Last week, there were 109 vulnerabilities disclosed in 102 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 37 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 12,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
New Firewall Rules Deployed Last Week
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
WP EXtra <= 6.2 – Missing Authorization to .htaccess File Modification
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Total Unpatched & Patched Vulnerabilities Last Week
Patch Status
Number of Vulnerabilities
Unpatched
59
Patched
50
Total Vulnerabilities by CVSS Severity Last Week
Severity Rating
Number of Vulnerabilities
Low Severity
0
Medium Severity
92
High Severity
14
Critical Severity
3
Total Vulnerabilities by CWE Type Last Week
Vulnerability Type by CWE
Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
42
Missing Authorization
24
Cross-Site Request Forgery (CSRF)
22
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
7
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’)
3
URL Redirection to Untrusted Site (‘Open Redirect’)
3
Deserialization of Untrusted Data
2
Improper Authentication
1
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
1
Guessable CAPTCHA
1
Improper Access Control
1
Protection Mechanism Failure
1
Authorization Bypass Through User-Controlled Key
1
Researchers That Contributed to WordPress Security Last Week
Researcher Name
Number of Vulnerabilities
Lana Codes
(Wordfence Vulnerability Researcher)
25
Mika
8
Skalucy
3
qilin_99
3
thiennv
2
emad
1
konagash
1
Elliot
1
Erwan LR
1
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
Software Name
Software Slug
10Web Booster – Website speed optimization, Cache & Page Speed optimizer
tenweb-speed-optimizer
404 Solution
404-solution
Accordion
accordions-wp
Admin and Site Enhancements (ASE)
admin-site-enhancements
Advanced Menu Widget
advanced-menu-widget
All-In-One Security (AIOS) – Security and Firewall
all-in-one-wp-security-and-firewall
Alter
alter
Animated Counters
animated-counters
Article analytics
article-analytics
Auto Excerpt everywhere
auto-excerpt-everywhere
Auto Limit Posts Reloaded
auto-limit-posts-reloaded
Autolinks Manager
daext-autolinks-manager
BSK PDF Manager
bsk-pdf-manager
Bellows Accordion Menu
bellows-accordion-menu
Bonus for Woo
bonus-for-woo
Booking calendar, Appointment Booking System
booking-calendar
Buzzsprout Podcasting
buzzsprout-podcasting
CallRail Phone Call Tracking
callrail-phone-call-tracking
Category SEO Meta Tags
category-seo-meta-tags
CloudNet360
cloudnet-sync
Convertful – Your Ultimate On-Site Conversion Tool
convertful
Cookie Bar
cookie-bar
Current Menu Item for Custom Post Types
current-menu-item-for-custom-post-types
Custom Header Images
custom-header-images
Custom Login Page | Temporary Users | Rebrand Login | Login Captcha
feather-login-page
Custom My Account for Woocommerce
custom-my-account-for-woocommerce
DeepL API translation plugin
wpdeepl
Deeper Comments
deeper-comments
Delete Me
delete-me
DoLogin Security
dologin
EasyRecipe
easyrecipe
Export WP Page to Static HTML/CSS
export-wp-page-to-static-html
FLOWFACT WP Connector
flowfact-wp-connector
FareHarbor for WordPress
fareharbor
Fathom Analytics for WP
fathom-analytics
FeedFocal
feedfocal
GD Security Headers
gd-security-headers
Generate Dummy Posts
generate-dummy-posts
Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers
rafflepress
Google Maps made Simple
wp-gmappity-easy-google-maps
Grid Plus – Unlimited grid layout
grid-plus
Group Chat & Video Chat by AtomChat
atomchat
ICS Calendar
ics-calendar
ImageLinks Interactive Image Builder for WordPress
imagelinks-interactive-image-builder-lite
Interactive Image Map Plugin – Draw Attention
draw-attention
KD Coming Soon
kd-coming-soon
LiteSpeed Cache
litespeed-cache
Live Chat with Facebook Messenger
wp-facebook-messenger
Magic Embeds
wp-embed-facebook
Mail logging – WP Mail Catcher
wp-mail-catcher
Mediabay – Media Library Folders
mediabay-lite
Medialist
media-list
MomentoPress for Momento360
cmyee-momentopress
My Shortcodes
my-shortcodes
Neon text
neon-text
News & Blog Designer Pack – WordPress Blog Plugin — (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry)
blog-designer-pack
Ni WooCommerce Sales Report
ni-woocommerce-sales-report
Original texts Yandex WebMaster
original-texts-yandex-webmaster
PHP to Page
php-to-page
Parcel Pro
woo-parcel-pro
Post Meta Data Manager
post-meta-data-manager
Pre-Orders for WooCommerce
pre-orders-for-woocommerce
Product Recommendation Quiz for eCommerce
product-recommendation-quiz-for-ecommerce
PubyDoc – Data Tables and Charts
pubydoc-data-tables-and-charts
Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress
quillforms
Related Products for WooCommerce
woo-related-products-refresh-on-reload
Remove Add to Cart WooCommerce
remove-add-to-cart-woocommerce
Reusable Text Blocks
reusable-text-blocks
SAHU TikTok Pixel for E-Commerce
sahu-tiktok-pixel
Seraphinite Accelerator
seraphinite-accelerator
Shortcode Menu
shortcode-menu
Simple Shortcodes
smpl-shortcodes
Simple User Listing
simple-user-listing
Slick Popup: Contact Form 7 Popup Plugin
slick-popup
Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More
woocommerce-exporter
TK Google Fonts GDPR Compliant
tk-google-fonts
Thumbnail Slider With Lightbox
wp-responsive-slider-with-lightbox
Thumbnail carousel slider
wp-responsive-thumbnail-slider
User Avatar
user-avatar
VK Blocks
vk-blocks
VK Filter Search
vk-filter-search
Very Simple Google Maps
very-simple-google-maps
WCP OpenWeather
wcp-openweather
WDContactFormBuilder
contact-form-builder
WDSocialWidgets
spider-facebook
WP EXtra
wp-extra
WP Font Awesome
wp-font-awesome
WP Glossary
wp-glossary
WP Helper Premium
wp-helper-lite
WP Post Popup
wp-post-modal
WP Simple Galleries
wp-simple-galleries
WP Word Count
wp-word-count
WP iCal Availability
wp-ical-availability
WPPizza – A Restaurant Plugin
wppizza
Weather Atlas Widget
weather-atlas
WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg
groundhogg
WordPress CTA – WordPress Call To Action, Sticky CTA, Floating Buttons, Floating Tab Plugin
easy-sticky-sidebar
WordPress Knowledge base & Documentation Plugin – WP Knowledgebase
wp-knowledgebase
WordPress Simple HTML Sitemap
wp-simple-html-sitemap
YITH WooCommerce Product Add-Ons
yith-woocommerce-product-add-ons
YOP Poll
yop-poll
kk Star Ratings
kk-star-ratings
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
PHP to Page <= 0.3 – Authenticated (Subscriber+) Local File Inclusion to Remote Code Execution via Shortcode
CVE ID: CVE-2023-5199
CVSS Score: 9.9 (Critical)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/83e5a0dc-fc51-4565-945f-190cf9175874
Article Analytics <= 1.0 – Unauthenticated SQL Injection
CVE ID: CVE-2023-5640
CVSS Score: 9.8 (Critical)
Researcher/s: Nicolas Surribas
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6abbdecd-782a-44a2-981a-ae6caa50dd6a
Thumbnail Slider With Lightbox <= 1.0 – Cross-Site Request Forgery to Arbitrary File Upload
CVE ID: CVE-2023-5820
CVSS Score: 9.6 (Critical)
Researcher/s: Ala Arfaoui
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e51e1cd2-6de9-4820-8bba-1c6b5053e2c1
WP Simple Galleries <= 1.34 – Authenticated (Contributor+) PHP Object Injection
CVE ID: CVE-2023-5583
CVSS Score: 8.8 (High)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0dc8f7cf-d8be-4229-b823-3bd9bc9f6eda
Google Maps made Simple <= 0.6 – Authenticated (Subscriber+) SQL Injection via Shortcode
CVE ID: CVE-2023-5315
CVSS Score: 8.8 (High)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/262db9aa-0db5-48cd-a85b-3e6302e88a42
WP EXtra <= 6.2 – Missing Authorization to .htaccess File Modification
CVE ID: CVE-2023-5311
CVSS Score: 8.8 (High)
Researcher/s: GiongfNef
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/87e3dd5e-0d77-4d78-8171-0beaf9482699
Post Meta Data Manager <=1.2.0 – Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
CVE ID: CVE-2023-5425
CVSS Score: 8.8 (High)
Researcher/s: Francesco Carlucci
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d7f4e710-99a2-49df-a513-725e1daaa18a
Deeper Comments <= 2.1.1 – Missing Authorization to Authenticated(Subscriber+) Arbitrary Options Update
CVE ID: CVE Unknown
CVSS Score: 8.8 (High)
Researcher/s: Jerome Bruandet
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f1cbe675-4c0f-430a-b2db-85ba8605d172
KD Coming Soon <= 1.7 – Unauthenticated PHP Object Injection via cetitle
CVE ID: CVE-2023-46615
CVSS Score: 8.1 (High)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0f831d48-733a-4e79-8559-92b03b8d0356
News & Blog Designer Pack – WordPress Blog Plugin <= 3.4.1 – Unauthenticated Remote Code Execution via Local File Inclusion
CVE ID: CVE-2023-5815
CVSS Score: 8.1 (High)
Researcher/s: Florian Hauser
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2f2bdf11-401a-48af-b1dc-aeeb40b9a384
Admin and Site Enhancements (ASE) <= 5.7.1 – Password Protection Mode Security Feature Bypass
CVE ID: CVE-2023-46630
CVSS Score: 7.5 (High)
Researcher/s: Abu Hurayra
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0abad47f-a806-4cdd-a11f-015b997b5e86
Post Meta Data Manager <=1.2.0 – Missing Authorization to User, Term, and Post Meta Deletion
CVE ID: CVE-2023-5426
CVSS Score: 7.5 (High)
Researcher/s: Francesco Carlucci
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d6a7f882-4582-4b08-9597-329d140ad782
404 Solution <= 2.33.2 – Authenticated (Administrator+) SQL Injection via orderby
CVE ID: CVE Unknown
CVSS Score: 7.2 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/14958861-305e-4a9b-b428-de204cd6781e
ImageLinks <= 1.5.4 – Authenticated (Admin+) SQL Injection
CVE ID: CVE Unknown
CVSS Score: 7.2 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9f678700-f266-4740-a98d-19f8e9734563
GD Security Headers <= 1.7 – Authenticated (Admin+) SQL Injection
CVE ID: CVE Unknown
CVSS Score: 7.2 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b556bb3b-0fea-48a9-a893-3ad015559f3d
Booking Calendar WpDevArt <= 3.2.11 – Authenticated (Admin+) SQL Injection
CVE ID: CVE Unknown
CVSS Score: 7.2 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/caa39613-aaf3-4e47-8866-8fda1f7fc15b
Mail logging – WP Mail Catcher <= 2.1.3 – Authenticated (Admin+) SQL Injection
CVE ID: CVE Unknown
CVSS Score: 7.2 (High)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f3ebbf7f-61f2-403f-8131-8cedeb13c2d4
ICS Calendar <= 10.12.0.1 – Authenticated(Contributor+) Directory Traversal via _url_get_contents
CVE ID: CVE-2023-46784
CVSS Score: 6.5 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0f18a1c5-a0b7-49f9-acc1-5604304fd72f
WordPress CTA <= 1.5.6 – Missing Authorization via Multiple AJAX Actions
CVE ID: CVE-2023-46644
CVSS Score: 6.5 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a65a1f25-04e5-4ca3-9b2d-1b78254a8871
DoLogin Security <= 3.7.1 – Missing Authorization via REST Endpoints
CVE ID: CVE-2023-46608
CVSS Score: 6.5 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/af93f4f5-4c6d-4178-b7f7-c66c341bde87
10Web Booster <= 2.24.14 – Unauthenticated Arbitrary Option Deletion
CVE ID: CVE Unknown
CVSS Score: 6.5 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e4d9c659-ec6a-43ca-b484-02afd06f3c13
Product Recommendation Quiz for eCommerce <= 2.1.0 – Missing Authorization in prq_set_token
CVE ID: CVE-2023-46631
CVSS Score: 6.5 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f10ae2b6-1580-418c-9cf7-e75ed71bb309
VK Filter Search <= 2.3.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-5705
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/012946d4-82ce-48b9-9b9a-1fc49846dca6
VK Blocks <= 1.63.0.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Block
CVE ID: CVE-2023-5706
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/05dd7c96-7880-44a8-a06f-037bc627fd8d
LiteSpeed Cache <= 5.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-4372
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/27026f0f-c85e-4409-9973-4b9cb8a90da5
Animated Counters <= 1.7 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-5774
CVSS Score: 6.4 (Medium)
Researcher/s: Dmitrii Ignatyev
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/33c2756d-c300-479f-b3aa-8f22c3a70278
CallRail Phone Call Tracking <= 0.5.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-5051
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/35def866-7460-4cad-8d86-7b9e4905cbe4
FareHarbor for WordPress <= 3.6.7 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-5252
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/42ad6fef-4280-45db-a3e2-6d7522751fa7
Shortcode Menu <= 3.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-5565
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/438b9c13-4059-4671-ab4a-07a8cf6f6122
Medialist <= 1.3.9 – Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
CVE ID: CVE-2023-46640
CVSS Score: 6.4 (Medium)
Researcher/s: Tien from VNPT-VCI
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/45c7f8fb-3fd0-425f-89a1-8971f67d5755
Bellows Accordion Menu <= 1.4.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-5164
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/50283a4f-ea59-488a-bab0-dd6bc5718556
WP Font Awesome <= 1.7.9 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-5127
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/59ee0b56-c11f-4951-aac0-8344200e4484
Advanced Menu Widget <= 0.4.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-5085
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5da2dac6-940c-419e-853f-6cfd5d53d427
BSK PDF Manager <= 3.4.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-5110
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/60de55c6-e4fa-453e-84bd-309f2887e3cb
WDContactFormBuilder <= 1.0.72 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-5048
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7152253a-7bb8-4b5c-bffd-86e46df54b7e
Magic Embeds <= 3.0.10 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-4799
CVSS Score: 6.4 (Medium)
Researcher/s: Dmitrii Ignatyev
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/88ade7a7-da31-4752-b100-40dae81735b0
Simple Shortcodes <= 1.0.20 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-5566
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a153d6b2-e3fd-42db-90ba-d899a07d60c1
Grid Plus <= 1.3.2 – Authenticated (Subscriber+) Local File Inclusion via Shortcode
CVE ID: CVE-2023-5250
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a6407792-2c76-4149-a9f9-d53002135bec
Giveaways and Contests by RafflePress <= 1.12.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-5049
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a6d663a9-3185-4c36-b9d1-878297965379
Accordion <= 2.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-5666
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a8ada876-4a8b-494f-9132-d88a71b42c44
Related Products for WooCommerce <= 3.3.15 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-5234
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a98498b8-9397-42e9-9c99-a576975c9ac9
Live Chat with Facebook Messenger <= 1.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-5740
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/aa32a790-242f-4142-9f4d-e1b2a07045bb
Buzzsprout Podcasting <= 1.8.4 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-5335
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/be7f8b73-801d-46e8-81c1-8bb0bb576700
Weather Atlas Widget <= 1.2.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-5163
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c2324caa-f804-4f76-9d08-8951fbee4669
MomentoPress for Momento360 <= 1.0.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-46782
CVSS Score: 6.4 (Medium)
Researcher/s: NGÔ THIÊN AN
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e0fdee40-9d60-4657-9e2b-42d548dea1c0
Pre-Orders for WooCommerce <= 1.2.13 – Authenticated (Contributor+) Stored Cross-Site Scripting
CVE ID: CVE-2023-46783
CVSS Score: 6.4 (Medium)
Researcher/s: Abu Hurayra
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/eb2776d8-1e2f-46fb-9d3b-693c8fa115b3
Neon text <= 1.1 – Authenticated (Contributor+) Stored Cross-Site Scripting
CVE ID: CVE-2023-5817
CVSS Score: 6.4 (Medium)
Researcher/s: Dmitrii Ignatyev
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f9998485-e272-48fc-b2f1-9e30158d0d16
Very Simple Google Maps <= 2.9 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-5744
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fca7837c-ad24-44ce-b073-7df3f8bc4300
Draw Attention <= 2.0.15 – Improper Access Control via register_cpt
CVE ID: CVE-2023-46616
CVSS Score: 6.3 (Medium)
Researcher/s: thiennv
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5d635669-ee85-4fb5-8238-3edb3bbb8fb4
WP Simple HTML Sitemap <= 2.1 – Reflected Cross-Site Scripting via id
CVE ID: CVE-2023-46627
CVSS Score: 6.1 (Medium)
Researcher/s: Le Ngoc Anh
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/26e52072-9465-4b56-9794-f17861b7c70c
Bonus for Woo <= 5.8.2 – Reflected Cross-Site Scripting
CVE ID: CVE-2023-5140
CVSS Score: 6.1 (Medium)
Researcher/s: Enrico Marcolini, Claudio Marchesini
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2b959b65-16ad-45f9-9ad9-dfc97bda571e
Download CloudNet360 <= 3.2.0 – Reflected Cross-Site Scripting
CVE ID: CVE-2023-46643
CVSS Score: 6.1 (Medium)
Researcher/s: Nithissh S
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/54b88702-ec41-414b-87f1-1859b130a713
User Avatar <= 1.4.11 – Unauthenticated Cross-Site Scripting
CVE ID: CVE-2023-46621
CVSS Score: 6.1 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6903e37e-5251-47bb-8023-755821af4689
WooCommerce – Store Exporter <= 2.7.2 – Reflected Cross-Site Scripting via ‘filter’
CVE ID: CVE Unknown
CVSS Score: 6.1 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/947286b0-347f-47ab-885a-7805b50f0be8
Seraphinite Accelerator <= 2.20.28 – Reflected Cross-Site Scripting via ‘rt’
CVE ID: CVE-2023-5609
CVSS Score: 6.1 (Medium)
Researcher/s: Krzysztof Zając
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9dc90b13-2f36-45bc-991c-f1927ae9253d
FLOWFACT WP Connector <= 2.1.7 – Reflected Cross-Site Scripting
CVE ID: CVE-2023-46626
CVSS Score: 6.1 (Medium)
Researcher/s: Jonas Höbenreich
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b4b61b5b-e5e8-41d4-bf37-d9427a204ea6
Simple User Listing <= 1.9.2 – Reflected Cross-Site Scripting via as
CVE ID: CVE-2023-32298
CVSS Score: 6.1 (Medium)
Researcher/s: Emili Castells
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c7035903-d598-4db3-ba77-6e836229c5de
WPPizza <= 3.18.2 – Reflected Cross-Site Scripting
CVE ID: CVE-2023-46622
CVSS Score: 6.1 (Medium)
Researcher/s: SeungYongLee
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ccfdb5f5-8417-44a3-a27c-157a9619c68b
Reusable Text Blocks <= 1.5.3 – Authenticated (Author+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-5745
CVSS Score: 5.5 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0d627ee7-1175-4621-a477-1e9ec2d05eee
My Shortcodes <= 2.3 – Missing Authorization via Multiple AJAX Actions
CVE ID: CVE-2023-46632
CVSS Score: 5.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7a931496-f130-4910-9116-6c2c4df760f5
Quill Forms <= 3.3.0 – Cross-Site Request Forgery
CVE ID: CVE-2023-46610
CVSS Score: 5.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8ea4617a-6211-4f8d-ab51-10ca509aaacf
Seraphinite Accelerator <= 2.20.28 – Arbitrary Redirect via ‘redir’
CVE ID: CVE-2023-5610
CVSS Score: 5.4 (Medium)
Researcher/s: Erwan LR
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9d6dd532-008b-4ce9-beca-baf5b3678a0b
Spider Facebook <= 1.0.15 – Cross-Site Request Forgery
CVE ID: CVE-2023-46619
CVSS Score: 5.4 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a94accad-27c7-462b-b26f-0dde2036a7ba
Quill Forms <= 3.3.0 – Missing Authorization
CVE ID: CVE-2023-46610
CVSS Score: 5.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b6846688-5716-4b22-8a1d-b96b230b0742
Grid Plus <= 1.3.2 – Missing Authorization to Authenticated (Subscriber+) Grid Layout Add/Update/Delete
CVE ID: CVE-2023-5251
CVSS Score: 5.4 (Medium)
Researcher/s: Unknown
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d2d34c84-473c-49f8-b55c-c869b5479974
Alter <= 1.0 – Cross-Site Request Forgery
CVE ID: CVE-2023-46780
CVSS Score: 5.4 (Medium)
Researcher/s: Skalucy
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e58a45c4-06cb-4b2b-97f2-a614fc230942
kk Star Ratings <= 5.4.5 – Missing Authorization
CVE ID: CVE-2023-46639
CVSS Score: 5.3 (Medium)
Researcher/s: Revan Arifio
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1af442f7-b57c-47bd-9733-5e6bb5c89443
AtomChat <= 1.1.4 – Missing Authorization via credits REST API Endpoint
CVE ID: CVE-2023-46606
CVSS Score: 5.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/21f917a4-efee-421b-98b1-a9b18c7527d2
YOP Poll <= 6.5.28 – Reusable Captcha via validateImage
CVE ID: CVE-2023-46611
CVSS Score: 5.3 (Medium)
Researcher/s: qilin_99
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/33f8f75d-c57e-456c-a48a-82fa668adb1c
FeedFocal <= 1.2.1 – Missing Authorization via feedfocal_api_setup REST function
CVE ID: CVE-2023-46609
CVSS Score: 5.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/489fe6ac-5437-44a2-93dc-00e75eefbc45
Convertful – Your Ultimate On-Site Conversion Tool <= 2.5 – Missing Authorization via add_woo_coupon
CVE ID: CVE-2023-46605
CVSS Score: 5.3 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4e8c311e-7cf2-4aaf-8059-30f872475ee5
All In One WP Security <= 5.2.4 – Protection Bypass of Renamed Login Page via URL Encoding
CVE ID: CVE Unknown
CVSS Score: 5.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/63fc381e-ce72-4c90-bb35-daba520be40d
Generate Dummy Posts <= 1.0.0 – Missing Authorization
CVE ID: CVE-2023-46637
CVSS Score: 5.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6d797f36-f485-4049-83f0-01d0cb409a92
YITH WooCommerce Product Add-Ons <= 4.2.0 – Missing Authorization
CVE ID: CVE-2023-46635
CVSS Score: 5.3 (Medium)
Researcher/s: Elliot
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7e95773c-b968-47b3-8ae7-9a8d3389666c
Glossary <= 3.1.2 – Missing Authorization
CVE ID: CVE-2023-46633
CVSS Score: 5.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fca34e4e-3324-4942-854b-a4511f88af8b
Delete Me <= 3.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-5126
CVSS Score: 4.9 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7a5123a7-8eb4-481e-88fe-6310be37a077
Parcel Pro <= 1.6.8 – Open Redirect via ‘redirect’
CVE ID: CVE-2023-46624
CVSS Score: 4.7 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/95d4fbf6-e21a-48db-bfb3-32fc9116afa0
SAHU TikTok Pixel for E-Commerce <= 1.2.2 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-46642
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/28cddb4c-32a1-4ea9-936d-5ec7ffd84753
PubyDoc <= 2.0.6 – Authenticated (Admin+) Stored Cross-Site Scripting
CVE ID: CVE-2023-4970
CVSS Score: 4.4 (Medium)
Researcher/s: Vaishnav Rajeevan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3badf9b8-7558-4a46-9eb2-cd119a77c903
Slick Popup: Contact Form 7 Popup Plugin <= 1.7.14 – Authenticated (Admin+) Stored Cross-Site Scripting
CVE ID: CVE Unknown
CVSS Score: 4.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/54019f42-488d-484f-b34e-2b5bd5b0a1dd
WP Post Popup <= 3.7.3 – Authenticated (Admin+) Stored Cross-Site Scripting
CVE ID: CVE-2023-4808
CVSS Score: 4.4 (Medium)
Researcher/s: Abhijith A
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5fe46da6-add5-42d4-a2db-7a8bada2968c
Cookie Bar <= 2.0 – Authenticated(Administrator+) Stored Cross-Site Scripting
CVE ID: CVE Unknown
CVSS Score: 4.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/80afca9d-8f9c-412f-b2dd-f0078ec8173c
Fathom Analytics <= 3.0.7 – Authenticated(Administrator+) Stored Cross-Site Scripting
CVE ID: CVE Unknown
CVSS Score: 4.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d3343d96-ca52-46a6-b464-cd2e5375d10f
Groundhogg <= 2.7.11.10 – Authenticated (Administrator+) Stored Cross-Site Scripting via Task Data
CVE ID: CVE-2023-40681
CVSS Score: 4.4 (Medium)
Researcher/s: Hamoud Al Helmani
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/edafc213-a95f-483e-ac5f-d5b56817d046
TK Google Fonts GDPR Compliant <= 2.2.11 – Missing Authorization to Font Deletion
CVE ID: CVE-2023-5823
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0bc772a6-95a1-4420-bd97-1778002e2168
Custom Header Images <= 1.2.1 – Cross-Site Request Forgery
CVE ID: CVE-2023-46636
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0beaa7ce-40aa-429e-80fd-d04e75489b92
Autolinks Manager <= 1.10.04 – Cross-Site Request Forgery
CVE ID: CVE-2023-46625
CVSS Score: 4.3 (Medium)
Researcher/s: Skalucy
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2ec5d29e-43e2-4cd3-8164-94b01fab4d64
Auto Excerpt everywhere <= 1.5 – Cross-Site Request Forgery
CVE ID: CVE-2023-46776
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/32647c44-389a-4a6d-a32b-e19a35bc2aeb
EasyRecipe <= 3.5.3251 – Cross-Site Request Forgery
CVE ID: CVE-2023-46779
CVSS Score: 4.3 (Medium)
Researcher/s: Skalucy
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/35906df7-5eaf-494a-8184-48e2ca22301e
Mediabay <= 1.6 – Missing Authorization via AJAC actions
CVE ID: CVE-2023-46612
CVSS Score: 4.3 (Medium)
Researcher/s: emad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3a923f58-f6c7-47ee-87f6-27453b39d1cf
Remove Add to Cart WooCommerce <= 1.4.4 – Cross-Site Request Forgery to Settings Modification
CVE ID: CVE-2023-46629
CVSS Score: 4.3 (Medium)
Researcher/s: qilin_99
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4938c1be-2356-4a9c-9795-108a2d5a6cc7
WP Word Count <= 3.2.4 – Missing Authorization via calculate_statistics
CVE ID: CVE-2023-46628
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/55dfd822-9034-4982-bfe7-eb86119e1f07
WP Helper Premium <= 4.5.1 – Cross-Site Request Forgery via whp_fields
CVE ID: CVE-2023-46614
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/73e2c5bd-c81d-48ee-a5fc-346dd820d0a4
TK Google Fonts GDPR Compliant <= 2.2.11 – Missing Authorization to Font Addition
CVE ID: CVE-2023-5823
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7546b0b7-8081-4762-9e20-76dfb3c8a8a7
Export WP Page to Static HTML/CSS <= 2.1.9 – Cross-Site Request Forgery via Multiple AJAX Actions
CVE ID: CVE-2023-31077
CVSS Score: 4.3 (Medium)
Researcher/s: konagash
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7781e20b-c258-4bfd-9050-75a50a335628
Ni WooCommerce Sales Report <= 3.7.2 – Missing Authorization via ajax_sales_order
CVE ID: CVE-2023-32299
CVSS Score: 4.3 (Medium)
Researcher/s: Jonas Höbenreich
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7b509887-6d32-4e7f-bdff-fd4f6c76f6f2
WP EXtra <= 6.2 – Missing Authorization to Arbitrary Email Sending
CVE ID: CVE-2023-5314
CVSS Score: 4.3 (Medium)
Researcher/s: TP Cyber Security
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/93c10a58-c5f2-440b-a88e-5314143fdd90
Original texts Yandex WebMaster <= 1.18 – Cross-Site Request Forgery
CVE ID: CVE-2023-46775
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a9c500fc-0d85-41b1-a2b8-9c8ba372a6e3
WP Knowledgebase <= 1.3.4 – Cross-Site Request Forgery
CVE ID: CVE-2023-5802
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/aa5ee133-e38a-4dfe-975c-f194aa6e90b8
Feather Login Page <= 1.1.3 – Cross-Site Request Forgery
CVE ID: CVE-2023-46777
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b1a85bc2-0b00-4635-86f6-26e96cc0616e
DeepL Pro API translation <= 2.3.7.1 – Cross-Site Request Forgery via wpdeepl_prune_logs
CVE ID: CVE-2023-46620
CVSS Score: 4.3 (Medium)
Researcher/s: thiennv
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b60cb1af-c9f3-4cea-9699-d66a52eb87eb
Thumbnail carousel slider <= 1.0 – Cross-Site Request Forgery to Mass Slider Deletion
CVE ID: CVE-2023-5821
CVSS Score: 4.3 (Medium)
Researcher/s: Ala Arfaoui
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bde75c5a-b0b7-4f26-91e9-dd4816e276c9
WP iCal Availability <= 1.0.3 – Missing Authorization
CVE ID: CVE-2023-46607
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c38ac30d-95dc-415e-8ea6-507ed87d34db
Seraphinite Accelerator (Base, cache only) <= 2.20.31 – Cross-Site Request Forgery
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d2b32fdc-b73f-48e5-88bf-e836ec2f791f
WCP OpenWeather <= 2.5.0 – Cross-Site Request Forgery
CVE ID: CVE-2023-46638
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d5b573e2-373f-41bc-8d9a-ea42e908ac4e
Current Menu Item for Custom Post Types <= 1.5 – Cross-Site Request Forgery
CVE ID: CVE-2023-46781
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d75f1475-fa81-4eed-87da-0a0fa48ac082
Category SEO Meta Tags <= 2.5 – Cross-Site Request Forgery via csmt_admin_options
CVE ID: CVE-2023-46618
CVSS Score: 4.3 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/de6048e7-75c6-44b1-bc68-e36dce936c78
Custom My Account for Woocommerce <= 2.1 – Cross-Site Request Forgery
CVE ID: CVE-2023-46634
CVSS Score: 4.3 (Medium)
Researcher/s: qilin_99
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fd00c5cc-1a28-4d94-815d-46219ce0e0e9
Auto Limit Posts Reloaded <= 2.5 – Cross-Site Request Forgery
CVE ID: CVE-2023-46778
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fedf20b2-6c21-4c91-8f79-9cac334a1313
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (October 23, 2023 to October 29, 2023) appeared first on Wordfence.