57a1a&gt;

Debug Assistant <= 1.4 - Cross-Site Request Forgery via imlt_create_admin

CVE ID: CVE-2023-26516 CVSS Score: 8.8 (High) Researcher/s: Prasanna V Balaji Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/429ce9e6-e51b-4f1e-8e26-f679b08d68d3&gt;

OceanWP <= 3.4.1 - Authenticated (Subscriber+) Local File Inclusion

CVE ID: CVE-2023-23700 CVSS Score: 8.8 (High) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7fa57b92-3a3e-418c-bfc2-7ed2602004e4&gt;

ProfileGrid <= 5.3.0 - Missing Authorization to Arbitrary Password Reset

CVE ID: CVE-2023-0940 CVSS Score: 8.8 (High) Researcher/s: dc11 Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/58cf6e80-63dd-42dc-9c4a-7b5c092bc4cb&gt;

CSSTidy - Server-Side Request Forgery

CVE ID: CVE-2022-40700 CVSS Score: 8.3 (High) Researcher/s: Dave Jong Patch Status: Unpatched/Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fb534d86-c477-4a9c-b048-2fbc002168b2&gt;

Gallery Blocks with Lightbox <= 3.0.7 - Missing Authorization in pgc_sgb_add_dashboard_widget

CVE ID: CVE Unknown CVSS Score: 8.1 (High) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7561bce2-bd70-4da3-bbf0-318e59cd1852&gt;

Paid Memberships Pro <= 2.9.11 - Authenticated (Subscriber+) SQL Injection via Shortcodes

CVE ID: CVE-2023-0631 CVSS Score: 7.7 (High) Researcher/s: Marc-Alexandre Montpas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/103a7e7b-74bb-4691-8670-c66ed2144596&gt;

Types <= 3.4.17 - Unauthenticated (Administrator+) Arbitrary File Upload

CVE ID: CVE-2023-27440 CVSS Score: 7.2 (High) Researcher/s: Dave Jong Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/09ec4633-7639-4d46-8070-9fc6909bc610&gt;

Leyka <= 3.29.2 - Unauthenticated Stored Cross-Site Scripting

CVE ID: CVE-2023-27450 CVSS Score: 7.2 (High) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3afbfa7c-a87f-4810-9356-374923ff2314&gt;

Dokan <= 3.7.12 - Authenticated (Vendor+) SQL Injection

CVE ID: CVE-2023-26525 CVSS Score: 7.2 (High) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b4967c95-8eb6-4c9b-ae6e-082dbc6af7f5&gt;

LWS Tools <= 2.3.1 - Cross-Site Request Forgery

CVE ID: CVE-2023-27453 CVSS Score: 7.1 (High) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2dabb790-4f5e-447a-ad65-3f62ac7f6176&gt;

Manage Upload Limit <= 1.0.4 - Reflected Cross-Site Scripting via upload_limit

CVE ID: CVE-2023-27432 CVSS Score: 7.1 (High) Researcher/s: Mahesh Nagabhairava Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9b90bf09-639c-497c-a58e-3972250db1e4&gt;

Woodmart <= 7.1.1 - Cross-Site Request Forgery to License Update

CVE ID: CVE Unknown CVSS Score: 6.5 (Medium) Researcher/s: FearZzZz Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/02fde6b1-d709-4329-ae9c-fea444c1aec8&gt;

Shortcodes Ultimate <= 5.12.7 - Authenticated (Subscriber+) Information Exposure

CVE ID: CVE-2023-0911 CVSS Score: 6.5 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/144895c9-5800-435e-9f75-a8de17ca2d93&gt;

WoodMart <= 7.1.1 - Missing Authorization to Shortcode Injection

CVE ID: CVE-2023-25790 CVSS Score: 6.5 (Medium) Researcher/s: FearZzZz Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/73017e92-d95e-4b9c-a44a-779b498f58b7&gt;

Sales Report Email for WooCommerce <= 2.8 - Missing Authorization for Email Functionality

CVE ID: CVE-2022-38141 CVSS Score: 6.5 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f8befbf2-0d9d-4d0e-87de-0f1b26c0acd0&gt;

Smart Slider 3 <= 3.5.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE ID: CVE-2023-0660 CVSS Score: 6.4 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0191e5b0-b669-439b-8ad4-9f860e6ee637&gt;

Simple Vimeo Shortcode <= 2.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

CVE ID: CVE-2023-27443 CVSS Score: 6.4 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/66edd8e5-1d5e-425d-a4f4-5359683c1e36&gt;

Cost Calculator <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE ID: CVE-2023-1155 CVSS Score: 6.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/750be90d-dc12-4974-8921-75259d56c7b3&gt;

menu shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

CVE ID: CVE-2023-0395 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9150a7d9-d792-4bb6-9d33-5892f9cdfd1e&gt;

WordPress Infinite Scroll - Ajax Load More <= 5.6.0.2 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode

CVE ID: CVE-2022-4466 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9595fa45-6b00-4ee0-89aa-a236dbf82423&gt;

Cookie Notice & Compliance for GDPR / CCPA <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcodes

CVE ID: CVE-2023-24400 CVSS Score: 6.4 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/95acec2a-ba1b-4b61-a4d6-3b0250a32835&gt;

Yoast SEO <= 20.2 - Authenticated (Contributor+) Cross-Site Scripting

CVE ID: CVE Unknown CVSS Score: 6.4 (Medium) Researcher/s: Leonidas Milosis Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c0e58807-bccc-469f-82c3-a4bbf088a626&gt;

NEX-Forms - Ultimate Form Builder <= 8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

CVE ID: CVE-2023-0272 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fd817fe9-b7be-4252-877a-e9843d62a0a9&gt;

Real Estate 7 <= 3.3.4 - Reflected Cross-Site Scripting via ct_additional_features

CVE ID: CVE Unknown CVSS Score: 6.1 (Medium) Researcher/s: FearZzZz Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/157b3095-b662-465e-a975-5b71b5d4ba2a&gt;

Watu Quiz <= 3.3.9 - Reflected Cross-Site Scripting

CVE ID: CVE-2023-0968 CVSS Score: 6.1 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6341bdcc-c99f-40c3-81c4-ad90ff19f802&gt;

Darcie <= 1.1.5 - Reflected Cross-Site Scripting via JS split

CVE ID: CVE-2023-25961 CVSS Score: 6.1 (Medium) Researcher/s: MyungJu Kim Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/83d162f9-32a9-4d03-845e-6fc9b8574fb5&gt;

GN Publisher <= 1.5.5 - Reflected Cross-Site Scripting

CVE ID: CVE-2023-1080 CVSS Score: 6.1 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8a4ee97c-63cd-4a5e-a112-6d4c4c627a57&gt;

Easy Testimonial Slider and Form <= 1.0.15 - Unauthenticated Reflected Cross-Site Scripting via search_term

CVE ID: CVE-2022-46799 CVSS Score: 6.1 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a6b16ffe-1c65-49d3-9e30-407bc75d7d49&gt;

GTmetrix for WordPress <= 0.4.5 - Reflected Cross-Site Scripting via 'url'

CVE ID: CVE-2023-23677 CVSS Score: 6.1 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/dcdf22be-8af4-4596-b138-67ebfd04c06d&gt;

Cart Lift – Abandoned Cart Recovery for WooCommerce and EDD <= 3.1.5 - Reflected Cross-Site Scripting via cart_search

CVE ID: CVE-2022-47449 CVSS Score: 6.1 (Medium) Researcher/s: TEAM WEBoB of BoB 11th Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/eebe1bf7-0366-4226-bcbc-027186136008&gt;

Real Estate 7 <= 3.3.4 - Cross-Site Request Forgery

CVE ID: CVE Unknown CVSS Score: 5.4 (Medium) Researcher/s: FearZzZz Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/007af51b-95b5-4b12-9f74-abf31f6de341&gt;

Instant Images <= 5.1.0.1 - Authenticated (Author+) Server-Side Request Forgery via instant_images_download

CVE ID: CVE-2023-27451 CVSS Score: 5.4 (Medium) Researcher/s: Universe Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6a50e142-59f4-488b-8120-5bf505a9039d&gt;

Leyka <= 3.29.2 - Cross-Site Request Forgery

CVE ID: CVE-2023-27442 CVSS Score: 5.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a1ab02c0-e083-4f0e-b6d4-1a10ade2c688&gt;

Rife Elementor Extensions & Templates <= 1.1.10 - Missing Authorization via import_templates

CVE ID: CVE-2023-27454 CVSS Score: 5.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ee520664-0c1f-4af0-8cdf-a33c1dfaaca7&gt;

Sheets To WP Table Live Sync <= 2.12.15 - Cross-Site Request Forgery

CVE ID: CVE-2023-26535 CVSS Score: 5.4 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f70221e6-59a4-4151-9688-f06e194f51ac&gt;

Advanced Text Widget <= 2.1.2 - Missing Authorization via atw_dismiss_admin_notice

CVE ID: CVE-2023-26520 CVSS Score: 5.3 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3fe1313c-1368-4bcb-9d11-25b948da5547&gt;

WP SMS <= 6.0.4 - Information Disclosure via REST API

CVE ID: CVE-2023-27447 CVSS Score: 5.3 (Medium) Researcher/s: Jarko Piironen Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/57377380-0435-4747-abba-50063978d8e1&gt;

Metform Elementor Contact Form Builder <= 3.2.1 - reCaptcha Protection Bypass

CVE ID: CVE-2023-0085 CVSS Score: 5.3 (Medium) Researcher/s: Mohammed El Amin, Chemouri Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/69527d4b-49b6-47cd-93b6-39350f881ec9&gt;

Event Espresso 4 Decaf <= 4.10.44.decaf - Feature Bypass

CVE ID: CVE-2023-27437 CVSS Score: 5.3 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d55f10f3-5484-4b90-80da-3d91f409fe04&gt;

WP Repost <= 0.1 - Missing Authorization

CVE ID: CVE-2023-26522 CVSS Score: 5.3 (Medium) Researcher/s: Prasanna V Balaji Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/dbf0f614-e5e9-486c-a0dd-cd494708a2a8&gt;

Simple CSV/XLS Exporter <= 1.5.8 - CSV Injection

CVE ID: CVE-2022-42882 CVSS Score: 5.1 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/219614b7-2394-490c-baf4-14a12249c4b5&gt;

Advanced Text Widget <= 2.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-26539 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1f622e20-2f7e-44ed-8237-fbf25323d2ce&gt;

Jetpack CRM <= 5.4.4 - Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-27429 CVSS Score: 4.4 (Medium) Researcher/s: TEAM WEBoB of BoB 11th Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/20b3cd2a-ee32-49e0-8281-16afb8e42448&gt;

We’re Open! <= 1.46 - Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25964 CVSS Score: 4.4 (Medium) Researcher/s: TaeEun Lee Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2a5c6b05-6e28-40be-80cb-9f95241a4fc6&gt;

WP Repost <= 0.1 - Authenticated (Administrator+) Stored Cross-Site Scritping

CVE ID: CVE-2023-26534 CVSS Score: 4.4 (Medium) Researcher/s: Pounraj Chinnasamy Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/438689aa-3b85-4dd7-ac3e-a37906efd79c&gt;

Button Generator – easily Button Builder <= 2.3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-27452 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4ac9262a-96a6-439a-a2b0-a05f24654d06&gt;

Dashboard Widgets Suite <= 3.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-26517 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/503a44ed-25c2-4178-aeec-756c5b533e04&gt;

Publish to Schedule <= 4.5.4 - Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-26519 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7e2014bd-2809-4f79-913d-d7a35eda63ef&gt;

Namaste! LMS <= 2.5.9.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'accept_other_payment_methods', 'other_payment_methods' Parameters

CVE ID: CVE-2023-0844 CVSS Score: 4.4 (Medium) Researcher/s: Alex Sanford Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7ef23b03-8452-4730-860c-2c2ef1686202&gt;

FareHarbor for WordPress <= 3.6.6 - Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25021 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8b40165b-17e3-4b87-8d0d-90d60ba4bf81&gt;

CPO Content Types <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25451 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9d0b1e05-0e28-4cf5-a278-ea91b6c9d253&gt;

WP No External Links <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scritping

CVE ID: CVE-2023-26537 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b8e3a111-6327-47a0-becd-d7e2d9166118&gt;

Simple File List <= 6.0.9 - Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-1025 CVSS Score: 4.4 (Medium) Researcher/s: Shreya Pohekar Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c3f0032e-a6f4-47f5-b3eb-6f1c9bf9670c&gt;

New Adman <= 1.6.8 - Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-27439 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d862e8e6-ecf6-41f5-8f40-1225ecec7e1f&gt;

Simple Slug Translate <= 2.7.2 - Authenticated (Administrator+) Stored Cross-Site Scritping

CVE ID: CVE-2023-26515 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/dc19313b-f9d0-4a92-8e33-d632d8a478df&gt;

JCH Optimize <= 3.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings

CVE ID: CVE-2023-25491 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f04c83b9-33a0-4f4b-afc4-929d40c2ef67&gt;

Debug Assistant <= 1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-26527 CVSS Score: 4.4 (Medium) Researcher/s: Prasanna V Balaji Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f4421782-8a7a-4bca-8c5a-7152dfafe902&gt;

Maspik – Spam blacklist <= 0.7.8 - Cross-Site Request Forgery

CVE ID: CVE-2023-24008 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0206aead-d146-453d-99ed-3870f7dfdae9&gt;

WpStream – Live Streaming, Video on Demand, Pay Per View <= 4.4.10 - Cross-Site Request Forgery via wpstream_settings

CVE ID: CVE-2023-27458 CVSS Score: 4.3 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0219851f-7fce-42e0-ba82-77af84b17d9f&gt;

WP Time Slots Booking Form <= 1.1.76 - Cross-Site Request Forgery to Feedback Submission

CVE ID: CVE-2022-41790 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/032f3363-83c0-4548-81f0-724a71931add&gt;

Download Read More Excerpt Link <= 1.6.0 - Cross-Site Request Forgery to Settings Update

CVE ID: CVE-2023-1068 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0359434b-9d88-4a40-8e9f-ec354c8de816&gt;

CP Contact Form with Paypal <= 1.3.34 - Authenticated Feedback Submission

CVE ID: CVE-2023-27460 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1ba56d68-e104-4a79-b5b4-627f9617043b&gt;

WP Google Tag Manager <= 1.1 - Cross-Site Request Forgery

CVE ID: CVE-2023-22693 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1cb265d8-eb18-42ee-9141-2fe81c0c4585&gt;

DeepL Pro API translation <= 2.1.4 - Cross-Site Request Forgery via saveSettings

CVE ID: CVE-2023-27446 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1fc58078-7520-4ee7-b5a1-d6a362ac1860&gt;

Search in Place <= 1.0.104 - Missing Authorization to Feedback Submission

CVE ID: CVE-2023-26521 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/28ca150a-443f-4b99-8c15-491bd9f1cee3&gt;

WP Meteor Page Speed Optimization Topping <= 3.1.4 -Missing Authorization to Notice Dismissal

CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2b335807-f4d1-43b3-9e1b-2215eb00a3f8&gt;

Preview Link Generator <= 1.0.3 - Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-1086 CVSS Score: 4.3 (Medium) Researcher/s: WPScanTeam Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2b6b4953-a264-4668-9cc3-1578109f6592&gt;

Blog Floating Button <= 1.4.12 - Cross-Site Request Forgery

CVE ID: CVE-2023-27445 CVSS Score: 4.3 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2ba56b4c-0573-4911-97a4-a51e867daa75&gt;

Free WooCommerce Theme 99fy Extension <= 1.2.7 - Cross-Site Request Forgery leading to Arbitrary Plugin Activation

CVE ID: CVE-2023-0503 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2e215a5c-7a01-4a1d-b051-3abf742bf573&gt;

Shortcodes Ultimate <= 5.12.7 - Authenticated (Subscriber+) Arbitrary Post Access via Shortcode

CVE ID: CVE-2023-0890 CVSS Score: 4.3 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2eddfe94-7232-4d3d-9f3a-f53fc476a012&gt;

WP Insurance – WordPress Insurance Service Plugin <= 2.1.3 - Cross-Site Request Forgery leading to Arbitrary Plugin Activation

CVE ID: CVE-2023-0501 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/37264b0f-b021-41f8-a72d-3ee0d06b19a8&gt;

WC Sales Notification <= 1.2.2 - Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-1087 CVSS Score: 4.3 (Medium) Researcher/s: WPScanTeam Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/43fc71bb-87ba-4cf9-ae4d-1cba7bd84806&gt;

WP Meteor Page Speed Optimization Topping <= 3.1.4 - Cross-Site Request Forgery via processAjaxNoticeDismiss

CVE ID: CVE-2023-26543 CVSS Score: 4.3 (Medium) Researcher/s: Muhammad Daffa Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4d246a99-fd92-4132-9576-efa065a58f59&gt;

HT Portfolio <= 1.1.4 - Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-0497 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4ed63724-c21f-4b0e-b595-e824d3519b21&gt;

Add Expires Headers & Optimized Minify <= 2.7 - Cross-Site Request Forgery via [placeholder]

CVE ID: CVE-2023-27457 CVSS Score: 4.3 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/55e6a968-153e-4d4c-a7be-65650a0c9bc1&gt;

HT Politic <= 2.3.7 - Cross-Site Request Forgery leading to Arbitrary Plugin Activation

CVE ID: CVE-2023-0504 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5b127a47-d22f-47b5-92a8-440a5892a181&gt;

DecaLog <= 3.7.0 - Cross-Site Request Forgery via get_settings_page

CVE ID: CVE-2023-27444 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5de953ee-8a01-4372-a376-74a4cff674ce&gt;

WP Plugin Manager <= 1.1.7 - Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-1088 CVSS Score: 4.3 (Medium) Researcher/s: WPScanTeam Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/623decc5-bdb7-42c9-8531-8004ddc16682&gt;

About Me 3000 widget <= 2.2.6 - Cross-Site Request Forgery to Plugin Settings Update

CVE ID: CVE-2023-25474 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/62c1b5ce-cd58-4805-9a40-1af529604406&gt;

ClickFunnels <= 3.1.1 - Cross-Site Request Forgery to Settings Update

CVE ID: CVE-2022-47152 CVSS Score: 4.3 (Medium) Researcher/s: rezaduty Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/65581fa6-110f-4ae3-a903-dbf649b44417&gt;

Fontiran <= 2.1 - Cross-Site Request Forgery

CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/701bf711-d692-4eb1-8459-befa62264b97&gt;

Ever Compare <= 1.2.3 - Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-0505 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/702aa972-7b74-4417-8d33-a26c3831934f&gt;

WP TFeed <= 1.6.9 - Cross-Site Request Forgery via aptf_delete_cache

CVE ID: CVE-2023-26518 CVSS Score: 4.3 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/73986641-b3a4-438d-90ae-6ff0f6f73f01&gt;

Resize at Upload Plus <= 1.3 - Cross-Site Request Forgery

CVE ID: CVE-2023-25467 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/76af3f0a-2e35-4059-960c-09769459bc01&gt;

WP Social Bookmarking Light <= 2.0.7 - Cross-Site Request Forgery

CVE ID: CVE-2023-25029 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7997ae20-88d2-4e12-87a0-a6e83808a495&gt;

Total Poll Lite <= 4.8.6 - Cross-Site Request Forgery

CVE ID: CVE-2023-27449 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7e3ae5e7-1f41-48cd-8aea-698e3b00066c&gt;

HT Slider For Elementor <= 1.3.9 - Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-0495 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/81258fcc-18cc-4614-a644-5cfb004d019b&gt;

When Last Login <= 1.2.1 - Cross-Site Request Forgery via wll_hide_subscription_notice

CVE ID: CVE-2023-27461 CVSS Score: 4.3 (Medium) Researcher/s: Muhammad Daffa Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/81638472-b635-4100-8fb9-3daf35fa172e&gt;

HT Event <= 1.4.5 - Cross-Site Request Forgery leading to Arbitrary Plugin Activation

CVE ID: CVE-2023-0496 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8b14c07b-23bb-4a14-8018-fa2462383b35&gt;

WP Time Slots Booking Form <= 1.1.76 - Missing Authorization to Feedback Submission

CVE ID: CVE-2022-41790 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8c732b0e-9898-48f2-99b2-068f31532b17&gt;

WP Clean Up <= 1.2.3 - Cross-Site Request Forgery via wp_clean_up_optimize

CVE ID: CVE-2023-25034 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8f342fb7-8f52-43d9-a887-1cf1fffa6ec6&gt;

WP Shamsi <= 4.3.3 - Missing Authorization leading to Authenticated (Subscriber+) Attachment Deletion

CVE ID: CVE-2023-0335 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8fc88821-b2be-49a5-a2cf-53e87d0349a2&gt;

WP Education <= 1.2.6 - Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-0498 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/91062d2c-f2a6-4a92-b684-e133391afe60&gt;

Calculated Fields Form <= 1.1.120 - Missing Authorization to Feedback Submission

CVE ID: CVE-2023-26523 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9370f05a-9c69-45f4-9fd8-7017bfcf4d1e&gt;

Quiz And Survey Master <= 8.0.10 - Cross-Site Request Forgery to Quiz Restoration

CVE ID: CVE-2023-26524 CVSS Score: 4.3 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9af36edd-4520-4afc-8d3a-c9a96659ddf8&gt;

Smart YouTube PRO <= 4.3 - Cross-Site Request Forgery via handle_colorbox_options

CVE ID: CVE-2023-25475 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a184090c-0281-4d8d-bd4d-256b4ed826dc&gt;

Big Store <= 1.9.3 - Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-27431 CVSS Score: 4.3 (Medium) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a1859dca-d771-470c-ae4a-48246977212c&gt;

WP Translitera <= p1.2.5 - Cross-Site Request Forgery

CVE ID: CVE-2023-27438 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ad427bea-1b0e-46bb-85fc-53c51fb40a17&gt;

WP Film Studio <= 1.3.4 - Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-0500 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ae5121bd-2f3f-4d87-a2fd-d11bb9f8dc2c&gt;

XML Sitemap Generator for Google <= 1.2.8 - Cross-Site Request Forgery to Plugin Settings Changes

CVE ID: CVE-2023-26514 CVSS Score: 4.3 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b03a9aaa-ce9a-47bf-8574-0eba92fcf0c5&gt;

New Adman <= 1.6.8 - Cross-Site Request Forgery via plugin_menu

CVE ID: CVE-2023-27441 CVSS Score: 4.3 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b140d228-cd74-4d78-8b9d-9a69e5a89bfb&gt;

QuickSwish <= 1.0.9 - Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-0499 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b594b771-4d0b-46e1-b4c6-751c994992af&gt;

OoohBoi Steroids for Elementor <= 2.1.3 - Missing Authorization leading to Authenticated (Subscriber+) Attachment Deletion

CVE ID: CVE-2023-0336 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c24c57e5-2b42-40db-816a-f1327d1ac09b&gt;

Fontiran <= 2.1 - Cross-Site Request Forgery

CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c35bffb2-f805-48d6-938a-cb5142eac3b1&gt;

Total Theme <= 2.1.19 - Authenticated(Subscriber+) Plugin Activation

CVE ID: CVE-2023-27456 CVSS Score: 4.3 (Medium) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c4dfd5af-0af0-469c-81ed-52867609550c&gt;

Classic Editor and Classic Widgets <= 1.2.4 - Cross-Site Request Forgery via render_settings_page

CVE ID: CVE-2023-27434 CVSS Score: 4.3 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ce2bef2f-fe28-48ea-8b83-052eebd31622&gt;

Rus-To-Lat <= 0.3 - Cross-Site Request Forgery to Plugins Options Changes

CVE ID: CVE-2023-25470 CVSS Score: 4.3 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d07d8c3a-5e97-422a-ba20-e0bc206dda59&gt;

Elegant Custom Fonts <= 1.0 - Cross-Site Request Forgery

CVE ID: CVE-2023-27436 CVSS Score: 4.3 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/dadb6bf5-dbbd-4afb-8783-f6880dec2cbf&gt;

OptinMonster <= 2.12.1 - Authenticated (Subscriber+) Sensitive Information Disclosure via Shortcode

CVE ID: CVE-2023-0772 CVSS Score: 4.3 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/dfbdb5a7-e949-4d3a-8c8d-5dc6702f4675&gt;

Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks <= 1.1.5 - Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-0484 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/dfe6f49a-1dd1-46d9-8e15-a8a766917092&gt;

Calculated Fields Form <= 1.1.120 - Cross-Site Request Forgery

CVE ID: CVE-2023-26523 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e4785012-d160-42cc-bd06-d9b8e65652a4&gt;

Search in Place <= 1.0.104 - Cross-Site Request Forgery to Feedback Submission

CVE ID: CVE-2023-26521 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f079037c-cea6-4ba6-843f-99c5e5fe59a5&gt;

WP News <= 1.1.9 - Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-0502 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f53e9354-248f-4d13-a1c0-8355b268fae2&gt;

OAuth Single Sign On – SSO (OAuth Client) <= 6.24.1 - Cross-Site Request Forgery via 'delete' in mooauth_client_applist_page

CVE ID: CVE-2023-1092 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Thuc Tuyen Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f6658edb-11dc-4594-8936-95d60d581f49&gt;

Wholesale Suite <= 2.1.5 - Missing Authorization to Plugin Settings Change

CVE ID: CVE-2022-34344 CVSS Score: 4.3 (Medium) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f713f2f8-545a-4f54-a028-8422c0942a63&gt;

FluentSMTP <= 2.2.2 - Authenticated (Author+) Stored Cross-Site Scripting via Email Logs

CVE ID: CVE-2023-0219 CVSS Score: 3.8 (Low) Researcher/s: Vaibhav Rajput Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/803c32e9-665c-40a0-b52d-f2c0b8fbe931&gt;

_Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published. _

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (Feb 27, 2023 to Mar 5, 2023) appeared first on Wordfence.

Related

openvas 2
wpvulndb 38
cve 72
prion 69
osv 2
wordfence 1
zdt 2
packetstorm 2
cnvd 1
wpexploit 10
openvas
openvas
WordPress Shortcodes Ultimate Plugin < 5.12.8 Multiple Information Disclosure vulnerabilities
2023-03-22 00:00:00
WordPress Paid Memberships Pro Plugin < 2.9.12 SQL Injection Vulnerability
2023-01-23 00:00:00
wpvulndb
wpvulndb
WP No External Links <= 1.0.2 - Admin+ Stored XSS
2023-02-28 00:00:00
Simple Vimeo Shortcode <= 2.9.1 - Contributor+ Stored XSS
2023-03-02 00:00:00
WP Google Tag Manager <= 1.1 - Cross-Site Request Forgery (CSRF)
2023-02-27 00:00:00
cve
cve
CVE-2023-27434
2023-11-13 00:15:08
CVE-2023-27429
2023-06-21 14:15:09
CVE-2023-26524
2023-11-13 00:15:08
prion
prion
Cross site scripting
2023-05-08 12:15:00
Cross site scripting
2023-06-21 13:15:00
Cross site request forgery (csrf)
2023-05-23 16:15:00
osv
osv
CVE-2023-26524
2023-11-13 00:15:08
CVE-2023-0631
2023-03-20 16:15:12
wordfence
wordfence
Multiple Reflected Cross-Site Scripting Vulnerabilities in Three WordPress Plugins Patched
2023-03-22 15:55:03
zdt
zdt
WordPress Watu Quiz 3.3.9 / GN Publisher 1.5.5 / Japanized For WooComerce 2.5.4 XSS Vulnerability
2023-03-23 00:00:00
WordPress WoodMart Theme 7.1.0 Shortcodes Injection Vulnerability
2023-02-28 00:00:00
packetstorm
packetstorm
WordPress Watu Quiz 3.3.9 / GN Publisher 1.5.5 / Japanized For WooComerce 2.5.4 XSS
2023-03-23 00:00:00
WordPress WoodMart Theme 7.1.0 Shortcodes Injection
2023-02-28 00:00:00
cnvd
cnvd
WordPress WP Google Tag Manager plugin cross-site request forgery vulnerability
2023-05-31 00:00:00
wpexploit
wpexploit
WoodMart < 7.1.2 - Unauthenticated Arbitrary Shortcode Injection
2023-02-16 00:00:00
HT Event < 1.4.6 - Arbitrary Plugin Activation via CSRF
2023-02-28 00:00:00
WP Education < 1.2.7 - Arbitrary Plugin Activation via CSRF
2023-02-28 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

JSON
Related for WORDFENCE:CA83B9E9A036EA58D3F11BD18AC563B8
openvas2wpvulndb38cve72prion69osv2wordfence1zdt2packetstorm2cnvd1wpexploit10