Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now!
Last week, there were 67 vulnerabilities disclosed in 60 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 29 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 12,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
_Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published. _
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Patch Status | Number of Vulnerabilities |
---|---|
Unpatched | 12 |
Patched | 55 |
Severity Rating | Number of Vulnerabilities |
---|---|
Low Severity | 1 |
Medium Severity | 54 |
High Severity | 7 |
Critical Severity | 5 |
Vulnerability Type by CWE | Number of Vulnerabilities |
---|---|
Cross-Site Request Forgery (CSRF) | 20 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 19 |
Missing Authorization | 8 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 4 |
Unrestricted Upload of File with Dangerous Type | 4 |
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | 3 |
Information Exposure | 2 |
Information Exposure Through Debug Information | 1 |
Exposure of Private Information ('Privacy Violation') | 1 |
Use of Less Trusted Source | 1 |
Protection Mechanism Failure | 1 |
Server-Side Request Forgery (SSRF) | 1 |
Authorization Bypass Through User-Controlled Key | 1 |
Improper Access Control | 1 |
Researcher Name | Number of Vulnerabilities |
---|---|
Francesco Carlucci | 5 |
Rafie Muhammad | 4 |
Dave Jong | 3 |
Daniel Ruf | 2 |
Nex Team | 2 |
drop | 2 |
Artem Guzhva (hexcat) | 2 |
Ngô Thiên An (ancorn_) | 2 |
Abdi Pranata | 2 |
Brandon James Roldan (tomorrowisnew) | 2 |
Webbernaut | 2 |
Dateoljo of BoB 12th | 1 |
Lucio Sá | 1 |
LVT-tholv2k | 1 |
Le Ngoc Anh | 1 |
Huynh Tien Si | 1 |
Mika | 1 |
Joshua Chan | 1 |
Abu Hurayra (HurayraIIT) | 1 |
Akbar Kustirama | 1 |
Yudistira Arya | 1 |
Naveen Muthusamy | 1 |
thiennv | 1 |
Yuchen Ji | 1 |
Dmitrii Ignatyev | 1 |
Rafshanzani Suhada | 1 |
Ulyses Saicha | 1 |
Elliot | 1 |
Nicolas Decayeux | 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
Software Name | Software Slug |
---|---|
AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! | ai-engine |
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup | armember-membership |
Advanced Flamingo | advanced-flamingo |
Advanced Woo Search | advanced-woo-search |
Auto Affiliate Links | wp-auto-affiliate-links |
Beds24 Online Booking | beds24-online-booking |
Constant Contact Forms by MailMunch | constant-contact-forms-by-mailmunch |
Contact Form 7 Connector | ari-cf7-connector |
Contact Form 7 Extension For Mailchimp | contact-form-7-mailchimp-extension |
Contact Form 7 – Dynamic Text Extension | contact-form-7-dynamic-text-extension |
Customer Reviews for WooCommerce | customer-reviews-woocommerce |
Download Monitor | download-monitor |
Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder | droit-elementor-addons |
ElementsKit Elementor addons | elementskit-lite |
Email Encoder – Protect Email Addresses and Phone Numbers | email-encoder-bundle |
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates | essential-blocks |
EventON | eventon-lite |
EventON Pro | eventon |
Football Pool | football-pool |
Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder | formidable |
GD Rating System | gd-rating-system |
Gallery Plugin for WordPress – Envira Photo Gallery | envira-gallery-lite |
Happy Addons for Elementor | happy-elementor-addons |
Index Now | mihdan-index-now |
InstaWP Connect – 1-click WP Staging & Migration | instawp-connect |
List category posts | list-category-posts |
MailerLite – WooCommerce integration | woo-mailerlite |
Metform Elementor Contact Form Builder | metform |
Newsletter – Send awesome emails from WordPress | newsletter |
OneClick Chat to Order | oneclick-whatsapp-order |
Order Export & Order Import for WooCommerce | order-import-export-for-woocommerce |
PDF Invoices & Packing Slips for WooCommerce | woocommerce-pdf-invoices-packing-slips |
POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications | post-smtp |
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions | paid-memberships-pro |
Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress | contest-gallery |
Plugin for Google Reviews | widget-google-reviews |
Products, Order & Customers Export for WooCommerce | export-woocommerce |
Profile Builder Pro | profile-builder-pro |
RabbitLoader | rabbit-loader |
Schema & Structured Data for WP & AMP | schema-and-structured-data-for-wp |
Seraphinite Accelerator | seraphinite-accelerator |
Seraphinite Alternative Slugs Manager | seraphinite-old-slugs-mgr |
Shortcodes Finder | shortcodes-finder |
Simple Inventory Management – just scan barcode to manage products and orders. For WooCommerce | barcode-scanner-lite-pos-to-manage-products-inventory-and-orders |
Swift SMTP (formerly Welcome Email Editor) | welcome-email-editor |
TNC PDF viewer | pdf-viewer-by-themencode |
The Events Calendar | the-events-calendar |
Voting Record | voting-record |
WP Register Profile With Shortcode | wp-register-profile-with-shortcode |
WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc | wp-sms |
WP Spell Check | wp-spell-check |
WP Testimonials | testimonial-widgets |
WPS Hide Login | wps-hide-login |
WooCommerce | woocommerce |
Woocommerce Vietnam Checkout | woo-vietnam-checkout |
Word Replacer Pro | word-replacer-ultra |
WordPress Button Plugin MaxButtons | maxbuttons |
WordPress Live Chat Plugin for Elementor – LiveChat | livechat-elementor |
WordPress Live Chat Plugin for WooCommerce – LiveChat | livechat-woocommerce |
WordPress Manutenção | wp-manutencao |
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you'd like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
Affected Software: Simple Inventory Management – just scan barcode to manage products and orders. For WooCommerce CVE ID: CVE-2023-52221 CVSS Score: 9.8 (Critical) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/34439db4-1b66-4ccb-bf84-fddef6bc1f88>
Affected Software: Customer Reviews for WooCommerce CVE ID: CVE-2023-6979 CVSS Score: 9.8 (Critical) Researcher/s: Artem Guzhva (hexcat) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4af801db-44a6-4cd3-bd1a-3125490c8c48>
Affected Software: AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! CVE ID: CVE-2023-51409 CVSS Score: 9.8 (Critical) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a3fc4bac-9be0-4a1c-b4bb-4384d80e22f7>
Affected Software: Simple Inventory Management – just scan barcode to manage products and orders. For WooCommerce CVE ID: CVE-2023-52215 CVSS Score: 9.8 (Critical) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ba18bd0c-ba6c-4f98-ac29-660a79affa6c>
Affected Software: POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications CVE ID: CVE-2023-6875 CVSS Score: 9.8 (Critical) Researcher/s: Ulyses Saicha Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e675d64c-cbb8-4f24-9b6f-2597a97b49af>
Affected Software: WP Testimonials CVE ID: CVE Unknown CVSS Score: 8.8 (High) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4da18aad-3c82-4bc6-8dad-523643c12d5b>
Affected Software: WP Register Profile With Shortcode CVE ID: CVE-2023-5448 CVSS Score: 8.8 (High) Researcher/s: Dmitrii Ignatyev Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ca564941-4780-4da2-b937-c9bd45966d81>
Affected Software: Profile Builder Pro CVE ID: CVE-2024-22140 CVSS Score: 8.8 (High) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f4c8932b-ede8-4f17-9612-5493c1130170>
Affected Software: Download Monitor CVE ID: CVE Unknown CVSS Score: 7.2 (High) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/105ae6be-2cb7-4ab2-8e4c-5d3ff84c5b9f>
Affected Software: Order Export & Order Import for WooCommerce CVE ID: CVE-2024-22135 CVSS Score: 7.2 (High) Researcher/s: Dateoljo of BoB 12th Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/15ce2e54-ca5a-4dbc-9795-6e989e85b330>
Affected Software: PDF Invoices & Packing Slips for WooCommerce CVE ID: CVE-2024-22147 CVSS Score: 7.2 (High) Researcher/s: Yudistira Arya Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a92e307d-b3c0-441a-abac-580a60dd44cf>
Affected Software: Index Now CVE ID: CVE-2024-0428 CVSS Score: 7.1 (High) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c7641d52-e930-4143-9180-2903d018da91>
Affected Software/s: EventON, EventON Pro CVE ID: CVE-2023-6158 CVSS Score: 6.5 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/19f94c4f-145b-4058-aabd-06525fce3cea>
Affected Software: List category posts CVE ID: CVE-2023-6994 CVSS Score: 6.5 (Medium) Researcher/s: Ngô Thiên An (ancorn_) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/611871cc-737f-44e3-baf5-dbaa8bd8eb81>
Affected Software/s: EventON, EventON Pro CVE ID: CVE-2023-6244 CVSS Score: 6.5 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6fcc3a82-f116-446e-9e5f-4f074e20403b>
Affected Software: Profile Builder Pro CVE ID: CVE-2024-22141 CVSS Score: 6.5 (Medium) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a388b406-1640-443d-9656-6a87588ce201>
Affected Software: Word Replacer Pro CVE ID: CVE-2023-52229 CVSS Score: 6.5 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bd31e8b0-6089-4521-a80f-e65e61ad062f>
Affected Software: GD Rating System CVE ID: CVE Unknown CVSS Score: 6.5 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c0b3662d-e369-4978-aa7a-debbb3ee37e4>
Affected Software/s: EventON, EventON Pro CVE ID: CVE-2023-6242 CVSS Score: 6.5 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c8e9a333-a6b7-4b5e-93c1-b95566e5d6fb>
Affected Software: Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder CVE ID: CVE-2023-6830 CVSS Score: 6.5 (Medium) Researcher/s: drop Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ff294b0f-97fe-4d27-bf93-f5bbb57ac1f6>
Affected Software: Happy Addons for Elementor CVE ID: CVE Unknown CVSS Score: 6.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1453815d-4e28-41ec-9aa4-4fd2899c619a>
Affected Software: Voting Record CVE ID: CVE-2023-7084 CVSS Score: 6.4 (Medium) Researcher/s: Daniel Ruf Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/286c3e26-07a8-4fca-9fdc-98e62ae88b67>
Affected Software: OneClick Chat to Order CVE ID: CVE Unknown CVSS Score: 6.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3e4aaf2e-a0c6-47d2-9eb8-d65952a74424>
Affected Software: Beds24 Online Booking CVE ID: CVE-2023-52228 CVSS Score: 6.4 (Medium) Researcher/s: Ngô Thiên An (ancorn_) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6fc2b2a5-00b0-424e-8678-c6b5cd76baec>
Affected Software: TNC PDF viewer CVE ID: CVE Unknown CVSS Score: 6.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7a5f29ce-e266-4f52-af63-159253e7987c>
Affected Software: Constant Contact Forms by MailMunch CVE ID: CVE-2024-22137 CVSS Score: 6.4 (Medium) Researcher/s: Abu Hurayra (HurayraIIT) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a84bd9c8-97bd-4572-8bfa-5191d98c9523>
Affected Software: Plugin for Google Reviews CVE ID: CVE-2023-6884 CVSS Score: 6.4 (Medium) Researcher/s: Akbar Kustirama Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a8971d54-b54e-4e62-9db2-fa87d2564599>
Affected Software: WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc CVE ID: CVE Unknown CVSS Score: 6.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c9141ad3-86cf-47ae-be99-d78f0337f2ca>
Affected Software: Email Encoder – Protect Email Addresses and Phone Numbers CVE ID: CVE-2023-7070 CVSS Score: 6.4 (Medium) Researcher/s: Webbernaut Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f5afe6ea-93b8-4782-8593-76468e370a45>
Affected Software: Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates CVE ID: CVE-2023-7071 CVSS Score: 6.4 (Medium) Researcher/s: Webbernaut Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f969cb24-734f-46e5-a74d-fddf8e61e096>
Affected Software: Football Pool CVE ID: CVE Unknown CVSS Score: 6.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ff150706-5fbf-4881-976b-89fdaf637fb1>
Affected Software: ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup CVE ID: CVE-2023-52200 CVSS Score: 6.3 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/88907f28-7b1d-4a5a-b846-67dfd21d6488>
Affected Software: WooCommerce CVE ID: CVE Unknown CVSS Score: 6.1 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/43810a17-89b4-44f5-887e-1ad0989ea5b4>
Affected Software: Profile Builder Pro CVE ID: CVE-2024-22142 CVSS Score: 6.1 (Medium) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/578d8ca7-7042-493d-92b4-63241b4bdfca>
Affected Software: Shortcodes Finder CVE ID: CVE-2024-21750 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8eb77a53-4aea-46c3-8eea-a16f728dfa23>
Affected Software: Advanced Woo Search CVE ID: CVE-2024-0251 CVSS Score: 6.1 (Medium) Researcher/s: Artem Guzhva (hexcat) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/91358e40-e64f-4e8e-b5a3-7d2133db5fe9>
Affected Software: Voting Record CVE ID: CVE-2023-7083 CVSS Score: 6.1 (Medium) Researcher/s: Daniel Ruf Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f93aa003-5b8b-4836-af65-80df2f9fbdb6>
Affected Software: Auto Affiliate Links CVE ID: CVE Unknown CVSS Score: 5.8 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d89918e1-b525-4d32-9b11-5e014eb02c16>
Affected Software: Metform Elementor Contact Form Builder CVE ID: CVE-2023-6788 CVSS Score: 5.4 (Medium) Researcher/s: Lucio Sá Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/30fd2425-ee48-4777-91c1-03906d63793a>
Affected Software: Schema & Structured Data for WP & AMP CVE ID: CVE-2024-22146 CVSS Score: 5.4 (Medium) Researcher/s: LVT-tholv2k Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5ca21247-c443-4808-8397-790669453bfc>
Affected Software: RabbitLoader CVE ID: CVE-2024-21751 CVSS Score: 5.4 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/958118ec-437e-45c8-a0f0-6aaf54e60d04>
Affected Software: MailerLite – WooCommerce integration CVE ID: CVE-2023-52223 CVSS Score: 5.4 (Medium) Researcher/s: Brandon James Roldan (tomorrowisnew) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9ea7ccb0-c0fb-4ef3-8041-9bf5abe36e3f>
Affected Software: Contact Form 7 Extension For Mailchimp CVE ID: CVE-2024-22134 CVSS Score: 5.4 (Medium) Researcher/s: Yuchen Ji Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bed25977-040e-4427-b1e3-e9be9733b31f>
Affected Software: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions CVE ID: CVE Unknown CVSS Score: 5.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/852b1895-3bed-4c2f-912c-c136b38a09bb>
Affected Software: Seraphinite Accelerator CVE ID: CVE-2024-22138 CVSS Score: 5.3 (Medium) Researcher/s: Joshua Chan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a5991df2-1aab-4d07-9e30-1257aa9ec884>
Affected Software: WordPress Manutenção CVE ID: CVE-2024-22139 CVSS Score: 5.3 (Medium) Researcher/s: Brandon James Roldan (tomorrowisnew) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a6664039-554b-43bf-8925-00c1e62e28f5>
Affected Software: The Events Calendar CVE ID: CVE-2023-6557 CVSS Score: 5.3 (Medium) Researcher/s: Nicolas Decayeux Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fc40196e-c0f3-4bc6-ac4b-b866902def61>
Affected Software: ElementsKit Elementor addons CVE ID: CVE-2023-6582 CVSS Score: 5.3 (Medium) Researcher/s: Nex Team Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ff4ae5c8-d164-4c2f-9bf3-83934c22cf4c>
Affected Software: Newsletter – Send awesome emails from WordPress CVE ID: CVE Unknown CVSS Score: 4.7 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5c24ee66-7b57-4e4c-bbb5-0451fc24ce4b>
Affected Software: Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress CVE ID: CVE Unknown CVSS Score: 4.7 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f2b5213d-fdc5-4c98-9a05-15d83bd7308f>
Affected Software: Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder CVE ID: CVE-2023-6842 CVSS Score: 4.4 (Medium) Researcher/s: drop Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/47e402c3-e06c-4ac9-8c60-5666cb1101ce>
Affected Software: Woocommerce Vietnam Checkout CVE ID: CVE Unknown CVSS Score: 4.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5344499d-c183-4164-a52c-0dca7873f63d>
Affected Software: WordPress Button Plugin MaxButtons CVE ID: CVE-2023-6594 CVSS Score: 4.4 (Medium) Researcher/s: Rafshanzani Suhada Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cfe2cabd-98f6-4ebc-8a02-e6951202aa88>
Affected Software: Swift SMTP (formerly Welcome Email Editor) CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1b9ed184-814d-46cb-979c-908bc9359fae>
Affected Software: WordPress Live Chat Plugin for Elementor – LiveChat CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/32c2a25d-e660-4700-8df3-b043cf6aa78a>
Affected Software: Gallery Plugin for WordPress – Envira Photo Gallery CVE ID: CVE-2023-6742 CVSS Score: 4.3 (Medium) Researcher/s: Nex Team Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/40655278-6915-4a76-ac2d-bb161d3cee92>
Affected Software: InstaWP Connect – 1-click WP Staging & Migration CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5954c35a-7d0a-4bc5-9cad-3223e7be56eb>
Affected Software: Seraphinite Alternative Slugs Manager CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/66377ee2-cc87-4cfe-a4e4-cef4459bf2ec>
Affected Software: MailerLite – WooCommerce integration CVE ID: CVE-2023-52227 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/757690b0-6c59-4e74-aad2-f5fde9f7a2fb>
Affected Software: WordPress Live Chat Plugin for WooCommerce – LiveChat CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/872f13bc-e6d0-4307-b2c9-b55a44df1016>
Affected Software: Advanced Flamingo CVE ID: CVE-2023-52226 CVSS Score: 4.3 (Medium) Researcher/s: Huynh Tien Si Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9ce8ad5f-05e8-4279-915a-1c94559d4e56>
Affected Software: WP Spell Check CVE ID: CVE-2024-22143 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9eef053c-16a1-4624-8393-08e78b221d4f>
Affected Software: Contact Form 7 – Dynamic Text Extension CVE ID: CVE-2023-6630 CVSS Score: 4.3 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a3f1d836-da32-414f-9f2b-d485c44b2486>
Affected Software: Contact Form 7 Connector CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b437020c-31a3-413e-a1da-b4781da34f10>
Affected Software: Products, Order & Customers Export for WooCommerce CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/da1f68a5-8ca7-4744-9b73-09e767072885>
Affected Software: Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder CVE ID: CVE-2024-22136 CVSS Score: 4.3 (Medium) Researcher/s: Elliot Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e7b49fd1-2d1e-4083-bc1d-010a9c8f4c2f>
Affected Software: WPS Hide Login CVE ID: CVE-2023-49748 CVSS Score: 3.7 (Low) Researcher/s: Naveen Muthusamy Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bb81e90f-8da4-483c-9bc1-18b6c016df5e>
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (January 8, 2024 to January 14, 2024) appeared first on Wordfence.