9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
49.9%
Last week, there were 80 vulnerabilities disclosed in 69 WordPress Plugins and 1 WordPress theme that have been added to the Wordfence Intelligence Vulnerability Database, and there were 31 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface and vulnerability API are completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
_Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published. _
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Patch Status | Number of Vulnerabilities |
---|---|
Unpatched | 27 |
Patched | 53 |
Severity Rating | Number of Vulnerabilities |
---|---|
Low Severity | 0 |
Medium Severity | 70 |
High Severity | 9 |
Critical Severity | 1 |
Vulnerability Type by CWE | Number of Vulnerabilities |
---|---|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 39 |
Cross-Site Request Forgery (CSRF) | 18 |
Missing Authorization | 10 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 4 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 3 |
Improper Neutralization of Formula Elements in a CSV File | 2 |
Authentication Bypass Using an Alternate Path or Channel | 1 |
Deserialization of Untrusted Data | 1 |
Information Exposure | 1 |
Unrestricted Upload of File with Dangerous Type | 1 |
Researcher Name | Number of Vulnerabilities |
---|---|
Lana Codes | 10 |
Mika | 7 |
yuyudhn | 6 |
Joshua Martinelle | 5 |
Erwan LR | 4 |
Yuki Haruma | 3 |
Cat | 3 |
Varun | 2 |
Rafshanzani Suhada | 2 |
Rio Darmawan | 2 |
thiennv | 2 |
Shreya Pohekar | 2 |
minhtuanact | 2 |
Vaibhav Rajput | 1 |
Abdi Pranata | 1 |
Nguyen Anh Tien | 1 |
Michael Mazzolini | 1 |
Fariq Fadillah Gusti Insani | 1 |
Rafie Muhammad | 1 |
Flaviu Popescu | 1 |
rSolutions Security Team | 1 |
ipatelsumit | 1 |
Nithissh S | 1 |
Bartłomiej Marek | 1 |
NeginNrb | 1 |
Pavitra Tiwari | 1 |
Muhammad Daffa | 1 |
Cyxow | 1 |
Dave Jong | 1 |
R3zk0n | 1 |
Karol Mazurek | 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
Software Name | Software Slug |
---|---|
Advance WordPress Search Plugin | th-advance-product-search |
All-In-One Security (AIOS) – Security and Firewall | all-in-one-wp-security-and-firewall |
BigContact Contact Page | bigcontact |
Branded Social Images – Open Graph Images with logo and extra text layer | branded-social-images |
CBX Currency Converter | cbcurrencyconverter |
Contact Form Email | contact-form-to-email |
Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms | fluentform |
ConvertBox Auto Embed WordPress plugin | convertbox-auto-embed |
Custom Field Template | custom-field-template |
Cyberus Key | cyberus-key |
Disqus Conditional Load | disqus-conditional-load |
Easy Table of Contents | easy-table-of-contents |
Enhanced Plugin Admin | enhanced-plugin-admin |
Event Manager and Tickets Selling Plugin for WooCommerce | mage-eventpress |
Events Made Easy | events-made-easy |
Export Users Data Distinct | export-users-data-distinct |
Floating Cart and Menu Cart for WooCommerce | th-all-in-one-woo-cart |
Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress | gallery-plugin |
GamiPress – Youtube integration | gamipress-youtube-integration |
GiveWP – Donation Plugin and Fundraising Platform | give |
Google XML Sitemap for Mobile | google-mobile-sitemap |
Hummingbird – Optimize Speed, Enable Cache, Minify CSS & Defer Critical JS | hummingbird-performance |
I Recommend This | i-recommend-this |
If Menu – Visibility control for Menus | if-menu |
InPost Gallery | inpost-gallery |
JS Job Manager | js-jobs |
JetEngine | jet-engine |
Kanban Boards for WordPress | kanban |
Klaviyo | klaviyo |
Lazy Social Comments | lazy-facebook-comments |
MDTF – Meta Data and Taxonomies Filter | wp-meta-data-filter-and-taxonomy-filter |
Open Graphite | open-graphite |
Owl Carousel | owl-carousel |
Pagination by BestWebSoft – Customizable WordPress Content Splitter and Navigation Plugin | pagination |
Photo Gallery by 10Web – Mobile-Friendly Image Gallery | photo-gallery |
Pricing Tables For WPBakery Page Builder (formerly Visual Composer) | pricing-tables-for-wpbakery-page-builder |
Product Feed PRO for WooCommerce | woo-product-feed-pro |
Safe SVG | safe-svg |
Scheduled Announcements Widget | scheduled-announcements-widget |
Simple Custom Author Profiles | simple-custom-author-profiles |
Simple Giveaways – Grow your business, email lists and traffic with contests | giveasap |
Simple Mobile URL Redirect | simple-mobile-url-redirect |
Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows | ml-slider |
Stock Sync for WooCommerce | stock-sync-for-woocommerce |
Store Locator WordPress | agile-store-locator |
Stylish Cost Calculator | stylish-cost-calculator-premium |
Team Member – Team with Slider | team-showcase-supreme |
Thank You Page Customizer for WooCommerce – Increase Your Sales | woo-thank-you-page-customizer |
Time Sheets | time-sheets |
TreePress – Easy Family Trees & Ancestor Profiles | treepress |
User Registration – Custom Registration Form, Login Form And User Profile For WordPress | user-registration |
Userlike – WordPress Live Chat plugin | userlike |
Variation Swatches for WooCommerce | th-variation-swatches |
Vertical scroll recent post | vertical-scroll-recent-post |
VigilanTor | vigilantor |
W4 Post List | w4-post-list |
WP Content Filter – Censor All Offensive Content From Your Site | wp-content-filter |
WP Popup Banners | wp-popup-banners |
WP VR – 360 Panorama and Virtual Tour Builder For WordPress | wpvr |
Waiting: One-click countdowns | waiting |
Wbcom Designs – BuddyPress Activity Social Share | bp-activity-social-share |
Weather Station | live-weather-station |
WooCommerce JazzCash Gateway Plugin | jazzcash-woocommerce-gateway |
WooCommerce Payments – Fully Integrated Solution Built and Supported by Woo | woocommerce-payments |
WordPress Amazon S3 Plugin | wp-s3 |
WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg |
WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout | gs-pinterest-portfolio |
amr users | amr-users |
eRoom – Zoom Meetings & Webinars | eroom-zoom-meetings-webinar |
Software Name | Software Slug |
---|---|
Resoto | resoto |
Affected Software: WooCommerce Payments – Fully Integrated Solution Built and Supported by Woo CVE ID: CVE Unknown CVSS Score: 9.8 (Critical) Researcher/s: Michael Mazzolini Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/41cf57ff-421d-4db2-894f-17f2c4d4b9ed>
Affected Software: Waiting: One-click countdowns CVE ID: CVE-2023-28659 CVSS Score: 8.8 (High) Researcher/s: Joshua Martinelle Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/17d12a35-35a1-4f7b-aa03-33ddafe17f5b>
Affected Software: WP Popup Banners CVE ID: CVE-2023-28661 CVSS Score: 8.8 (High) Researcher/s: Joshua Martinelle Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/aa64d6b4-5673-4d88-b5c7-d3441eaa0706>
Affected Software: Events Made Easy CVE ID: CVE-2023-28660 CVSS Score: 8.8 (High) Researcher/s: Joshua Martinelle Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d2550461-2546-4dc4-85ff-decf2fca3f10>
Affected Software: JetEngine CVE ID: CVE-2023-1406 CVSS Score: 8.8 (High) Researcher/s: R3zk0n Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d7e7247f-869a-4cf0-ae03-0b36ecbc1b7e>
Affected Software: Pricing Tables For WPBakery Page Builder (formerly Visual Composer) CVE ID: CVE-2023-1274 CVSS Score: 8.1 (High) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3475c8fe-17fa-4d8e-bffd-a33e59f6e03b>
Affected Software: User Registration – Custom Registration Form, Login Form And User Profile For WordPress CVE ID: CVE-2023-27459 CVSS Score: 7.5 (High) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5835fed0-5b9d-47b5-82ae-f0f19830ae2a>
Affected Software: Stylish Cost Calculator CVE ID: CVE-2023-0983 CVSS Score: 7.2 (High) Researcher/s: Flaviu Popescu Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5b7cc660-b430-4b0f-b2d1-68ba458de8a9>
Affected Software: WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg CVE ID: CVE-2023-1425 CVSS Score: 7.2 (High) Researcher/s: rSolutions Security Team Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/76c468cb-8ad6-4b62-8de5-dc8efd4b8e61>
Affected Software: Safe SVG CVE ID: CVE-2023-28426 CVSS Score: 7.2 (High) Researcher/s: Cyxow Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ca73de6d-2d47-4d7c-a917-0f99fed8c27d>
Affected Software: JS Job Manager CVE ID: CVE-2023-28689 CVSS Score: 6.5 (Medium) Researcher/s: Fariq Fadillah Gusti Insani Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/55604ee9-7343-472c-9a29-035d18b266ab>
Affected Software: Advance WordPress Search Plugin CVE ID: CVE-2023-25969 CVSS Score: 6.5 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/826a3fa2-ee41-4960-becb-0df8813a964a>
Affected Software: Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms CVE ID: CVE-2023-0546 CVSS Score: 6.4 (Medium) Researcher/s: Vaibhav Rajput Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0b79a851-1212-4a9c-89fe-b5f2d50ec18c>
Affected Software: Vertical scroll recent post CVE ID: CVE-2023-23862 CVSS Score: 6.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1a0e93cb-4311-4b38-8eb4-17152e1f3475>
Affected Software: WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout CVE ID: CVE Unknown CVSS Score: 6.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/20daf751-176d-48f2-ac68-480fda89cee1>
Affected Software: Team Member – Team with Slider CVE ID: CVE-2023-23647 CVSS Score: 6.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/353d22c5-dee1-485f-ae66-e9c7afe3ad8e>
Affected Software: W4 Post List CVE ID: CVE-2023-0374 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/64ed8547-0dc1-4f0a-8b0b-27ce20b8bbd6>
Affected Software: Scheduled Announcements Widget CVE ID: CVE-2023-0363 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/755ae574-9df3-44d1-a14b-16887f234510>
Affected Software: GamiPress – Youtube integration CVE ID: CVE Unknown CVSS Score: 6.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bb74a917-2dfb-4229-a72a-9c3d1f9a6324>
Affected Software: Pricing Tables For WPBakery Page Builder (formerly Visual Composer) CVE ID: CVE-2023-0367 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c04a0f82-97f6-44ff-999d-08a8c106f889>
Affected Software: ConvertBox Auto Embed WordPress plugin CVE ID: CVE-2023-23664 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c8a4e9b8-9794-48b7-8c53-cfad37ed530c>
Affected Software: Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows CVE ID: CVE-2023-1473 CVSS Score: 6.1 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/290233f0-a5dd-4c69-8039-7392268daf40>
Affected Software: InPost Gallery CVE ID: CVE-2023-28666 CVSS Score: 6.1 (Medium) Researcher/s: Joshua Martinelle Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/69fd66db-5693-4976-96c0-60dbfeccd14f>
Affected Software: MDTF – Meta Data and Taxonomies Filter CVE ID: CVE-2023-28664 CVSS Score: 6.1 (Medium) Researcher/s: Joshua Martinelle Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6edb6604-9da8-421e-933b-bac02b179bd0>
Affected Software: WP VR – 360 Panorama and Virtual Tour Builder For WordPress CVE ID: CVE-2023-1413 CVSS Score: 6.1 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6fbde737-0730-49a4-a84e-a9c5e0e32af5>
Affected Software: W4 Post List CVE ID: CVE-2023-1373 CVSS Score: 6.1 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9d6a7230-07c7-43f3-a844-77d2bb19545d>
Affected Software: WordPress Amazon S3 Plugin CVE ID: CVE-2023-0423 CVSS Score: 6.1 (Medium) Researcher/s: Shreya Pohekar Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ab779713-7004-47f6-af16-2db2c7c1013b>
Affected Software: WooCommerce JazzCash Gateway Plugin CVE ID: CVE-2022-46822 CVSS Score: 6.1 (Medium) Researcher/s: minhtuanact Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e6809f7f-4495-4185-b439-820010afc305>
Affected Software: Open Graphite CVE ID: CVE-2022-47439 CVSS Score: 6.1 (Medium) Researcher/s: minhtuanact Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fd368b2c-ef40-453b-aeef-ad88d847c29b>
Affected Software: Export Users Data Distinct CVE ID: CVE-2022-46804 CVSS Score: 5.8 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/03a1724c-8fea-4e9f-a4a1-9de236e1f15a>
Affected Software: amr users CVE ID: CVE-2022-45348 CVSS Score: 5.8 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/879e7695-3a61-4e65-b102-fcdc63fac688>
Affected Software: Simple Giveaways – Grow your business, email lists and traffic with contests CVE ID: CVE-2023-1122 CVSS Score: 5.5 (Medium) Researcher/s: Varun Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/240691c4-35c5-40e1-b1ab-a500ffcdac73>
Affected Software: Wbcom Designs – BuddyPress Activity Social Share CVE ID: CVE-2023-28694 CVSS Score: 5.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1c8152c5-7d72-48a1-9140-8b0341c86023>
Affected Software: Variation Swatches for WooCommerce CVE ID: CVE-2023-28688 CVSS Score: 5.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6e98fb74-46f2-4a6a-8012-e2824bd77070>
Affected Software: CBX Currency Converter CVE ID: CVE-2023-28747 CVSS Score: 5.4 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/711d2c4d-700d-4d6e-911f-99abf86eff32>
Affected Software: Enhanced Plugin Admin CVE ID: CVE-2023-28618 CVSS Score: 5.4 (Medium) Researcher/s: Yuki Haruma Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9b5bc030-7739-4eb4-b85d-99e5d0f2643a>
Affected Software: Easy Table of Contents CVE ID: CVE-2023-25469 CVSS Score: 5.4 (Medium) Researcher/s: Rafshanzani Suhada Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ff937860-c4e0-4172-9f0f-d66578fa7203>
Affected Software: Floating Cart and Menu Cart for WooCommerce CVE ID: CVE-2023-25969 CVSS Score: 5.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1c0d18d3-8758-41ae-b104-dac69eee4ac9>
Affected Software: Branded Social Images – Open Graph Images with logo and extra text layer CVE ID: CVE-2023-28536 CVSS Score: 5.3 (Medium) Researcher/s: Yuki Haruma Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2cbc0b70-c8a4-4924-a67f-cea81ab19cdc>
Affected Software: Owl Carousel CVE ID: CVE-2022-44578 CVSS Score: 5.3 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/37aaf109-e04f-40d7-8303-a581b0b09d24>
Affected Software: If Menu – Visibility control for Menus CVE ID: CVE-2022-41698 CVSS Score: 5.3 (Medium) Researcher/s: Nguyen Anh Tien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3b5fc0ac-7a33-48da-8b0f-566b9eb0f17f>
Affected Software: eRoom – Zoom Meetings & Webinars CVE ID: CVE-2022-43472 CVSS Score: 5.3 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5e0767a8-9e82-4ce4-9df9-19b458dc5ce0>
Affected Software: GiveWP – Donation Plugin and Fundraising Platform CVE ID: CVE Unknown CVSS Score: 5.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a2dc1a04-5503-412b-92e7-ed86910abd92>
Affected Software: GiveWP – Donation Plugin and Fundraising Platform CVE ID: CVE Unknown CVSS Score: 5.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d09a0b62-6556-4be5-a6f2-0cb0edcced3b>
Affected Software: Hummingbird – Optimize Speed, Enable Cache, Minify CSS & Defer Critical JS CVE ID: CVE-2023-1478 CVSS Score: 5.3 (Medium) Researcher/s: Karol Mazurek Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d9b8e6dc-a9ac-4afb-ad47-4f51032bb1f4>
Affected Software: Resoto CVE ID: CVE-2023-28619 CVSS Score: 5 (Medium) Researcher/s: Dave Jong Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cb5c5e82-d6e5-4237-958f-12fc4698e77e>
Affected Software: Photo Gallery by 10Web – Mobile-Friendly Image Gallery CVE ID: CVE Unknown CVSS Score: 4.9 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a0f55f3e-9a9a-42a7-91b5-0d515519d545>
Affected Software: Kanban Boards for WordPress CVE ID: CVE-2023-23884 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/071b5c32-b6ac-402a-af74-6ecd05279d93>
Affected Software: Userlike – WordPress Live Chat plugin CVE ID: CVE Unknown CVSS Score: 4.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/14c94d47-c911-4874-a897-58f4c0800329>
Affected Software: Store Locator WordPress CVE ID: CVE-2023-27618 CVSS Score: 4.4 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1dad9de0-5e43-4dfd-a56c-5e9efff35c0a>
Affected Software: Klaviyo CVE ID: CVE-2023-0874 CVSS Score: 4.4 (Medium) Researcher/s: Rafshanzani Suhada Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/294de862-716c-4e17-a1cf-cade53207013>
Affected Software: VigilanTor CVE ID: CVE-2023-28695 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2ea71d63-27ce-4f24-b3ef-de38e6f25e0d>
Affected Software: Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress CVE ID: CVE Unknown CVSS Score: 4.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3adf6b20-110f-4057-9fab-5248e9c18555>
Affected Software: Lazy Social Comments CVE ID: CVE-2023-23733 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/43f2c020-a531-4e25-948e-372bc7af3bab>
Affected Software: Disqus Conditional Load CVE ID: CVE-2023-23732 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/762190dc-cd19-4bc1-8204-9219881d95e9>
Affected Software: Simple Giveaways – Grow your business, email lists and traffic with contests CVE ID: CVE-2023-1120 CVSS Score: 4.4 (Medium) Researcher/s: ipatelsumit Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/86991143-d4e7-4114-b219-0deedd084858>
Affected Software: Simple Giveaways – Grow your business, email lists and traffic with contests CVE ID: CVE-2023-1121 CVSS Score: 4.4 (Medium) Researcher/s: Varun Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/91552a9b-d46b-4a75-b096-8f28bdd9fb56>
Affected Software: WP Content Filter – Censor All Offensive Content From Your Site CVE ID: CVE-2023-23883 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/95ffefff-80e1-4f5a-8939-47a00f75493d>
Affected Software: Simple Custom Author Profiles CVE ID: CVE-2023-24372 CVSS Score: 4.4 (Medium) Researcher/s: Nithissh S Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/986d16d5-f1f4-4ed9-9978-0f12ee22a543>
Affected Software: All-In-One Security (AIOS) – Security and Firewall CVE ID: CVE-2023-0157 CVSS Score: 4.4 (Medium) Researcher/s: Bartłomiej Marek Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a3ae55ad-b192-4dde-8a7c-3a4fd71d3475>
Affected Software: Pagination by BestWebSoft – Customizable WordPress Content Splitter and Navigation Plugin CVE ID: CVE Unknown CVSS Score: 4.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a4572874-afd4-4e46-8a28-76a0a6cc8acb>
Affected Software: Cyberus Key CVE ID: CVE-2023-28620 CVSS Score: 4.4 (Medium) Researcher/s: Pavitra Tiwari Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bf5e5eaf-b42d-49b9-8f55-6025e64748c9>
Affected Software: Event Manager and Tickets Selling Plugin for WooCommerce CVE ID: CVE-2023-28422 CVSS Score: 4.4 (Medium) Researcher/s: Yuki Haruma Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c2f4c1de-7eeb-45c4-bbff-ec85f2cda5aa>
Affected Software: Time Sheets CVE ID: CVE-2023-0893 CVSS Score: 4.4 (Medium) Researcher/s: Shreya Pohekar Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e7e25e64-4504-4aad-aeb6-d58b5c36a4bd>
Affected Software: Cyberus Key CVE ID: CVE Unknown CVSS Score: 4.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f3944b2d-c431-4a53-b4e2-740480e746d6>
Affected Software: TreePress – Easy Family Trees & Ancestor Profiles CVE ID: CVE-2023-23863 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fbef8738-d639-48a5-98b7-abf9a7e9fec1>
Affected Software: Floating Cart and Menu Cart for WooCommerce CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/18f04566-3a63-41f3-aa9b-766304d56499>
Affected Software: W4 Post List CVE ID: CVE-2023-1371 CVSS Score: 4.3 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5ac7408d-8ec7-415b-bf52-024182888cb4>
Affected Software: GiveWP – Donation Plugin and Fundraising Platform CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5ea02dd5-d837-471c-aa6a-264ffcedd55d>
Affected Software: I Recommend This CVE ID: CVE-2023-28696 CVSS Score: 4.3 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a0ee9b26-4e7f-475f-b42b-5af40b78cbca>
Affected Software: BigContact Contact Page CVE ID: CVE-2023-22694 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b0403adb-08c4-4697-a7d9-50e39d46cd43>
Affected Software: Weather Station CVE ID: CVE-2023-25478 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b1e1db3f-1ebc-4f16-b2d8-8bce9c51b3db>
Affected Software: Google XML Sitemap for Mobile CVE ID: CVE-2023-23869 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b2b0c5f9-b734-41e6-8ecb-4cf3d891ddb7>
Affected Software: Custom Field Template CVE ID: CVE-2023-22695 CVSS Score: 4.3 (Medium) Researcher/s: NeginNrb Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b55853e1-2f20-417f-b07e-eda758eaed32>
Affected Software: Stock Sync for WooCommerce CVE ID: CVE-2022-46807 CVSS Score: 4.3 (Medium) Researcher/s: Cat Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b8faa34a-17fd-4a2e-b8bf-ed40fc7a88d9>
Affected Software: Simple Mobile URL Redirect CVE ID: CVE-2023-23897 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/be8dcff9-1626-4919-b297-c423891f3d02>
Affected Software: Product Feed PRO for WooCommerce CVE ID: CVE-2022-46793 CVSS Score: 4.3 (Medium) Researcher/s: Muhammad Daffa Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c5b0939a-1699-483c-9a4f-7978155e6ad1>
Affected Software: Contact Form Email CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ce6ea115-941e-482f-a2a4-95293ff10a69>
Affected Software: Stock Sync for WooCommerce CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Cat Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cf13732b-7c24-443a-bae9-d8cf70b5cb33>
Affected Software: Thank You Page Customizer for WooCommerce – Increase Your Sales CVE ID: CVE-2022-46812 CVSS Score: 4.3 (Medium) Researcher/s: Cat Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ecd504ad-8812-46ec-be18-e98d05982312>
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (Mar 20, 2023 to Mar 26, 2023) appeared first on Wordfence.
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
49.9%