Lucene search

K
wordfence
Chloe ChamberlandWORDFENCE:ECA270437FB0C9374EE710EF3456BBB9
HistoryFeb 23, 2023 - 4:30 p.m.

Wordfence Intelligence CE Weekly Vulnerability Report (Feb 13, 2023 to Feb 19, 2023)

2023-02-2316:30:44
Chloe Chamberland
www.wordfence.com
67

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence Community Edition.

This database is continuously updated, maintained, and populated by Wordfence's highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Our mission with Wordfence Intelligence Community Edition is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence Community Edition user interface and vulnerability API are completely free to access and utilize both personally and commercially.

Last week, there were 104 vulnerabilities disclosed in WordPress based software that have been added to the Wordfence Intelligence Community Edition Vulnerability Database. You can find those vulnerabilities below.


GamiPress <= 2.5.7 - Unauthenticated SQL Injection

CVE ID: CVE-2023-24000 CVSS Score: 9.8 (Critical) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1b097ab2-7675-4409-b22a-ad70cee35ab1&gt;


WatchTowerHQ <= 3.6.16 - Type Juggling to Authentication Bypass in check_ota

CVE ID: CVE-2023-25701 CVSS Score: 9.8 (Critical) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/481c738e-d544-4587-8632-e85a7ddd8b14&gt;


WooCommerce Checkout Field Manager <= 17.3 - Unauthenticated Arbitrary File Upload

CVE ID: CVE-2022-4328 CVSS Score: 9.8 (Critical) Researcher/s: cydave Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9be94d63-f027-4988-ab41-673658c1fa5f&gt;


WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.5.14 - Cross-Site Request Forgery

CVE ID: CVE-2023-23706 CVSS Score: 8.8 (High) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/faac24e5-94f2-40e5-932e-93ddc2c8af7c&gt;


Get URL Cron <= 1.4.7 - Missing Authorization via geturlcron_action_handle

CVE ID: CVE Unknown CVSS Score: 7.5 (High) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/766003e7-712e-481b-b09d-91d62a325718&gt;


Quick Paypal Payments <= 5.7.25 - Missing Authorization

CVE ID: CVE-2023-25714 CVSS Score: 7.3 (High) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b8133d84-e28c-4132-9eb5-941800320f84&gt;


RSVPMaker <= 9.9.3 - Authenticated (Admin+) SQL Injection via 'delete' parameter

CVE ID: CVE-2023-25047 CVSS Score: 7.2 (High) Researcher/s: Muhammad Arsalan Diponegoro Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/13101551-d62e-4b27-9156-5b3d022f0e55&gt;


RSVPMaker <= 9.9.3 - Authenticated (Admin+) SQL Injection via $email value

CVE ID: CVE-2023-25045 CVSS Score: 7.2 (High) Researcher/s: Aldo Dimas Anugrah K Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/44373541-adc5-4aa0-abde-0693f2760afb&gt;


Quiz And Survey Master <= 8.0.8 - Unauthenticated Arbitrary Media Deletion

CVE ID: CVE-2023-0291 CVSS Score: 7.2 (High) Researcher/s: Julien Ahrens Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/68110321-db1a-4634-98cd-0afd3ec933b8&gt;


Multi Rating <= 5.0.5 - Unauthenticated Stored Cross-Site Scripting

CVE ID: CVE-2022-47433 CVSS Score: 7.2 (High) Researcher/s: minhtuanact Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/979699fd-ff31-4cba-bbf2-03fa51554031&gt;


WP Coder – add custom html, css and js code <= 2.5.3 - Authenticated (Admin+) SQL Injection

CVE ID: CVE-2023-0895 CVSS Score: 7.2 (High) Researcher/s: Etan Imanol Castro Aldrete Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e4b6a9cd-4d29-4bd8-afa3-b5d455ad8340&gt;


Media Library Assistant <= 3.05 - Authenticated (Administrator+) SQL Injection

CVE ID: CVE-2023-0279 CVSS Score: 7.2 (High) Researcher/s: Daniel Krohmer, Kunal Sharma Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ecc59a6f-5e4a-44b4-932d-ed990ebb075a&gt;


Archivist – Custom Archive Templates <= 1.7.4 - Cross-Site Request Forgery

CVE ID: CVE-2023-25448 CVSS Score: 7.1 (High) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4e381ad7-efe6-48c4-af3a-22d01d73a065&gt;


Ocean Extra <= 2.1.2 - Authenticated (Subscriber+) Arbitrary Post Access

CVE ID: CVE-2023-0749 CVSS Score: 6.5 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/32192878-930a-4947-a38f-ec395c17e515&gt;


Protected Posts Logout Button <= 1.4.5 - Missing Authorization on pplb_options_save

CVE ID: CVE-2023-25454 CVSS Score: 6.5 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b87f8bd6-d00d-4062-bf27-b698a1d7e757&gt;


Profile Builder – User Profile & User Registration Forms <= 3.9.0 - Sensitive Information Disclosure via Shortcode

CVE ID: CVE-2023-0814 CVSS Score: 6.5 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bbedad66-a5a6-4fb5-b03e-0ecf9fbef19a&gt;


Google Maps v3 Shortcode <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

CVE ID: CVE-2023-23827 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/15123d5f-eb24-46e3-81ec-7dd4f108a42d&gt;


WordPress Fancy Comments <= 1.2.10 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode

CVE ID: CVE-2023-23670 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2508adc4-2a2f-4b6c-9b5a-da85d94226a0&gt;


Portfolio Slideshow <= 1.13.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

CVE ID: CVE-2023-23717 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/26b5c665-b7f6-4481-b9e9-010f9e451d9b&gt;


Resume Builder <= 3.1.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting

CVE ID: CVE-2023-0078 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3005c53e-eb09-479f-a4e4-b8d40583d80d&gt;


Ocean Extra <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE ID: CVE-2023-24399 CVSS Score: 6.4 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/596e970b-5a40-46cd-aa32-ac6ace39c21b&gt;


Olevmedia Shortcodes <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25798 CVSS Score: 6.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/66607be6-cca1-4cbb-b1c0-708d640b1151&gt;


vSlider Multi Image Slider <= 4.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

CVE ID: CVE-2023-25797 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/72a2449c-4292-45e6-bfe8-106f8043fcad&gt;


Portfolio – WordPress Portfolio Plugin <= 2.8.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

CVE ID: CVE-2023-23685 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7c95bbba-6459-420f-a072-3b02c7d58ea0&gt;


Campaign URL Builder <= 1.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

CVE ID: CVE-2023-0538 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b2839fdc-5904-4c3b-894f-7bf7e8b2986a&gt;


Quick Paypal Payments <= 5.7.25 - Authenticated (Contributor+) Cross Site Scripting

CVE ID: CVE-2023-23889 CVSS Score: 6.4 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b36303d6-ad28-4354-9f60-acc7df15f468&gt;


Ultimate WP Query Search Filter <= 1.0.10 - Authenticated (Contributor+) Stored Cross Site Scripting

CVE ID: CVE-2023-23832 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f3ef0c46-5765-458e-80c0-ecfc6ead6df6&gt;


vSlider Multi Image Slider <= 4.1.2 - Cross-Site Request Forgery

CVE ID: CVE Unknown CVSS Score: 6.3 (Medium) Researcher/s: Unknown Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/14376064-13c4-4874-afea-395af2a1933d&gt;


Shoppable Images Lite <= 1.2.3 - Missing Authorization

CVE ID: CVE Unknown CVSS Score: 6.3 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/413b2b38-44f2-4756-b66d-b6544c7ecaa2&gt;


ALD Dropping and Fulfillment for AliExpress and WooCommerce <= 1.0.21 - Missing Authorization to Order Information Disclosure

CVE ID: CVE Unknown CVSS Score: 6.3 (Medium) Researcher/s: Cat Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/75f0bc5a-f588-4aeb-9e55-72e180d39ddf&gt;


vSlider Multi Image Slider <= 4.1.2 - Missing Authorization

CVE ID: CVE Unknown CVSS Score: 6.3 (Medium) Researcher/s: Unknown Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f0c7324f-4c22-44e0-8d2a-9b95fd89467d&gt;


Twitch Player <= 2.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25464 CVSS Score: 6.1 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/03c8ec0a-f75f-450f-86e7-a18dfbae9461&gt;


WPGlobus Translate Options <= 2.1.0 - Reflected Cross-Site Scripting via page

CVE ID: CVE-2023-25711 CVSS Score: 6.1 (Medium) Researcher/s: Ngo Van Thien Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bf0a1568-e97c-41ea-b2c3-ba335f0b4360&gt;


Interactive SVG Image Map Builder <= 1.0 - Authenticated(Admin+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25704 CVSS Score: 5.5 (Medium) Researcher/s: Lokesh Dachepalli Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/12d84de4-d97e-40cc-9805-fc9b7de8fa21&gt;


Zeno Font Resizer <= 1.7.9 - Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25442 CVSS Score: 5.5 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4dbba653-e23e-43e6-9dc5-83a6c99f8dc6&gt;


Quick Event Manager <= 9.6.4 - Authenticated(Admin+) Stored Cross-Site Scripting

CVE ID: CVE-2022-46863 CVSS Score: 5.5 (Medium) Researcher/s: Justiice Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8962c601-2c2c-4b96-b8a4-fdc2ad8a2c08&gt;


Archivist – Custom Archive Templates <= 1.7.4 - Authenticated(Admin+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25490 CVSS Score: 5.5 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/90333dc7-8bdf-4a59-8001-7eb76b4bc61d&gt;


Click to Call or Chat Buttons <= 1.4.0 - Authenticated(Admin+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25710 CVSS Score: 5.5 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/92880588-a733-43df-adf6-74fe6291822d&gt;


WP Prayer <= 1.9.6 - Authenticated(Admin+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25705 CVSS Score: 5.5 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b9738054-058f-47be-9973-f119fbfd4396&gt;


Robots.txt optimization <= 1.4.5 - Cross Site Request Forgery

CVE ID: CVE-2023-25706 CVSS Score: 5.4 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/03eed366-c018-44b9-bb72-56911e9957b8&gt;


Cart All In One For WooCommerce <= 1.1.10 - Cross-Site Request Forgery to Cart Changes

CVE ID: CVE-2022-46806 CVSS Score: 5.4 (Medium) Researcher/s: Cat Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1d5d2217-306c-4ea2-9727-5c02f7d67c2d&gt;


Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Cross-Site Request Forgery via handleSubmitAction function

CVE ID: CVE-2022-40203 CVSS Score: 5.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/272c6fbb-bc85-46d9-b139-87534b2a0842&gt;


Shoppable Images <= 1.2.3 - Cross Site Request Forgery

CVE ID: CVE-2023-25698 CVSS Score: 5.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2e6a78dc-9b67-4ab5-83f9-be82d05d3a13&gt;


VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in saveconfig function

CVE ID: CVE-2023-25707 CVSS Score: 5.4 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/385c6324-3d8e-4dc7-b8ca-309b05e7bdcc&gt;


ALD Dropping and Fulfillment for AliExpress and WooCommerce <= 1.0.21 - Cross-Site Request Forgery to Order Information Disclosure

CVE ID: CVE-2022-46811 CVSS Score: 5.4 (Medium) Researcher/s: Cat Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4352b2dc-d2a7-4cc9-a44f-1f5be46e2482&gt;


VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in savetmplfile function

CVE ID: CVE-2023-25707 CVSS Score: 5.4 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4ad32ff7-0557-439d-aa0f-49c5ea4271ab&gt;


Simple PDF Viewer <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via googlepdf Shortcode

CVE ID: CVE-2023-23817 CVSS Score: 5.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/89bc17fd-14e8-4210-8cf7-a043d1ea9c22&gt;


Podlove Subscribe button <= 1.3.7 - Cross-Site Request Forgery via process_form function

CVE ID: CVE-2023-25481 CVSS Score: 5.4 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/af695224-24e7-4d5b-b472-dee53eb6073f&gt;


Protected Posts Logout Button <= 1.4.4 - Cross-Site Request Forgery to Settings Update

CVE ID: CVE Unknown CVSS Score: 5.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c79fd08c-97bc-4d55-832e-92d0897bc3dc&gt;


VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in savetranslation function

CVE ID: CVE-2023-25707 CVSS Score: 5.4 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d0631ac6-2d85-4073-be2c-05480deecf97&gt;


VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in savetranslationstay function

CVE ID: CVE-2023-25707 CVSS Score: 5.4 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d2594cef-6bde-425f-9412-fd4ed3da312e&gt;


Conditional Payments for WooCommerce <= 2.3.1 - Cross-Site Request Forgery

CVE ID: CVE-2022-46805 CVSS Score: 5.4 (Medium) Researcher/s: Cat Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/db15295f-505f-4a0a-bb3a-3ff6daf73008&gt;


Podlove Subscribe button <= 1.3.7 - Cross-Site Request Forgery via save function

CVE ID: CVE-2023-25481 CVSS Score: 5.4 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/eb9a6c9b-24fb-436f-b583-55adeedb726e&gt;


Meta Slider and Carousel with Lightbox <= 1.6.2 - Cross-Site Request Forgery

CVE ID: CVE-2023-25703 CVSS Score: 5.4 (Medium) Researcher/s: Cat Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f5f59b16-b38a-451b-b220-044598872735&gt;


RegistrationMagic <= 5.1.9.2 - Cross-Site Request Forgery leading to Form Metadata Deletion

CVE ID: CVE-2023-25991 CVSS Score: 5.4 (Medium) Researcher/s: Rafshanzani Suhada Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fcfb3a6e-7b58-4568-8439-e9c68a2223b9&gt;


WordPress Social Login and Register <= 7.6.0 - Missing Authorization to Unauthenticated Arbitrary Content Deletion

CVE ID: CVE-2023-25455 CVSS Score: 5.3 (Medium) Researcher/s: Rafshanzani Suhada Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/021a25c9-7fad-425f-8104-bb4852603613&gt;


WP Post Rating <= 2.4.6 - Missing Authorization to Vote Manipulation

CVE ID: CVE-2023-25785 CVSS Score: 5.3 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/96ab5bb0-724c-434b-acc4-be8265b4838f&gt;


Woodmart <= 7.0.4 - Unauthenticated Arbitrary Content Injection

CVE ID: CVE-2023-25790 CVSS Score: 5.3 (Medium) Researcher/s: FearZzZz Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cb1db880-0942-4fac-a548-8b6a28dce8c0&gt;


VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in save_admin_widgets function

CVE ID: CVE-2023-25707 CVSS Score: 5.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e2945971-80c6-44a2-bc65-1243af365692&gt;


All-In-One Security (AIOS) <= 5.1.4 - Authenticated(Admin+) Directory Traversal

CVE ID: CVE Unknown CVSS Score: 4.9 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/03bf84e2-c101-416d-a953-c63ecd1dba7d&gt;


Campaign URL Builder <= 1.8.1 - Authenticated (Admin+) Stored Cross-Site Scripting via Create Link

CVE ID: CVE Unknown CVSS Score: 4.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/06294c35-6d58-4270-b143-757831fc5da6&gt;


WP BaiDu Submit <= 1.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25796 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2241fa07-b6b7-4e5d-8951-ae844a7b88e8&gt;


Announce from the Dashboard <= 1.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25716 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2b75dce8-3e31-45e8-b193-5df3e4391e56&gt;


Sticky Ad Bar <= 1.3.1 - Authenticated (Admin+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25784 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/750a4a94-458c-4944-a99b-a1c8e23e57d1&gt;


Easy Panorama <= 1.1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-23799 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/783829c2-fe09-44a1-bbb5-2a694ad816ee&gt;


Eyes Only: User Access Shortcode <= 1.8.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25786 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7bbc181f-318e-48ea-a2f7-c668ad15c8a6&gt;


Podlove Subscribe button <= 1.3.7 - Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25479 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/89058e5a-0f67-4162-ba3b-0a4353d1e0a9&gt;


Quick Contact Form <= 8.0.3.1 - Authenticated (Admin+) Stored Cross Site Scripting

CVE ID: CVE-2022-47608 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8b5e86be-8a35-48d8-a676-9f7074b81cb7&gt;


Feed Changer <= 0.2 - Authenticated (Admin+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25795 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9198ffe4-2f9e-4d80-9f5d-cf967b3feb43&gt;


Inline Tweet Sharer <= 2.5.3 - Authenticated (Admin+) Stored Cross-Site Scripting

CVE ID: CVE-2023-24005 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9a85b549-f6a4-4dc3-9f2a-35d783099f96&gt;


Peadig's Like & Share Button <= 1.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25783 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9d8e0ad2-3cfb-443f-9958-9639d0745dd7&gt;


JSON Content Importer <= 1.3.15 - Authenticated (Admin+) Cross Site Scripting

CVE ID: CVE-2023-25485 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a3839c47-5fd0-48e7-9637-d40bd237e122&gt;


Tapfiliate <= 3.0.12 - Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25789 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a472e78c-ebd7-4ab8-9b47-96c526754387&gt;


Google Analytics Opt-Out <= 2.3.4 - Authenticated (Admin+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25712 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a90ea845-9f7f-4a89-887d-cf4337f8471f&gt;


WP资源下载管理 <= 1.3.9 - Authenticatministrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25787 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/aa7aad43-54b4-4b9f-9584-292e40be71bc&gt;


WP Open Social <= 5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25792 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/be0dc9be-f597-46d8-badd-452e442a6d1a&gt;


WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.5.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE ID: CVE-2023-23710 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ca91046d-61c1-4a65-a078-c7dffb27092c&gt;


Service Area Postcode Checker <= 2.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25782 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/da8dd02f-0d9f-44a2-bcad-1e392668dd67&gt;


Nooz <= 1.6.0 - Authenticated (Admin+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25794 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e8b5bc1b-c9dc-4ce5-86db-2802f5b49d0b&gt;


Simple Yearly Archive <= 2.1.8 - Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25484 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e8d41006-ab36-4eed-8c17-2937ca7aff1b&gt;


Upload File Type Settings Plugin <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25781 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f4dd4479-2f41-426f-b98c-7c654a82ccfe&gt;


Wp-Insert <= 2.5.0 Authenticated (Admin+) Stored Cross Site Scripting

CVE ID: CVE-2023-25461 CVSS Score: 4.4 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f607b33a-58ef-4526-9ca1-aaa444aa12bc&gt;


VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in admin_widgets_welcome function

CVE ID: CVE-2023-25707 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/035d5f4a-1145-48e0-8388-e319088ebd52&gt;


Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Cross-Site Request Forgery via migrateCommonToProductOnly function

CVE ID: CVE-2022-40203 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/048768bf-326c-455e-919c-9691d6537062&gt;


Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Missing Authorization in ajaxCalculatePrice function

CVE ID: CVE-2022-40203 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0cefa293-c934-413e-b946-07e3060472ee&gt;


WP VR <= 8.2.7 - Cross-Site Request Forgery

CVE ID: CVE-2023-25708 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/13a0dd72-1124-4b5d-9bad-fe4fea8e3e68&gt;


Schema - All In One Schema Rich Snippets <= 1.6.5 - Cross-Site Request Forgery in rich_snippet_dashboard

CVE ID: CVE-2023-25058 CVSS Score: 4.3 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/23b018d3-3451-4ae8-b571-07e931ad23df&gt;


GamiPress <= 2.5.6 - Missing Authorization to User Points Updates

CVE ID: CVE-2023-25715 CVSS Score: 4.3 (Medium) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4c2ce765-018a-4292-b150-7905723d1335&gt;


Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Cross-Site Request Forgery via migrateProductOnlyToCommon function

CVE ID: CVE-2022-40203 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4f062ef2-ef94-47c2-8eba-dc7ff6c2537d&gt;


Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Missing Authorization in migrateProductOnlyToCommon function

CVE ID: CVE-2022-40203 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/59ff3445-0dfd-4a1a-9ac8-d088b8f4dbf3&gt;


AutomatorWP <= 2.5.8 - Cross Site Request Forgery via bulk_delete

CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5ebdf903-828e-4a22-953a-17d85984b576&gt;


VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in exec_multitask_widgets function

CVE ID: CVE-2023-25707 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6adc0154-169a-4d72-8687-66dbf6766139&gt;


Locatoraid Store Locator <= 3.9.11 - Cross Site Request Forgery in grab

CVE ID: CVE-2023-25709 CVSS Score: 4.3 (Medium) Researcher/s: Ngo Van Thien Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7feecce5-f2ce-4278-b648-e363b1fa5d7a&gt;


WordPress Email Marketing Plugin – WP Email Capture <= 3.9.3 - Cross Site Request Forgery

CVE ID: CVE-2023-23724 CVSS Score: 4.3 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8f052dfc-609d-43ed-a8bb-e30294749d03&gt;


Get URL Cron <= 1.4.7 - Cross-Site Request Forgery via geturlcron_action_handle

CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/934b2767-eae4-4c2d-a635-2e6a27fd9f49&gt;


OAuth Single Sign On – SSO (OAuth Client) <= 6.24.1- Cross-Site Request Forgery

CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a250f678-1ec7-48ea-8b81-e5ef89992155&gt;


NextGEN Gallery <= 3.28 - Cross-Site Request Forgery leading to Post Thumbnail Change

CVE ID: CVE-2022-38468 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a841456c-2a01-4caf-bebe-e018b92697d8&gt;


VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in widgets_watch_data function

CVE ID: CVE-2023-25707 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b07b46a6-8a5d-40cb-8af9-baf0f1722736&gt;


VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in exec_admin_widget function

CVE ID: CVE-2023-25707 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b5ef15c4-c96b-4e88-a941-e34d23a0e06a&gt;


Tickera <= 3.5.1.0 - Cross-Site Request Forgery to Ticket Post Status Change

CVE ID: CVE-2023-23726 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bb0f8a0c-d02f-46e2-8808-3ffada105d13&gt;


TeraWallet – For WooCommerce <= 1.3.24 - Cross-Site Request Forgery via admin_options

CVE ID: CVE-2022-40198 CVSS Score: 4.3 (Medium) Researcher/s: Muhammad Daffa Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d274f8b1-0f7c-44cc-8063-3d04a33a9404&gt;


Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Missing Authorization in migrateCommonToProductOnly function

CVE ID: CVE-2022-40203 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/de46743b-2cc6-4a29-bbc4-bc6cfb540e26&gt;


Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Missing Authorization in ajaxCalculateSeveralProducts function

CVE ID: CVE-2022-40203 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f58f994e-0a9b-4b40-9e38-535169c793d3&gt;


GamiPress <= 2.5.6 - Cross-Site Request Forgery to User Earnings Deletion

CVE ID: CVE-2023-25697 CVSS Score: 4.3 (Medium) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ff4b757a-9ede-496b-b559-cf952d39fe70&gt;


If you'd like to receive this weekly vulnerability report by email, along with Wordfence Intelligence CE product updates, sign up to the Wordfence Intelligence Community Edition Newsletter by filling out this form below.


Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence Community Edition leaderboard along with being mentioned in our weekly vulnerability report.

The post Wordfence Intelligence CE Weekly Vulnerability Report (Feb 13, 2023 to Feb 19, 2023) appeared first on Wordfence.

Be first who know about 0-days in popular software

Do not waste time on finding information in tons of articles. Subscribe yourself and your colleagues on news and articles about products you need and you use!

Subscribe on news

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Related for WORDFENCE:ECA270437FB0C9374EE710EF3456BBB9