8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
66.9%
Last week, there were 60 vulnerabilities disclosed in 52 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 25 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface and vulnerability API are completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
_Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published. _
Patch Status | Number of Vulnerabilities |
---|---|
Unpatched | 20 |
Patched | 40 |
Severity Rating | Number of Vulnerabilities |
---|---|
Low Severity | 1 |
Medium Severity | 53 |
High Severity | 6 |
Critical Severity | 0 |
Vulnerability Type by CWE | Number of Vulnerabilities |
---|---|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 26 |
Cross-Site Request Forgery (CSRF) | 21 |
Missing Authorization | 8 |
Information Exposure | 1 |
Authorization Bypass Through User-Controlled Key | 1 |
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') | 1 |
Unrestricted Upload of File with Dangerous Type | 1 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 1 |
Researcher Name | Number of Vulnerabilities |
---|---|
Truoc Phan | 6 |
LEE SE HYOUNG | 5 |
Erwan LR | 5 |
Marco Wotschka | |
(Wordfence Vulnerability Reasearcher) | 4 |
Abdi Pranata | 3 |
Mika | 3 |
Lana Codes | |
(Wordfence Vulnerability Reasearcher) | 3 |
yuyudhn | 3 |
Nguyen Xuan Chien | 3 |
Rafshanzani Suhada | 2 |
konagash | 2 |
NeginNrb | 2 |
Rafie Muhammad | 2 |
A. S. M. Muhiminul Hasan | 1 |
Theodoros Malachias | 1 |
Rio Darmawan | 1 |
Le Ngoc Anh | 1 |
emad | 1 |
Alex Thomas | |
(Wordfence Vulnerability Reasearcher) | 1 |
Daniel Ruf | 1 |
Amirmohammad vakili | 1 |
thiennv | 1 |
Chloe Chamberland | |
(Wordfence Vulnerability Reasearcher) | 1 |
Phd | 1 |
killr00t | 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
Software Name | Software Slug |
---|---|
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup | armember-membership |
All Bootstrap Blocks | all-bootstrap-blocks |
Booking and Rental Manager for Bike | Car |
CF7 Google Sheets Connector | cf7-google-sheets-connector |
CF7 Google Sheets Connector Pro | cf7-google-sheets-connector-pro |
CHP Ads Block Detector | chp-ads-block-detector |
Church Admin | church-admin |
Constant Contact Forms | constant-contact-forms |
Contact Form by WD – responsive drag & drop contact form builder tool | contact-form-maker |
Elementor Forms Google Sheet Connector | gsheetconnector-for-elementor-forms |
Elementor Forms Google Sheet Connector Pro | gsheetconnector-for-elementor-forms-pro |
Flo Forms – Easy Drag & Drop Form Builder | flo-forms |
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder | form-maker |
Forminator – Contact Form, Payment Form & Custom Form Builder | forminator |
Galleria | galleria |
Google Map Shortcode | google-map-shortcode |
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor | front-editor |
LWS Cleaner | lws-cleaner |
LWS Tools | lws-tools |
Login Configurator | login-configurator |
MStore API | mstore-api |
MasterStudy LMS WordPress Plugin – for Online Courses and Education | masterstudy-lms-learning-management-system |
ND Shortcodes | nd-shortcodes |
Ninja Forms Google Sheet Connector | gsheetconnector-ninja-forms |
Ninja Forms Google Sheet Connector Pro | gsheetconnector-ninja-forms-pro |
Password Protected | password-protected |
Protect WP Admin | protect-wp-admin |
Recent Posts Slider | recent-posts-slider |
Recipe Maker For Your Food Blog from Zip Recipes | zip-recipes |
Securimage-WP | securimage-wp |
Seed Fonts | seed-fonts |
Sermon'e – Sermons Online | UNKNOWN-CVE-2023-35776-1 |
Stock Manager for WooCommerce | woocommerce-stock-manager |
Template Debugger | quick-edit-template-link |
Tutor LMS – eLearning and online course solution | tutor |
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) | unlimited-elements-for-elementor |
WP Affiliate Links | wp-affiliate-links |
WP Backup Manager | wp-backup-manager |
WP Directory Kit | wpdirectorykit |
WP Matterport Shortcode | shortcode-gallery-for-matterport-showcase |
WP PDF Generator | wp-pdf-generator |
WPForms Google Sheet Connector | gsheetconnector-wpforms |
WPForms Google Sheet Connector Pro | gsheetconnector-wpforms-pro |
Who Hit The Page – Hit Counter | who-hit-the-page-hit-counter |
WooCommerce Stripe Payment Gateway | woocommerce-gateway-stripe |
WordPress Contact Forms by Cimatti | contact-forms |
WordPress NextGen GalleryView | wordpress-nextgen-galleryview |
YaySMTP – Simple WP SMTP Mail | yaysmtp |
Zephyr Project Manager | zephyr-project-manager |
breadcrumb simple | breadcrumb-simple |
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin | mycred |
胖鼠采集(Fat Rat Collect) 微信知乎简书腾讯新闻列表分页采集, 还有自动采集、自动发布、自动标签、等多项功能。开源插件 | fat-rat-collect |
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities.
Affected Software: Unlimited Elements For Elementor (Free Widgets, Addons, Templates) CVE ID: CVE-2023-3295 CVSS Score: 8.8 (High) Researcher/s: Chloe Chamberland, Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ce1ac711-6026-49ef-b66b-2cc199697942>
Affected Software: Tutor LMS – eLearning and online course solution CVE ID: CVE-2023-3133 CVSS Score: 7.5 (High) Researcher/s: A. S. M. Muhiminul Hasan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1d6c9765-6936-4b22-835e-e899f62c14c9>
Affected Software: WooCommerce Stripe Payment Gateway CVE ID: CVE-2023-34000 CVSS Score: 7.5 (High) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/70971072-d743-466b-affe-d7f79d5712aa>
Affected Software/s: Ninja Forms Google Sheet Connector, Ninja Forms Google Sheet Connector Pro CVE ID: CVE-2023-2333 CVSS Score: 7.2 (High) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/559a92e0-609e-415f-aab3-649a185eb431>
Affected Software: YaySMTP – Simple WP SMTP Mail CVE ID: CVE-2023-3093 CVSS Score: 7.2 (High) Researcher/s: Alex Thomas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/68e6ec3a-c5fd-4f63-a9a0-2c9ddfb96e2e>
Affected Software: Who Hit The Page – Hit Counter CVE ID: CVE-2023-25466 CVSS Score: 7.2 (High) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/714d7811-0425-4833-a7b2-a408799181e4>
Affected Software: Contact Form by WD – responsive drag & drop contact form builder tool CVE ID: CVE-2023-2655 CVSS Score: 6.6 (Medium) Researcher/s: killr00t Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fb56c071-d7b9-40e0-8cc5-2dd48c93b8cf>
Affected Software: All Bootstrap Blocks CVE ID: CVE-2023-35047 CVSS Score: 6.5 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4a7a15ab-4f13-4eb1-aeb5-143230308871>
Affected Software: WP Directory Kit CVE ID: CVE-2023-2351 CVSS Score: 6.5 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/50c5154c-1573-4c2b-85a1-a89bdb22dc7d>
Affected Software: MStore API CVE ID: CVE Unknown CVSS Score: 6.5 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7a747542-0601-4fa5-a97c-c72d1347013b>
Affected Software: Sermon'e – Sermons Online CVE ID: CVE-2023-35776 CVSS Score: 6.4 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/08b5f399-018c-4e0b-aefc-55463d4ac48d>
Affected Software: MasterStudy LMS WordPress Plugin – for Online Courses and Education CVE ID: CVE-2023-35090 CVSS Score: 6.4 (Medium) Researcher/s: Rafshanzani Suhada Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/174e2bf3-2531-4a53-ade6-3df7e976ed29>
Affected Software: ND Shortcodes CVE ID: CVE-2022-4623 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5d92687e-cdf2-4dd2-b984-eaf9f0a56625>
Affected Software: WP Matterport Shortcode CVE ID: CVE-2023-35094 CVSS Score: 6.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7b76ce38-d9ee-4998-ba3b-9f21158ce18a>
Affected Software: ND Shortcodes CVE ID: CVE-2023-1273 CVSS Score: 6.4 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9b9bd42f-cb24-483a-ae91-add4378067d9>
Affected Software: Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor CVE ID: CVE Unknown CVSS Score: 6.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f34722fb-e852-4194-b839-7d885d212fc9>
Affected Software: WordPress NextGen GalleryView CVE ID: CVE-2023-35098 CVSS Score: 6.1 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/043ed446-3af3-4d90-8da7-b1fe73e06bba>
Affected Software/s: CF7 Google Sheets Connector Pro, CF7 Google Sheets Connector CVE ID: CVE-2023-2320 CVSS Score: 6.1 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1c6b2c4b-5ea5-471d-9114-d2b469b6c59b>
Affected Software/s: Elementor Forms Google Sheet Connector Pro, Elementor Forms Google Sheet Connector CVE ID: CVE-2023-2324 CVSS Score: 6.1 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3ac577f4-2e61-4b72-881e-6fbbfd268f7b>
Affected Software: WP Backup Manager CVE ID: CVE-2023-35775 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5ee3416b-d6df-4f8b-834b-4e78516c00ba>
Affected Software/s: WPForms Google Sheet Connector Pro, WPForms Google Sheet Connector CVE ID: CVE-2023-2321 CVSS Score: 6.1 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/75067f95-48b6-4c1d-8d8b-2601185b1f81>
Affected Software: Recent Posts Slider CVE ID: CVE-2023-35043 CVSS Score: 6.1 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8bbc6aa7-0625-4689-8afe-d7399009ee53>
Affected Software: WP Affiliate Links CVE ID: CVE-2023-35097 CVSS Score: 6.1 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ba4638be-29d3-4638-84d3-6a9d540bfa33>
Affected Software: Google Map Shortcode CVE ID: CVE-2023-35772 CVSS Score: 6.1 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cbd4983f-bf92-45c3-95a6-6f5e39bca228>
Affected Software: Church Admin CVE ID: CVE-2023-34021 CVSS Score: 6.1 (Medium) Researcher/s: Phd Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e85efdc1-cffc-411a-a2f7-6fa1132e2910>
Affected Software: LWS Tools CVE ID: CVE-2023-35774 CVSS Score: 5.4 (Medium) Researcher/s: konagash Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/315dbb77-d872-4cc4-bb4c-9d4763a6ff8f>
Affected Software: LWS Cleaner CVE ID: CVE-2023-35781 CVSS Score: 5.4 (Medium) Researcher/s: konagash Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b89c51fe-c056-4d85-a6e3-6678ed93b9d8>
Affected Software: 胖鼠采集(Fat Rat Collect) 微信知乎简书腾讯新闻列表分页采集, 还有开源插件 CVE ID: CVE-2023-35045 CVSS Score: 5.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/279cebb5-4be4-485a-92c7-e0bcc961f93e>
Affected Software: Protect WP Admin CVE ID: CVE-2023-3139 CVSS Score: 5.3 (Medium) Researcher/s: Daniel Ruf Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7012b34d-8d65-4575-9965-417739206b5f>
Affected Software: Forminator – Contact Form, Payment Form & Custom Form Builder CVE ID: CVE-2023-2010 CVSS Score: 5.3 (Medium) Researcher/s: Amirmohammad vakili Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a40cb2da-dc13-4e20-9602-a4e6c2eade43>
Affected Software: CHP Ads Block Detector CVE ID: CVE-2023-2354 CVSS Score: 4.9 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6f8514c9-0e11-4e26-ba0b-1d08a990b56c>
Affected Software: Seed Fonts CVE ID: CVE-2023-35779 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/57953bab-7430-4841-b073-7db7964e6a65>
Affected Software: ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup CVE ID: CVE-2023-33323 CVSS Score: 4.4 (Medium) Researcher/s: emad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/668d4bd3-adde-4347-9169-67c3c96e1743>
Affected Software: Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress and all Kinds of Equipment CVE ID: CVE-2023-35048 CVSS Score: 4.4 (Medium) Researcher/s: NeginNrb Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6e7c629f-e9c6-4254-ba37-46de5206d77d>
Affected Software: Login Configurator CVE ID: CVE-2023-34369 CVSS Score: 4.4 (Medium) Researcher/s: NeginNrb Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/74d3606f-bd62-4844-ac17-8e47feddab92>
Affected Software: Password Protected CVE ID: CVE-2023-32580 CVSS Score: 4.4 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/79c296b1-e385-404d-96c0-a98f10b89f08>
Affected Software: Flo Forms – Easy Drag & Drop Form Builder CVE ID: CVE-2023-35095 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bdd35d61-0777-4e64-8a51-55fe928e75ba>
Affected Software: Recent Posts Slider CVE ID: CVE-2023-35778 CVSS Score: 4.3 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0cf9c390-81d7-45d4-a6df-22b16235d11b>
Affected Software: MStore API CVE ID: CVE-2023-3203 CVSS Score: 4.3 (Medium) Researcher/s: Truoc Phan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1aed51a2-9fd4-43bb-b72d-ae8e51ee6e87>
Affected Software: Zephyr Project Manager CVE ID: CVE-2023-34373 CVSS Score: 4.3 (Medium) Researcher/s: Theodoros Malachias Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/236387f0-b58e-4ef1-b370-a0703a7902eb>
Affected Software: WP PDF Generator CVE ID: CVE-2023-35038 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/28a4c868-a24d-4fd8-ae0e-d5c0bf3a7436>
Affected Software: Securimage-WP CVE ID: CVE-2023-35044 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/36f41de5-50d5-47ca-bbd0-eca3b756a0cd>
Affected Software: MasterStudy LMS WordPress Plugin – for Online Courses and Education CVE ID: CVE-2023-35093 CVSS Score: 4.3 (Medium) Researcher/s: Rafshanzani Suhada Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/417ae2f2-e245-49bb-8b77-0eabf6095459>
Affected Software: CHP Ads Block Detector CVE ID: CVE-2023-2353 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4eca64d7-6e33-4b8e-af37-a3e8bbf2b76f>
Affected Software: Recipe Maker For Your Food Blog from Zip Recipes CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/727a0649-082f-46d0-8d6f-de53ee7fb18e>
Affected Software: MStore API CVE ID: CVE-2023-3200 CVSS Score: 4.3 (Medium) Researcher/s: Truoc Phan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/78f3c503-e255-44d2-8432-48dc2c5f553d>
Affected Software: Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7f0eac1e-4988-4b73-bf13-c959b0dc11e2>
Affected Software: Template Debugger CVE ID: CVE-2023-35773 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8da0fed9-4b88-4b68-b317-124fe678cfa4>
Affected Software: Stock Manager for WooCommerce CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/99984fff-94e3-46fb-8241-88fcda556054>
Affected Software: myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin CVE ID: CVE-2023-35096 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a3936c4b-2326-41dc-b7d6-a8cf43752ddb>
Affected Software: MStore API CVE ID: CVE-2023-3199 CVSS Score: 4.3 (Medium) Researcher/s: Truoc Phan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a604df5d-92b3-4df8-a7ef-00f0ee95cf0f>
Affected Software: Constant Contact Forms CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b8a26695-4793-418b-9a23-6709fe79ea4f>
Affected Software: MStore API CVE ID: CVE-2023-3198 CVSS Score: 4.3 (Medium) Researcher/s: Truoc Phan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c5f30190-4576-4c2b-b069-72501538733b>
Affected Software: MStore API CVE ID: CVE-2023-3201 CVSS Score: 4.3 (Medium) Researcher/s: Truoc Phan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cb5cb1a5-30d2-434f-90f9-d37aecfbe158>
Affected Software: MStore API CVE ID: CVE-2023-3202 CVSS Score: 4.3 (Medium) Researcher/s: Truoc Phan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d2b3612e-3c91-469b-98ef-fdb03b0ee9d9>
Affected Software: CHP Ads Block Detector CVE ID: CVE-2023-2352 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e5a9cced-0e5e-4b6e-8291-0a862c9f9523>
Affected Software: Galleria CVE ID: CVE-2023-35780 CVSS Score: 4.3 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ea85fa9a-78ea-4017-b72e-49db7eafa11e>
Affected Software: Recipe Maker For Your Food Blog from Zip Recipes CVE ID: CVE-2023-35089 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ebd1483a-949d-4edb-9b86-007879d2d207>
Affected Software: WordPress Contact Forms by Cimatti CVE ID: CVE-2023-2563 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f80a1f13-c1b9-4259-8d96-71a3cbcaf4ca>
Affected Software: breadcrumb simple CVE ID: CVE-2023-35092 CVSS Score: 3.3 (Low) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/598e38d7-b5a9-43c1-b908-dab8bbe24115>
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (June 12, 2023 to June 18, 2023) appeared first on Wordfence.
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
66.9%