9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.28 Low
EPSS
Percentile
96.8%
Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now!
Last week, there were 85 vulnerabilities disclosed in 74 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 39 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 12,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
_Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published. _
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Patch Status | Number of Vulnerabilities |
---|---|
Unpatched | 33 |
Patched | 52 |
Severity Rating | Number of Vulnerabilities |
---|---|
Low Severity | 1 |
Medium Severity | 67 |
High Severity | 13 |
Critical Severity | 4 |
Vulnerability Type by CWE | Number of Vulnerabilities |
---|---|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 27 |
Missing Authorization | 18 |
Cross-Site Request Forgery (CSRF) | 13 |
Deserialization of Untrusted Data | 7 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 5 |
Authorization Bypass Through User-Controlled Key | 3 |
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | 3 |
Improper Input Validation | 2 |
Information Exposure | 2 |
Argument Injection or Modification | 1 |
Use of Less Trusted Source | 1 |
Improper Access Control | 1 |
Storing Passwords in a Recoverable Format | 1 |
Path Traversal: '…/filedir' | 1 |
Researcher Name | Number of Vulnerabilities |
---|---|
Rafie Muhammad | 11 |
Ngô Thiên An (ancorn_) | 9 |
Lucio Sá | 6 |
Dave Jong | 5 |
Webbernaut | 4 |
Daniel Ruf | 4 |
Francesco Carlucci | 4 |
Ulyses Saicha | 3 |
Le Ngoc Anh | 3 |
Krzysztof Zając | 3 |
hir0ot | 2 |
Nex Team | 2 |
Mika | 2 |
Abu Hurayra (HurayraIIT) | 2 |
Abdi Pranata | 2 |
Colin Xu | 2 |
Kang SeoHee | 1 |
Huynh Tien Si | 1 |
xEHLE | 1 |
Bob Matyas | 1 |
lttn | 1 |
Akbar Kustirama | 1 |
Joshua Chan | 1 |
drop | 1 |
emad | 1 |
Matan Berson (matanber) | 1 |
Sean Murphy | 1 |
Pedro Cuco (illex) | 1 |
Friday | 1 |
Angelo Delicato | 1 |
Dimas Maulana | 1 |
Arvandy | 1 |
István Márton | 1 |
Rafshanzani Suhada | 1 |
Debangshu Kundu | 1 |
Arpeet Rathi | 1 |
Dhabaleshwar Das | 1 |
Dmitrii Ignatyev | 1 |
Nguyen Xuan Chien | 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
Software Name | Software Slug |
---|---|
3D FlipBook – PDF Flipbook WordPress | interactive-3d-flipbook-powered-physics-engine |
ActivityPub | activitypub |
Ads Invalid Click Protection | ads-invalid-click-protection |
Ajax Search Lite | ajax-search-lite |
Autotitle for WordPress | autotitle-for-wordpress |
Booster Elite for WooCommerce | booster-elite-for-woocommerce |
Booster Plus for WooCommerce | booster-plus-for-woocommerce |
CPT Bootstrap Carousel | cpt-bootstrap-carousel |
Complianz – GDPR/CCPA Cookie Consent | complianz-gdpr |
Constant Contact Forms | constant-contact-forms |
Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder | arforms-form-builder |
Coupon Referral Program | coupon-referral-program |
Depicter Slider – Responsive Image Slider, Video Slider & Post Slider | depicter |
Easy SVG Allow | easy-svg-image-allow |
Easy Social Feed – Social Photos Gallery – Post Feed – Like Box | easy-facebook-likebox |
EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor | embedpress |
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders | essential-addons-for-elementor-lite |
Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any Theme – My Sticky Bar (formerly myStickymenu) | mystickymenu |
FooGallery Premium | foogallery-premium |
Gecka Terms Thumbnails | gecka-terms-thumbnails |
HTML5 MP3 Player with Folder Feedburner Playlist Free | html5-mp3-player-with-mp3-folder-feedburner-playlist |
HTML5 MP3 Player with Playlist Free | html5-mp3-player-with-playlist |
HTML5 SoundCloud Player with Playlist Free | html5-soundcloud-player-with-playlist |
Happy Addons for Elementor | happy-elementor-addons |
Happy Addons for Elementor Pro | happy-elementor-addons-pro |
Hostinger | hostinger |
Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building | icegram |
Ideal Interactive Map | ideal-interactive-map |
Infogram – Add charts, maps and infographics | infogram |
JS & CSS Script Optimizer | js-css-script-optimizer |
Keap Official Opt-in Forms | infusionsoft-official-opt-in-forms |
Laybuy Payment Extension for WooCommerce | laybuy-gateway-for-woocommerce |
LearnPress – WordPress LMS Plugin | learnpress |
LightStart – Maintenance Mode, Coming Soon and Landing Page Builder | wp-maintenance-mode |
MapPress Maps for WordPress | mappress-google-maps-for-wordpress |
Mapster WP Maps | mapster-wp-maps |
MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) | google-analytics-for-wordpress |
OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. |
Orbit Fox by ThemeIsle | themeisle-companion |
Oxygen Builder | oxygenbuilder |
POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications | post-smtp |
Page Builder: Live Composer | live-composer-page-builder |
Page Builder: Pagelayer – Drag and Drop website builder | pagelayer |
Posts to Page | posts-to-page |
PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) | powerpack-lite-for-elementor |
Private Google Calendars | private-google-calendars |
Product Delivery Date for WooCommerce – Lite | product-delivery-date-for-woocommerce-lite |
Product Expiry for WooCommerce | product-expiry-for-woocommerce |
Quiz Maker | quiz-maker |
RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator | feedzy-rss-feeds |
Randomize | randomize |
Rate Star Review – AJAX Reviews for Content, with Star Ratings | rate-star-review |
Site Notes | site-notes |
TJ Shortcodes | theme-junkie-shortcodes |
Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics | taggbox-widget |
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor | profile-builder |
Void Contact Form 7 Widget For Elementor Page Builder | cf7-widget-elementor |
WP 2FA – Two-factor authentication for WordPress | wp-2fa |
WP Compress – Image Optimizer [All-In-One] | wp-compress-image-optimizer |
WP ERP | Complete HR solution with recruitment & job listings |
WP Job Manager | wp-job-manager |
WP Plugin Lister | wp-plugin-lister |
WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc | wp-sms |
WP SOCIAL BOOKMARK MENU | wp-social-bookmark-menu |
WP Ultimate Review | wp-ultimate-review |
WP-Members Membership Plugin | wp-members |
WooCommerce | woocommerce |
WooCommerce Conversion Tracking | woocommerce-conversion-tracking |
WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels | print-invoices-packing-slip-labels-for-woocommerce |
Woocommerce Tranzila Payment Gateway | woo-tranzila-gateway |
WordPress Users | wordpress-users |
cformsII | cforms2 |
oEmbed Gist | oembed-gist |
pTypeConverter | ptypeconverter |
Software Name | Software Slug |
---|---|
Meris | meris |
Weaver Xtreme | [weaver-xtreme](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/Weaver Xtreme>) |
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you'd like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
Affected Software: Woocommerce Tranzila Payment Gateway CVE ID: CVE-2023-52218 CVSS Score: 9.8 (Critical) Researcher/s: Rafie Muhammad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3ed30ebb-cb06-428c-a60e-676f36e75fa9>
Affected Software: LearnPress – WordPress LMS Plugin CVE ID: CVE-2023-6567 CVSS Score: 9.8 (Critical) Researcher/s: hir0ot Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6ab578cd-3a0b-43d3-aaa7-0a01f431a4e2>
Affected Software: Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics CVE ID: CVE-2023-52225 CVSS Score: 9.8 (Critical) Researcher/s: Rafie Muhammad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cae6e8b9-a8a9-41d3-83e8-d833515a0244>
Affected Software: WP Compress – Image Optimizer [All-In-One] CVE ID: CVE-2023-6699 CVSS Score: 9.1 (Critical) Researcher/s: Krzysztof Zając Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/defb87dd-bf5f-411f-b948-699337d05d44>
Affected Software: Gecka Terms Thumbnails CVE ID: CVE-2023-52219 CVSS Score: 8.8 (High) Researcher/s: Rafie Muhammad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/07abe182-370f-4241-9631-387a7930f2f6>
Affected Software: HTML5 SoundCloud Player with Playlist Free CVE ID: CVE-2023-52205 CVSS Score: 8.8 (High) Researcher/s: Rafie Muhammad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/229235de-03c6-4560-b0ea-ab21fde256be>
Affected Software: Page Builder: Live Composer CVE ID: CVE-2023-52206 CVSS Score: 8.8 (High) Researcher/s: Le Ngoc Anh Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2a0f9f80-e338-4afd-9a4b-e421865c8b0b>
Affected Software: HTML5 MP3 Player with Playlist Free CVE ID: CVE-2023-52207 CVSS Score: 8.8 (High) Researcher/s: Rafie Muhammad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2eac991e-fc34-456c-a9a6-d30fde39fd42>
Affected Software: Randomize CVE ID: CVE-2023-52204 CVSS Score: 8.8 (High) Researcher/s: Ngô Thiên An (ancorn_) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7b971ae0-624d-416e-b2f2-92ce44e96418>
Affected Software: HTML5 MP3 Player with Folder Feedburner Playlist Free CVE ID: CVE-2023-52202 CVSS Score: 8.8 (High) Researcher/s: Rafie Muhammad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8b7321e8-153c-4586-8114-65583e06573e>
Affected Software: OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. CVE ID: CVE-2023-6600 CVSS Score: 8.6 (High) Researcher/s: Lucio Sá Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4e835b97-c066-4e8f-b99f-1a930105af0c>
Affected Software: LearnPress – WordPress LMS Plugin CVE ID: CVE-2023-6634 CVSS Score: 8.1 (High) Researcher/s: hir0ot Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/21291ed7-cdc0-4698-9ec4-8417160845ed>
Affected Software: Hostinger CVE ID: CVE-2023-6751 CVSS Score: 7.3 (High) Researcher/s: Lucio Sá Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d89cf759-5e5f-43e2-90a9-a8e554653ee1>
Affected Software: Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder CVE ID: CVE-2023-6828 CVSS Score: 7.2 (High) Researcher/s: drop Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6e349cae-a996-4a32-807a-a98ebcb01edd>
Affected Software: POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications CVE ID: CVE-2023-7027 CVSS Score: 7.2 (High) Researcher/s: Sean Murphy Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7e8911a3-ce0f-420c-bf2a-1c2929d01cef>
Affected Software: WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting CVE ID: CVE-2024-21747 CVSS Score: 7.2 (High) Researcher/s: Arvandy Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b7d85921-9d70-4812-9c5f-11ee1d0821be>
Affected Software: pTypeConverter CVE ID: CVE-2023-52201 CVSS Score: 7.2 (High) Researcher/s: Le Ngoc Anh Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d3c26454-a91d-4141-9b31-5c902c5e8eec>
Affected Software: WP-Members Membership Plugin CVE ID: CVE-2023-6733 CVSS Score: 6.5 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/46c61f38-553e-43b2-a666-b160db40e66d>
Affected Software: Coupon Referral Program CVE ID: CVE-2023-52190 CVSS Score: 6.5 (Medium) Researcher/s: Dave Jong Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6015e204-1e07-4c75-ad22-969045934468>
Affected Software: Ideal Interactive Map CVE ID: CVE-2023-52189 CVSS Score: 6.4 (Medium) Researcher/s: Ngô Thiên An (ancorn_) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/019c5e06-1345-4c8e-abb9-dc0ea5d55ef5>
Affected Software: Page Builder: Live Composer CVE ID: CVE-2023-52193 CVSS Score: 6.4 (Medium) Researcher/s: Ngô Thiên An (ancorn_) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/09631637-55e2-4e1e-9dcb-bba205be5f43>
Affected Software: Easy SVG Allow CVE ID: CVE-2023-7089 CVSS Score: 6.4 (Medium) Researcher/s: Bob Matyas Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1a766b5b-e21e-4009-86d9-7f0a5c91ed51>
Affected Software: Orbit Fox by ThemeIsle CVE ID: CVE-2023-6781 CVSS Score: 6.4 (Medium) Researcher/s: Nex Team Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/23e39019-c322-4027-84f2-faabd9ca4983>
Affected Software: MapPress Maps for WordPress CVE ID: CVE-2023-6524 CVSS Score: 6.4 (Medium) Researcher/s: Akbar Kustirama Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/28a8f025-c2ab-4a5f-a99e-a2d19b14a190>
Affected Software: Posts to Page CVE ID: CVE-2023-52195 CVSS Score: 6.4 (Medium) Researcher/s: Ngô Thiên An (ancorn_) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2e5fdaae-3ef2-477e-b79b-0b6e415edb40>
Affected Software: Laybuy Payment Extension for WooCommerce CVE ID: CVE-2024-21745 CVSS Score: 6.4 (Medium) Researcher/s: Abu Hurayra (HurayraIIT) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4c91caaa-9bdd-4170-98f1-0d686d3ffcba>
Affected Software: 3D FlipBook – PDF Flipbook WordPress CVE ID: CVE-2023-6776 CVSS Score: 6.4 (Medium) Researcher/s: Webbernaut Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/500fd8aa-9ad1-41ee-bbeb-cda9c80c4fcb>
Affected Software: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders CVE ID: CVE-2023-7044 CVSS Score: 6.4 (Medium) Researcher/s: Webbernaut Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6e770e98-3c13-4e37-b51b-4c39bce2cb42>
Affected Software: Infogram – Add charts, maps and infographics CVE ID: CVE-2023-52191 CVSS Score: 6.4 (Medium) Researcher/s: Ngô Thiên An (ancorn_) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/72e1482c-0f55-4f43-8590-d4f2758f0eea>
Affected Software: Keap Official Opt-in Forms CVE ID: CVE-2023-52192 CVSS Score: 6.4 (Medium) Researcher/s: Ngô Thiên An (ancorn_) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9a0f1006-8015-4e67-9b03-16d3ad3c0e77>
Affected Software: RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator CVE ID: CVE-2023-6801 CVSS Score: 6.4 (Medium) Researcher/s: Colin Xu Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a713d897-c549-4e0d-9cb3-7002ef2b127f>
Affected Software: EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor CVE ID: CVE-2023-6986 CVSS Score: 6.4 (Medium) Researcher/s: Ngô Thiên An (ancorn_) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ceae0115-268c-401b-876b-3477d10c10e6>
Affected Software: Mapster WP Maps CVE ID: CVE-2024-21744 CVSS Score: 6.4 (Medium) Researcher/s: Abu Hurayra (HurayraIIT) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d38ee896-8cdd-45c5-b393-bdcb7baa7bd3>
Affected Software: FooGallery Premium CVE ID: CVE-2023-6747 CVSS Score: 6.4 (Medium) Researcher/s: Webbernaut, Debangshu Kundu, Arpeet Rathi Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/dce8ac32-cab8-4e05-bf6f-cc348d0c9472>
Affected Software: Private Google Calendars CVE ID: CVE-2023-52198 CVSS Score: 6.4 (Medium) Researcher/s: Ngô Thiên An (ancorn_) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e276cc49-2da1-4e2f-bb64-28ffe6ec9acf>
Affected Software: Oxygen Builder CVE ID: CVE-2023-6938 CVSS Score: 6.4 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ee069cb3-370e-48ea-aa35-c30fe83c2498>
Affected Software: TJ Shortcodes CVE ID: CVE-2023-6530 CVSS Score: 6.4 (Medium) Researcher/s: Dmitrii Ignatyev Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f88ef4cf-3f22-40e0-b651-59cb40f148fd>
Affected Software: oEmbed Gist CVE ID: CVE-2023-52194 CVSS Score: 6.4 (Medium) Researcher/s: Ngô Thiên An (ancorn_) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fed0e3bc-1401-410a-805d-1ea3e423024b>
Affected Software: Rate Star Review – AJAX Reviews for Content, with Star Ratings CVE ID: CVE-2023-52213 CVSS Score: 6.1 (Medium) Researcher/s: Kang SeoHee Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/025a13e6-5f0a-49ca-bd63-44e4095072bd>
Affected Software: Autotitle for WordPress CVE ID: CVE-2023-6946 CVSS Score: 6.1 (Medium) Researcher/s: Daniel Ruf Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/062d906d-5a6e-4180-a2f2-18411334b9a1>
Affected Software/s: Happy Addons for Elementor Pro, Happy Addons for Elementor CVE ID: CVE-2023-6632 CVSS Score: 6.1 (Medium) Researcher/s: xEHLE Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/06ef69f0-34d3-4389-8a81-a4d9922f1468>
Affected Software: Ajax Search Lite CVE ID: CVE-2024-21752 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/19418da4-bef4-4cbc-901c-f2aeee39b3cf>
Affected Software: WP Plugin Lister CVE ID: CVE-2023-6503 CVSS Score: 6.1 (Medium) Researcher/s: Daniel Ruf Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3b819e88-111a-4611-ae23-87ac7a878b4a>
Affected Software: POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications CVE ID: CVE-2023-6629 CVSS Score: 6.1 (Medium) Researcher/s: Matan Berson (matanber) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7681f984-d488-4da7-afe1-988e5ad012f2>
Affected Software: Meris CVE ID: CVE-2023-7194 CVSS Score: 6.1 (Medium) Researcher/s: Angelo Delicato Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a627f10a-1463-4e4b-98a9-2008fa76e25a>
Affected Software: CPT Bootstrap Carousel CVE ID: CVE-2023-52196 CVSS Score: 6.1 (Medium) Researcher/s: Dimas Maulana Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a78321b7-b62b-40ab-a15d-037ebd905d8b>
Affected Software: WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc CVE ID: CVE-2023-6981 CVSS Score: 6.1 (Medium) Researcher/s: Krzysztof Zając Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b8f53053-5150-4fba-b8d6-3d6c9df32c69>
Affected Software: Weaver Xtreme CVE ID: CVE-2023-6990 CVSS Score: 5.4 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bc7384d7-c2fd-4d63-9b80-bb5bde9a23d5>
Affected Software: RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator CVE ID: CVE-2023-6798 CVSS Score: 5.4 (Medium) Researcher/s: Colin Xu Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c2cdf4e5-0a40-42ca-b5ac-78511fdd2b77>
Affected Software: Product Expiry for WooCommerce CVE ID: CVE-2024-0201 CVSS Score: 5.4 (Medium) Researcher/s: István Márton Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c4006612-770a-482f-a8c2-e62f607914a9>
Affected Software: Page Builder: Pagelayer – Drag and Drop website builder CVE ID: CVE-2023-6738 CVSS Score: 5.4 (Medium) Researcher/s: Nex Team Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d14c8890-482c-4d43-a68f-0d04c4feca8f>
Affected Software: Constant Contact Forms CVE ID: CVE-2023-52208 CVSS Score: 5.3 (Medium) Researcher/s: Joshua Chan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2990b307-2b07-4daf-917b-d9587253cbeb>
Affected Software: WP Ultimate Review CVE ID: CVE-2024-21746 CVSS Score: 5.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/31418a45-7dae-4cd4-8f85-0498a285ef6d>
Affected Software: ActivityPub CVE ID: CVE-2023-52199 CVSS Score: 5.3 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3666a841-711d-4ecf-bb77-f2db4d5817ea>
Affected Software: Product Delivery Date for WooCommerce – Lite CVE ID: CVE-2023-52210 CVSS Score: 5.3 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4a32ae77-3d4e-4fd4-a43a-7d1a52dcfa77>
Affected Software: WP Job Manager CVE ID: CVE-2023-52211 CVSS Score: 5.3 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8b1af76a-3836-4527-9ea6-8bffa173a84e>
Affected Software: PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) CVE ID: CVE-2023-6984 CVSS Score: 5.3 (Medium) Researcher/s: Lucio Sá Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fe2cfc96-63f4-4e4b-bf49-6031594a4805>
Affected Software: Complianz – GDPR/CCPA Cookie Consent CVE ID: CVE-2023-6498 CVSS Score: 4.4 (Medium) Researcher/s: Webbernaut Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/01c1458d-3e38-4dbf-bb65-80465ea6d0ad>
Affected Software: cformsII CVE ID: CVE-2023-52203 CVSS Score: 4.4 (Medium) Researcher/s: emad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/72800e9b-8e2c-4725-9a87-a9b187ad5967>
Affected Software: Ads Invalid Click Protection CVE ID: CVE-2023-52197 CVSS Score: 4.4 (Medium) Researcher/s: Dhabaleshwar Das Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f0fa8050-6318-4528-8dd4-a3ca5467cfaa>
Affected Software: Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building CVE ID: CVE-2024-21748 CVSS Score: 4.3 (Medium) Researcher/s: Huynh Tien Si Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/059f526f-6769-4092-92b0-2ef6248963ee>
Affected Software: WP 2FA – Two-factor authentication for WordPress CVE ID: CVE-2023-6520 CVSS Score: 4.3 (Medium) Researcher/s: Ulyses Saicha Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0af451be-2477-453c-a230-7f3fb804398b>
Affected Software: WP SOCIAL BOOKMARK MENU CVE ID: CVE-2023-7074 CVSS Score: 4.3 (Medium) Researcher/s: Daniel Ruf Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/120a75c5-4fff-4a77-b376-d6968853b40e>
Affected Software: LearnPress – WordPress LMS Plugin CVE ID: CVE-2023-6223 CVSS Score: 4.3 (Medium) Researcher/s: lttn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/215d5d9e-dabb-462d-8c51-952f8c497b78>
Affected Software: Booster Plus for WooCommerce CVE ID: CVE-2023-52231 CVSS Score: 4.3 (Medium) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/38a90190-569f-46d8-bef4-fe28caf5e2fc>
Affected Software: WordPress Users CVE ID: CVE-2023-6390 CVSS Score: 4.3 (Medium) Researcher/s: Daniel Ruf Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3c1a7bda-29c5-4b4b-bbd8-71187609892e>
Affected Software: Easy Social Feed – Social Photos Gallery – Post Feed – Like Box CVE ID: CVE-2023-6883 CVSS Score: 4.3 (Medium) Researcher/s: Lucio Sá Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3deee9b5-2e36-447d-a492-e22e3dc6a5ab>
Affected Software: Quiz Maker CVE ID: CVE-2024-21743 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4e62f27b-c6b0-48ed-bfd7-a1893552eb3e>
Affected Software: WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels CVE ID: CVE-2023-7068 CVSS Score: 4.3 (Medium) Researcher/s: Lucio Sá Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5abc282d-68c9-423c-a15c-d4d3f7035661>
Affected Software: WP Job Manager CVE ID: CVE-2023-52212 CVSS Score: 4.3 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/69430e1a-db2f-4715-84aa-5a1dfd712180>
Affected Software: MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) CVE ID: CVE-2023-52220 CVSS Score: 4.3 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/81099cdc-bce6-4ee6-b819-c3925acf96a8>
Affected Software: Site Notes CVE ID: CVE-2023-6633 CVSS Score: 4.3 (Medium) Researcher/s: Pedro Cuco (illex) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/89cbe41d-3765-4061-8ef6-b63556a5677c>
Affected Software: Void Contact Form 7 Widget For Elementor Page Builder CVE ID: CVE-2023-52214 CVSS Score: 4.3 (Medium) Researcher/s: Friday Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/93784c84-93b3-4f43-84a0-5aeed3ba9cfd>
Affected Software: WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc CVE ID: CVE-2023-6980 CVSS Score: 4.3 (Medium) Researcher/s: Krzysztof Zając Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/94ad6b51-ff8d-48d5-9a70-1781d13990a5>
Affected Software: LightStart – Maintenance Mode, Coming Soon and Landing Page Builder CVE ID: CVE-2023-7019 CVSS Score: 4.3 (Medium) Researcher/s: Lucio Sá Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b57d3d1d-dcdb-4f11-82d8-183778baa075>
Affected Software: WooCommerce Conversion Tracking CVE ID: CVE-2023-52217 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bf798142-4daf-41f5-8416-701d03476520>
Affected Software: Depicter Slider – Responsive Image Slider, Video Slider & Post Slider CVE ID: CVE-2023-6493 CVSS Score: 4.3 (Medium) Researcher/s: Rafshanzani Suhada Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c9c907ea-3ab4-4674-8945-ade4f6ff2679>
Affected Software: WP 2FA – Two-factor authentication for WordPress CVE ID: CVE-2023-6506 CVSS Score: 4.3 (Medium) Researcher/s: Ulyses Saicha Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/caff9be6-4161-47a0-ba47-6c8fc0c4ab40>
Affected Software: Booster Plus for WooCommerce CVE ID: CVE-2023-52230 CVSS Score: 4.3 (Medium) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/dd0a4212-fe04-4c3b-9d78-b1a0bf97e274>
Affected Software: Booster Plus for WooCommerce CVE ID: CVE-2023-52232 CVSS Score: 4.3 (Medium) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/df65af54-ce55-4c50-8a62-5541a1879ad4>
Affected Software: WooCommerce CVE ID: CVE-2023-52222 CVSS Score: 4.3 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/eb8517bc-f45f-40a1-ae80-ed227c8b32d7>
Affected Software: Booster Elite for WooCommerce CVE ID: CVE-2023-52234 CVSS Score: 4.3 (Medium) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f4afcb16-9c97-483f-be48-31b5156bcca3>
Affected Software: User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor CVE ID: CVE-2023-6504 CVSS Score: 4.3 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f515ccf8-7231-4728-b155-c47049087d42>
Affected Software: JS & CSS Script Optimizer CVE ID: CVE-2023-52216 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fb863896-5a5a-4c65-b2a5-0901de7961f2>
Affected Software: Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any Theme – My Sticky Bar (formerly myStickymenu) CVE ID: CVE-2023-7048 CVSS Score: 3.1 (Low) Researcher/s: Ulyses Saicha Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/be0ab40f-cff7-48bd-8dae-cc50af047151>
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (January 1, 2024 to January 7, 2024) appeared first on Wordfence.
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.28 Low
EPSS
Percentile
96.8%