(647) 243-4688

Last week, there were 92 vulnerabilities disclosed in 88 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 37 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API and webhook integration are completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Individuals and Enterprises can use the vulnerability Database API to receive a complete dump of our database of over 12,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:

Dropshipping & Affiliation with Amazon <= 2.1.2 – Authenticated (Subscriber+) Arbitrary File Upload

Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.

Total Unpatched & Patched Vulnerabilities Last Week

Patch Status
Number of Vulnerabilities

Unpatched
57

Patched
35

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating
Number of Vulnerabilities

Low Severity
1

Medium Severity
80

High Severity
11

Critical Severity
0

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE
Number of Vulnerabilities

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
37

Cross-Site Request Forgery (CSRF)
30

Missing Authorization
11

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
7

Information Exposure
3

URL Redirection to Untrusted Site (‘Open Redirect’)
1

Unrestricted Upload of File with Dangerous Type
1

Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’)
1

Guessable CAPTCHA
1

Researchers That Contributed to WordPress Security Last Week

Researcher Name
Number of Vulnerabilities

Mika
19

Rio Darmawan
7

yuyudhn
5

Lana Codes
(Wordfence Vulnerability Researcher)
5

Abdi Pranata
5

Rafie Muhammad
3

Vladislav Pokrovsky
2

Taihei Shimamine
2

minhtuanact
2

spacecroupier
2

Prasanna V Balaji
2

Le Ngoc Anh
2

deokhunKim
2

Alex Thomas
(Wordfence Vulnerability Researcher)
2

LEE SE HYOUNG
2

BuShiYue
1

Phd
1

TomS
1

OZ1NG (TOOR, LISA)
1

thiennv
1

konagash
1

Robert DeVore
1

qilin_99
1

Jonas Höbenreich
1

NeginNrb
1

emad
1

Joshua Chan
1

An Đặng
1

Emili Castells
1

resecured.io
1

Marco Wotschka
(Wordfence Vulnerability Researcher)
1

Nguyen Anh Tien
1

n0paew
1

Ravi Dharmawan
1

Truoc Phan
1

Yebin Lee
1

Nithissh S
1

 

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.

WordPress Plugins with Reported Vulnerabilities Last Week

Software Name
Software Slug

AI ChatBot
chatbot

AI Content Writing Assistant (Content Writer, GPT 3 & 4, ChatGPT, Image Generator) All in One
ai-content-writing-assistant

Abandoned Cart Lite for WooCommerce
woocommerce-abandoned-cart

Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress
advanced-page-visit-counter

AmpedSense – AdSense Split Tester
ampedsense-adsense-split-tester

Automated Editor
automated-editor

Blog Filter – Advanced Post Filtering with Categories Or Tags, Post Portfolio Gallery, Blog Design Template, Post Layout
blog-filter

Blog Manager Light
blog-manager-light

Bold Timeline Lite
bold-timeline-lite

Booster for WooCommerce
woocommerce-jetpack

Bulk NoIndex & NoFollow Toolkit
bulk-noindex-nofollow-toolkit-by-mad-fish

Captcha/Honeypot (CF7, Avada, Elementor, Comments, WPForms) – GDPR ready
captcha-for-contact-form-7

Category Meta plugin
wp-category-meta

Comment Reply Email
comment-reply-email

Complete Open Graph
complete-open-graph

Connect to external APIs – WPGetAPI
wpgetapi

Contact Form by Supsystic
contact-form-by-supsystic

Contact form Form For All – Easy to use, fast, 37 languages.
formforall

Copy or Move Comments
copy-or-move-comments

Customer Reviews for WooCommerce
customer-reviews-woocommerce

Dropshipping & Affiliation with Amazon
wp-amazon-shop

Export All Posts, Products, Orders, Refunds & Users
wp-ultimate-exporter

Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
form-maker

Fotomoto
fotomoto

Geo Controller
cf-geoplugin

GoodBarber
goodbarber

Gumroad
gumroad

Hitsteps Web Analytics
hitsteps-visitor-manager

Hotjar
hotjar

IRivYou – Add reviews from AliExpress and Amazon to woocommerce
wooreviews-importer

Image vertical reel scroll slideshow
image-vertical-reel-scroll-slideshow

Instagram for WordPress
instagram-for-wordpress

Interactive World Map
interactive-world-map

LeadSquared Suite
leadsquared-suite

MStore API
mstore-api

Mailrelay
mailrelay

Marker.io – Visual Website Feedback
marker-io

Media Library Assistant
media-library-assistant

Mendeley Plugin
mendeleyplugin

OPcache Dashboard
opcache

Open User Map
open-user-map

Optimize Database after Deleting Revisions
rvg-optimize-database

Order auto complete for WooCommerce
order-auto-complete-for-woocommerce

POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress
post-smtp

Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
wp-user-avatar

Permalinks Customizer
permalinks-customizer

Pinpoint Booking System – #1 WordPress Booking Plugin
booking-system

Podcast Subscribe Buttons
podcast-subscribe-buttons

Post View Count
wp-simple-post-view

Pressference Exporter
pressference-exporter

Product Category Tree
product-category-tree

Profile Extra Fields by BestWebSoft
profile-extra-fields

Publish Confirm Message
publish-confirm-message

Redirection for Contact Form 7
wpcf7-redirect

RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login
custom-registration-form-builder-with-submission-manager

SendPulse Free Web Push
sendpulse-web-push

Seriously Simple Stats
seriously-simple-stats

Sharkdropship for AliExpress Dropship and Affiliate
wooshark-aliexpress-importer

Short URL
shorten-url

ShortCodes UI
shortcodes-ui

Simple SEO
cds-simple-seo

Smart Cookie Kit
smart-cookie-kit

Social Feed | Custom Feed for Social Media Networks
wp-social-feed

Social Metrics
social-metrics

Social proof testimonials and reviews by Repuso
social-testimonials-and-reviews-widget

Sp*tify Play Button for WordPress
spotify-play-button-for-wordpress

Stout Google Calendar
stout-google-calendar

Timely Booking Button
timely-booking-button

Urvanov Syntax Highlighter
urvanov-syntax-highlighter

User Location and IP
user-location-and-ip

Video Gallery – Best WordPress YouTube Gallery Plugin
gallery-videos

WOLF – WordPress Posts Bulk Editor and Manager Professional
bulk-editor

WP Bing Map Pro
api-bing-map-2018

WP Content Pilot – Autoblogging & Affiliate Marketing Plugin
wp-content-pilot

WP Custom Widget area
wp-custom-widget-area

WP Forms Puzzle Captcha
wp-forms-puzzle-captcha

WP Mail SMTP Pro
wp-mail-smtp-pro

WP Power Stats
wp-power-stats

WP Responsive header image slider
responsive-header-image-slider

WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission Plugin
wp-user-frontend

WhitePage
white-page-publication

WooCommerce Login Redirect
woo-login-redirect

WooODT Lite – WooCommerce Order Delivery or Pickup with Date Time Location
byconsole-woo-order-delivery-time

WordPress Popular Posts
wordpress-popular-posts

WordPress Simple HTML Sitemap
wp-simple-html-sitemap

YouTube Playlist Player
youtube-playlist-player

affiliate-toolkit – WordPress Affiliate Plugin
affiliate-toolkit-starter

canvasio3D Light
canvasio3d-light

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

Dropshipping & Affiliation with Amazon <= 2.1.2 – Authenticated (Subscriber+) Arbitrary File Upload

Affected Software: Dropshipping & Affiliation with Amazon
CVE ID: CVE-2023-31215
CVSS Score: 8.8 (High)
Researcher/s: spacecroupier
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/17240c75-4e2a-45d2-8114-414c7e81af87

Advanced Page Visit Counter <= 7.1.1 – Authenticated (Contributor+) SQL Injection

Affected Software: Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress
CVE ID: CVE-2023-45074
CVSS Score: 8.8 (High)
Researcher/s: TomS
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1810cea5-cfca-4699-bf09-0e474d04acb6

MStore API <= 4.0.6 – Authenticated (Subscriber+) SQL Injection

Affected Software: MStore API
CVE ID: CVE-2023-45055
CVSS Score: 8.8 (High)
Researcher/s: Truoc Phan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a8b10d0c-e2fc-47a3-9df9-8df58eee964c

Copy Or Move Comments <= 5.0.4 – Authenticated (Subscriber+) SQL Injection

Affected Software: Copy or Move Comments
CVE ID: CVE-2023-28748
CVSS Score: 8.8 (High)
Researcher/s: minhtuanact
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e2b020c3-0eb9-4ff1-b94e-e32452695b5d

Sharkdropship for AliExpress Dropship and Affiliate <= 2.2.3 – Missing Authorization

Affected Software: Sharkdropship for AliExpress Dropship and Affiliate
CVE ID: CVE-2023-30870
CVSS Score: 7.3 (High)
Researcher/s: spacecroupier
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f8812cfe-4bbe-44ba-9513-7f81bad68d11

Form Maker by 10Web <= 1.15.18 – Unauthenticated Stored Cross-Site Scripting

Affected Software: Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
CVE ID: CVE-2023-45071
CVSS Score: 7.2 (High)
Researcher/s: Vladislav Pokrovsky
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/05b434f7-6bce-4ad0-bd12-db5b01f14953

AmpedSense – AdSense Split Tester <= 4.68 – Unauthenticated Cross-Site Scripting

Affected Software: AmpedSense – AdSense Split Tester
CVE ID: CVE-2023-25476
CVSS Score: 7.2 (High)
Researcher/s: Prasanna V Balaji
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/266bbcab-7d41-4c38-b136-24da61728977

Post SMTP <= 2.6.0 – Authenticated (Administrator+) SQL Injection

Affected Software: POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress
CVE ID: CVE Unknown
CVSS Score: 7.2 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3816a6cf-8157-4ad9-83f6-93c9b6c6275f

Seriously Simple Stats <= 1.5.0 – Authenticated (Podcast manager+) SQL Injection via order_by

Affected Software: Seriously Simple Stats
CVE ID: CVE-2023-45001
CVSS Score: 7.2 (High)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/46150f65-e662-4539-ae99-eaee297a2608

Video Gallery – YouTube Gallery <= 2.0.2 – Authenticated (Administrator+) SQL Injection

Affected Software: Video Gallery – Best WordPress YouTube Gallery Plugin
CVE ID: CVE-2023-45069
CVSS Score: 7.2 (High)
Researcher/s: Ravi Dharmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a8382051-ae17-4719-94b5-3cfb0b5e82b1

Pressference Exporter <= 1.0.3 – Authenticated (Administrator+) SQL Injection

Affected Software: Pressference Exporter
CVE ID: CVE-2023-45046
CVSS Score: 7.2 (High)
Researcher/s: Nithissh S
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c12ba39f-03bc-4a45-b2f4-368f48c0a57b

YouTube Playlist Player <= 4.6.7 – Authenticated (Contributor+) Stored Cross-Site Scripting

Affected Software: YouTube Playlist Player
CVE ID: CVE-2023-45049
CVSS Score: 6.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/02cffe63-dad2-4f6b-9530-7f494e3071d7

Podcast Subscribe Buttons <= 1.4.8 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Affected Software: Podcast Subscribe Buttons
CVE ID: CVE-2023-5308
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/17dbfb82-e380-464a-bfaf-2d0f6bf07f25

Instagram for WordPress <= 2.1.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Affected Software: Instagram for WordPress
CVE ID: CVE-2023-5357
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3991d8d0-57a8-42e7-a53c-97508f7e137f

WP Responsive header image slider <= 3.2.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Affected Software: WP Responsive header image slider
CVE ID: CVE-2023-5334
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6953dea2-ca2d-4283-97c2-45c3420d9390

User Location and IP <= 1.6 – Authenticated (Contributor+) Stored Cross-Site Scripting

Affected Software: User Location and IP
CVE ID: CVE-2023-31217
CVSS Score: 6.4 (Medium)
Researcher/s: deokhunKim
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7e501592-4411-4c0a-aa67-e2d0a29d5d35

Smart Cookie Kit <= 2.3.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

Affected Software: Smart Cookie Kit
CVE ID: CVE-2023-45608
CVSS Score: 6.4 (Medium)
Researcher/s: resecured.io
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9b726e21-ff76-43ea-beb1-f68e94d3b7a4

Media Library Assistant <= 3.11 – Authenticated (Author+) Stored Cross-Site Scripting

Affected Software: Media Library Assistant
CVE ID: CVE-2023-24385
CVSS Score: 6.4 (Medium)
Researcher/s: n0paew
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a1603dc9-7f5e-47e1-8a81-27bb4df1aa4f

WordPress Popular Posts <= 6.3.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Affected Software: WordPress Popular Posts
CVE ID: CVE-2023-45607
CVSS Score: 6.4 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a91e8713-a760-4acd-9987-2a6b11dbdd56

Contact form Form For All <= 1.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Affected Software: Contact form Form For All – Easy to use, fast, 37 languages.
CVE ID: CVE-2023-5337
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/abe2f596-b2c3-49d3-b646-0f4b64f15674

Blog Filter <= 1.5.3 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Gumroad <= 3.1.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

Affected Software: Gumroad
CVE ID: CVE-2023-45059
CVSS Score: 6.4 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cd2abab4-f93c-454d-928d-128a490da0e2

WP Simple HTML Sitemap <= 2.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

Affected Software: WordPress Simple HTML Sitemap
CVE ID: CVE-2023-45067
CVSS Score: 6.4 (Medium)
Researcher/s: deokhunKim
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fca6d469-60e7-4866-a53c-d207817c9204

WPGetAPI 2.1.0 – 2.2.1 – Authenticated (Subscriber+) Arbitrary Options Update

Affected Software: Connect to external APIs – WPGetAPI
CVE ID: CVE Unknown
CVSS Score: 6.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/39003835-80df-49c7-982a-346bf328565c

Bulk NoIndex & NoFollow Toolkit <= 1.42 – Reflected Cross-Site Scripting via ‘s’

Affected Software: Bulk NoIndex & NoFollow Toolkit
CVE ID: CVE-2023-45065
CVSS Score: 6.1 (Medium)
Researcher/s: Phd
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0e4f6305-d003-478e-a8ef-0b254084f56f

Form Maker by 10Web <= 1.15.18 – Reflected Cross-Site Scripting

Affected Software: Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
CVE ID: CVE-2023-45070
CVSS Score: 6.1 (Medium)
Researcher/s: Vladislav Pokrovsky
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1b1db6b8-f005-488f-b2cc-667acc700b0a

RegistrationMagic <= 5.2.4.1 – Reflected Cross-Site Scripting via section_id

Affected Software: RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login
CVE ID: CVE Unknown
CVSS Score: 6.1 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2d010e55-d57a-49f7-a991-76b676b88f1e

Fotomoto <= 1.2.8 – Reflected Cross-Site Scripting

Affected Software: Fotomoto
CVE ID: CVE-2023-45007
CVSS Score: 6.1 (Medium)
Researcher/s: OZ1NG (TOOR, LISA)
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2fbeee6b-cbc0-462e-96ba-2fd4f54786b0

Download canvasio3D Light <= 2.4.6 – Reflected Cross-Site Scripting

Affected Software: canvasio3D Light
CVE ID: CVE-2023-45062
CVSS Score: 6.1 (Medium)
Researcher/s: thiennv
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/39b8f6d8-bca2-4bf2-93ab-868270df8752

Product Category Tree <= 2.5 – Reflected Cross-Site Scripting

Affected Software: Product Category Tree
CVE ID: CVE-2023-45054
CVSS Score: 6.1 (Medium)
Researcher/s: Le Ngoc Anh
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3e03ecc0-5ca1-4d64-a6d7-257325bcc5cb

Seriously Simple Stats <= 1.5.1 – Reflected Cross-Site Scripting

Affected Software: Seriously Simple Stats
CVE ID: CVE-2023-45005
CVSS Score: 6.1 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/92734acf-2021-4217-8cdd-a9d269198db3

OPcache Dashboard <= 0.3.1 – Reflected Cross-Site Scripting via ‘page’

Affected Software: OPcache Dashboard
CVE ID: CVE-2023-45064
CVSS Score: 6.1 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d3d6104b-eb2d-4e7e-98bd-6a46bd69ef5c

WooODT Lite <= 2.4.6 – Reflected Cross-Site Scripting

Affected Software: WooODT Lite – WooCommerce Order Delivery or Pickup with Date Time Location
CVE ID: CVE-2023-45006
CVSS Score: 6.1 (Medium)
Researcher/s: Le Ngoc Anh
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ede4b8ad-3c12-4ed8-9eda-806afa580bad

Social Feed <= 2.2.0 – Reflected Cross-Site Scripting

Affected Software: Social Feed | Custom Feed for Social Media Networks
CVE ID: CVE-2023-45003
CVSS Score: 6.1 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f124b5a0-b58b-45ff-bd22-7a09a9abd9bd

Simple SEO <= 2.0.23 – Cross-Site Request Forgery via multiple admin_post functions

Affected Software: Simple SEO
CVE ID: CVE-2023-45269
CVSS Score: 5.4 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/053b72c6-07bb-4e9f-ae25-da4bce91ae6e

Post View Count <= 1.8.2 – Cross-Site Request Forgery

Affected Software: Post View Count
CVE ID: CVE-2023-44996
CVSS Score: 5.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/114cf149-e923-4e21-9eb0-e38941799304

WP Forms Puzzle Captcha <= 4.1 – Cross-Site Request Forgery

Affected Software: WP Forms Puzzle Captcha
CVE ID: CVE-2023-44997
CVSS Score: 5.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1c75edd2-fc38-48b1-b58c-1d19c95c3db8

Urvanov Syntax Highlighter <= 2.8.33 – Cross-Site Request Forgery via init_ajax

Affected Software: Urvanov Syntax Highlighter
CVE ID: CVE-2023-45106
CVSS Score: 5.4 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3c85fa64-4761-4b92-bd4f-7c220cf18288

Social proof testimonials and reviews by Repuso <= 5.00 – Cross-Site Request Forgery

Affected Software: Social proof testimonials and reviews by Repuso
CVE ID: CVE-2023-45048
CVSS Score: 5.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/526aa2e5-06bd-4b4c-a331-315f8ab37858

LeadSquared Suite <= 0.7.4 – Cross-Site Request Forgery

Affected Software: LeadSquared Suite
CVE ID: CVE-2023-45047
CVSS Score: 5.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8da42003-f2d8-4837-84b2-e0e7171fa3fe

Customer Reviews for WooCommerce <= 5.36.0 – Missing Authorization in Reviews Exporter

Affected Software: Customer Reviews for WooCommerce
CVE ID: CVE-2023-45101
CVSS Score: 5.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d60f3da1-1184-4629-880c-ce3893fb55a5

Pinpoint Booking System <= 2.9.9.4.0 – Cross-Site Request Forgery via initBackEndAJAX

Affected Software: Pinpoint Booking System – #1 WordPress Booking Plugin
CVE ID: CVE-2023-45270
CVSS Score: 5.4 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f4dfb4b5-b2a5-40bd-9dfb-863baa563d06

Optimize Database after Deleting Revisions <= 5.0.110 – Missing Authorization via ‘odb_csv_download’

Affected Software: Optimize Database after Deleting Revisions
CVE ID: CVE Unknown
CVSS Score: 5.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/09050c1e-26e0-46e7-b5f0-ebaff4066b0a

Captcha/Honeypot for Contact Form 7 <= 1.11.3 – Captcha Bypass

Affected Software: Captcha/Honeypot (CF7, Avada, Elementor, Comments, WPForms) – GDPR ready
CVE ID: CVE-2023-45009
CVSS Score: 5.3 (Medium)
Researcher/s: qilin_99
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/60e9351a-302b-4a31-8a9c-c0a0b6ee3fcd

WP Ultimate Exporter <= 2.2 – Unauthenticated Information Disclosure

Affected Software: Export All Posts, Products, Orders, Refunds & Users
CVE ID: CVE-2023-2487
CVSS Score: 5.3 (Medium)
Researcher/s: Jonas Höbenreich
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/61f7e01e-c9ce-47f6-96d0-de908ce7e90c

ProfilePress <= 4.13.2 – Information Disclosure via Debug Log

Profile Extra Fields by BestWebSoft <= 1.2.7 – Missing Authorization to Sensitive Information Exposure

Affected Software: Profile Extra Fields by BestWebSoft
CVE ID: CVE-2023-4469
CVSS Score: 5.3 (Medium)
Researcher/s: Alex Thomas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/916c73e8-a150-4b35-8773-ea0ec29f7fd1

Redirection for Contact Form 7 <= 2.9.2 – Missing Authorization

Affected Software: Redirection for Contact Form 7
CVE ID: CVE-2023-39920
CVSS Score: 5.3 (Medium)
Researcher/s: Nguyen Anh Tien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9cf17c08-25b7-450d-acd9-963a1f79e495

WP Mail SMTP Pro <= 3.8.0 – Missing Authorization to Information Dislcosure via is_print_page

Affected Software: WP Mail SMTP Pro
CVE ID: CVE-2023-3213
CVSS Score: 5.3 (Medium)
Researcher/s: Alex Thomas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a813251b-a4c1-4b23-ad03-dcc1f4f19eb9

ChatBot <= 4.7.8 – Cross-Site Request Forgery via qc_wp_latest_update_check

Affected Software: AI ChatBot
CVE ID: CVE-2023-44993
CVSS Score: 5.3 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/be9522c8-3561-48fe-89ef-62e0fcb085b0

Open User Map | Everybody can add locations <= 1.3.26 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Open User Map
CVE ID: CVE-2023-45056
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/08593415-bbc9-4159-b5d5-84e4dde6c2c9

Complete Open Graph <= 3.4.5 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Complete Open Graph
CVE ID: CVE-2023-45010
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0f3303db-9ba6-4638-ba96-151cf91db85b

Timely Booking Button <= 2.0.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Timely Booking Button
CVE ID: CVE-2023-44987
CVSS Score: 4.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2eb3b568-8689-4184-8091-0b84aa6b472d

Abandoned Cart Lite for WooCommerce <= 5.15.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Abandoned Cart Lite for WooCommerce
CVE ID: CVE-2023-44986
CVSS Score: 4.4 (Medium)
Researcher/s: Robert DeVore
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/524e9ec1-9c7c-4b06-915c-8122ea6c3601

Geo Controller <= 8.5.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Geo Controller
CVE ID: CVE Unknown
CVSS Score: 4.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6faf7e36-52d7-4578-bb71-2b64a761692b

Mendeley <= 1.3.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Mendeley Plugin
CVE ID: CVE-2023-45073
CVSS Score: 4.4 (Medium)
Researcher/s: NeginNrb
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7b56c684-90f6-4e8b-86fc-355a13b5368c

WOLF <= 1.0.7.1 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: WOLF – WordPress Posts Bulk Editor and Manager Professional
CVE ID: CVE-2023-44990
CVSS Score: 4.4 (Medium)
Researcher/s: emad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/85b439ea-08f9-4b4e-80da-7c5f80bc2818

Image vertical reel scroll slideshow <= 9.0 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Image vertical reel scroll slideshow
CVE ID: CVE-2023-45051
CVSS Score: 4.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/91b06d7d-7e92-49f0-b161-9b25318edfeb

Order auto complete for WooCommerce <= 1.2.0 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Order auto complete for WooCommerce
CVE ID: CVE-2023-45072
CVSS Score: 4.4 (Medium)
Researcher/s: Emili Castells
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9521ad5b-83c3-487e-a69e-ca057777bc9e

Hotjar <= 1.0.15 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Hotjar
CVE ID: CVE-2023-1259
CVSS Score: 4.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9c640bcb-b6bf-4865-b713-32ca846e4ed9

Social Metrics <= 2.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Social Metrics
CVE ID: CVE-2023-44263
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b3267339-2f28-40b9-b6ff-fdfe0d67bdc8

Comment Reply Email <= 1.0.3 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Comment Reply Email
CVE ID: CVE-2023-45008
CVSS Score: 4.4 (Medium)
Researcher/s: Yebin Lee
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ba7d0ab4-55a5-47f4-b66e-27e963ab2268

Hitsteps Web Analytics <= 5.86 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Hitsteps Web Analytics
CVE ID: CVE-2023-45057
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f68a386b-544f-4aa2-8ae5-4d57ddd07b63

Publish Confirm Message <= 1.3.1 – Cross-Site Request Forgery

Affected Software: Publish Confirm Message
CVE ID: CVE-2023-32124
CVSS Score: 4.3 (Medium)
Researcher/s: Taihei Shimamine
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/05c2707c-c737-4f95-83e0-b0a4e0883d4b

Sp*tify Play Button for WordPress <= 2.10 – Cross-Site Request Forgery

Affected Software: Sp*tify Play Button for WordPress
CVE ID: CVE-2023-41131
CVSS Score: 4.3 (Medium)
Researcher/s: BuShiYue
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0b82fae0-4eec-41ea-90e2-9d08258805b3

Contact Form by Supsystic <= 1.7.27 – Cross-Site Request Forgery

Affected Software: Contact Form by Supsystic
CVE ID: CVE-2023-45068
CVSS Score: 4.3 (Medium)
Researcher/s: Taihei Shimamine
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/16dc1927-2171-4234-805b-6e4eed99fa90

WhitePage <= 1.1.5 – Cross-Site Request Forgery via params_api_form.php

Affected Software: WhitePage
CVE ID: CVE-2023-45109
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1b377236-bb56-4d31-837a-c5064d46a6c6

Automated Editor <= 1.3 – Cross-Site Request Forgery via admin menu pages

Affected Software: Automated Editor
CVE ID: CVE-2023-45276
CVSS Score: 4.3 (Medium)
Researcher/s: Prasanna V Balaji
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/27799988-cb2b-41c7-ad9a-aade59d31fa3

Stout Google Calendar <= 1.2.3 – Cross-Site Request Forgery via sgc_plugin_options

Affected Software: Stout Google Calendar
CVE ID: CVE-2023-45273
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/33efcbb4-2bb9-4414-bc95-55bedb92c551

WP Content Pilot – Autoblogging & Affiliate Marketing Plugin <= 1.3.3 – Authenticated (Contributor+) Content Injection

Affected Software: WP Content Pilot – Autoblogging & Affiliate Marketing Plugin
CVE ID: CVE-2023-45053
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/373c10df-0d9c-4f76-8d1f-cad6bcfed141

Blog Manager Light <= 1.20 – Cross-Site Request Forgery via bml_settings

Affected Software: Blog Manager Light
CVE ID: CVE-2023-45102
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/38307432-399e-4887-867c-9eb2a0d90d70

Mailrelay <= 2.1.1 – Cross-Site Request Forgery via render_admin_page

Affected Software: Mailrelay
CVE ID: CVE-2023-45108
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3c07a2fe-97b1-45ec-bbd9-9353d679ed49

AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One <= 1.1.5 – Cross-Site Request Forgery

Affected Software: AI Content Writing Assistant (Content Writer, GPT 3 & 4, ChatGPT, Image Generator) All in One
CVE ID: CVE-2023-45063
CVSS Score: 4.3 (Medium)
Researcher/s: konagash
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3de1bcd7-24a8-4566-819b-d6653344e132

IRivYou <= 2.2.1 – Cross-Site Request Forgery via saveOptionsReviewsPlugin

Affected Software: IRivYou – Add reviews from AliExpress and Amazon to woocommerce
CVE ID: CVE-2023-45267
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5607cc07-5104-45d0-8279-ba0ef3ebcbe9

GoodBarber <= 1.0.22 – Cross-Site Request Forgery via admin_options

Affected Software: GoodBarber
CVE ID: CVE-2023-45107
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/57774f93-e6c0-46e6-8019-eab00b2b48ff

WP Bing Map Pro <= 4.1.4 – Cross-Site Request Forgery via AJAX actions

Affected Software: WP Bing Map Pro
CVE ID: CVE-2023-45052
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5abc627d-2d8e-44e6-8e8e-ad9f55cbb0d8

Interactive World Map <= 3.2.0 – Cross-Site Request Forgery

Affected Software: Interactive World Map
CVE ID: CVE-2023-45060
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5b559a48-3c8b-4f8a-9627-c4f838d20af3

WP Custom Widget area <= 1.2.5 – Missing Authorization

Affected Software: WP Custom Widget area
CVE ID: CVE-2023-45045
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/64559d37-0c6b-45f5-8a2a-6e70cb5e423c

SendPulse Free Web Push <= 1.3.1 – Cross-Site Request Forgery via sendpulse_config

Affected Software: SendPulse Free Web Push
CVE ID: CVE-2023-45274
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/654727e0-6129-47c7-94f3-10567b1a42d4

Hitsteps Web Analytics <= 5.86 – Cross-Site Request Forgery via hst_optionpage

Affected Software: Hitsteps Web Analytics
CVE ID: CVE-2023-45268
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7252075f-9326-4f04-bdd9-b244609c9cd3

WP User Frontend <= 3.6.8 – Missing Authorization via AJAX actions

ShortCodes UI <= 1.9.8 – Cross-Site Request Forgery

Affected Software: ShortCodes UI
CVE ID: CVE-2023-44994
CVSS Score: 4.3 (Medium)
Researcher/s: An Đặng
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/90e69e43-597c-4c18-b581-d99dacefb9b8

Short URL <= 1.6.8 – Cross-Site Request Forgery

Affected Software: Short URL
CVE ID: CVE-2023-45058
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/95c5a219-0b04-424c-a3dd-d705b1b41ddc

Bold Timeline Lite <= 1.1.9 – Missing Authorization to Admin Notice Dismissal

Affected Software: Bold Timeline Lite
CVE ID: CVE-2023-45110
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9bbabf5e-dbfc-4b01-94ae-0e8fd6b3cc26

Booster for WooCommerce <= 7.1.1 – Authenticated (Subscriber+) Information Disclosure via Shortcode

Affected Software: Booster for WooCommerce
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a1426809-b245-4868-be87-c96b3c5c05f9

WP Power Stats <= 2.2.3 – Cross-Site Request Forgery

Affected Software: WP Power Stats
CVE ID: CVE-2023-45011
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a86a694b-5e45-4e94-a22c-2c5faa7172a2

WooCommerce Login Redirect <= 2.2.4 – Cross-Site Request Forgery

Affected Software: WooCommerce Login Redirect
CVE ID: CVE-2023-44995
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a8b0d708-4f74-4e6d-9581-f65caf976d45

Permalinks Customizer <= 2.8.2 – Cross-Site Request Forgery via post_settings

Affected Software: Permalinks Customizer
CVE ID: CVE-2023-45103
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bf1f402d-98d7-42d7-8d8d-ff74a65e5293

Category Meta <= 1.2.8 – Cross-Site Request Forgery

Affected Software: Category Meta plugin
CVE ID: CVE-2023-44998
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bf2ddc42-9910-40e5-9546-89f229b852da

Marker.io <= 1.1.6 – Cross-Site Request Forgery

Affected Software: Marker.io – Visual Website Feedback
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c49b3841-370b-42ed-9545-e69c2544642d

Customer Reviews for WooCommerce <= 5.36.0 – Missing Authorization

Affected Software: Customer Reviews for WooCommerce
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c5429fb1-7072-4a00-8fb3-48d4f876417f

affiliate-toolkit – WordPress Affiliate Plugin <= 3.3.9 – Open Redirect via atkpout.php

Affected Software: affiliate-toolkit – WordPress Affiliate Plugin
CVE ID: CVE-2023-45105
CVSS Score: 3.4 (Low)
Researcher/s: minhtuanact
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/06b332de-4f94-47dc-a573-53514adaf5c0

As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (October 2, 2023 to October 8, 2023) appeared first on Wordfence.