Chloe ChamberlandWORDFENCE:ECA270437FB0C9374EE710EF3456BBB9Wordfence Intelligence CE Weekly Vulnerability Report (Feb 13, 2023 to Feb 19, 2023)
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence Community Edition.
This database is continuously updated, maintained, and populated by Wordfence's highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Our mission with Wordfence Intelligence Community Edition is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence Community Edition user interface and vulnerability API are completely free to access and utilize both personally and commercially.
Last week, there were 104 vulnerabilities disclosed in WordPress based software that have been added to the Wordfence Intelligence Community Edition Vulnerability Database. You can find those vulnerabilities below.
GamiPress <= 2.5.7 - Unauthenticated SQL Injection
CVE ID: CVE-2023-24000 CVSS Score: 9.8 (Critical) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1b097ab2-7675-4409-b22a-ad70cee35ab1>
WatchTowerHQ <= 3.6.16 - Type Juggling to Authentication Bypass in check_ota
CVE ID: CVE-2023-25701 CVSS Score: 9.8 (Critical) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/481c738e-d544-4587-8632-e85a7ddd8b14>
WooCommerce Checkout Field Manager <= 17.3 - Unauthenticated Arbitrary File Upload
CVE ID: CVE-2022-4328 CVSS Score: 9.8 (Critical) Researcher/s: cydave Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9be94d63-f027-4988-ab41-673658c1fa5f>
WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.5.14 - Cross-Site Request Forgery
CVE ID: CVE-2023-23706 CVSS Score: 8.8 (High) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/faac24e5-94f2-40e5-932e-93ddc2c8af7c>
Get URL Cron <= 1.4.7 - Missing Authorization via geturlcron_action_handle
CVE ID: CVE Unknown CVSS Score: 7.5 (High) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/766003e7-712e-481b-b09d-91d62a325718>
Quick Paypal Payments <= 5.7.25 - Missing Authorization
CVE ID: CVE-2023-25714 CVSS Score: 7.3 (High) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b8133d84-e28c-4132-9eb5-941800320f84>
RSVPMaker <= 9.9.3 - Authenticated (Admin+) SQL Injection via 'delete' parameter
CVE ID: CVE-2023-25047 CVSS Score: 7.2 (High) Researcher/s: Muhammad Arsalan Diponegoro Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/13101551-d62e-4b27-9156-5b3d022f0e55>
RSVPMaker <= 9.9.3 - Authenticated (Admin+) SQL Injection via $email value
CVE ID: CVE-2023-25045 CVSS Score: 7.2 (High) Researcher/s: Aldo Dimas Anugrah K Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/44373541-adc5-4aa0-abde-0693f2760afb>
Quiz And Survey Master <= 8.0.8 - Unauthenticated Arbitrary Media Deletion
CVE ID: CVE-2023-0291 CVSS Score: 7.2 (High) Researcher/s: Julien Ahrens Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/68110321-db1a-4634-98cd-0afd3ec933b8>
Multi Rating <= 5.0.5 - Unauthenticated Stored Cross-Site Scripting
CVE ID: CVE-2022-47433 CVSS Score: 7.2 (High) Researcher/s: minhtuanact Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/979699fd-ff31-4cba-bbf2-03fa51554031>
WP Coder – add custom html, css and js code <= 2.5.3 - Authenticated (Admin+) SQL Injection
CVE ID: CVE-2023-0895 CVSS Score: 7.2 (High) Researcher/s: Etan Imanol Castro Aldrete Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e4b6a9cd-4d29-4bd8-afa3-b5d455ad8340>
Media Library Assistant <= 3.05 - Authenticated (Administrator+) SQL Injection
CVE ID: CVE-2023-0279 CVSS Score: 7.2 (High) Researcher/s: Daniel Krohmer, Kunal Sharma Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ecc59a6f-5e4a-44b4-932d-ed990ebb075a>
Archivist – Custom Archive Templates <= 1.7.4 - Cross-Site Request Forgery
CVE ID: CVE-2023-25448 CVSS Score: 7.1 (High) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4e381ad7-efe6-48c4-af3a-22d01d73a065>
Ocean Extra <= 2.1.2 - Authenticated (Subscriber+) Arbitrary Post Access
CVE ID: CVE-2023-0749 CVSS Score: 6.5 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/32192878-930a-4947-a38f-ec395c17e515>
Protected Posts Logout Button <= 1.4.5 - Missing Authorization on pplb_options_save
CVE ID: CVE-2023-25454 CVSS Score: 6.5 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b87f8bd6-d00d-4062-bf27-b698a1d7e757>
Profile Builder – User Profile & User Registration Forms <= 3.9.0 - Sensitive Information Disclosure via Shortcode
CVE ID: CVE-2023-0814 CVSS Score: 6.5 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bbedad66-a5a6-4fb5-b03e-0ecf9fbef19a>
Google Maps v3 Shortcode <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-23827 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/15123d5f-eb24-46e3-81ec-7dd4f108a42d>
WordPress Fancy Comments <= 1.2.10 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode
CVE ID: CVE-2023-23670 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2508adc4-2a2f-4b6c-9b5a-da85d94226a0>
Portfolio Slideshow <= 1.13.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-23717 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/26b5c665-b7f6-4481-b9e9-010f9e451d9b>
Resume Builder <= 3.1.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting
CVE ID: CVE-2023-0078 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3005c53e-eb09-479f-a4e4-b8d40583d80d>
Ocean Extra <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE ID: CVE-2023-24399 CVSS Score: 6.4 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/596e970b-5a40-46cd-aa32-ac6ace39c21b>
Olevmedia Shortcodes <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE ID: CVE-2023-25798 CVSS Score: 6.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/66607be6-cca1-4cbb-b1c0-708d640b1151>
vSlider Multi Image Slider <= 4.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-25797 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/72a2449c-4292-45e6-bfe8-106f8043fcad>
Portfolio – WordPress Portfolio Plugin <= 2.8.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-23685 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7c95bbba-6459-420f-a072-3b02c7d58ea0>
Campaign URL Builder <= 1.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-0538 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b2839fdc-5904-4c3b-894f-7bf7e8b2986a>
Quick Paypal Payments <= 5.7.25 - Authenticated (Contributor+) Cross Site Scripting
CVE ID: CVE-2023-23889 CVSS Score: 6.4 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b36303d6-ad28-4354-9f60-acc7df15f468>
Ultimate WP Query Search Filter <= 1.0.10 - Authenticated (Contributor+) Stored Cross Site Scripting
CVE ID: CVE-2023-23832 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f3ef0c46-5765-458e-80c0-ecfc6ead6df6>
vSlider Multi Image Slider <= 4.1.2 - Cross-Site Request Forgery
CVE ID: CVE Unknown CVSS Score: 6.3 (Medium) Researcher/s: Unknown Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/14376064-13c4-4874-afea-395af2a1933d>
Shoppable Images Lite <= 1.2.3 - Missing Authorization
CVE ID: CVE Unknown CVSS Score: 6.3 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/413b2b38-44f2-4756-b66d-b6544c7ecaa2>
ALD Dropping and Fulfillment for AliExpress and WooCommerce <= 1.0.21 - Missing Authorization to Order Information Disclosure
CVE ID: CVE Unknown CVSS Score: 6.3 (Medium) Researcher/s: Cat Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/75f0bc5a-f588-4aeb-9e55-72e180d39ddf>
vSlider Multi Image Slider <= 4.1.2 - Missing Authorization
CVE ID: CVE Unknown CVSS Score: 6.3 (Medium) Researcher/s: Unknown Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f0c7324f-4c22-44e0-8d2a-9b95fd89467d>
Twitch Player <= 2.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting
CVE ID: CVE-2023-25464 CVSS Score: 6.1 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/03c8ec0a-f75f-450f-86e7-a18dfbae9461>
WPGlobus Translate Options <= 2.1.0 - Reflected Cross-Site Scripting via page
CVE ID: CVE-2023-25711 CVSS Score: 6.1 (Medium) Researcher/s: Ngo Van Thien Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bf0a1568-e97c-41ea-b2c3-ba335f0b4360>
Interactive SVG Image Map Builder <= 1.0 - Authenticated(Admin+) Stored Cross-Site Scripting
CVE ID: CVE-2023-25704 CVSS Score: 5.5 (Medium) Researcher/s: Lokesh Dachepalli Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/12d84de4-d97e-40cc-9805-fc9b7de8fa21>
Zeno Font Resizer <= 1.7.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-25442 CVSS Score: 5.5 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4dbba653-e23e-43e6-9dc5-83a6c99f8dc6>
Quick Event Manager <= 9.6.4 - Authenticated(Admin+) Stored Cross-Site Scripting
CVE ID: CVE-2022-46863 CVSS Score: 5.5 (Medium) Researcher/s: Justiice Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8962c601-2c2c-4b96-b8a4-fdc2ad8a2c08>
Archivist – Custom Archive Templates <= 1.7.4 - Authenticated(Admin+) Stored Cross-Site Scripting
CVE ID: CVE-2023-25490 CVSS Score: 5.5 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/90333dc7-8bdf-4a59-8001-7eb76b4bc61d>
Click to Call or Chat Buttons <= 1.4.0 - Authenticated(Admin+) Stored Cross-Site Scripting
CVE ID: CVE-2023-25710 CVSS Score: 5.5 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/92880588-a733-43df-adf6-74fe6291822d>
WP Prayer <= 1.9.6 - Authenticated(Admin+) Stored Cross-Site Scripting
CVE ID: CVE-2023-25705 CVSS Score: 5.5 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b9738054-058f-47be-9973-f119fbfd4396>
Robots.txt optimization <= 1.4.5 - Cross Site Request Forgery
CVE ID: CVE-2023-25706 CVSS Score: 5.4 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/03eed366-c018-44b9-bb72-56911e9957b8>
Cart All In One For WooCommerce <= 1.1.10 - Cross-Site Request Forgery to Cart Changes
CVE ID: CVE-2022-46806 CVSS Score: 5.4 (Medium) Researcher/s: Cat Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1d5d2217-306c-4ea2-9727-5c02f7d67c2d>
Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Cross-Site Request Forgery via handleSubmitAction function
CVE ID: CVE-2022-40203 CVSS Score: 5.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/272c6fbb-bc85-46d9-b139-87534b2a0842>
Shoppable Images <= 1.2.3 - Cross Site Request Forgery
CVE ID: CVE-2023-25698 CVSS Score: 5.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2e6a78dc-9b67-4ab5-83f9-be82d05d3a13>
VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in saveconfig function
CVE ID: CVE-2023-25707 CVSS Score: 5.4 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/385c6324-3d8e-4dc7-b8ca-309b05e7bdcc>
ALD Dropping and Fulfillment for AliExpress and WooCommerce <= 1.0.21 - Cross-Site Request Forgery to Order Information Disclosure
CVE ID: CVE-2022-46811 CVSS Score: 5.4 (Medium) Researcher/s: Cat Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4352b2dc-d2a7-4cc9-a44f-1f5be46e2482>
VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in savetmplfile function
CVE ID: CVE-2023-25707 CVSS Score: 5.4 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4ad32ff7-0557-439d-aa0f-49c5ea4271ab>
Simple PDF Viewer <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via googlepdf Shortcode
CVE ID: CVE-2023-23817 CVSS Score: 5.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/89bc17fd-14e8-4210-8cf7-a043d1ea9c22>
Podlove Subscribe button <= 1.3.7 - Cross-Site Request Forgery via process_form function
CVE ID: CVE-2023-25481 CVSS Score: 5.4 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/af695224-24e7-4d5b-b472-dee53eb6073f>
Protected Posts Logout Button <= 1.4.4 - Cross-Site Request Forgery to Settings Update
CVE ID: CVE Unknown CVSS Score: 5.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c79fd08c-97bc-4d55-832e-92d0897bc3dc>
VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in savetranslation function
CVE ID: CVE-2023-25707 CVSS Score: 5.4 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d0631ac6-2d85-4073-be2c-05480deecf97>
VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in savetranslationstay function
CVE ID: CVE-2023-25707 CVSS Score: 5.4 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d2594cef-6bde-425f-9412-fd4ed3da312e>
Conditional Payments for WooCommerce <= 2.3.1 - Cross-Site Request Forgery
CVE ID: CVE-2022-46805 CVSS Score: 5.4 (Medium) Researcher/s: Cat Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/db15295f-505f-4a0a-bb3a-3ff6daf73008>
Podlove Subscribe button <= 1.3.7 - Cross-Site Request Forgery via save function
CVE ID: CVE-2023-25481 CVSS Score: 5.4 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/eb9a6c9b-24fb-436f-b583-55adeedb726e>
Meta Slider and Carousel with Lightbox <= 1.6.2 - Cross-Site Request Forgery
CVE ID: CVE-2023-25703 CVSS Score: 5.4 (Medium) Researcher/s: Cat Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f5f59b16-b38a-451b-b220-044598872735>
RegistrationMagic <= 5.1.9.2 - Cross-Site Request Forgery leading to Form Metadata Deletion
CVE ID: CVE-2023-25991 CVSS Score: 5.4 (Medium) Researcher/s: Rafshanzani Suhada Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fcfb3a6e-7b58-4568-8439-e9c68a2223b9>
WordPress Social Login and Register <= 7.6.0 - Missing Authorization to Unauthenticated Arbitrary Content Deletion
CVE ID: CVE-2023-25455 CVSS Score: 5.3 (Medium) Researcher/s: Rafshanzani Suhada Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/021a25c9-7fad-425f-8104-bb4852603613>
WP Post Rating <= 2.4.6 - Missing Authorization to Vote Manipulation
CVE ID: CVE-2023-25785 CVSS Score: 5.3 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/96ab5bb0-724c-434b-acc4-be8265b4838f>
Woodmart <= 7.0.4 - Unauthenticated Arbitrary Content Injection
CVE ID: CVE-2023-25790 CVSS Score: 5.3 (Medium) Researcher/s: FearZzZz Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cb1db880-0942-4fac-a548-8b6a28dce8c0>
VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in save_admin_widgets function
CVE ID: CVE-2023-25707 CVSS Score: 5.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e2945971-80c6-44a2-bc65-1243af365692>
All-In-One Security (AIOS) <= 5.1.4 - Authenticated(Admin+) Directory Traversal
CVE ID: CVE Unknown CVSS Score: 4.9 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/03bf84e2-c101-416d-a953-c63ecd1dba7d>
Campaign URL Builder <= 1.8.1 - Authenticated (Admin+) Stored Cross-Site Scripting via Create Link
CVE ID: CVE Unknown CVSS Score: 4.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/06294c35-6d58-4270-b143-757831fc5da6>
WP BaiDu Submit <= 1.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting
CVE ID: CVE-2023-25796 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2241fa07-b6b7-4e5d-8951-ae844a7b88e8>
Announce from the Dashboard <= 1.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-25716 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2b75dce8-3e31-45e8-b193-5df3e4391e56>
Sticky Ad Bar <= 1.3.1 - Authenticated (Admin+) Stored Cross-Site Scripting
CVE ID: CVE-2023-25784 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/750a4a94-458c-4944-a99b-a1c8e23e57d1>
Easy Panorama <= 1.1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-23799 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/783829c2-fe09-44a1-bbb5-2a694ad816ee>
Eyes Only: User Access Shortcode <= 1.8.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-25786 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7bbc181f-318e-48ea-a2f7-c668ad15c8a6>
Podlove Subscribe button <= 1.3.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-25479 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/89058e5a-0f67-4162-ba3b-0a4353d1e0a9>
Quick Contact Form <= 8.0.3.1 - Authenticated (Admin+) Stored Cross Site Scripting
CVE ID: CVE-2022-47608 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8b5e86be-8a35-48d8-a676-9f7074b81cb7>
Feed Changer <= 0.2 - Authenticated (Admin+) Stored Cross-Site Scripting
CVE ID: CVE-2023-25795 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9198ffe4-2f9e-4d80-9f5d-cf967b3feb43>
Inline Tweet Sharer <= 2.5.3 - Authenticated (Admin+) Stored Cross-Site Scripting
CVE ID: CVE-2023-24005 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9a85b549-f6a4-4dc3-9f2a-35d783099f96>
Peadig's Like & Share Button <= 1.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-25783 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9d8e0ad2-3cfb-443f-9958-9639d0745dd7>
JSON Content Importer <= 1.3.15 - Authenticated (Admin+) Cross Site Scripting
CVE ID: CVE-2023-25485 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a3839c47-5fd0-48e7-9637-d40bd237e122>
Tapfiliate <= 3.0.12 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-25789 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a472e78c-ebd7-4ab8-9b47-96c526754387>
Google Analytics Opt-Out <= 2.3.4 - Authenticated (Admin+) Stored Cross-Site Scripting
CVE ID: CVE-2023-25712 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a90ea845-9f7f-4a89-887d-cf4337f8471f>
WP资源下载管理 <= 1.3.9 - Authenticatministrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-25787 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/aa7aad43-54b4-4b9f-9584-292e40be71bc>
WP Open Social <= 5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-25792 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/be0dc9be-f597-46d8-badd-452e442a6d1a>
WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.5.14 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE ID: CVE-2023-23710 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ca91046d-61c1-4a65-a078-c7dffb27092c>
Service Area Postcode Checker <= 2.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-25782 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/da8dd02f-0d9f-44a2-bcad-1e392668dd67>
Nooz <= 1.6.0 - Authenticated (Admin+) Stored Cross-Site Scripting
CVE ID: CVE-2023-25794 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e8b5bc1b-c9dc-4ce5-86db-2802f5b49d0b>
Simple Yearly Archive <= 2.1.8 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-25484 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e8d41006-ab36-4eed-8c17-2937ca7aff1b>
Upload File Type Settings Plugin <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-25781 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f4dd4479-2f41-426f-b98c-7c654a82ccfe>
Wp-Insert <= 2.5.0 Authenticated (Admin+) Stored Cross Site Scripting
CVE ID: CVE-2023-25461 CVSS Score: 4.4 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f607b33a-58ef-4526-9ca1-aaa444aa12bc>
VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in admin_widgets_welcome function
CVE ID: CVE-2023-25707 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/035d5f4a-1145-48e0-8388-e319088ebd52>
Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Cross-Site Request Forgery via migrateCommonToProductOnly function
CVE ID: CVE-2022-40203 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/048768bf-326c-455e-919c-9691d6537062>
Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Missing Authorization in ajaxCalculatePrice function
CVE ID: CVE-2022-40203 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0cefa293-c934-413e-b946-07e3060472ee>
WP VR <= 8.2.7 - Cross-Site Request Forgery
CVE ID: CVE-2023-25708 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/13a0dd72-1124-4b5d-9bad-fe4fea8e3e68>
Schema - All In One Schema Rich Snippets <= 1.6.5 - Cross-Site Request Forgery in rich_snippet_dashboard
CVE ID: CVE-2023-25058 CVSS Score: 4.3 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/23b018d3-3451-4ae8-b571-07e931ad23df>
GamiPress <= 2.5.6 - Missing Authorization to User Points Updates
CVE ID: CVE-2023-25715 CVSS Score: 4.3 (Medium) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4c2ce765-018a-4292-b150-7905723d1335>
Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Cross-Site Request Forgery via migrateProductOnlyToCommon function
CVE ID: CVE-2022-40203 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4f062ef2-ef94-47c2-8eba-dc7ff6c2537d>
Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Missing Authorization in migrateProductOnlyToCommon function
CVE ID: CVE-2022-40203 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/59ff3445-0dfd-4a1a-9ac8-d088b8f4dbf3>
AutomatorWP <= 2.5.8 - Cross Site Request Forgery via bulk_delete
CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5ebdf903-828e-4a22-953a-17d85984b576>
VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in exec_multitask_widgets function
CVE ID: CVE-2023-25707 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6adc0154-169a-4d72-8687-66dbf6766139>
Locatoraid Store Locator <= 3.9.11 - Cross Site Request Forgery in grab
CVE ID: CVE-2023-25709 CVSS Score: 4.3 (Medium) Researcher/s: Ngo Van Thien Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7feecce5-f2ce-4278-b648-e363b1fa5d7a>
WordPress Email Marketing Plugin – WP Email Capture <= 3.9.3 - Cross Site Request Forgery
CVE ID: CVE-2023-23724 CVSS Score: 4.3 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8f052dfc-609d-43ed-a8bb-e30294749d03>
Get URL Cron <= 1.4.7 - Cross-Site Request Forgery via geturlcron_action_handle
CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/934b2767-eae4-4c2d-a635-2e6a27fd9f49>
OAuth Single Sign On – SSO (OAuth Client) <= 6.24.1- Cross-Site Request Forgery
CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a250f678-1ec7-48ea-8b81-e5ef89992155>
NextGEN Gallery <= 3.28 - Cross-Site Request Forgery leading to Post Thumbnail Change
CVE ID: CVE-2022-38468 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a841456c-2a01-4caf-bebe-e018b92697d8>
VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in widgets_watch_data function
CVE ID: CVE-2023-25707 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b07b46a6-8a5d-40cb-8af9-baf0f1722736>
VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in exec_admin_widget function
CVE ID: CVE-2023-25707 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b5ef15c4-c96b-4e88-a941-e34d23a0e06a>
Tickera <= 3.5.1.0 - Cross-Site Request Forgery to Ticket Post Status Change
CVE ID: CVE-2023-23726 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bb0f8a0c-d02f-46e2-8808-3ffada105d13>
TeraWallet – For WooCommerce <= 1.3.24 - Cross-Site Request Forgery via admin_options
CVE ID: CVE-2022-40198 CVSS Score: 4.3 (Medium) Researcher/s: Muhammad Daffa Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d274f8b1-0f7c-44cc-8063-3d04a33a9404>
Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Missing Authorization in migrateCommonToProductOnly function
CVE ID: CVE-2022-40203 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/de46743b-2cc6-4a29-bbc4-bc6cfb540e26>
Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Missing Authorization in ajaxCalculateSeveralProducts function
CVE ID: CVE-2022-40203 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f58f994e-0a9b-4b40-9e38-535169c793d3>
GamiPress <= 2.5.6 - Cross-Site Request Forgery to User Earnings Deletion
CVE ID: CVE-2023-25697 CVSS Score: 4.3 (Medium) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ff4b757a-9ede-496b-b559-cf952d39fe70>
If you'd like to receive this weekly vulnerability report by email, along with Wordfence Intelligence CE product updates, sign up to the Wordfence Intelligence Community Edition Newsletter by filling out this form below.
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence Community Edition leaderboard along with being mentioned in our weekly vulnerability report.
The post Wordfence Intelligence CE Weekly Vulnerability Report (Feb 13, 2023 to Feb 19, 2023) appeared first on Wordfence.
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H