Last week, there were 77 vulnerabilities disclosed in 68 WordPress Plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 32 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface and vulnerability API are completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
_Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published. _
Patch Status | Number of Vulnerabilities |
---|---|
Unpatched | 40 |
Patched | 37 |
Severity Rating | Number of Vulnerabilities |
---|---|
Low Severity | 0 |
Medium Severity | 65 |
High Severity | 10 |
Critical Severity | 2 |
Vulnerability Type by CWE | Number of Vulnerabilities |
---|---|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 44 |
Cross-Site Request Forgery (CSRF) | 9 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 8 |
Missing Authorization | 7 |
URL Redirection to Untrusted Site ('Open Redirect') | 3 |
Deserialization of Untrusted Data | 2 |
Server-Side Request Forgery (SSRF) | 2 |
Improper Neutralization of Formula Elements in a CSV File | 1 |
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') | 1 |
Researcher Name | Number of Vulnerabilities |
---|---|
Lana Codes | 7 |
Mika | 6 |
Yuki Haruma | 5 |
qilin_99 | 4 |
Pavitra Tiwari | 4 |
Erwan LR | 4 |
Justiice | 3 |
minhtuanact | 3 |
László Radnai | 3 |
Shreya Pohekar | 3 |
thiennv | 3 |
Nguyen Xuan Chien | 2 |
Ramuel Gall | 2 |
Abdi Pranata | 2 |
Marco Wotschka | 2 |
Ivy | 2 |
Le Ngoc Anh | 2 |
Nguyen Xuan Hoa | 1 |
LEE SE HYOUNG | 1 |
rezaduty | 1 |
TomS | 1 |
Pavak Tiwari | 1 |
daniloalbuqrque | 1 |
yuyudhn | 1 |
Taurus Omar | 1 |
qerogram | 1 |
Felipe Restrepo Rodriguez | 1 |
deokhunKim | 1 |
Phạm Ngọc Khánh | 1 |
Lucio Sá | 1 |
Nguyen Duy Quoc Khanh | 1 |
Trần Quốc Trường An | 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
Software Name | Software Slug |
---|---|
AJAX Thumbnail Rebuild | ajax-thumbnail-rebuild |
Advanced Category Template | advanced-category-template |
Advanced Youtube Channel Pagination | advanced-youtube-channel-pagination |
Arconix Shortcodes | arconix-shortcodes |
Autoptimize | autoptimize |
BSK Forms Blacklist | bsk-gravityforms-blacklist |
Bit File Manager – 100% free file manager for WordPress | file-manager |
Booking Manager | booking-manager |
CM On Demand Search And Replace | cm-on-demand-search-and-replace |
CRM Memberships | crm-memberships |
Chronosly Events Calendar | chronosly-events-calendar |
ClickFunnels | clickfunnels |
Custom 404 Pro | custom-404-pro |
Customizer Export/Import | customizer-export-import |
Decon WP SMS | decon-wp-sms |
Depicter Slider – Responsive Image Slider, Video Slider & Post Slider | depicter |
Display custom fields in the frontend – Post and User Profile Fields | shortcode-to-display-post-and-user-data |
Dynamically Register Sidebars | dynamically-register-sidebars |
Easy Bet | easy-bet |
Elementor Website Builder | elementor |
Emails & Newsletters with Jackmail | jackmail-newsletters |
Extensions for Leaflet Map | extensions-leaflet-map |
Forms Ada – Form Builder | forms-ada-form-builder |
HTTP Headers | http-headers |
Image Optimizer by 10web – Image Optimizer and Compression plugin | image-optimizer-wd |
Inactive User Deleter | inactive-user-deleter |
Integration for Contact Form 7 HubSpot | cf7-hubspot |
Ko-fi Button | ko-fi-button |
Logo Scheduler – Great for holidays, events, and more | logo-scheduler-great-for-holidays-events-and-more |
Maintenance Switch | maintenance-switch |
Mass Email To users | mass-email-to-users |
NS Coupon To Become Customer | ns-coupon-to-become-customer |
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress | ninja-forms |
Orbit Fox by ThemeIsle | themeisle-companion |
Photo Gallery Slideshow & Masonry Tiled Gallery | wp-responsive-photo-gallery |
Plugins List | plugins-list |
Progress Bar | progress-bar |
Push Notifications for WordPress by PushAssist | push-notification-for-wp-by-pushassist |
REST API TO MiniProgram | rest-api-to-miniprogram |
Rating-Widget: Star Review System | rating-widget |
Recipe Maker For Your Food Blog from Zip Recipes | zip-recipes |
SEO ALert | seo-alert |
Shield Security – Smart Bot Blocking & Intrusion Prevention | wp-simple-firewall |
Simple Giveaways – Grow your business, email lists and traffic with contests | giveasap |
Stock Sync for WooCommerce | stock-sync-for-woocommerce |
Stream | stream |
Thumbnail Slider With Lightbox | wp-responsive-slider-with-lightbox |
Thumbs Rating | thumbs-rating |
Tiempo.com | tiempocom |
Tippy | tippy |
URL Params | url-params |
Ultimate Addons for Contact Form 7 | ultimate-addons-for-contact-form-7 |
Updraft | updraft |
User IP and Location | user-ip-and-location |
Video XML Sitemap Generator | video-xml-sitemap-generator |
WP BrowserUpdate | wp-browser-update |
WP Directory Kit | wpdirectorykit |
WP Inventory Manager | wp-inventory-manager |
WP Page Numbers | wp-page-numbers |
WP Search Analytics | search-analytics |
WP Visitor Statistics (Real Time Traffic) | wp-stats-manager |
WP-CORS | wp-cors |
WooCommerce Multivendor Marketplace – REST API | wcfm-marketplace-rest-api |
Woocommerce Tip/Donation | woo-tipdonation |
XML for Google Merchant Center | xml-for-google-merchant-center |
YARPP – Yet Another Related Posts Plugin | yet-another-related-posts-plugin |
Zephyr Project Manager | zephyr-project-manager |
wordpress vertical image slider plugin | wp-vertical-image-slider |
Software Name | Software Slug |
---|---|
Arya Multipurpose | [arya-multipurpose](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/Arya Multipurpose>) |
Mocho Blog | [mocho-blog](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/Mocho Blog>) |
Viable Blog | [viable-blog](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/Viable Blog>) |
Affected Software: Custom 404 Pro CVE ID: CVE Unknown CVSS Score: 9.8 (Critical) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d22fb2e8-bb61-49bc-9fab-8f7c58339a69>
Affected Software: WP Visitor Statistics (Real Time Traffic) CVE ID: CVE-2023-0600 CVSS Score: 9.8 (Critical) Researcher/s: Trần Quốc Trường An Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f8e511ec-93d3-45f3-98ee-ffa7a79bf74e>
Affected Software: Ultimate Addons for Contact Form 7 CVE ID: CVE-2023-30495 CVSS Score: 8.8 (High) Researcher/s: Ivy Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5db5c5e0-f2ba-4082-b3eb-33cc0ce418e8>
Affected Software: Easy Bet CVE ID: CVE-2023-31092 CVSS Score: 8.8 (High) Researcher/s: Yuki Haruma Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a833fe01-caf5-434a-82f9-8d3ac755a66f>
Affected Software: YARPP – Yet Another Related Posts Plugin CVE ID: CVE-2023-0579 CVSS Score: 8.8 (High) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bda2f3f6-b036-4feb-bb38-1d4eaf965c24>
Affected Software: Thumbnail Slider With Lightbox CVE ID: CVE Unknown CVSS Score: 8.2 (High) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/33b92a86-bb3e-4307-b2cb-7dfde56505cc>
Affected Software: Orbit Fox by ThemeIsle CVE ID: CVE Unknown CVSS Score: 7.4 (High) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4c30b925-47ca-4e14-a418-d9524648db2a>
Affected Software: Shield Security – Smart Bot Blocking & Intrusion Prevention CVE ID: CVE-2023-0992 CVSS Score: 7.2 (High) Researcher/s: Ramuel Gall Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/162dff28-94ea-4a47-a6cb-a13317cf1a04>
Affected Software: Bit File Manager – 100% free file manager for WordPress CVE ID: CVE-2022-47599 CVSS Score: 7.2 (High) Researcher/s: rezaduty Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/24458c37-ebcc-471b-9044-78f24667f7a6>
Affected Software: BSK Forms Blacklist CVE ID: CVE-2023-30872 CVSS Score: 7.2 (High) Researcher/s: TomS Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4550681f-d115-4451-9839-7862b84714fe>
Affected Software: Customizer Export/Import CVE ID: CVE-2023-1347 CVSS Score: 7.2 (High) Researcher/s: Nguyen Duy Quoc Khanh Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/dd7312ec-9654-4ddc-aec6-71c7e684fac0>
Affected Software: Inactive User Deleter CVE ID: CVE-2023-27424 CVSS Score: 7.1 (High) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2f3c706f-fcce-4bcb-9773-ced011bf6407>
Affected Software: HTTP Headers CVE ID: CVE-2023-1207 CVSS Score: 6.6 (Medium) Researcher/s: qerogram Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8ea6b79c-2a09-4a6e-9b4b-a81f96e3bc12>
Affected Software: Elementor Website Builder CVE ID: CVE Unknown CVSS Score: 6.6 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a7bd173c-dc61-4cc6-b42f-311acf728080>
Affected Software: Display custom fields in the frontend – Post and User Profile Fields CVE ID: CVE-2023-31073 CVSS Score: 6.5 (Medium) Researcher/s: Yuki Haruma Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cdf3b629-c1a2-4fdd-b7fc-d3550bd30857>
Affected Software: ClickFunnels CVE ID: CVE-2022-4782 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3daa3a7d-bb92-41c7-92ad-71f6ff0bb50a>
Affected Software: Rating-Widget: Star Review System CVE ID: CVE-2023-23831 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/53577cf4-af87-41a2-9424-56a584b78cf3>
Affected Software: Arconix Shortcodes CVE ID: CVE-2023-23703 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7575e290-ad31-4c1b-9a89-eaa8b3eda6d1>
Affected Software: Progress Bar CVE ID: CVE-2023-23699 CVSS Score: 6.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/790bd89d-3913-4b43-9b00-7d4de5c4227d>
Affected Software: REST API TO MiniProgram CVE ID: CVE-2023-0551 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/941cf3f8-20a0-4d41-8fce-1554653d98da>
Affected Software: URL Params CVE ID: CVE-2023-0274 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/98e22884-f7d6-47df-9b1b-9232c48e3685>
Affected Software: User IP and Location CVE ID: CVE-2023-30780 CVSS Score: 6.4 (Medium) Researcher/s: deokhunKim Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c557fc55-3c0d-43ff-8575-32f669299b39>
Affected Software: Tippy CVE ID: CVE-2023-31079 CVSS Score: 6.4 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e6460406-da83-4dad-97a5-fe961f0c46fc>
Affected Software: Plugins List CVE ID: CVE-2023-31232 CVSS Score: 6.4 (Medium) Researcher/s: Yuki Haruma Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e9d42cc5-c213-454b-b05a-a57705e5c7e4>
Affected Software: Booking Manager CVE ID: CVE-2023-1977 CVSS Score: 6.3 (Medium) Researcher/s: Shreya Pohekar Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a9ee709d-6590-4c07-9788-6150733c1691>
Affected Software: Updraft CVE ID: CVE-2023-26530 CVSS Score: 6.1 (Medium) Researcher/s: Nguyen Xuan Hoa Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/02bfc849-0f36-4647-9290-eddbacdb419b>
Affected Software: WP BrowserUpdate CVE ID: CVE-2023-28690 CVSS Score: 6.1 (Medium) Researcher/s: qilin_99 Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0d3fa716-6f11-428c-b2da-2bb768a92fe0>
Affected Software: Mass Email To users CVE ID: CVE-2022-47600 CVSS Score: 6.1 (Medium) Researcher/s: minhtuanact Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0f218010-8429-4a8a-b7f6-e45945a2a1ba>
Affected Software: XML for Google Merchant Center CVE ID: CVE-2023-30877 CVSS Score: 6.1 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/16bd14a1-e69b-4b7d-8c0e-a294e120d2a6>
Affected Software: Viable Blog CVE ID: CVE-2023-27419 CVSS Score: 6.1 (Medium) Researcher/s: László Radnai Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/262b5326-a5e6-4063-a345-59dedd14c3c2>
Affected Software: Arya Multipurpose CVE ID: CVE-2023-27420 CVSS Score: 6.1 (Medium) Researcher/s: László Radnai Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3d5c4bf6-36f7-4e6d-a012-95594e3d93f8>
Affected Software: Photo Gallery Slideshow & Masonry Tiled Gallery CVE ID: CVE-2023-2402 CVSS Score: 6.1 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/51a1c2de-56be-4487-874a-a916e8a6992a>
Affected Software: Forms Ada – Form Builder CVE ID: CVE-2023-27613 CVSS Score: 6.1 (Medium) Researcher/s: Pavak Tiwari Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/54e330e7-d305-4254-a9e9-4d7f2c54c51c>
Affected Software: WP Inventory Manager CVE ID: CVE-2023-2123 CVSS Score: 6.1 (Medium) Researcher/s: daniloalbuqrque Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5b168045-9b68-43a7-89ce-d00a88bf8acd>
Affected Software: Logo Scheduler – Great for holidays, events, and more CVE ID: CVE-2023-30875 CVSS Score: 6.1 (Medium) Researcher/s: Yuki Haruma Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5d853fbd-c615-4142-9ba9-9eef54d721da>
Affected Software: Tiempo.com CVE ID: CVE-2023-2272 CVSS Score: 6.1 (Medium) Researcher/s: Erwan LR Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7a5e3d82-4722-47ff-b66f-448cb2851c1f>
Affected Software: Extensions for Leaflet Map CVE ID: CVE-2023-31074 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8e332a52-071c-4725-99db-3cc10ee50230>
Affected Software: Maintenance Switch CVE ID: CVE-2022-47590 CVSS Score: 6.1 (Medium) Researcher/s: minhtuanact Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a81d3b09-b8dd-4697-ab43-c863e8d1e1d5>
Affected Software: Stock Sync for WooCommerce CVE ID: CVE-2023-31094 CVSS Score: 6.1 (Medium) Researcher/s: Ivy Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/adcaf2db-2026-46bb-8fbc-0400d7c1e296>
Affected Software: wordpress vertical image slider plugin CVE ID: CVE-2023-2289 CVSS Score: 6.1 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c9983364-9b52-4acc-91d4-b352c6d24d52>
Affected Software: Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress CVE ID: CVE-2023-1835 CVSS Score: 6.1 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cf4e9b41-20e8-4dba-a51c-6e8f09232ffb>
Affected Software: Image Optimizer by 10web – Image Optimizer and Compression plugin CVE ID: CVE-2023-2122 CVSS Score: 6.1 (Medium) Researcher/s: Phạm Ngọc Khánh Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d50d8d51-3bb4-4556-95e3-06812a31d0d6>
Affected Software: Recipe Maker For Your Food Blog from Zip Recipes CVE ID: CVE-2023-31076 CVSS Score: 6.1 (Medium) Researcher/s: thiennv Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/dd7d3afd-6648-4ffb-85a9-cd5a6096963e>
Affected Software: Advanced Category Template CVE ID: CVE-2023-31072 CVSS Score: 6.1 (Medium) Researcher/s: minhtuanact Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e18ae7a9-7761-432f-a983-16ff1131c1e8>
Affected Software: Mocho Blog CVE ID: CVE-2023-27412 CVSS Score: 6.1 (Medium) Researcher/s: László Radnai Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f10fd22e-a25b-4f16-ad65-a995559908e9>
Affected Software: Push Notifications for WordPress by PushAssist CVE ID: CVE-2023-0644 CVSS Score: 6.1 (Medium) Researcher/s: Shreya Pohekar Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f4454376-7c18-4f0e-a192-80212a59d94b>
Affected Software: Emails & Newsletters with Jackmail CVE ID: CVE-2022-46821 CVSS Score: 6 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/084a209f-c67b-4df9-9f4b-c537ea065a50>
Affected Software: Advanced Youtube Channel Pagination CVE ID: CVE-2023-28693 CVSS Score: 5.5 (Medium) Researcher/s: qilin_99 Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5d858f96-7363-4098-af2d-f6f96fc80071>
Affected Software: Advanced Youtube Channel Pagination CVE ID: CVE-2023-28693 CVSS Score: 5.5 (Medium) Researcher/s: qilin_99 Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/91898465-55fa-417c-8f00-ffe118232516>
Affected Software: Woocommerce Tip/Donation CVE ID: CVE-2023-28783 CVSS Score: 5.5 (Medium) Researcher/s: Yuki Haruma Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9ec83425-c756-450e-ac46-c897ad72714c>
Affected Software: WP Directory Kit CVE ID: CVE-2023-31229 CVSS Score: 5.4 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0f01ee24-544b-45cb-9cf3-7db8263d8e54>
Affected Software: Tiempo.com CVE ID: CVE-2023-2271 CVSS Score: 5.4 (Medium) Researcher/s: Erwan LR Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3dacef70-a881-400e-b9f7-c0a815cf624a>
Affected Software: Tiempo.com CVE ID: CVE-2023-0058 CVSS Score: 5.4 (Medium) Researcher/s: Shreya Pohekar Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/62ac2725-0071-4a7d-8561-256e6a232de3>
Affected Software: Simple Giveaways – Grow your business, email lists and traffic with contests CVE ID: CVE-2023-31086 CVSS Score: 5.4 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8390ab61-197a-4eb7-a589-47bf46a0e123>
Affected Software: WP Directory Kit CVE ID: CVE-2023-2279 CVSS Score: 5.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8a7a6da3-d67c-42b3-8826-7e7fc9b938b4>
Affected Software: Zephyr Project Manager CVE ID: CVE-2023-31237 CVSS Score: 5.4 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9af929a3-6e17-40c7-9fce-1ce0eb72bc7b>
Affected Software: Thumbs Rating CVE ID: CVE-2022-45809 CVSS Score: 5.3 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cb1105fc-ed12-4a82-9cc4-4b45aa34cdc5>
Affected Software: CRM Memberships CVE ID: CVE-2023-27427 CVSS Score: 4.4 (Medium) Researcher/s: Pavitra Tiwari Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/07c3c8d9-64c9-4d16-9a35-8477b358123f>
Affected Software: CM On Demand Search And Replace CVE ID: CVE-2023-31228 CVSS Score: 4.4 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3be9ffb4-5614-4a5f-bc2a-38ad626f8e3e>
Affected Software: Dynamically Register Sidebars CVE ID: CVE-2023-31091 CVSS Score: 4.4 (Medium) Researcher/s: Pavitra Tiwari Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4e6b39da-26d4-4615-b6c7-68909bdf0a61>
Affected Software: WP-CORS CVE ID: CVE-2022-47606 CVSS Score: 4.4 (Medium) Researcher/s: Justiice Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6d571dcc-74a4-4380-8961-890f10443b80>
Affected Software: NS Coupon To Become Customer CVE ID: CVE-2023-27422 CVSS Score: 4.4 (Medium) Researcher/s: Pavitra Tiwari Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/70e227a5-fc33-4ff2-a843-ef9484707ae7>
Affected Software: SEO ALert CVE ID: CVE-2023-2225 CVSS Score: 4.4 (Medium) Researcher/s: Taurus Omar Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8a19b102-e097-46b3-9804-71edb91b3daa>
Affected Software: WP Search Analytics CVE ID: CVE-2022-47587 CVSS Score: 4.4 (Medium) Researcher/s: Justiice Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/914d6f7a-053a-4555-9cbc-98bd0789bcd9>
Affected Software: Ko-fi Button CVE ID: CVE-2023-2254 CVSS Score: 4.4 (Medium) Researcher/s: Felipe Restrepo Rodriguez Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/aa13426a-2d4e-4268-bc0d-e496bc9e6f33>
Affected Software: Autoptimize CVE ID: CVE Unknown CVSS Score: 4.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d16a3da0-9539-4555-8dfc-65cb4f4d7b4d>
Affected Software: Decon WP SMS CVE ID: CVE-2023-27416 CVSS Score: 4.4 (Medium) Researcher/s: Pavitra Tiwari Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d3bd7b0e-aae3-4ac9-b092-3101da441e1e>
Affected Software: AJAX Thumbnail Rebuild CVE ID: CVE-2022-47604 CVSS Score: 4.3 (Medium) Researcher/s: Justiice Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/039d2a35-fbd9-467b-ae98-2d47ff03fb2e>
Affected Software: WP BrowserUpdate CVE ID: CVE-2023-31078 CVSS Score: 4.3 (Medium) Researcher/s: qilin_99 Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/050ca18d-7596-4094-b24a-752857f5e478>
Affected Software: WP Page Numbers CVE ID: CVE-2023-27623 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/44a2e2f3-1902-43c5-8e3c-4174cb1ffa63>
Affected Software: Chronosly Events Calendar CVE ID: CVE-2023-31093 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/57580c2c-c3de-44a3-b586-f7092c06dc6b>
Affected Software: Shield Security – Smart Bot Blocking & Intrusion Prevention CVE ID: CVE-2023-0993 CVSS Score: 4.3 (Medium) Researcher/s: Ramuel Gall Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/674461ad-9b61-48c4-af2a-5dfcaeb38215>
Affected Software: Video XML Sitemap Generator CVE ID: CVE-2023-31089 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9e11e1b5-dbba-4920-a65c-210600878861>
Affected Software: Integration for Contact Form 7 HubSpot CVE ID: CVE-2023-31095 CVSS Score: 4.3 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a60a9981-c945-4438-a844-f7942b86c4c0>
Affected Software: WooCommerce Multivendor Marketplace – REST API CVE ID: CVE-2023-2275 CVSS Score: 4.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b0520601-7e5c-412d-a8da-df1bf8ce28df>
Affected Software: Stream CVE ID: CVE-2022-43450 CVSS Score: 4.3 (Medium) Researcher/s: Lucio Sá Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d58e4317-8ad5-40d5-98b8-f8f07ab37e1f>
Affected Software: Depicter Slider – Responsive Image Slider, Video Slider & Post Slider CVE ID: CVE-2022-47176 CVSS Score: 4.3 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ed79e382-acb4-4348-9bc6-b44ec0d75fb5>
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (Apr 24, 2023 to Apr 30, 2023) appeared first on Wordfence.