8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
48.6%
Last week, there were 55 vulnerabilities disclosed in 46 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 15 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API and webhook notifications are completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
_Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published. _
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Patch Status | Number of Vulnerabilities |
---|---|
Unpatched | 16 |
Patched | 39 |
Severity Rating | Number of Vulnerabilities |
---|---|
Low Severity | 0 |
Medium Severity | 37 |
High Severity | 16 |
Critical Severity | 2 |
Vulnerability Type by CWE | Number of Vulnerabilities |
---|---|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 18 |
Cross-Site Request Forgery (CSRF) | 7 |
Missing Authorization | 6 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 5 |
Deserialization of Untrusted Data | 5 |
Information Exposure | 4 |
Authorization Bypass Through User-Controlled Key | 3 |
Server-Side Request Forgery (SSRF) | 2 |
Improper Control of Generation of Code ('Code Injection') | 1 |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') | 1 |
Incorrect Privilege Assignment | 1 |
Improper Authorization | 1 |
Unverified Password Change | 1 |
Researcher Name | Number of Vulnerabilities |
---|---|
Lana Codes | |
(Wordfence Vulnerability Researcher) | 20 |
foobar7 | 5 |
Marco Wotschka | |
(Wordfence Vulnerability Researcher) | 5 |
Yan&Co ApS | 2 |
Vladislav Pokrovsky | 2 |
Chloe Chamberland | |
(Wordfence Vulnerability Researcher) | 1 |
Nguyen Anh Tien | 1 |
Do Xuan Trung | 1 |
osama-hamad | 1 |
Rafie Muhammad | 1 |
Dmitrii Ignatyev | 1 |
Alex Thomas | |
(Wordfence Vulnerability Researcher) | 1 |
teo23mal | 1 |
David Anderson | 1 |
Pablo Sanchez | 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
Software Name | Software Slug |
---|---|
10Web Map Builder for Google Maps | wd-google-maps |
Allow PHP in Posts and Pages | allow-php-in-posts-and-pages |
Awesome Weather Widget | awesome-weather |
BAN Users | ban-users |
Booking Calendar | booking |
Booking calendar, Appointment Booking System | booking-calendar |
Booster for WooCommerce | woocommerce-jetpack |
Checkout Field Editor | woocommerce-checkout-field-editor |
Comments – wpDiscuz | wpdiscuz |
Crayon Syntax Highlighter | crayon-syntax-highlighter |
DoLogin Security | dologin |
Dropbox Folder Share | dropbox-folder-share |
Enable Media Replace | enable-media-replace |
Essential Addons for Elementor | essential-addons-for-elementor-lite |
Essential Blocks Pro | essential-blocks-pro |
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates | essential-blocks |
Feeds for YouTube (YouTube video, channel, and gallery plugin) | feeds-for-youtube |
File Manager Pro – Filester | filester |
Google Maps Plugin by Intergeo | intergeo-maps |
Horizontal scrolling announcement | horizontal-scrolling-announcement |
JQuery Accordion Menu Widget | jquery-vertical-accordion-menu |
Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation | zero-bs-crm |
Leyka | leyka |
Login with phone number | login-with-phone-number |
MapPress Maps for WordPress | mappress-google-maps-for-wordpress |
Migration, Backup, Staging – WPvivid | wpvivid-backuprestore |
MultiVendorX – MultiVendor Marketplace Solution For WooCommerce | dc-woocommerce-multi-vendor |
Page Builder: Pagelayer – Drag and Drop website builder | pagelayer |
Photospace Responsive Gallery | photospace-responsive |
PowerPress Podcasting plugin by Blubrry | powerpress |
Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress | quiz-master-next |
Read More & Accordion | expand-maker |
ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF | shortpixel-image-optimiser |
Simplr Registration Form Plus+ | simplr-registration-form |
Slimstat Analytics | wp-slimstat |
Testimonial Slider Shortcode | testimonial-slider-shortcode |
WP Customer Reviews | wp-customer-reviews |
WP User Control | wp-user-control |
WS Facebook Like Box Widget | ws-facebook-likebox |
Welcart e-Commerce | usc-e-shop |
WooCommerce | woocommerce |
WooCommerce Beta Tester | woocommerce-beta-tester |
WooCommerce CVR Payment Gateway | woocommerce-cvr-payment-gateway |
WooCommerce EAN Payment Gateway | woocommerce-ean-payment-gateway |
WooCommerce Subscription | woocommerce-subscriptions |
WordPress File Upload | wp-file-upload |
woocommerce-checkout-field-editor | woocommerce-checkout-field-editor |
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities.
Affected Software: Allow PHP in Posts and Pages CVE ID: CVE-2023-4994 CVSS Score: 9.9 (Critical) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3d8b4bb6-3715-40c1-8140-7fcf874ccec3>
Affected Software: Dropbox Folder Share CVE ID: CVE-2023-4488 CVSS Score: 9.8 (Critical) Researcher/s: Marco Wotschka Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/647a2f27-092a-4db1-932d-87ae8c2efcca>
Affected Software: Slimstat Analytics CVE ID: CVE-2023-4598 CVSS Score: 8.8 (High) Researcher/s: Chloe Chamberland, Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/07c0f5a5-3455-4f06-b481-f4d678309c50>
Affected Software: Welcart e-Commerce CVE ID: CVE Unknown CVSS Score: 8.8 (High) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/35dadb9c-f0c6-4b74-bb31-5e9d504b3db5>
Affected Software: Simplr Registration Form Plus+ CVE ID: CVE-2023-4213 CVSS Score: 8.8 (High) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6ddf0452-3afe-4ada-bccc-30c818968a81>
Affected Software: Login with phone number CVE ID: CVE-2023-4916 CVSS Score: 8.8 (High) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/71083db7-377b-47a1-ac8b-83d8974a2654>
Affected Software: Essential Addons for Elementor CVE ID: CVE-2023-41955 CVSS Score: 8.8 (High) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8c13701e-424d-462f-b152-4dc5ad3ef197>
Affected Software: BAN Users CVE ID: CVE-2023-4153 CVSS Score: 8.8 (High) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/af6bd2db-47a4-4381-a881-d5f97a159f8d>
Affected Software: Horizontal scrolling announcement CVE ID: CVE-2023-4999 CVSS Score: 8.8 (High) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bf50922a-58a6-4ca4-80b7-cafb37b87216>
Affected Software: File Manager Pro – Filester CVE ID: CVE-2023-4827 CVSS Score: 8.8 (High) Researcher/s: Dmitrii Ignatyev Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cfbc7af2-1e2c-4aaf-b73c-870f7519aff1>
Affected Software: MultiVendorX – MultiVendor Marketplace Solution For WooCommerce CVE ID: CVE Unknown CVSS Score: 8.6 (High) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/afd9046c-5b6a-411e-8e66-ff1ba60d7f9d>
Affected Software: Migration, Backup, Staging – WPvivid CVE ID: CVE-2023-41243 CVSS Score: 8.3 (High) Researcher/s: Nguyen Anh Tien Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/28e723ee-e99a-4ec4-b492-bfba04d27fd0>
Affected Software/s: Essential Blocks Pro, Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates CVE ID: CVE-2023-4402 CVSS Score: 8.1 (High) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1ede7a25-9bb2-408e-b7fb-e5bd4f594351>
Affected Software/s: Essential Blocks Pro, Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates CVE ID: CVE-2023-4386 CVSS Score: 8.1 (High) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/af468f83-d6ad-474c-bf7f-c4eeb6df1b54>
Affected Software: Read More & Accordion CVE ID: CVE-2023-3392 CVSS Score: 7.2 (High) Researcher/s: Do Xuan Trung Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/73ab9f95-05cc-47fc-bfcb-1787f6f80789>
Affected Software: Booking calendar, Appointment Booking System CVE ID: CVE Unknown CVSS Score: 7.2 (High) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a02f4fc4-42ca-4f8e-9c28-bfa69644e7b6>
Affected Software: Dropbox Folder Share CVE ID: CVE-2023-3025 CVSS Score: 7.2 (High) Researcher/s: Alex Thomas Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d62bd2bd-db01-479f-89e4-8031d69a912f>
Affected Software: WooCommerce Beta Tester CVE ID: CVE Unknown CVSS Score: 7.2 (High) Researcher/s: teo23mal Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d6cbec61-cbe8-44a6-8cc8-8603393ed6b0>
Affected Software: Enable Media Replace CVE ID: CVE Unknown CVSS Score: 6.6 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6e7e6445-c1c5-48a8-a76d-819f2db1efc2>
Affected Software: ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF CVE ID: CVE Unknown CVSS Score: 6.6 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9f23bf62-6008-4a9c-a7ae-a2e513699684>
Affected Software: Booking Calendar CVE ID: CVE-2023-4620 CVSS Score: 6.5 (Medium) Researcher/s: Pablo Sanchez Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f883823f-c225-4cd2-a0f6-39013476ed83>
Affected Software: Testimonial Slider Shortcode CVE ID: CVE Unknown CVSS Score: 6.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/30cb1b8c-84ce-4401-9c30-775efb257fe6>
Affected Software: Feeds for YouTube (YouTube video, channel, and gallery plugin) CVE ID: CVE-2023-4841 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/376e2638-a873-4142-ad7d-067ae3333709>
Affected Software: Awesome Weather Widget CVE ID: CVE-2023-4944 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3bf77988-370b-437f-83a0-18a147e3e087>
Affected Software: Crayon Syntax Highlighter CVE ID: CVE-2023-4893 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/527f75f1-6361-4e16-8ae4-d38ca4589811>
Affected Software: WS Facebook Like Box Widget CVE ID: CVE-2023-4963 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8bebc229-9d15-439f-a8df-f68455bc5193>
Affected Software: Booster for WooCommerce CVE ID: CVE-2023-4945 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/981639a3-63c4-4b3f-827f-4d770bd44806>
Affected Software: PowerPress Podcasting plugin by Blubrry CVE ID: CVE Unknown CVSS Score: 6.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ae8c888e-46ed-468f-a5d5-74a7f9d01a36>
Affected Software: JQuery Accordion Menu Widget CVE ID: CVE-2023-4890 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b0cf3015-cdc9-4ac9-82f3-e9b4d1203e22>
Affected Software: MapPress Maps for WordPress CVE ID: CVE-2023-4840 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c3d2c9a4-32f7-484f-86ce-a33ef1174b28>
Affected Software: Google Maps Plugin by Intergeo CVE ID: CVE-2023-4887 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cb6d11ad-0983-4a4b-b52b-824eae8b8e3c>
Affected Software: Horizontal scrolling announcement CVE ID: CVE-2023-5001 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d4f60e8c-2745-4930-9101-914bd73c6e1c>
Affected Software: Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation CVE ID: CVE Unknown CVSS Score: 6.4 (Medium) Researcher/s: foobar7 Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e1dbd0e2-8c6c-4127-b37c-269af3b7f71c>
Affected Software: Page Builder: Pagelayer – Drag and Drop website builder CVE ID: CVE Unknown CVSS Score: 6.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e34b6ae5-1370-4058-95dd-5686978ca45b>
Affected Software: WooCommerce CVE ID: CVE Unknown CVSS Score: 5.3 (Medium) Researcher/s: osama-hamad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7b2d1879-c337-41c9-9f47-f9c2fe8e5928>
Affected Software: Comments – wpDiscuz CVE ID: CVE-2023-3998 CVSS Score: 5.3 (Medium) Researcher/s: Vladislav Pokrovsky Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9d09bdab-ffab-44cc-bba2-821b21a8e343>
Affected Software: Comments – wpDiscuz CVE ID: CVE-2023-3869 CVSS Score: 5.3 (Medium) Researcher/s: Vladislav Pokrovsky Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b30ac1b0-eae2-4194-bf8e-ae73b4236965>
Affected Software: Leyka CVE ID: CVE-2023-4917 CVSS Score: 5.3 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/dcd24b90-94ff-4625-8e3e-9c90e38683f9>
Affected Software: WP User Control CVE ID: CVE-2023-4915 CVSS Score: 5.3 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f4ca1736-7b99-49db-9367-586dbc14df41>
Affected Software: WooCommerce CVE ID: CVE Unknown CVSS Score: 4.9 (Medium) Researcher/s: David Anderson Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f1efcff5-3af6-4c44-9654-b917523419aa>
Affected Software: WordPress File Upload CVE ID: CVE Unknown CVSS Score: 4.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0e1915d9-8ea9-4ab2-9746-3c49bc0bd7c8>
Affected Software: Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation CVE ID: CVE Unknown CVSS Score: 4.4 (Medium) Researcher/s: foobar7 Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/32f2fc21-165c-483f-ab81-48d8f221e4be>
Affected Software: Photospace Responsive Gallery CVE ID: CVE-2023-4271 CVSS Score: 4.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3bc98896-6ff9-40de-ace2-2ca331c2a44a>
Affected Software: Migration, Backup, Staging – WPvivid CVE ID: CVE Unknown CVSS Score: 4.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b6d3ede8-465e-4588-b8ef-36bcd1850ec3>
Affected Software: WP Customer Reviews CVE ID: CVE-2023-4648 CVSS Score: 4.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f81950be-de32-4fa1-94fe-42667414fe2d>
Affected Software: WooCommerce Subscription CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: foobar7 Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/08a98c08-cddc-4bc3-bc07-15d084070abd>
Affected Software: DoLogin Security CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/24e2b96c-665f-4616-ac99-1a2b1b0a9ccd>
Affected Software: WooCommerce EAN Payment Gateway CVE ID: CVE-2023-4947 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes, Yan&Co ApS Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2760b183-3c15-4f0e-b72f-7c0333f9d4b6>
Affected Software: Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/32173d38-7f85-4e0c-9b4c-38bee2783d77>
Affected Software: 10Web Map Builder for Google Maps CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4be81ba0-c678-4234-b63e-da9813817bef>
Affected Software: 10Web Map Builder for Google Maps CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/63666c16-9f68-4a27-b163-4c25f0a7589e>
Affected Software: woocommerce-checkout-field-editor CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: foobar7 Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a4647210-ba7e-4233-83d6-12572213f5fb>
Affected Software: Booster for WooCommerce CVE ID: CVE-2023-4796 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a4cd49b2-ff93-4582-906b-b690d8472c38>
Affected Software: Checkout Field Editor CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: foobar7 Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ad430706-749f-4582-af07-6c543b8d5aad>
Affected Software: WooCommerce CVR Payment Gateway CVE ID: CVE-2023-4948 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes, Yan&Co ApS Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f72ba0e2-a9c4-43b0-a01f-185554090162>
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (September 11, 2023 to September 17, 2023) appeared first on Wordfence.
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
48.6%