(647) 243-4688

Did you know we’re running a Bug Bounty Extravaganza again?

Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure!

Last week, there were 159 vulnerabilities disclosed in 123 WordPress Plugins and 1 WordPress Theme that have been added to the Wordfence Intelligence Vulnerability Database, and there were 68 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 14,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:

WAF-RULE-684 – Data redacted while we work with the vendor on a patch.

Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.

Total Unpatched & Patched Vulnerabilities Last Week

Patch Status
Number of Vulnerabilities

Patched
146

Unpatched
13

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating
Number of Vulnerabilities

Medium Severity
132

High Severity
21

Critical Severity
6

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE
Number of Vulnerabilities

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
98

Missing Authorization
18

Cross-Site Request Forgery (CSRF)
13

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
7

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
4

Deserialization of Untrusted Data
3

Improper Control of Generation of Code (‘Code Injection’)
2

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
2

Server-Side Request Forgery (SSRF)
2

Unrestricted Upload of File with Dangerous Type
2

Authorization Bypass Through User-Controlled Key
1

Exposure of Sensitive Data Through Data Queries
1

Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’)
1

Improper Input Validation
1

Incorrect Authorization
1

Information Exposure
1

Insufficiently Protected Credentials
1

Missing Critical Step in Authentication
1

Researchers That Contributed to WordPress Security Last Week

Researcher Name
Number of Vulnerabilities

18

11

11

8

8

7

6

5

5

4

3

3

3

3

2

2

2

2

2

2

2

2

2

2

2

2

1

1

1

1

1

1

1

1

1

1

1

1

1

1

Sh

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.

WordPress Plugins with Reported Vulnerabilities Last Week

Software Name
Software Slug

Accordion

accordions

Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More

advanced-access-manager

Advanced Sermons

advanced-sermons

AntiSpam for Contact Form 7

cf7-antispam

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup

armember-membership

Auto Affiliate Links

wp-auto-affiliate-links

Awesome Support – WordPress HelpDesk & Support Plugin

awesome-support

Backuply – Backup, Restore, Migrate and Clone

backuply

Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.

barcode-scanner-lite-pos-to-manage-products-inventory-and-orders

Beaver Builder Addons by WPZOOM

wpzoom-addons-for-beaver-builder

Beaver Builder – WordPress Page Builder

beaver-builder-lite-version

Builder for WooCommerce product reviews shortcodes – ReviewShort

woo-product-reviews-shortcode

Bulgarisation for WooCommerce

bulgarisation-for-woocommerce

Burst Statistics – Privacy-Friendly Analytics for WordPress

burst-statistics

Calendarista Basic Edition – WordPress appointment booking system

calendarista-basic-edition

Contact Form 7

contact-form-7

Contact Form 7 – PayPal & Stripe Add-on

contact-form-7-paypal-add-on

Contact Form Builder by Bit Form: Create Contact Form, Multi Step Form, Conversational Form

bit-form

Contact Form by BestWebSoft – Advanced Contact Us Form Builder for WordPress

contact-form-plugin

Coupon Affiliates – WooCommerce Affiliate Plugin

woo-coupon-usage

Crisp – Live Chat and Chatbot

crisp

Cryptocurrency Widgets – Price Ticker & Coins List

cryptocurrency-price-ticker-widget

CWW Companion

cww-companion

Database for Contact Form 7

cf7-database

Download Manager Pro

download-manager

DSGVO All in one for WP

dsgvo-all-in-one-for-wp

Easiest Sales Funnel Builder For WordPress & WooCommerce by WPFunnels

wpfunnels

Easy Social Feed – Social Photos Gallery – Post Feed – Like Box

easy-facebook-likebox

ElementInvader Addons for Elementor

elementinvader-addons-for-elementor

Elementor Addon Elements

addon-elements-for-elementor-page-builder

Elementor Addons by Livemesh

addons-for-elementor

Elementor Header & Footer Builder

header-footer-elementor

Elements Plus!

elements-plus

ElementsKit Elementor addons

elementskit-lite

Email Subscription Popup

email-subscribe

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders

essential-addons-for-elementor-lite

Everest Forms – Build Contact Forms, Surveys, Polls, Quizzes, Newsletter & Application Forms, and Many More with Ease!

everest-forms

Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media

evergreen-content-poster

Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection)

extensions-for-cf7

f(x) Private Site

fx-private-site

Free Downloads WooCommerce

download-now-for-woocommerce

FV Flowplayer Video Player

fv-wordpress-flowplayer

GiveWP – Donation Plugin and Fundraising Platform

give

HT Easy GA4 – Google Analytics WordPress Plugin

ht-easy-google-analytics

HT Mega – Absolute Addons For Elementor

ht-mega-for-elementor

HUSKY – Products Filter Professional for WooCommerce

woocommerce-products-filter

Hustle – Email Marketing, Lead Generation, Optins, Popups

wordpress-popup

JetWidgets For Elementor

jetwidgets-for-elementor

Knight Lab Timeline

knight-lab-timelinejs

LA-Studio Element Kit for Elementor

lastudio-element-kit

LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing…

ladipage

Link Library

link-library

Link Whisper Free

link-whisper

Malware Scanner

miniorange-malware-protection

MasterStudy LMS WordPress Plugin – for Online Courses and Education

masterstudy-lms-learning-management-system

MJM Clinic

mjm-clinic

Mollie Forms

mollie-forms

Multiple Page Generator Plugin – MPG

multiple-pages-generator-by-porthas

News Announcement Scroll

news-announcement-scroll

Newsletter2Go

newsletter2go

oik

oik

Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE

otter-blocks

OxyExtras

oxyextras

Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress

wp-user-avatar

Permalink Manager Pro

permalink-manager

Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks

post-grid

Premium Addons for Elementor

premium-addons-for-elementor

Premium Addons Pro for Elementor

premium-addons-pro

Premmerce Permalink Manager for WooCommerce

woo-permalink-manager

Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)

bdthemes-prime-slider-lite

PropertyHive

propertyhive

Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress

quiz-master-next

Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction

pie-register

RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login

custom-registration-form-builder-with-submission-manager

Related Posts for WordPress

related-posts-for-wp

Restaurant Menu and Food Ordering

food-and-drink-menu

Scrollsequence – Cinematic Scroll Image Animation Plugin

scrollsequence

Sell Tickets – Event Ticketing and Event Registration – Ticket Tailor for WordPress

ticket-tailor

Shariff Wrapper

shariff

ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor)

woolentor-addons

Simple Job Board

simple-job-board

Site Reviews

site-reviews

Sitekit

sitekit

Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs)

sky-elementor-addons

Smart Online Order for Clover

clover-online-orders

Social Media Share Buttons

social-media-builder

Specific Content For Mobile – Customize the mobile version without redirections

specific-content-for-mobile

Super Page Cache for Cloudflare

wp-cloudflare-page-cache

SupportCandy – Helpdesk & Customer Support Ticket System

supportcandy

Survey Maker – Best WordPress Survey Plugin

survey-maker

Tablesome – Responsive Table, Email Log, Form Automation – Contact Form 7, Elementor, WPForms, Gravity Forms, Fluent, Forminator

tablesome

Team Circle Image Slider With Lightbox

circle-image-slider-with-lightbox

The Moneytizer

the-moneytizer

Tutor LMS – eLearning and online course solution

tutor

Ultimate Gift Cards for WooCommerce – Create, Redeem & Manage Digital Gift Certificates with Personalized Templates

woo-gift-cards-lite

User profile

user-profile

UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress

userswp

Video Conferencing with Zoom

video-conferencing-with-zoom-api

Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages

visualcomposer

Visualizer: Tables and Charts Manager for WordPress

visualizer

WC Shop Sync – Integrate Square and WooCommerce for Seamless Shop Management

woosquare

Web Application Firewall – website security

web-application-firewall

weForms – Easy Drag & Drop Contact Form Builder For WordPress

weforms

WEN Responsive Columns

wen-responsive-columns

WooCommerce Google Feed Manager

wp-product-feed-manager

WooCommerce License Manager

fs-license-manager

WooThumbs for WooCommerce by Iconic

iconic-woothumbs

Word Replacer Pro

word-replacer-ultra

WordPress Automatic Plugin

wp-automatic

WordPress Contact Forms by Cimatti

contact-forms

WP Armour – Honeypot Anti Spam

honeypot

WP Calameo

wp-calameo

WP Fusion Lite – Marketing Automation and CRM Integration for WordPress

wp-fusion-lite

WP Go Maps (formerly WP Google Maps)

wp-google-maps

WP Popups – WordPress Popup builder

wp-popups-lite

WP Recipe Maker

wp-recipe-maker

WP Responsive Tabs horizontal vertical and accordion Tabs

responsive-horizontal-vertical-and-accordion-tabs

WP SendFox

wp-sendfox

WP Statistics

wp-statistics

wp-mpdf

wp-mpdf

WPBakery Page Builder Addons by Livemesh

addons-for-visual-composer

YITH WooCommerce Product Add-Ons

yith-woocommerce-product-add-ons

Zippy

zippy

WordPress Themes with Reported Vulnerabilities Last Week

Software Name
Software Slug

Blossom Spa

blossom-spa

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-27954
Patch Status
Patched
Published
Mar 13, 2024

Affected Software
WordPress Automatic Plugin
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-27956
Patch Status
Patched
Published
Mar 13, 2024

Affected Software
WordPress Automatic Plugin
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-2172
Patch Status
Unpatched
Published
Mar 13, 2024

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-27971
Patch Status
Patched
Published
Mar 13, 2024

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-1813
Patch Status
Patched
Published
Mar 15, 2024

Affected Software
Simple Job Board
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-27955
Patch Status
Patched
Published
Mar 13, 2024

Affected Software
WordPress Automatic Plugin
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-1974
Patch Status
Patched
Published
Mar 14, 2024

CVSS Rating
High (8.8)
CVE-ID
CVE-2023-5663
Patch Status
Patched
Published
Mar 11, 2024

Affected Software
News Announcement Scroll
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-27985
Patch Status
Patched
Published
Mar 13, 2024

Affected Software
PropertyHive
Researcher(s): Unknown

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-1685
Patch Status
Unpatched
Published
Mar 15, 2024

Affected Software
Social Media Share Buttons
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-27972
Patch Status
Patched
Published
Mar 13, 2024

CVSS Rating
High (8.6)
CVE-ID
CVE-2024-0368
Patch Status
Patched
Published
Mar 12, 2024

CVSS Rating
High (7.3)
CVE-ID
CVE-2024-2395
Patch Status
Patched
Published
Mar 12, 2024

Affected Software
Bulgarisation for WooCommerce
Researcher

CVSS Rating
High (7.3)
CVE-ID
CVE-2024-0683
Patch Status
Patched
Published
Mar 12, 2024

Affected Software
Bulgarisation for WooCommerce
Researcher

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-29117
Patch Status
Patched
Published
Mar 16, 2024

Researcher

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-27951
Patch Status
Patched
Published
Mar 13, 2024

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-0386
Patch Status
Patched
Published
Mar 12, 2024

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-2194
Patch Status
Patched
Published
Mar 11, 2024

Affected Software
WP Statistics
Researcher

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-27964
Patch Status
Patched
Published
Mar 13, 2024

Affected Software
Zippy
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1080
Patch Status
Patched
Published
Mar 11, 2024

Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2181
Patch Status
Patched
Published
Mar 13, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2183
Patch Status
Patched
Published
Mar 13, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2185
Patch Status
Patched
Published
Mar 13, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2186
Patch Status
Patched
Published
Mar 13, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2187
Patch Status
Patched
Published
Mar 13, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-27963
Patch Status
Patched
Published
Mar 13, 2024

Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2130
Patch Status
Patched
Published
Mar 12, 2024

Affected Software
CWW Companion
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-29103
Patch Status
Patched
Published
Mar 15, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-29114
Patch Status
Patched
Published
Mar 16, 2024

Affected Software
Download Manager Pro
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2308
Patch Status
Patched
Published
Mar 15, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-29107
Patch Status
Patched
Published
Mar 15, 2024

Affected Software
Elementor Addon Elements

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1458
Patch Status
Patched
Published
Mar 13, 2024

Affected Software
Elementor Addons by Livemesh
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1465
Patch Status
Patched
Published
Mar 13, 2024

Affected Software
Elementor Addons by Livemesh
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1466
Patch Status
Patched
Published
Mar 13, 2024

Affected Software
Elementor Addons by Livemesh
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1464
Patch Status
Patched
Published
Mar 13, 2024

Affected Software
Elementor Addons by Livemesh
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1461
Patch Status
Patched
Published
Mar 13, 2024

Affected Software
Elementor Addons by Livemesh
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1237
Patch Status
Patched
Published
Mar 11, 2024

Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2335
Patch Status
Patched
Published
Mar 14, 2024

Affected Software
Elements Plus!
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1239
Patch Status
Patched
Published
Mar 15, 2024

Affected Software
ElementsKit Elementor addons
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2042
Patch Status
Patched
Published
Mar 15, 2024

Affected Software
ElementsKit Elementor addons
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-29089
Patch Status
Patched
Published
Mar 15, 2024

Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-27969
Patch Status
Patched
Published
Mar 13, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-29122
Patch Status
Patched
Published
Mar 16, 2024

Affected Software
FV Flowplayer Video Player
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1397
Patch Status
Patched
Published
Mar 12, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2138
Patch Status
Patched
Published
Mar 13, 2024

Affected Software
JetWidgets For Elementor
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2287
Patch Status
Patched
Published
Mar 15, 2024

Affected Software
Knight Lab Timeline
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2249
Patch Status
Patched
Published
Mar 14, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1328
Patch Status
Unpatched
Published
Mar 11, 2024

Affected Software
Newsletter2Go
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2256
Patch Status
Patched
Published
Mar 14, 2024

Affected Software
oik
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-0326
Patch Status
Patched
Published
Mar 12, 2024

Affected Software
Premium Addons for Elementor
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2399
Patch Status
Patched
Published
Mar 14, 2024

Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-29118
Patch Status
Patched
Published
Mar 16, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1450
Patch Status
Patched
Published
Mar 12, 2024

Affected Software
Shariff Wrapper

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-0966
Patch Status
Patched
Published
Mar 12, 2024

Affected Software
Shariff Wrapper
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2023-6500
Patch Status
Patched
Published
Mar 12, 2024

Affected Software
Shariff Wrapper
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2293
Patch Status
Patched
Published
Mar 11, 2024

Affected Software
Site Reviews
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-29095
Patch Status
Patched
Published
Mar 15, 2024

Affected Software
Site Reviews
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-29111
Patch Status
Patched
Published
Mar 16, 2024

Affected Software
Sitekit
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-29115
Patch Status
Patched
Published
Mar 16, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-27991
Patch Status
Patched
Published
Mar 15, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-27990
Patch Status
Patched
Published
Mar 15, 2024

Affected Software
The Moneytizer
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-29104
Patch Status
Patched
Published
Mar 15, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-29097
Patch Status
Patched
Published
Mar 15, 2024

Affected Software
User profile
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2031
Patch Status
Patched
Published
Mar 12, 2024

Affected Software
Video Conferencing with Zoom
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-27988
Patch Status
Patched
Published
Mar 15, 2024

Affected Software
WEN Responsive Columns
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-29098
Patch Status
Patched
Published
Mar 15, 2024

Affected Software
WP Calameo
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-27952
Patch Status
Patched
Published
Mar 13, 2024

Affected Software
Advanced Sermons
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-27961
Patch Status
Patched
Published
Mar 13, 2024

Affected Software
AntiSpam for Contact Form 7
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-27959
Patch Status
Patched
Published
Mar 13, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-27993
Patch Status
Patched
Published
Mar 15, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-29130
Patch Status
Patched
Published
Mar 16, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-2242
Patch Status
Patched
Published
Mar 13, 2024

Affected Software
Contact Form 7
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-29125
Patch Status
Patched
Published
Mar 16, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-27960
Patch Status
Patched
Published
Mar 13, 2024

Affected Software
Email Subscription Popup
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-29099
Patch Status
Patched
Published
Mar 15, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-27987
Patch Status
Patched
Published
Mar 15, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-29094
Patch Status
Patched
Published
Mar 15, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-29123
Patch Status
Patched
Published
Mar 16, 2024

Affected Software
Link Library
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-2325
Patch Status
Patched
Published
Mar 13, 2024

Affected Software
Link Library
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-27992
Patch Status
Patched
Published
Mar 15, 2024

Affected Software
Link Whisper Free
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-29129
Patch Status
Patched
Published
Mar 16, 2024

Affected Software
OxyExtras
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-29092
Patch Status
Patched
Published
Mar 15, 2024

Affected Software
Permalink Manager Pro
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-29113
Patch Status
Patched
Published
Mar 16, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-27958
Patch Status
Patched
Published
Mar 13, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-29121
Patch Status
Patched
Published
Mar 16, 2024

Affected Software
WooCommerce License Manager
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-29116
Patch Status
Patched
Published
Mar 16, 2024

Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-29091
Patch Status
Patched
Published
Mar 15, 2024

Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-27962
Patch Status
Patched
Published
Mar 13, 2024

Affected Software
wp-mpdf
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-27994
Patch Status
Patched
Published
Mar 15, 2024

Researcher

CVSS Rating
Medium (5.8)
CVE-ID
CVE-2024-2107
Patch Status
Patched
Published
Mar 12, 2024

Affected Software
Blossom Spa
Researcher

CVSS Rating
Medium (5.5)
CVE-ID
CVE-2023-6525
Patch Status
Patched
Published
Mar 15, 2024

Affected Software
ElementsKit Elementor addons
Researcher

CVSS Rating
Medium (5.5)
CVE-ID
CVE-2024-29096
Patch Status
Patched
Published
Mar 15, 2024

Affected Software
MJM Clinic
Researcher

CVSS Rating
Medium (5.5)
CVE-ID
CVE-2024-29112
Patch Status
Patched
Published
Mar 16, 2024

Researcher

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-1641
Patch Status
Patched
Published
Mar 13, 2024

Affected Software
Accordion
Researcher

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-1213
Patch Status
Patched
Published
Mar 12, 2024

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-0592
Patch Status
Patched
Published
Mar 13, 2024

Affected Software
Related Posts for WordPress
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-0906
Patch Status
Unpatched
Published
Mar 11, 2024

Affected Software
f(x) Private Site
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2015-10130
Patch Status
Patched
Published
Mar 12, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-1733
Patch Status
Unpatched
Published
Mar 15, 2024

Affected Software
Word Replacer Pro
Researcher

CVSS Rating
Medium (4.9)
CVE-ID
CVE-2024-2294
Patch Status
Patched
Published
Mar 15, 2024

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-27996
Patch Status
Patched
Published
Mar 15, 2024

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2023-4839
Patch Status
Patched
Published
Mar 12, 2024

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-29105
Patch Status
Patched
Published
Mar 15, 2024

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-1571
Patch Status
Patched
Published
Mar 14, 2024

Affected Software
WP Recipe Maker
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-27965
Patch Status
Patched
Published
Mar 13, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-1843
Patch Status
Patched
Published
Mar 11, 2024

Affected Software
Auto Affiliate Links
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-27953
Patch Status
Patched
Published
Mar 13, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-27967
Patch Status
Patched
Published
Mar 13, 2024

Affected Software
DSGVO All in one for WP
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-1214
Patch Status
Patched
Published
Mar 12, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2023-4628
Patch Status
Unpatched
Published
Mar 11, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2023-4629
Patch Status
Unpatched
Published
Mar 11, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2023-4626
Patch Status
Unpatched
Published
Mar 11, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2023-4627
Patch Status
Unpatched
Published
Mar 11, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-1645
Patch Status
Patched
Published
Mar 11, 2024

Affected Software
Mollie Forms
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-1400
Patch Status
Patched
Published
Mar 11, 2024

Affected Software
Mollie Forms
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-27968
Patch Status
Patched
Published
Mar 13, 2024

Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-27970
Patch Status
Patched
Published
Mar 13, 2024

Affected Software
WP SendFox
Researcher

As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (March 11, 2024 to March 17, 2024) appeared first on Wordfence.