Wordfence Intelligence CE Weekly Vulnerability Report (1-30-2023 to 2-5-2023)
In case you missed it, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme and, plugin vulnerabilities known as Wordfence Intelligence Community Edition.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Our mission with Wordfence Intelligence Community Edition is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence Community Edition user interface and vulnerability API are completely free to access and utilize both personally and commercially.
Last week, there were 69 vulnerabilities disclosed in WordPress based software that have been added to the Wordfence Intelligence Community Edition Vulnerability Database. You can find those vulnerabilities below.
EZP Coming Soon Page <= 1.0.7.3 – Authenticated (Admin+) Stored Cross Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/05614ee6-ce14-44fe-a819-8f116563dbdd
Metform Elementor Contact Form Builder <= 3.1.2 – Unauthenticated Stored Cross-Site Scripting
CVSS Score: 7.2 (High)
Researcher/s: Mohammed El Amin, Chemouri
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/05f7d9fe-e95f-4ddf-9bce-2aeac3c2e946
IP Vault – WP Firewall <= 1.1 – Authenticated (Admin+) Stored Cross-Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: rezaduty
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/07b075a6-2339-4562-a096-0a46b58f1e9f
Gallery – Image and Video Gallery with Thumbnails <= 2.0.1 – Unauthenticated Stored Cross-Site Scripting
CVSS Score: 7.2 (High)
Researcher/s: minhtuanact
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/091d306d-cce4-426e-a18f-38bdaa802264
Magazine Edge <= 1.13 – Authenticated (Subscriber+) Arbitrary Plugin Activation
CVSS Score: 4.3 (Medium)
Researcher/s: Dave Jong
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0a2a29ea-3ff3-4b80-8a40-1a00491076ff
EmbedSocial – Social Media Feeds, Reviews and Galleries = 1.1.27 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0aeef472-0f09-458f-a0dc-b7de190b9b6d
Galleries by Angie Makes <= 1.67 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0bb7920b-2999-4bd3-bfef-3b9971f845e9
WP Dark Mode <= 3.0.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/108f3e7b-f4c1-445c-914c-97960b21b5fa
WP Private Message < 1.0.6 – Insecure Direct Object Reference
CVSS Score: 7.1 (High)
Researcher/s: Veshraj Ghimire
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/14026e96-7e21-45db-b258-13b014ec478c
Custom Add User <= 2.0.2 – Reflected Cross-Site Scripting
CVSS Score: 6.1 (Medium)
Researcher/s: Shreya Pohekar
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/15672f90-3192-452c-a4f2-be6db00b7888
Image Hover Effects Plugin – Caption Hover with Carousel <= 2.8 – Unauthenticated Stored Cross Site Scripting
CVSS Score: 7.2 (High)
Researcher/s: minhtuanact
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/19c2d455-ae47-49bd-9bb8-1f87b0c76c32
Interactive Geo Maps <= 1.5.8 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVSS Score: 6.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1d667556-4cab-4f92-aa43-75e7722b3af6
Flexible Elementor Panel <= 2.3.8 – Cross Site Request Forgery
CVSS Score: 4.3 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1e5381fe-940b-404e-b2f2-1fd1c4ee5d78
RankMath SEO <= 1.0.107.2 – Authenticated (Contributor+) Local File Inclusion
CVSS Score: 7.1 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1f8634d1-9201-4af5-9e06-c28ffcb51046
GS Books Showcase <= 1.3.0 – Authenticator (Contributor+) Stored Cross-Site Scripting via Shortcode
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/26a9bcc5-4057-4cd5-afde-68a2d467c5a9
WP Tabs <= 2.1.14 – Cross Site Request Forgery
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/28a8b3fe-6f15-4085-a370-a2e867f7018b
Marketing Performance <= 2.0.0 – Unauthenticated Stored Cross Site Scripting
CVSS Score: 6.1 (Medium)
Researcher/s: Nithissh S
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/29b53c80-68d5-4431-a49b-0d139c9403f2
Multi-column Tag Map <= 17.0.24 – Authenticated (Contributor+) Stored Cross Site Scripting
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/32652a9a-00ba-4e86-9947-c7c7ebd21494
WP htpasswd <= 1.7 – Authenticated (Admin+) Stored Cross Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/36fd8125-f876-49c2-a0bb-4c7ef95b462c
WP Email Capture <= 3.9.3 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3924b6f4-75ba-4ee8-b02f-a23fbd24ed67
Album and Image Gallery plus Lightbox <= 1.6.2 – Missing Authorization
CVSS Score: 5.3 (Medium)
Researcher/s: Cat
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/467a9b16-b57c-417c-b4e1-9f3edc80b5df
WebinarIgnition <= 2.14.2 – Authenticated (Admin+) Stored Cross-Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/49c65776-130d-4c22-b4f8-ababac8cf341
Namaste! LMS <= 2.5.9.3 – Authenticated (Admin+) Stored Cross-Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: Felipe Restrepo Rodriguez
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5256a249-b355-480d-a532-5931e4dea481
WP Booking System <= 2.0.18 – Authenticated (Admin+) Stored Cross Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/540fef7f-8952-4525-9d07-fe3b3d777359
Beautiful Cookie Consent Banner <= 2.10.0 – Unauthenticated Stored Cross-Site Scripting
CVSS Score: 7.2 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/542a4079-b1a2-49bc-9ddd-ba7978c9992e
User Activity <= 1.0.1 – IP Address Spoofing
CVSS Score: 5.3 (Medium)
Researcher/s: rezaduty
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5a38a72a-7336-4aa5-8491-6879dfa4d0ea
Ocean Extra <= 2.1.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVSS Score: 6.4 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/617b2ef0-dc7b-4032-a145-5eaffb8194c3
1003 Mortgage Application <= 1.73 – Unauthenticated CSV Injection
CVSS Score: 6.5 (Medium)
Researcher/s: Rodrigo Escobar
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/63567094-9fb1-44b2-a3e6-99194389c4b6
Side Cart Woocommerce (Ajax) <= 2.1 – Cross-Site Request Forgery
CVSS Score: 8.8 (High)
Researcher/s: Muhammad Daffa
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/67d2364c-6c8b-4b30-8a0e-2f9ee94a3c26
Correos Oficial <= 1.3.0.0 – Unauthenticated Arbitrary File Download
CVSS Score: 7.5 (High)
Researcher/s: Andrea Iodice
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6eed2941-d9fe-4020-b1ab-fb0885f47d80
Cost Calculator <= 1.8 – Authenticated (Contributor+) Stored Cross-Site Scripting
CVSS Score: 6.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/750be90d-dc12-4974-8921-75259d56c7b3
WP Statistics <= 13.2.10 – Authenticated (Subscriber+) SQL Injection
CVSS Score: 8.8 (High)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7638fd24-d376-4b5b-98bb-4a40ada6a4da
Posts and Users Stats <= 1.1.3 – Authenticated (Subscriber+) CSV Injection
CVSS Score: 5.8 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/766c2aa5-e829-45b9-b6e3-0a522a0977d4
Wufoo Shortcode <= 1.51 – Authenticated (Contributor+) Cross-Site Scripting via Shortcodes
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/76ccc688-79c0-4b6e-aac9-cf18baf9af46
GS Insever Portfolio <= 1.4.4 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7770ab04-eb40-450e-ab8a-2a8e5d13d4a4
BackupBuddy <= 8.8.2 – Reflected Cross-Site Scripting
CVSS Score: 6.1 (Medium)
Researcher/s: WPScanTeam
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7cb428db-b56b-4c21-b119-ca7a1a95181e
Print Invoice & Delivery Notes for WooCommerce <= 4.7.1 – Reflected Cross-Site Scripting
CVSS Score: 6.1 (Medium)
Researcher/s: dc11
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7ddd27ba-ae65-4bb4-989d-0d677e15077a
Watu Quiz <= 3.3.8 – Authenticated (Admin+) Stored Cross-Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/81936c52-feb7-4f10-940d-cfce5963f400
GeoDirectory <= 2.2.23 – Authenticated (Admin+) SQL Injection
CVSS Score: 7.2 (High)
Researcher/s: Daniel Krohmer, Kunal Sharma
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/81fa4987-d019-4d0c-a002-eceef956161e
Simple History <= 3.3.1 – Authenticated (Subscriber+) CSV Injection
CVSS Score: 6 (Medium)
Researcher/s: ed32.dll
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8f1e6f04-04d4-4484-86bd-28df6388a953
Real Media Library: Media Library Folder & File Manager <= 4.18.28 – Authenticated (Author+) Stored Cross-Site Scripting
CVSS Score: 6.4 (Medium)
Researcher/s: Bipul Jaiswal
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/950d71ae-29a1-4b71-b74a-b1a5c9f3326e
Usersnap <= 4.16 – Authenticated (Admin+) Stored Cross Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9ad00419-e9fa-4f78-b0d9-02cfb412a04d
EmbedStories <= 0.7.4 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a452cb6f-8381-4f23-b808-3473db159894
PHP Execution <= 1.0.0 – Cross Site Request Forgery
CVSS Score: 8.8 (High)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a4f2112f-d5dc-4045-ac58-3895d6ac7179
ShortPixel Adaptive Images <= 3.6.1 – Reflected Cross-Site Scripting
CVSS Score: 6.1 (Medium)
Researcher/s: dc11
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/acb8c11f-e175-4361-b016-e1ebc1713be0
Beautiful Cookie Consent Banner <= 2.10.0 – Missing Authorization to Settings Update
CVSS Score: 7.3 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/aee6fea2-dbf6-4155-ba3f-f85ea3520504
Real Media Library: Media Library Folder & File Manager <= 4.18.28 – Authenticated (Author+) Stored Cross-Site Scripting
CVSS Score: 6.4 (Medium)
Researcher/s: Bipul Jaiswal
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b62eb8a9-60a1-4b07-8b56-09a08543d370
Formidable Form Builder <= 5.5.6 – Cross-Site Request Forgery
CVSS Score: 7.1 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b647a6c5-3710-43ec-bf31-87b5a26d54b3
Robo Gallery Plugin <= 3.2.11 – Cross-Site Request Forgery
CVSS Score: 4.3 (Medium)
Researcher/s: thiennv
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ba5cca24-514b-4f8b-911f-8d138287fce2
VK All in One Expansion Unit <= 9.85.0.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c1f10e67-d301-46ba-b92e-432819cb9606
We’re Open! <= 1.45 – Cross-Site Request Forgery
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c2e0a227-670d-40d8-ba82-6602ab57bc4a
Opening Hours <= 2.3.0 – Authenticated (Admin+) Stored Cross-Site Scripting
CVSS Score: 5.5 (Medium)
Researcher/s: Unknown
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cfc59e3d-13c6-4051-8a1a-d109ea06b10b
Multi Rating <= 5.0.5 – Cross Site Request Forgery
CVSS Score: 5.4 (Medium)
Researcher/s: rezaduty
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d0dcf95e-1540-48ed-a4a2-f803d67ea141
Podlove Podcast Publisher <= 3.8.2 – Authenticated (Admin+) Stored Cross-Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d353d8b7-76a5-45ce-aa7c-d571dedcbfd4
1003 Mortgage Application <= 1.73 – Authenticated (Subscriber+) Arbitrary File Download
CVSS Score: 7.1 (High)
Researcher/s: Rodrigo Escobar
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d5d77105-19a8-40eb-8a9c-aa519a757a8d
Donation Block For PayPal <= 2.0.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d5e60125-35e2-4d6d-8ea7-078df0b9e55f
Easy Digital Downloads <= 3.1.0.4 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/da94a7dc-f666-44fd-9f76-e610cbd2b610
PrivateContent <= 8.4.3 – Protection Mechanism Bypass
CVSS Score: 5.3 (Medium)
Researcher/s: Riccardo Granata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/de73304e-7a28-4304-b1ed-2f6dd7738236
0mk Shortener <= 0.2 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVSS Score: 5.5 (Medium)
Researcher/s: Rodrigo Escobar
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/de9f3b83-4575-4566-9731-0af9107c7c30
Jobs for WordPress <= 2.5.10.2 – Authenticated (Author+) Cross Site Scripting
CVSS Score: 6.4 (Medium)
Researcher/s: thiennv
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e730114e-bbe1-4385-84cc-a5484acc9da7
Arigato Autoresponder and Newsletter <= 2.1.7.1 – Authenticated (Admin+) Stored Cross-Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: Felipe Restrepo Rodriguez, Joaquin Pochat y Gabriel Calle
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f4dbab86-926d-4438-8310-19373c9bdd99
GS Filterable Portfolio <= 1.6.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f531489b-a87d-41e7-a988-8b29840047ec
GS Portfolio for Envato <= 1.3.8 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f6816cb4-0fad-417a-a980-d35a734bce13
Kraken.io Image Optimizer <= 2.6.8 – Missing Authorization to Authenticated (Subscriber+) Plugin Options Update
CVSS Score: 6.5 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f94eabc5-6e3b-46df-9e36-d7d0fad833de
CC Custom Taxonomy <= 1.0.1 – Authenticated (Administrator+) Cross Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: Nithissh S
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/facfa21a-4136-4161-ac39-8b18948ec073
Commenter Emails <= 2.6.1 – Unauthenticated CSV Injection
CVSS Score: 6.5 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/faffd8e3-b110-4ba3-98c1-22aee7f19586
Similar Posts – Best Related Posts Plugin for WordPress <= 3.1.6 – Authenticated (Admin+) Stored Cross-Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: din
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fb1cf9f1-7b87-4690-80db-0d4b3ccd98f9
GS Products Slider for WooCommerce <= 1.5.8 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ff129569-223d-4d38-9f3a-eb2596214d3a
Auto YouTube Importer <= 1.0.3 – Cross-Site Request Forgery
CVSS Score: 5.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ff7e7539-6a09-461a-a9a7-33630c396f1a
If you’d like to receive this weekly vulnerability report by email, along with Wordfence Intelligence CE product updates, sign up to the Wordfence Intelligence Community Edition Newsletter by filling out this form below.
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence Community Edition leaderboard along with being mentioned in our weekly vulnerability report.
Comments