9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
53.2%
Last week, there were 152 vulnerabilities disclosed in 134 WordPress Plugins and 0 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 41 Vulnerability Researchers that contributed to WordPress Security last week. There were more unpatched vulnerabilities than patched last week, so it's more important than ever to review those vulnerabilities in this report now to ensure your site is not affected and make the appropriate adjustments if your site is.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface and vulnerability API are completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
Patch Status | Number of Vulnerabilities |
---|---|
Unpatched | 81 |
Patched | 71 |
Severity Rating | Number of Vulnerabilities |
---|---|
Low Severity | 0 |
Medium Severity | 134 |
High Severity | 16 |
Critical Severity | 2 |
Vulnerability Type by CWE | Number of Vulnerabilities |
---|---|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 93 |
Cross-Site Request Forgery (CSRF) | 30 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 11 |
Missing Authorization | 10 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 2 |
Deserialization of Untrusted Data | 2 |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') | 1 |
Information Exposure | 1 |
Improper Access Control | 1 |
URL Redirection to Untrusted Site ('Open Redirect') | 1 |
Researcher Name | Number of Vulnerabilities |
---|---|
Lana Codes | 30 |
Marco Wotschka | 11 |
Yuki Haruma | 9 |
yuyudhn | 7 |
Muhammad Daffa | 6 |
LEE SE HYOUNG | 6 |
Rio Darmawan | 6 |
Sajjad Shariati | 6 |
Shreya Pohekar | 5 |
minhtuanact | 5 |
Justiice | 4 |
Ramuel Gall | 4 |
TEAM WEBoB of BoB 11th | 3 |
Mika | 3 |
Ivan Kuzymchak | 3 |
Le Ngoc Anh | 3 |
Erwan LR | 3 |
Cat | 3 |
WPScanTeam | 2 |
Lokesh Dachepalli | 2 |
Nguyen Xuan Chien | 2 |
Joshua Martinelle | 1 |
Rafie Muhammad | 1 |
Rafshanzani Suhada | 1 |
Nguyen Huu Do | 1 |
Ryo Sato | 1 |
Skalucy | 1 |
Shezad Master | 1 |
zhangyunpei | 1 |
Yeting Li VARAS@IIE | 1 |
Ameen Alkurdy | 1 |
Nithissh S | 1 |
Chien Vuong | 1 |
thiennv | 1 |
Alexander Schmid | 1 |
cydave | 1 |
easyBug | 1 |
Daniel Ruf | 1 |
Alex Thomas | 1 |
deokhunKim | 1 |
Lucio Sá | 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
Software Name | Software Slug |
---|---|
AI ChatBot | chatbot |
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup | armember-membership |
Accessibility Suite by Online ADA | online-accessibility |
Accordion & FAQ – Helpie WordPress Frequently Asked Questions plugin | helpie-faq |
Active Directory Integration / LDAP Integration | ldap-login-for-intranet-sites |
ActiveCampaign – Forms, Site Tracking, Live Chat | activecampaign-subscription-forms |
Ad Inserter – Ad Manager & AdSense Ads | ad-inserter |
Album Gallery – WordPress Gallery | new-album-gallery |
ApexChat | apexchat |
Avirato hotels online booking engine | avirato-calendar |
BBSpoiler | bbspoiler |
BadgeOS | badgeos |
Best Travel Booking WordPress Plugin, Tour Booking System, Trip Booking WordPress Plugin – Yatra | yatra |
Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor store / shop | woo-altcoin-payment-gateway |
BizLibrary | bizlibrary |
Booking calendar, Appointment Booking System | booking-calendar |
Button Builder – Buttons X | buttons-x |
CMP – Coming Soon & Maintenance Plugin by NiteoThemes | cmp-coming-soon-maintenance |
CMS Tree Page View | cms-tree-page-view |
Cab Grid | cab-grid |
Captcha Them All | captcha-them-all |
Category Specific RSS feed Subscription | category-specific-rss-feed-menu |
Church Admin | church-admin |
Clock In Portal- Staff & Attendance Management | clock-in-portal |
Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress | contact-form-to-db |
Continuous announcement scroller | continuous-announcement-scroller |
Custom Post Type List Shortcode | custom-post-type-list-shortcode |
Customer Support Software, Live Chat, & Marketing Automation | formilla-chat-and-marketing |
Dave's WordPress Live Search | daves-wordpress-live-search |
Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress | charitable |
EZP Maintenance Mode | easy-pie-maintenance-mode |
Easy Ad Manager | easy-ad-manager |
Easy Slider Revolution | easy-slider-revolution |
Ebook Store | ebook-store |
Email posts to subscribers | email-posts-to-subscribers |
Enable/Disable Auto Login when Register | auto-login-when-resister |
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates | essential-blocks |
File Gallery | file-gallery |
Flyzoo Chat | flyzoo |
Form Block | form-block |
FormCraft – Contact Form Builder for WordPress | formcraft-form-builder |
Formilla Edge Targeted Messaging Platform for Sales and Marketing | formilla-edge |
Freshdesk (official) | freshdesk-support |
GDPR Compliance & Cookie Consent | gdpr-compliance-cookie-consent |
Gallery Metabox | gallery-metabox |
Google Analytics Top Content Widget | google-analytics-top-posts-widget |
Gps Plotter | gps-plotter |
Help Desk WP | helpdeskwp |
Image Optimizer by 10web – Image Optimizer and Compression plugin | image-optimizer-wd |
Japanized For WooCommerce | woocommerce-for-japan |
Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation | zero-bs-crm |
Kaya QR Code Generator | kaya-qr-code-generator |
Kiwiz - Certification de facturation - Woocommerce | woocommerce-gateway-certification-de-facture-et-gestion-de-pdf-kiwiz |
Kodex Posts likes | kodex-posts-likes |
LIQUID SPEECH BALLOON | liquid-speech-balloon |
Layer Slider | slider-slideshow |
LearnPress Export Import – WordPress extension for LearnPress | learnpress-import-export |
Live Chat by Formilla – Real-time Chat & Chatbots Plugin | formilla-live-chat |
Locatoraid Store Locator | locatoraid |
Login Page Styler | Custom Login |
Mail Subscribe List | mail-subscribe-list |
Mega Addons For WPBakery Page Builder | mega-addons-for-visual-composer |
Membership Database | member-database |
Modal Dialog | modal-dialog |
Motors – Car Dealer, Classifieds & Listing | motors-car-dealership-classified-listings |
NEX-Forms – Ultimate Form Builder – Contact forms and much more | nex-forms-express-wp-form-builder |
Ninja Tables – Best Data Table Plugin for WordPress | ninja-tables |
OoohBoi Steroids for Elementor | ooohboi-steroids-for-elementor |
Panorama – WordPress Project Management Plugin | project-panorama-lite |
Post Shortcode | post-shortcode |
PowerPress Podcasting plugin by Blubrry | powerpress |
Pretty Url | pretty-url |
Product Slider For WooCommerce Lite | product-slider-for-woocommerce-lite |
PropertyHive | propertyhive |
Query Wrangler | query-wrangler |
RapidExpCart | rapidexpcart |
Redirect After Login | redirect-after-login |
Reservation.Studio widget | reservation-studio-widget |
Responsive Filterable Portfolio | responsive-filterable-portfolio |
ReviewX – Multi-criteria Rating & Reviews for WooCommerce | reviewx |
Robokassa payment gateway for Woocommerce | robokassa |
Semalt Blocker | semalt |
ShopEngine – Elementor WooCommerce Builder Addons, Variation Swatches, Wishlist, Products Compare – All in One Solution | shopengine |
Shortcode IMDB | shortcode-imdb |
Simple Share Buttons Adder | simple-share-buttons-adder |
Simple Tooltips | simple-tooltips |
SiteAlert – Uptime, Speed, and Security Monitoring for WordPress | my-wp-health-check |
Sloth Logo Customizer | sloth-logo-customizer |
Smart WooCommerce Search | smart-woocommerce-search |
Social Share Boost | social-share-boost |
SparkPost | sparkpost |
Stock Exporter for WooCommerce | stock-exporter-for-woocommerce |
Stream | stream |
Subscribers – Free Web Push Notifications | subscribers-com |
Tablesome – Data table & Workflow Automation ( Contact Form Entries, Email Log, OpenAI / ChatGPT ) | tablesome |
TaxoPress is the WordPress Tag, Category, and Taxonomy Manager | simple-tags |
The School Management – Education & Learning Management | school-management-system |
Themify Portfolio Post | themify-portfolio-post |
Thumbnail carousel slider | wp-responsive-thumbnail-slider |
Uji Popup | uji-popup |
Ultimate Carousel For Elementor | ultimate-carousel-for-elementor |
Ultimate Carousel For WPBakery Page Builder | ultimate-carousel-for-visual-composer |
Update Image Tag Alt Attribute | update-alt-attribute |
Verified Reviews (Avis Vérifiés) | netreviews |
Video Grid | video-grid |
Video List Manager | video-list-manager |
Visual CSS Style Editor | yellow-pencil-visual-theme-customizer |
WCP Contact Form | wcp-contact-form |
WP Cerber Security, Anti-spam & Malware Scan | wp-cerber |
WP Custom Author URL | wp-custom-author-url |
WP Docs | wp-docs |
WP Links Page | wp-links-page |
WP Login Box | wp-login-box |
WP Original Media Path | wp-original-media-path |
WP Popups – WordPress Popup builder | wp-popups-lite |
WP Responsive Tabs horizontal vertical and accordion Tabs | responsive-horizontal-vertical-and-accordion-tabs |
WP-FormAssembly | formassembly-web-forms |
WP-dTree | wp-dtree-30 |
WPJAM Basic | wpjam-basic |
White Label Branding for Elementor Page Builder | white-label-branding-elementor |
WooCommerce Easy Duplicate Product | woo-easy-duplicate-product |
WooCommerce Order Status Change Notifier | woocommerce-order-status-change-notifier |
Woocommerce Email Report | wooemailreport |
Woocommerce Products Designer by ORION – online product customizer for t-shirts, print cards, phone cases Lettering & Decals | woocommerce-products-designer |
WordPress Header Builder Plugin – Pearl | pearl-header-builder |
Wp-D3 | wp-d3 |
YARPP – Yet Another Related Posts Plugin | yet-another-related-posts-plugin |
YML for Yandex Market | yml-for-yandex-market |
YourChannel: Everything you want in a YouTube plugin. | yourchannel |
Zendesk Support for WordPress | zendesk |
eRocket | erocket |
f(x) TOC | fx-toc |
miniOrange's Google Authenticator – WordPress Two Factor Authentication (2FA , Two Factor, OTP SMS and Email) | Passwordless login |
vSlider Multi Image Slider for WordPress | vslider |
Affected Software: Email posts to subscribers CVE ID: CVE-2022-46818 CVSS Score: 9.8 (Critical) Researcher/s: Le Ngoc Anh Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/51f73041-927d-42da-92cc-14242a397356>
Affected Software: Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor store / shop CVE ID: CVE-2022-4118 CVSS Score: 9.8 (Critical) Researcher/s: cydave Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a4e1315b-31e5-428c-9a48-6185b4eeb2fc>
Affected Software: ReviewX – Multi-criteria Rating & Reviews for WooCommerce CVE ID: CVE-2023-26325 CVSS Score: 8.8 (High) Researcher/s: Joshua Martinelle Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/072092ef-17bc-4b8b-bf8b-bd69a761c56a>
Affected Software: YARPP – Yet Another Related Posts Plugin CVE ID: CVE-2022-45374 CVSS Score: 8.8 (High) Researcher/s: Rafie Muhammad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1091862b-784b-496f-a951-6784544cb51b>
Affected Software: Accessibility Suite by Online ADA CVE ID: CVE-2022-47420 CVSS Score: 8.8 (High) Researcher/s: minhtuanact Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/71c21af1-a007-4535-98ea-a6f25142bcf6>
Affected Software: Avirato hotels online booking engine CVE ID: CVE-2023-0768 CVSS Score: 8.8 (High) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b62fb1a8-d62d-4d1f-bcce-a081432b9e61>
Affected Software: Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress CVE ID: CVE-2023-29096 CVSS Score: 8.8 (High) Researcher/s: easyBug Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ba317acb-d45c-42c0-b5fb-b163bcd59340>
Affected Software: Kiwiz - Certification de facturation - Woocommerce CVE ID: CVE-2023-2180 CVSS Score: 7.5 (High) Researcher/s: WPScanTeam Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/603f0c9d-6964-4911-b4a5-bdad24a1a8dd>
Affected Software: miniOrange's Google Authenticator – WordPress Two Factor Authentication (2FA , Two Factor, OTP SMS and Email) | Passwordless login CVE ID: CVE-2022-4943 CVSS Score: 7.5 (High) Researcher/s: Ramuel Gall Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7267ede1-7745-47cc-ac0d-4362140b4c23>
Affected Software: Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation CVE ID: CVE-2022-3342 CVSS Score: 7.5 (High) Researcher/s: Ramuel Gall Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/98ab264f-b210-41d0-bb6f-b4f31d933f80>
Affected Software: The School Management – Education & Learning Management CVE ID: CVE-2022-47430 CVSS Score: 7.2 (High) Researcher/s: minhtuanact Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1268bdb9-7f80-4fdc-a95a-d51b0ab83e17>
Affected Software: Ad Inserter – Ad Manager & AdSense Ads CVE ID: CVE-2023-1549 CVSS Score: 7.2 (High) Researcher/s: Nguyen Huu Do Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1c94028c-a774-45ac-817d-ad9b966a3b51>
Affected Software: Shortcode IMDB CVE ID: CVE-2022-47432 CVSS Score: 7.2 (High) Researcher/s: minhtuanact Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3ae6bf2e-b39a-4bb3-9203-22ff4c23ddf4>
Affected Software: WP Cerber Security, Anti-spam & Malware Scan CVE ID: CVE-2022-4712 CVSS Score: 7.2 (High) Researcher/s: Ramuel Gall Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6cd9cbba-10b0-4fb0-ad49-4593a307a615>
Affected Software: Video List Manager CVE ID: CVE-2023-1408 CVSS Score: 7.2 (High) Researcher/s: zhangyunpei, Yeting Li VARAS@IIE Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8b2d42ab-46c1-4c3e-b99a-1cdcade1b5bb>
Affected Software: Help Desk WP CVE ID: CVE-2023-1019 CVSS Score: 7.2 (High) Researcher/s: Ameen Alkurdy Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8ec5173b-7b0d-4887-8c13-f48137aa8593>
Affected Software: Booking calendar, Appointment Booking System CVE ID: CVE-2022-47428 CVSS Score: 7.2 (High) Researcher/s: thiennv Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9c44b6e5-7fb2-402e-8c8c-79d811ff0e9a>
Affected Software: NEX-Forms – Ultimate Form Builder – Contact forms and much more CVE ID: CVE-2023-2114 CVSS Score: 7.2 (High) Researcher/s: Alexander Schmid Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9d19be8b-3e0b-4d74-97e0-f17132d2d34c>
Affected Software: Ebook Store CVE ID: CVE-2023-22701 CVSS Score: 6.5 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d4b17cce-bb52-4125-8c85-6da15517275f>
Affected Software: f(x) TOC CVE ID: CVE-2023-0490 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/09479df1-ff7e-4df8-9aea-8c7622ecea4e>
Affected Software: Easy Slider Revolution CVE ID: CVE-2023-28622 CVSS Score: 6.4 (Medium) Researcher/s: Yuki Haruma Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/14a20f9c-cf5a-4d57-b723-ad29a12c8881>
Affected Software: Button Builder – Buttons X CVE ID: CVE-2023-23867 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1aea8fe3-7c75-4d3a-847a-ce0d1f9700f1>
Affected Software: Uji Popup CVE ID: CVE-2023-23641 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1e81208c-771f-409e-b665-b07def0ca774>
Affected Software: WPJAM Basic CVE ID: CVE-2023-23709 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2a5ccc0b-a80a-41df-991c-5c356eb10512>
Affected Software: ActiveCampaign – Forms, Site Tracking, Live Chat CVE ID: CVE-2023-0233 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/47e25cfa-fedf-413a-bfe7-18a1de429bc3>
Affected Software: Mail Subscribe List CVE ID: CVE-2023-23657 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/55b39859-b8a0-418b-ae7a-cd42d6e0bf00>
Affected Software: BBSpoiler CVE ID: CVE-2023-23873 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/789497b1-36cf-4de2-bca0-52c0c2a08f72>
Affected Software: Product Slider For WooCommerce Lite CVE ID: CVE-2023-0537 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8159ee7c-69ac-4422-ba8b-664f1fee8e07>
Affected Software: Wp-D3 CVE ID: CVE-2023-0536 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/89409461-c87e-4882-bf53-cc789e459b4f>
Affected Software: Social Share Boost CVE ID: CVE-2023-23688 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9290532f-58d7-4e7d-9fa0-89c7f82b0466>
Affected Software: WP Links Page CVE ID: CVE-2023-22720 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9ef3297d-8686-44aa-ac73-793b644be3f2>
Affected Software: WP-FormAssembly CVE ID: CVE Unknown CVSS Score: 6.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a3b164e0-de2e-40d5-935e-31f5bebd87cf>
Affected Software: Mega Addons For WPBakery Page Builder CVE ID: CVE-2023-0268 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a443b20e-1686-4519-890d-e6f1838fb05c>
Affected Software: WP Popups – WordPress Popup builder CVE ID: CVE-2023-1905 CVSS Score: 6.4 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a9747cda-735c-4087-8c4d-9c445c6d1596>
Affected Software: Ultimate Carousel For Elementor CVE ID: CVE-2023-0280 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b0e35280-0c2a-4fe1-bfbe-3321338ff1a5>
Affected Software: Custom Post Type List Shortcode CVE ID: CVE-2023-0542 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b702f507-475a-4d45-8bb1-635f5f377c88>
Affected Software: File Gallery CVE ID: CVE-2023-23676 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c11be4ba-1bed-4234-b475-468394b7be90>
Affected Software: Ultimate Carousel For WPBakery Page Builder CVE ID: CVE-2023-0267 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c97fc289-1ee3-4401-a57e-b4c8d998259e>
Affected Software: FormCraft – Contact Form Builder for WordPress CVE ID: CVE-2023-22717 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cf17a817-6f61-43d5-9da2-58fbbef458d9>
Affected Software: Post Shortcode CVE ID: CVE-2023-0526 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f3e1d66d-34cf-491c-8a07-0f9efd3c9669>
Affected Software: Kaya QR Code Generator CVE ID: CVE-2023-30784 CVSS Score: 6.4 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f4f0bb58-d904-4bf4-9e15-4ee6289c2df4>
Affected Software: vSlider Multi Image Slider for WordPress CVE ID: CVE-2023-22672 CVSS Score: 6.3 (Medium) Researcher/s: minhtuanact Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/14376064-13c4-4874-afea-395af2a1933d>
Affected Software: WP Docs CVE ID: CVE-2023-30873 CVSS Score: 6.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/45a870f4-7ad1-447b-81ea-5d9e9b67b1bb>
Affected Software: Membership Database CVE ID: CVE-2023-0514 CVSS Score: 6.1 (Medium) Researcher/s: Shreya Pohekar Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/07ede585-c0d2-4643-9c36-7b5da5f721bd>
Affected Software: CMS Tree Page View CVE ID: CVE-2023-30868 CVSS Score: 6.1 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/19796773-3d5f-458d-aab1-743b6835c71b>
Affected Software: Church Admin CVE ID: CVE-2023-30782 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2204017a-0363-4f2f-909a-e0826463477c>
Affected Software: Update Image Tag Alt Attribute CVE ID: CVE-2023-27455 CVSS Score: 6.1 (Medium) Researcher/s: Skalucy Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/25b13322-d305-45db-8ac7-20762398dc21>
Affected Software: Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress CVE ID: CVE-2022-47441 CVSS Score: 6.1 (Medium) Researcher/s: TEAM WEBoB of BoB 11th Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2b3b9576-7c7d-4665-92d5-03aa292cdbbe>
Affected Software: WCP Contact Form CVE ID: CVE-2023-22703 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/33fd4542-0a46-4779-be02-d713dcbc8f96>
Affected Software: Google Analytics Top Content Widget CVE ID: CVE-2015-10101 CVSS Score: 6.1 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4522480a-dfbf-4ff4-93c2-68b8cc15367c>
Affected Software: RapidExpCart CVE ID: CVE-2023-0520 CVSS Score: 6.1 (Medium) Researcher/s: Shreya Pohekar Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/52fde632-f3a4-48d5-8c2c-c42b9d20dcb7>
Affected Software: AI ChatBot CVE ID: CVE-2023-1011 CVSS Score: 6.1 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/56fad8de-6646-4305-83a9-0ed443c3aa7d>
Affected Software: WooCommerce Easy Duplicate Product CVE ID: CVE-2023-30747 CVSS Score: 6.1 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8b06d68e-153d-4cee-94d5-cbeac7468665>
Affected Software: Tablesome – Data table & Workflow Automation ( Contact Form Entries, Email Log, OpenAI / ChatGPT ) CVE ID: CVE Unknown CVSS Score: 6.1 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8d769308-6273-4ed2-b64a-d9f065de4cce>
Affected Software: Visual CSS Style Editor CVE ID: CVE-2022-33961 CVSS Score: 6.1 (Medium) Researcher/s: Muhammad Daffa Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/967ff273-33f3-4580-928a-7764583429aa>
Affected Software: Sloth Logo Customizer CVE ID: CVE-2023-0603 CVSS Score: 6.1 (Medium) Researcher/s: Nithissh S Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/974f14e8-1a59-4ba5-8806-b4d8b135315e>
Affected Software: Modal Dialog CVE ID: CVE-2023-31071 CVSS Score: 6.1 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/99140d47-88bb-48a1-863a-93a558541800>
Affected Software: Thumbnail carousel slider CVE ID: CVE-2023-1915 CVSS Score: 6.1 (Medium) Researcher/s: Chien Vuong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/99711f41-d21b-4725-acc8-9542283daf12>
Affected Software: YML for Yandex Market CVE ID: CVE-2023-30473 CVSS Score: 6.1 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a823a21e-78b5-4186-bb67-88799509970d>
Affected Software: Woocommerce Email Report CVE ID: CVE-2023-27627 CVSS Score: 6.1 (Medium) Researcher/s: Yuki Haruma Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/abdbee50-b8c3-4254-a828-37629a798c92>
Affected Software: Stock Exporter for WooCommerce CVE ID: CVE-2023-30871 CVSS Score: 6.1 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b65184e6-8072-4dd7-8291-c92817e55beb>
Affected Software: Query Wrangler CVE ID: CVE-2023-30779 CVSS Score: 6.1 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c79d781e-4c11-43e9-8c5f-aa89e8fbf635>
Affected Software: Video Grid CVE ID: CVE-2023-30785 CVSS Score: 6.1 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c92e166d-2ede-4280-a875-d30c0cf6f467>
Affected Software: RapidExpCart CVE ID: CVE-2023-0520 CVSS Score: 6.1 (Medium) Researcher/s: Shreya Pohekar Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cc1e480c-577a-467a-8297-747512286a39>
Affected Software: Video Grid CVE ID: CVE Unknown CVSS Score: 6.1 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/db5247ad-dbbf-4d8e-92f5-3a673b97d080>
Affected Software: Responsive Filterable Portfolio CVE ID: CVE-2023-2119 CVSS Score: 6.1 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e67dfe0f-ac1c-4a78-bfc9-0cfd6c3040d4>
Affected Software: Japanized For WooCommerce CVE ID: CVE-2023-0948 CVSS Score: 6.1 (Medium) Researcher/s: Erwan LR Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ea7d643c-3388-469f-b4a9-5c68341e2af0>
Affected Software: PropertyHive CVE ID: CVE-2023-22706 CVSS Score: 6.1 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ea82e978-a653-4ae3-94aa-bc77b94a176c>
Affected Software: Thumbnail carousel slider CVE ID: CVE-2023-2120 CVSS Score: 6.1 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f4bf4e12-5cbb-45bc-938e-62163baaa15d>
Affected Software: ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup CVE ID: CVE-2022-47140 CVSS Score: 6.1 (Medium) Researcher/s: TEAM WEBoB of BoB 11th Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fd22babc-f1a9-4f50-9756-fe692105dca3>
Affected Software: WP Responsive Tabs horizontal vertical and accordion Tabs CVE ID: CVE-2023-2184 CVSS Score: 6.1 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fe54c37f-1421-48aa-b502-045847d13ae3>
Affected Software: Themify Portfolio Post CVE ID: CVE-2022-32970 CVSS Score: 5.5 (Medium) Researcher/s: Muhammad Daffa Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0f3c3629-b7a9-4f83-a821-64119ed662ce>
Affected Software: TaxoPress is the WordPress Tag, Category, and Taxonomy Manager CVE ID: CVE-2023-2168 CVSS Score: 5.5 (Medium) Researcher/s: Ivan Kuzymchak Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1c051bfd-2754-4faf-8062-91752555166c>
Affected Software: TaxoPress is the WordPress Tag, Category, and Taxonomy Manager CVE ID: CVE-2023-2169 CVSS Score: 5.5 (Medium) Researcher/s: Ivan Kuzymchak Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/52574d99-1ffe-4152-bf13-9cdd11d7300a>
Affected Software: YourChannel: Everything you want in a YouTube plugin. CVE ID: CVE-2023-1869 CVSS Score: 5.5 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a81d5615-0b96-4d89-a525-7e80a10a9317>
Affected Software: TaxoPress is the WordPress Tag, Category, and Taxonomy Manager CVE ID: CVE-2023-2170 CVSS Score: 5.5 (Medium) Researcher/s: Ivan Kuzymchak Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e98ed932-4e4c-4127-ae72-500e2a34f371>
Affected Software: Motors – Car Dealer, Classifieds & Listing CVE ID: CVE-2022-38716 CVSS Score: 5.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0ca9e920-3c7a-4991-8c24-2e55c4f4767c>
Affected Software: LearnPress Export Import – WordPress extension for LearnPress CVE ID: CVE-2023-30487 CVSS Score: 5.4 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1322e229-5e0b-4c3d-ae96-e211a2831842>
Affected Software: PowerPress Podcasting plugin by Blubrry CVE ID: CVE-2023-30778 CVSS Score: 5.4 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1c40c28f-554f-42d0-9f6d-a899d8f61519>
Affected Software: Smart WooCommerce Search CVE ID: CVE-2023-30783 CVSS Score: 5.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/59931266-766f-42d2-bcde-04d694a444b0>
Affected Software: ShopEngine – Elementor WooCommerce Builder Addons, Variation Swatches, Wishlist, Products Compare – All in One Solution CVE ID: CVE-2022-45371 CVSS Score: 5.4 (Medium) Researcher/s: Muhammad Daffa Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/94abb34a-4451-4f41-ba23-d2a723e5a2e7>
Affected Software: Freshdesk (official) CVE ID: CVE-2015-10102 CVSS Score: 5.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d6f20fc3-41e5-4220-ac8b-54eb11719f07>
Affected Software: Locatoraid Store Locator CVE ID: CVE-2023-2031 CVSS Score: 5.4 (Medium) Researcher/s: Alex Thomas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/dba0a90b-f13c-4914-b6b7-278227ffc122>
Affected Software: Active Directory Integration / LDAP Integration CVE ID: CVE-2023-0812 CVSS Score: 5.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2568018b-29f3-4261-ae0d-658ca9d96846>
Affected Software: CMP – Coming Soon & Maintenance Plugin by NiteoThemes CVE ID: CVE-2023-2159 CVSS Score: 5.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/af955f69-b18c-446e-b05e-6a57a5f16dfa>
Affected Software: Accordion & FAQ – Helpie WordPress Frequently Asked Questions plugin CVE ID: CVE Unknown CVSS Score: 4.7 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f389f4bf-ffff-4862-b4e2-4465ca0556ef>
Affected Software: Live Chat by Formilla – Real-time Chat & Chatbots Plugin CVE ID: CVE-2023-23727 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/044e110d-2435-41b8-8aec-917c329b944c>
Affected Software: Dave's WordPress Live Search CVE ID: CVE-2023-30876 CVSS Score: 4.4 (Medium) Researcher/s: Yuki Haruma Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/046ecbe5-4b2f-40d3-8585-4d4230ba33f0>
Affected Software: Best Travel Booking WordPress Plugin, Tour Booking System, Trip Booking WordPress Plugin – Yatra CVE ID: CVE-2022-47436 CVSS Score: 4.4 (Medium) Researcher/s: TEAM WEBoB of BoB 11th Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/07372843-f7d3-4ae4-96b4-ef3f475504ff>
Affected Software: Ebook Store CVE ID: CVE-2023-22690 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/097f6887-e15f-4e35-ab12-1115630e13cc>
Affected Software: WP Original Media Path CVE ID: CVE-2023-23674 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/277eb517-c949-41e9-becf-af056fd32f35>
Affected Software: Verified Reviews (Avis Vérifiés) CVE ID: CVE-2023-23720 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3044dbfc-e12d-47e0-a297-67ff0510eded>
Affected Software: Login Page Styler | Custom Login | Custom WP Admin Login Page | Admin Security | Admin Protection | Login Page Customizer | Admin Login | Login Security | Login Redirect | Theme Login | Login Menu | Login Form | Admin Dashboard | Change Login Logo | Login CVE ID: CVE-2022-46861 CVSS Score: 4.4 (Medium) Researcher/s: Justiice Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4d70cd0a-5c30-4a9b-81e8-e465d1e8f2b0>
Affected Software: WP Custom Author URL CVE ID: CVE-2023-1614 CVSS Score: 4.4 (Medium) Researcher/s: Shreya Pohekar Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4f3a57ce-eead-4631-93da-ba1a0a33ec2d>
Affected Software: Formilla Edge Targeted Messaging Platform for Sales and Marketing CVE ID: CVE Unknown CVSS Score: 4.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/59f7a1b2-f718-40e7-8030-b9212edf71b7>
Affected Software: Captcha Them All CVE ID: CVE-2023-30786 CVSS Score: 4.4 (Medium) Researcher/s: Yuki Haruma Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5e2c83b6-3444-4cd1-82ec-567937c563b9>
Affected Software: WP Login Box CVE ID: CVE-2023-0544 CVSS Score: 4.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/66c58d4c-8c36-40af-827d-0e86f2110e3c>
Affected Software: Subscribers – Free Web Push Notifications CVE ID: CVE-2023-22684 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/66e78219-b3fd-40e9-a58c-8e27ef3c5e4a>
Affected Software: Pretty Url CVE ID: CVE-2023-2009 CVSS Score: 4.4 (Medium) Researcher/s: Shezad Master Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6f54fb59-03c1-45e9-a498-1fa1409c4466>
Affected Software: Flyzoo Chat CVE ID: CVE-2022-46817 CVSS Score: 4.4 (Medium) Researcher/s: Justiice Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/74ea8f1e-d6ff-4a32-b8bf-5d4c8e69433e>
Affected Software: Robokassa payment gateway for Woocommerce CVE ID: CVE Unknown CVSS Score: 4.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/75824b96-8674-4340-9e56-b0cb0f52503d>
Affected Software: White Label Branding for Elementor Page Builder CVE ID: CVE-2023-23683 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8e187b71-860e-4404-bbe2-193c6ecfd485>
Affected Software: Category Specific RSS feed Subscription CVE ID: CVE-2023-22685 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9ac9c146-5065-46fc-b2ae-20b820a8016b>
Affected Software: Customer Support Software, Live Chat, & Marketing Automation CVE ID: CVE Unknown CVSS Score: 4.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a5436d14-cbb5-420f-9f3a-698ce59c1e1e>
Affected Software: Semalt Blocker CVE ID: CVE-2023-23794 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a658d150-bcd5-4334-b07a-e09b3995169d>
Affected Software: SparkPost CVE ID: CVE-2023-23654 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ab86ddc9-9b43-4949-b150-7b944bc40558>
Affected Software: EZP Maintenance Mode CVE ID: CVE-2023-23682 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ac1239c9-72a6-44d8-911f-70a528c66c62>
Affected Software: Redirect After Login CVE ID: CVE-2023-27624 CVSS Score: 4.4 (Medium) Researcher/s: Yuki Haruma Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ad1a79f3-274f-4a33-a752-669c09c2d47d>
Affected Software: Gps Plotter CVE ID: CVE-2023-30874 CVSS Score: 4.4 (Medium) Researcher/s: Yuki Haruma Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ca449d15-b05e-4341-99b0-472a14cab8f4>
Affected Software: WP-dTree CVE ID: CVE-2022-47423 CVSS Score: 4.4 (Medium) Researcher/s: Justiice Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cde92185-d63a-47b3-a17e-3f2b2b20270c>
Affected Software: Panorama – WordPress Project Management Plugin CVE ID: CVE-2023-23810 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d131115b-e2c9-42c6-9262-a19272944652>
Affected Software: Continuous announcement scroller CVE ID: CVE-2022-46819 CVSS Score: 4.4 (Medium) Researcher/s: Justiice Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d88eb628-09c9-451c-b5ae-f26a93514447>
Affected Software: ApexChat CVE ID: CVE-2023-28414 CVSS Score: 4.4 (Medium) Researcher/s: Yuki Haruma Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/dbe8d164-85c7-444d-80ad-4d03151b939b>
Affected Software: Simple Tooltips CVE ID: CVE-2023-25958 CVSS Score: 4.4 (Medium) Researcher/s: deokhunKim Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/dc7e4235-5f40-48c2-8474-cf57af5e35bd>
Affected Software: Cab Grid CVE ID: CVE-2023-28533 CVSS Score: 4.4 (Medium) Researcher/s: Yuki Haruma Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e09c629b-9908-4548-b828-9e6140ff5670>
Affected Software: Image Optimizer by 10web – Image Optimizer and Compression plugin CVE ID: CVE Unknown CVSS Score: 4.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e5eea72d-f10b-460b-be00-bb5b1c4a1a62>
Affected Software: BizLibrary CVE ID: CVE-2023-0892 CVSS Score: 4.4 (Medium) Researcher/s: Shreya Pohekar Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ee7513d9-e76c-4da4-919b-ba376f0c4022>
Affected Software: Easy Ad Manager CVE ID: CVE-2023-25460 CVSS Score: 4.4 (Medium) Researcher/s: Lokesh Dachepalli Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f7750f70-e79c-45fb-b792-ba6a4da59964>
Affected Software: eRocket CVE ID: CVE-2023-28174 CVSS Score: 4.4 (Medium) Researcher/s: Yuki Haruma Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fb9b8f3a-6f49-455d-99c6-cdf5671af49d>
Affected Software: Ninja Tables – Best Data Table Plugin for WordPress CVE ID: CVE-2022-47137 CVSS Score: 4.4 (Medium) Researcher/s: Muhammad Daffa Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fc296c70-358e-4908-be49-5ffae83aca9b>
Affected Software: GDPR Compliance & Cookie Consent CVE ID: CVE-2022-45815 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/052b345a-7b71-4de5-9bf8-8b81cc1b4e77>
Affected Software: Image Optimizer by 10web – Image Optimizer and Compression plugin CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0b4a0dff-1054-4f50-8ff5-e3cc2b45d77b>
Affected Software: Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates CVE ID: CVE-2023-2084 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0be8c668-0f1c-4f83-8a71-49c8bb9b67ae>
Affected Software: Album Gallery – WordPress Gallery CVE ID: CVE-2023-23646 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0f3df75e-cf2f-4076-b5ff-b8540408044a>
Affected Software: Layer Slider CVE ID: CVE-2023-23671 CVSS Score: 4.3 (Medium) Researcher/s: Rafshanzani Suhada Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1ad366f1-2369-4fb2-aeda-301c85cf6801>
Affected Software: Enable/Disable Auto Login when Register CVE ID: CVE-2023-0522 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1fa45fa7-b1da-42f0-945b-2a6b0db5ba91>
Affected Software: Zendesk Support for WordPress CVE ID: CVE-2023-23716 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/212b7da7-bd3e-42df-8b50-a3eb472cf440>
Affected Software: LIQUID SPEECH BALLOON CVE ID: CVE-2023-27889 CVSS Score: 4.3 (Medium) Researcher/s: Ryo Sato Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/23980e13-b632-43ec-938e-8171884cb87b>
Affected Software: Ninja Tables – Best Data Table Plugin for WordPress CVE ID: CVE-2022-47136 CVSS Score: 4.3 (Medium) Researcher/s: Muhammad Daffa Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/338158b5-bbda-4cd8-b4ea-97a3926a0989>
Affected Software: Clock In Portal- Staff & Attendance Management CVE ID: CVE-2023-0761 CVSS Score: 4.3 (Medium) Researcher/s: Sajjad Shariati Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/51ce7b71-0a19-48ef-8748-3848742c542b>
Affected Software: Clock In Portal- Staff & Attendance Management CVE ID: CVE-2023-0763 CVSS Score: 4.3 (Medium) Researcher/s: Sajjad Shariati Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5c852fa1-698b-4e72-b781-095e2a98df81>
Affected Software: WP Docs CVE ID: CVE-2023-30873 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6003b1bf-b176-4ca9-9de2-58133259e0f6>
Affected Software: WordPress Header Builder Plugin – Pearl CVE ID: CVE-2022-38356 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6058da9e-8ca3-4966-bb10-e5da526e8c7e>
Affected Software: WooCommerce Order Status Change Notifier CVE ID: CVE-2023-2179 CVSS Score: 4.3 (Medium) Researcher/s: WPScanTeam Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/66bc83f5-0f6c-425f-a560-e79e777b76ca>
Affected Software: Woocommerce Products Designer by ORION – online product customizer for t-shirts, print cards, phone cases Lettering & Decals CVE ID: CVE-2022-46856 CVSS Score: 4.3 (Medium) Researcher/s: Cat Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/70d168a4-a659-4354-889e-7907215351a2>
Affected Software: Kodex Posts likes CVE ID: CVE-2022-46814 CVSS Score: 4.3 (Medium) Researcher/s: minhtuanact Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/77d56f61-7e45-405e-878d-fa3d53acede0>
Affected Software: Reservation.Studio widget CVE ID: CVE-2023-25468 CVSS Score: 4.3 (Medium) Researcher/s: Lokesh Dachepalli Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/783e5794-0d74-4b7a-a1cd-2b834a50c50c>
Affected Software: BadgeOS CVE ID: CVE-2022-41987 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7bb1be6d-5af9-4b58-a641-05a913548fe7>
Affected Software: Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates CVE ID: CVE-2023-2086 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9efc782a-ec61-4741-81fd-a263a2739e16>
Affected Software: Gallery Metabox CVE ID: CVE-2022-47134 CVSS Score: 4.3 (Medium) Researcher/s: Cat Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9f8b1103-71b2-421e-bcbe-f2716b59e367>
Affected Software: Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates CVE ID: CVE-2023-2085 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ad2c1ab6-5c78-4317-b5e7-c86e2eebeb4f>
Affected Software: SiteAlert – Uptime, Speed, and Security Monitoring for WordPress CVE ID: CVE-2022-46857 CVSS Score: 4.3 (Medium) Researcher/s: Cat Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c1870c6e-23b6-4f3b-adba-72633d62dfd0>
Affected Software: OoohBoi Steroids for Elementor CVE ID: CVE-2023-1169 CVSS Score: 4.3 (Medium) Researcher/s: Ramuel Gall Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c56ed896-9267-49e6-a207-fe5362fe18cd>
Affected Software: Clock In Portal- Staff & Attendance Management CVE ID: CVE-2023-0762 CVSS Score: 4.3 (Medium) Researcher/s: Sajjad Shariati Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c6b17e90-42df-47ed-9e92-f5f1b990f921>
Affected Software: Form Block CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Daniel Ruf Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cb18d6d8-28e5-4125-9209-a71403f678f0>
Affected Software: Clock In Portal- Staff & Attendance Management CVE ID: CVE-2023-0762 CVSS Score: 4.3 (Medium) Researcher/s: Sajjad Shariati Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cc97109c-187f-43b7-b5ed-5afeec5ea8fd>
Affected Software: Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates CVE ID: CVE-2023-2087 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d38d41c7-8786-4145-9591-3e24eff3b79c>
Affected Software: Clock In Portal- Staff & Attendance Management CVE ID: CVE-2023-0761 CVSS Score: 4.3 (Medium) Researcher/s: Sajjad Shariati Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d8ec03c6-6ea9-4017-915a-e10b757d98ff>
Affected Software: Clock In Portal- Staff & Attendance Management CVE ID: CVE-2023-0763 CVSS Score: 4.3 (Medium) Researcher/s: Sajjad Shariati Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ddc0261d-56ed-47a6-a0b2-0ab5f9dee815>
Affected Software: Simple Share Buttons Adder CVE ID: CVE-2022-47178 CVSS Score: 4.3 (Medium) Researcher/s: Muhammad Daffa Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e57bfae5-4cc0-4d97-9431-4c8ebb2f0882>
Affected Software: Stream CVE ID: CVE-2022-43490 CVSS Score: 4.3 (Medium) Researcher/s: Lucio Sá Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e7203b5c-5753-453c-8fc2-26fcebdeea5b>
Affected Software: Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates CVE ID: CVE-2023-2083 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f8bf0933-1c97-4374-b323-c55b91fe4d27>
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (Apr 17, 2023 to Apr 23, 2023) appeared first on Wordfence.
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
53.2%