Wordfence Intelligence Weekly WordPress Vulnerability Report (October 16, 2023 to October 22, 2023)
Last week, there were 109 vulnerabilities disclosed in 95 WordPress Plugins and 1 WordPress theme that have been added to the Wordfence Intelligence Vulnerability Database, and there were 39 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API and webhook integration are completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Individuals and Enterprises can use the vulnerability Database API to receive a complete dump of our database of over 12,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
Total Unpatched & Patched Vulnerabilities Last Week
Patch Status | Number of Vulnerabilities |
Unpatched | 68 |
Patched | 41 |
Total Vulnerabilities by CVSS Severity Last Week
Severity Rating | Number of Vulnerabilities |
Low Severity | 1 |
Medium Severity | 91 |
High Severity | 15 |
Critical Severity | 2 |
Total Vulnerabilities by CWE Type Last Week
Vulnerability Type by CWE | Number of Vulnerabilities |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 47 |
Cross-Site Request Forgery (CSRF) | 25 |
Missing Authorization | 17 |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) | 4 |
Unrestricted Upload of File with Dangerous Type | 3 |
Improper Authorization | 3 |
Information Exposure | 3 |
Deserialization of Untrusted Data | 2 |
Authorization Bypass Through User-Controlled Key | 1 |
Server-Side Request Forgery (SSRF) | 1 |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) | 1 |
Improper Privilege Management | 1 |
Authentication Bypass by Primary Weakness | 1 |
Researchers That Contributed to WordPress Security Last Week
Researcher Name | Number of Vulnerabilities |
LEE SE HYOUNG | 14 |
Lana Codes (Wordfence Vulnerability Researcher) |
12 |
Rafie Muhammad | 8 |
Abdi Pranata | 7 |
Mika | 5 |
Nguyen Xuan Chien | 4 |
thiennv | 4 |
Francesco Carlucci | 4 |
Le Ngoc Anh | 4 |
Rio Darmawan | 3 |
Marco Wotschka (Wordfence Vulnerability Researcher) |
3 |
Revan Arifio | 3 |
Jonas Höbenreich | 2 |
Emili Castells | 2 |
Skalucy | 2 |
Shuning Xu | 1 |
qilin_99 | 1 |
niclo | 1 |
Ala Arfaoui | 1 |
Taihei Shimamine | 1 |
Milad Hacking | 1 |
Alexander Concha | 1 |
NGÔ THIÊN AN | 1 |
Phd | 1 |
Alex Thomas (Wordfence Vulnerability Researcher) |
1 |
minhtuanact | 1 |
Nguyen Anh Tien | 1 |
DoYeon Park | 1 |
Dimas Maulana | 1 |
emad | 1 |
juweihuitao | 1 |
Dmitrii Ignatyev | 1 |
Krzysztof Zając | 1 |
Elliot | 1 |
Theodoros Malachias | 1 |
trein | 1 |
TP Cyber Security | 1 |
Rafshanzani Suhada | 1 |
Joshua Chan | 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
Software Name | Software Slug |
404 Solution | 404-solution |
Add Custom Body Class | add-custom-body-class |
Add Shortcodes Actions And Filters | add-actions-and-filters |
Advanced Local Pickup for WooCommerce | advanced-local-pickup-for-woocommerce |
Ajax Archive Calendar | ajax-archive-calendar |
ApplyOnline – Application Form Builder and Manager | apply-online |
Appointment Calendar | appointment-calendar |
Archivist – Custom Archive Templates | archivist-custom-archive-templates |
Ashe Extra | ashe-extra |
Auto Login New User After Registration | auto-login-new-user-after-registration |
BetterLinks – Shorten, Track and Manage any URL | betterlinks |
Booster for WooCommerce | woocommerce-jetpack |
Broken Link Checker | Finder | broken-link-finder |
CPO Shortcodes | cpo-shortcodes |
Category SEO Meta Tags | category-seo-meta-tags |
Comments – wpDiscuz | wpdiscuz |
Contact Form Builder, Contact Widget | contact-forms-builder |
Contact Form builder with drag & drop for WordPress – Kali Forms | kali-forms |
Custom post types, Custom Fields & more | custom-post-types |
DX Delete Attached Media | dx-delete-attached-media |
Delete Usermetas | delete-usermetas |
Duplicate Theme | duplicate-theme |
E2Pdf – Export To Pdf Tool for WordPress | e2pdf |
EG-Attachments | eg-attachments |
Envo Extra | envo-extra |
Eonet Manual User Approve | eonet-manual-user-approve |
EventON | eventon-lite |
Freesoul Deactivate Plugins – Plugin manager and cleanup | freesoul-deactivate-plugins |
FreshMail For WordPress | freshmail-integration |
GeoDirectory – WordPress Business Directory Plugin, or Classified Directory | geodirectory |
Grid Plus – Unlimited grid layout | grid-plus |
Headline Analyzer | headline-analyzer |
Icons Font Loader | icons-font-loader |
Internal Link Building | internal-link-building-plugin |
Just Custom Fields | just-custom-fields |
Lava Directory Manager | lava-directory-manager |
MW WP Form | mw-wp-form |
Maileon for WordPress | xqueue-maileon |
Mediabay – Media Library Folders | mediabay-lite |
Minimum Purchase for WooCommerce | minimum-purchase-for-woocommerce |
Modern Footnotes | modern-footnotes |
Motors – Car Dealer, Classifieds & Listing | motors-car-dealership-classified-listings |
Novo-Map : your WP posts on custom google maps | novo-map |
Open Graph Metabox | open-graph-metabox |
Popup by Supsystic | popup-by-supsystic |
Post Meta Data Manager | post-meta-data-manager |
Product Category Tree | product-category-tree |
Protección de Datos RGPD | click-datos-lopd |
Recip.ly Plugin | reciply |
Rocket Font | rocket-font |
SALESmanago | salesmanago |
Simple Calendar – Google Calendar Plugin | google-calendar-events |
Simple Table Manager | simple-table-manager |
Skype Legacy Buttons | skype-online-status |
Smart App Banner | smart-app-banner |
Smart Online Order for Clover | clover-online-orders |
Smooth Scroll Links [SSL] | smooth-scrolling-links-ssl |
Social Media Share Buttons & Social Sharing Icons | ultimate-social-media-icons |
Social proof testimonials and reviews by Repuso | social-testimonials-and-reviews-widget |
Soisy Pagamento Rateale | soisy-pagamento-rateale |
Super Testimonials | super-testimonial |
TCD Google Maps | tcd-google-maps |
Tab Ultimate | tabs-pro |
Taggbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics | taggbox-widget |
Team Showcase | team-showcase |
Templately – Templates Cloud for Elementor & Gutenberg : 4000+ Free & Premium Designs! | templately |
The Awesome Feed – Custom Feed | wp-facebook-feed |
Theme Blvd Shortcodes | theme-blvd-shortcodes |
Theme Switcha – Easily Switch Themes for Development and Testing | theme-switcha |
Thumbnail Slider With Lightbox | wp-responsive-slider-with-lightbox |
Track Google Analytics 4, Facebook Pixel & Conversions API via Google Tag Manager for WooCommerce | enhanced-e-commerce-for-woocommerce-store |
Triberr | triberr-wordpress-plugin |
Ultimate Addons for WPBakery | Ultimate_VC_Addons |
User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds | userfeedback-lite |
Userback | userback |
WC Captcha | wc-captcha |
WC Serial Numbers – Ultimate License Manager Plugin for Selling, Licensing & Securely Delivering Digital Products with WooCommerce | wc-serial-numbers |
WDSocialWidgets | spider-facebook |
WOLF – WordPress Posts Bulk Editor and Manager Professional | bulk-editor |
WP EXtra | wp-extra |
WP Full Stripe Free | wp-full-stripe-free |
WP Hotel Booking | wp-hotel-booking |
WP Post Columns | wp-post-columns |
WP Radio – Worldwide Online Radio Stations Directory for WordPress | wp-radio |
Web Push Notifications – Webpushr | webpushr-web-push-notifications |
Webmaster Tools | webmaster-tools |
WhatsApp Share Button | |
Who Hit The Page – Hit Counter | who-hit-the-page-hit-counter |
Widgets for Google Reviews | wp-reviews-plugin-for-google |
WooCommerce Ninja Forms Product Add-ons | woocommerce-ninjaforms-product-addons |
WooCommerce PDF Invoice Builder, Create invoices, packing slips and more | woo-pdf-invoice-builder |
WooCommerce Stripe Payment Gateway | woocommerce-gateway-stripe |
Wp Ultimate Review | wp-ultimate-review |
iPanorama 360 – WordPress Virtual Tour Builder | ipanorama-360-virtual-tour-builder-lite |
mpOperationLogs | mpoperationlogs |
WordPress Themes with Reported Vulnerabilities Last Week
Software Name | Software Slug |
themify-ultra | themify-ultra |
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
Recip.ly <= 1.1.7 – Unauthenticated Arbitrary File Upload in uploadImage.php
CVE ID: CVE-2011-10004
CVSS Score: 9.8 (Critical)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/068da172-629d-422a-bcd5-1b73af2a5933
WooCommerce Ninja Forms Product Add-ons <= 1.7.0 – Unauthenticated Arbitrary File Upload
CVE ID: CVE-2023-5601
CVSS Score: 9.8 (Critical)
Researcher/s: Alexander Concha
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/601d70ff-2e0e-403b-9c58-130d378a8240
Themify Ultra <= 7.3.3 – Authenticated (Subscriber+) PHP Object Injection
CVE ID: CVE-2023-46147
CVSS Score: 8.8 (High)
Researcher/s: Rafie Muhammad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/17c6a91c-e2a6-4f17-b145-145e9e7a0079
iPanorama 360 – WordPress Virtual Tour Builder <= 1.8.0 – Authenticated (Contributor+) SQL Injection via Shortcode
CVE ID: CVE-2023-5336
CVSS Score: 8.8 (High)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3566b602-c991-488f-9de2-57236c4735b5
Icons Font Loader <= 1.1.2 – Authenticated (Subscriber+) SQL Injection
CVE ID: CVE-2023-46084
CVSS Score: 8.8 (High)
Researcher/s: minhtuanact
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8564fc82-ff23-44b6-91b0-d63e6afb1a73
Themify Ultra <= 7.3.3 – Privilege Escalation
CVE ID: CVE-2023-46145
CVSS Score: 8.8 (High)
Researcher/s: Rafie Muhammad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cc994b2a-b3da-4edc-ada3-1150065efd30
Webpushr <= 4.34.0 – Cross-Site Request Forgery to Local File Inclusion via menu
CVE ID: CVE-2023-35041
CVSS Score: 8.8 (High)
Researcher/s: Theodoros Malachias
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e140973b-d37c-45bf-aed2-9223bd812957
Themify Ultra <= 7.3.3 – Authenticated (Subscriber+) Arbitrary File Upload
CVE ID: CVE-2023-46149
CVSS Score: 8.8 (High)
Researcher/s: Rafie Muhammad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ed5251e7-64d2-4210-9864-144952a49327
Soisy Pagamento Rateale <= 6.0.1 – Missing Authorization to Sensitive Information Exposure
CVE ID: CVE-2023-5132
CVSS Score: 7.5 (High)
Researcher/s: Francesco Carlucci
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d3c997cd-37b4-4b9c-b99e-397be484aa36
Advanced Local Pickup for WooCommerce <= 1.5.5 – Authenticated (Administrator+) SQL Injection
CVE ID: CVE-2023-2841
CVSS Score: 7.2 (High)
Researcher/s: Marco Wotschka
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/125e7ea3-574a-4760-b10b-7a98d94c87a5
GeoDirectory <= 2.3.28 – Authenticated (Administrator+) SQL Injection via orderby
CVE ID: CVE Unknown
CVSS Score: 7.2 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3bcd61d4-4775-4297-b7f5-664991fcd6d2
Lava Directory Manager <= 1.1.34 – Unauthenticated Stored Cross-Site Scripting via New Listing
CVE ID: CVE-2023-46081
CVSS Score: 7.2 (High)
Researcher/s: Emili Castells
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3bf669ed-ea31-4144-96b3-b1f29057b86d
Motors – Car Dealer & Classified Ads <= 1.4.6 – Server Side Request Forgery
CVE ID: CVE-2023-46207
CVSS Score: 7.2 (High)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/437423f0-978f-4c7c-9ec3-40668c630c93
User Feedback <= 1.0.9 – Unauthenticated Cross-Site Scripting
CVE ID: CVE-2023-46153
CVSS Score: 7.2 (High)
Researcher/s: Dimas Maulana
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/abc056b0-55a2-439c-b7f6-4a2fc48c9823
MpOperationLogs <= 1.0.1 – Unauthenticated Stored Cross-Site Scripting
CVE ID: CVE-2023-5538
CVSS Score: 7.2 (High)
Researcher/s: juweihuitao
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bc5f1b00-acee-4dc8-acd7-2d3f3493f253
E2Pdf <= 1.20.18 – Authenticated (Administrator+) PHP Object Injection
CVE ID: CVE-2023-46154
CVSS Score: 7.2 (High)
Researcher/s: trein
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ea7f654b-88d1-4ed8-bab0-701e2e66e060
Ultimate Addons for WPBakery Page Builder <= 3.19.14 – Authenticated(Contributor+) Local File Inclusion
CVE ID: CVE-2023-46205
CVSS Score: 7.1 (High)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5222ce69-ac9f-4bb0-9832-8cdff1f8b078
BetterLinks <= 1.6.0 – Improper Authorization to Data Import and Export
CVE ID: CVE-2023-45104
CVSS Score: 6.5 (Medium)
Researcher/s: Nguyen Anh Tien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/92b8829e-a8eb-4fdb-a772-9efbb5aaeb6c
Headline Analyzer <= 1.3.1 – Missing Authorization via REST APIs
CVE ID: CVE-2023-46195
CVSS Score: 6.5 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a057ad05-0ed7-48c4-9dc1-0e7b1d3cb270
Templately <= 2.2.5 – Improper Authorization to Arbitrary Post Deletion
CVE ID: CVE-2023-5454
CVSS Score: 6.5 (Medium)
Researcher/s: Krzysztof Zając
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c74553c0-366e-44d7-8c4a-161a05ef02b4
Social Media Share Buttons & Social Sharing Icons <= 2.8.5 – Information Exposure
CVE ID: CVE-2023-5070
CVSS Score: 6.5 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e9e43c5b-a094-44ab-a8a3-52d437f0e00d
Tab Ultimate <= 1.3 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-5667
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/08220b23-d6fa-4005-bbbb-019412d328a5
Theme Switcha <= 3.3 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-5614
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2b0937fe-3ea6-427a-aef7-539c08687abb
Minimum Purchase for WooCommerce <= 2.0.0.1 – Authenticated (Contributor+) Stored Cross-Site Scripting
CVE ID: CVE-2023-30492
CVSS Score: 6.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4633c5b1-a6e3-4ee8-94ca-8afa8ff16a35
TCD Google Maps <= 1.8 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-5128
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/50f6d0aa-059d-48d9-873b-6404f288f002
Super Testimonials <= 2.9 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-5613
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/52659f1c-642e-4c88-b3d0-d5c5a206b11c
Ajax Archive Calendar <= 2.6.7 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-46069
CVSS Score: 6.4 (Medium)
Researcher/s: NGÔ THIÊN AN
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/664d22f2-b7a3-42df-9530-4040160ead2c
WhatsApp Share Button <= 1.0.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-5668
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/77911b0f-c028-49ae-b85e-15909d806e30
Theme Blvd Shortcodes <= 1.6.8 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-5338
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/88809668-ea6b-41df-b2a7-ffe03a931c86
Ultimate Addons for WPBakery Page Builder <= 3.19.14 – Authenticated (Contributor+) Stored Cross-Site Scripting
CVE ID: CVE-2023-46211
CVSS Score: 6.4 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/90a8230f-7008-48af-a1a9-fbaf38dcb21c
Skype Legacy Buttons <= 3.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-5615
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/914bcc8f-fecd-450e-b2a7-0989b7a0dd4c
Add Custom Body Class <= 1.4.1 – Authenticated (Contributor+) Stored Cross-Site Scripting
CVE ID: CVE-2023-5205
CVSS Score: 6.4 (Medium)
Researcher/s: Francesco Carlucci
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9841b57b-b869-4282-8781-60538f6f269f
Mediabay <= 1.6 – Authenticated (Editor+) Stored Cross-Site Scripting Vulnerability
CVE ID: CVE-2023-46066
CVSS Score: 6.4 (Medium)
Researcher/s: emad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b1954340-397c-4cc0-ba9d-d698d94ea608
Modern Footnotes <= 1.4.16 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-5618
CVSS Score: 6.4 (Medium)
Researcher/s: Dmitrii Ignatyev
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c20c674f-54b5-470f-b470-07a63501eb4d
Team Showcase <= 2.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-5639
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d3b26060-294e-4d4c-9295-0b08f533d5c4
WP Post Columns <= 2.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-5708
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d96e5986-8c89-4e7e-aa63-f41aa13eeff4
Booster for WooCommerce <= 7.1.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-5638
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f0257620-3a0e-4011-9378-7aa423e7c0b2
CPO Shortcodes <= 1.5.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-5704
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f8ba38c3-51d2-43a7-89ff-c72a8edc946b
The Awesome Feed – Custom Feed <= 2.2.5 – Reflected Cross-Site Scripting
CVE ID: CVE-2023-46077
CVSS Score: 6.1 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/01878991-37c7-4c7b-b68c-d59ca66521e7
EventON <= 2.2.2 – Reflected Cross-Site Scripting
CVE ID: CVE-2023-4635
CVSS Score: 6.1 (Medium)
Researcher/s: Shuning Xu
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/115ad0b2-febe-485a-8fb5-9bd6edc37ef7
Motors – Car Dealer & Classified Ads <= 1.4.6 – Reflected Cross-Site Scripting
CVE ID: CVE-2023-46208
CVSS Score: 6.1 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1f06b855-c1e1-4378-a340-9dda2919fb83
Contact Form Builder, Contact Widget <= 2.1.6 – Reflected Cross-Site Scripting
CVE ID: CVE-2023-46075
CVSS Score: 6.1 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/43ea0665-2c6e-4c78-8bc5-056f47f190ab
Add Shortcodes Actions And Filters <= 2.0.9 – Reflected Cross-Site Scripting
CVE ID: CVE-2023-46072
CVSS Score: 6.1 (Medium)
Researcher/s: Le Ngoc Anh
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/44cb21f9-467a-4119-99fb-5cd21166a334
Smart Online Order for Clover <= 1.5.4 – Reflected Cross-Site Scripting
CVE ID: CVE-2023-46312
CVSS Score: 6.1 (Medium)
Researcher/s: thiennv
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5f1e0dfa-f99a-43d1-bdc9-6fc7a4ea381d
Conversios.io <= 6.5.3 – Reflected Cross-Site Scripting
CVE ID: CVE-2023-46094
CVSS Score: 6.1 (Medium)
Researcher/s: Phd
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6ad84e6e-5498-4bf1-b662-15b7628ceba2
Grid Plus <= 1.3.2 – Reflected Cross-Site Scripting via grid_id
CVE ID: CVE-2023-46209
CVSS Score: 6.1 (Medium)
Researcher/s: Le Ngoc Anh
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6b213baa-8508-4eb2-ac09-d320e2b4276c
Spider Facebook <= 1.0.15 – Reflected Cross-Site Scripting
CVE ID: CVE-2023-46090
CVSS Score: 6.1 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a74d6b36-e0f1-4cfb-b1e9-0573081ed975
EG-Attachments <= 2.1.3 – Reflected Cross-Site Scripting via ‘paged’
CVE ID: CVE-2023-46070
CVSS Score: 6.1 (Medium)
Researcher/s: Le Ngoc Anh
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b63ccc9a-222d-4119-909b-d04bab78d663
Archivist – Custom Archive Templates <= 1.7.5 – Reflected Cross-Site Scripting
CVE ID: CVE-2023-46194
CVSS Score: 6.1 (Medium)
Researcher/s: Le Ngoc Anh
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e3f59671-0db2-4acf-8e97-a0ead518bebd
FreshMail For WordPress <= 2.3.2 – Reflected Cross-Site Scripting
CVE ID: CVE-2023-46074
CVSS Score: 6.1 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e87fe70d-5ac3-40ee-a8d0-601d7b417562
Protección de Datos RGPD <= 3.1.0 – Reflected Cross-Site Scripting
CVE ID: CVE-2023-46071
CVSS Score: 6.1 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/eaebcae4-cdf5-4eb7-9246-07185fe62d07
WooCommerce PDF Invoice Builder <= 1.2.101 – Reflected Cross-Site Scripting
CVE ID: CVE-2023-46076
CVSS Score: 6.1 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fb0d093b-c339-4b19-a6cd-d2589b8e57ff
Appointment Calendar <= 2.9.6 – Cross-Site Request Forgery
CVE ID: CVE-2023-46198
CVSS Score: 5.4 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/06a92619-5281-414e-8846-be0db38df89d
Themify Ultra <= 7.3.3 – Missing Authorization
CVE ID: CVE-2023-46148
CVSS Score: 5.4 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5cf17465-59a9-475d-bd1a-9e3623190926
Stripe Gateway <= 7.6.0 – Cross-Site Request Forgery
CVE ID: CVE-2023-44999
CVSS Score: 5.4 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8e4ad8fa-b04c-4821-aadb-3120f824557f
Themify Ultra <= 7.3.3 – Missing Authorization
CVE ID: CVE-2023-46146
CVSS Score: 5.4 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a32f50f7-d271-45f6-9a73-838a8dcb901f
Taggbox <= 2.9 – Missing Authorization
CVE ID: CVE-2023-33215
CVSS Score: 5.4 (Medium)
Researcher/s: Jonas Höbenreich
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d970a9f6-69f6-42d2-b863-82b8110e52c3
WP Hotel Booking <= 2.0.7 – Missing Authorization to (Subscriber+) Arbitrary Post Deletion
CVE ID: CVE Unknown
CVSS Score: 5.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0439d2ee-7742-4aa7-ba4e-db55c6b2718e
Post Meta Data Manager <= 1.2.0 – Missing Authorization to Post, Term, and User Meta Deletion
CVE ID: CVE Unknown
CVSS Score: 5.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1958c166-282d-4469-b79d-4e959e0492c1
wpDiscuz <= 7.6.11 – Insufficient Authorization to Comment Submission on Deleted Posts
CVE ID: CVE Unknown
CVSS Score: 5.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4a1fe36b-75d2-48c3-bfac-af965eb9363f
MW WP Form <= 4.4.5 – Missing Authorization
CVE ID: CVE-2023-46206
CVSS Score: 5.3 (Medium)
Researcher/s: Revan Arifio
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/616de170-6645-4a06-a393-51bec1d8bd8c
Contact Form builder with drag & drop – Kali Forms <= 2.3.27 – Missing Authorization via Contact Form
CVE ID: CVE-2023-46083
CVSS Score: 5.3 (Medium)
Researcher/s: Revan Arifio
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bfb473a6-08ba-4b23-877d-4aa661c0053f
SALESmanago <= 3.2.4 – Log Injection via Weak Authentication Token
CVE ID: CVE-2023-4939
CVSS Score: 5.3 (Medium)
Researcher/s: Francesco Carlucci
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/de7db1d6-b352-44c7-a6cc-b21cb65a0482
Broken Link Checker | Finder <= 2.4.2 – Missing Authorization via moblc_auth_save_settings
CVE ID: CVE-2023-46082
CVSS Score: 5.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e4383f41-bd08-4fab-9491-4cf9f7326300
Draft Vulnerability for 404 Solution 2.33.0 – Sensitive Information Exposure
CVE ID: CVE Unknown
CVSS Score: 5.3 (Medium)
Researcher/s: Joshua Chan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fadc1374-fe4d-414a-af84-1a4de5b89807
Smart App Banner <= 1.1.3 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-46200
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0c7497fc-e42c-49a6-99ee-6ec774cc4617
Auto Login New User After Registration <= 1.9.6 – Authenticated (Administrator+) Stored Cross-Site Scripting via alnuar_auto_login_new_user_after_registration_redirect
CVE ID: CVE-2023-46201
CVSS Score: 4.4 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0fb82b48-3cf8-47a5-b68d-e37a1823a125
Eonet Manual User Approve <= 2.1.3 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-32738
CVSS Score: 4.4 (Medium)
Researcher/s: Emili Castells
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2b696e0b-d4e1-4a81-9204-929100ade073
WC Captcha <= 1.4 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-46210
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/400dde23-eafb-4ace-8b4a-ac88d0b200ac
Simple Table Manager <= 1.5.6 – Authenticated(Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-4858
CVSS Score: 4.4 (Medium)
Researcher/s: niclo
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/53760acf-e8b2-4e35-8c01-768472fc0996
Thumbnail Slider With Lightbox <= 1.0 – Authenticated (Administrator+) Stored Cross-Site Scripting via Image Title
CVE ID: CVE-2023-5621
CVSS Score: 4.4 (Medium)
Researcher/s: Ala Arfaoui
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/547c425d-8b0f-4e65-8b8a-c3a3059301fe
Custom post types <= 4.0.12 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-32116
CVSS Score: 4.4 (Medium)
Researcher/s: Taihei Shimamine
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/58ee5f31-7d10-4772-929c-98249a351342
Triberr <= 4.1.1 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-46199
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5e8a8e0e-6dc0-4d9f-aee3-1fd940c49d3d
Category SEO Meta Tags <= 2.5 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-46091
CVSS Score: 4.4 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6985a8bb-0ad5-4b02-9a95-9dbc6018dec0
Maileon <= 2.16.0 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-46068
CVSS Score: 4.4 (Medium)
Researcher/s: DoYeon Park
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a67972d7-abfd-4ce3-9e47-30736ab32af5
WP Full Stripe Free <= 1.6.1 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-46088
CVSS Score: 4.4 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b7c630c0-b37f-48d5-a87c-8e7c60103a30
Internal Link Building <= 1.2.3 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-46192
CVSS Score: 4.4 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dd300737-dda4-4ed3-b21f-0407a5e32a05
Webmaster Tools <= 2.0 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-46093
CVSS Score: 4.4 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e80bb7de-ce18-40d5-bf4c-9616739b2f9d
Who Hit The Page – Hit Counter <= 1.4.14.3 – Cross-Site Request Forgery
CVE ID: CVE-2023-46087
CVSS Score: 4.3 (Medium)
Researcher/s: thiennv
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/07663fae-53e9-45d2-834c-6e1392484e0a
Ashe Extra <= 1.2.6 – Missing Authorization via multiple AJAX actions
CVE ID: CVE-2023-46079
CVSS Score: 4.3 (Medium)
Researcher/s: Jonas Höbenreich
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/09551d22-c8c2-435c-9d00-bb4833497c16
Google Calendar Events <= 3.2.5 – Cross-Site Request Forgery via bulk_actions
CVE ID: CVE-2023-46189
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1218ed3b-badc-464e-adbc-76fb4f6af008
Product Category Tree <= 2.5 – Cross-Site Request Forgery
CVE ID: CVE-2023-46151
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/147e47f8-c40b-4ae7-8627-b32b36e4d14f
Wp Ultimate Review <= 2.2.4 – Cross-Site Request Forgery via wur_settings_view
CVE ID: CVE-2023-46085
CVSS Score: 4.3 (Medium)
Researcher/s: qilin_99
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1559fb43-cc5e-4dd2-80d8-06a137c7276d
Userback <= 1.0.13 – Cross-Site Request Forgery
CVE ID: CVE-2023-46089
CVSS Score: 4.3 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2178b39c-5341-4f53-82be-668b400d7f25
Delete Usermetas <= 1.1.2 – Cross-Site Request Forgery
CVE ID: CVE-2023-5537
CVSS Score: 4.3 (Medium)
Researcher/s: Francesco Carlucci
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/23b46e5b-ce1e-4215-921c-edea7fd6c56a
Simple Calendar <= 3.2.4 – Cross-Site Request Forgery via duplicate_feed
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/38adede2-73ca-470c-8ace-4f5bbec51d28
Webmaster Tools <= 2.0 – Cross-Site Request Forgery vin lionscripts_plg_f
CVE ID: CVE-2023-46092
CVSS Score: 4.3 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4112ca9a-39fa-4fe8-a060-9f8f492eb846
Smooth Scroll Links <= 1.1.0 – Cross-Site Request Forgery
CVE ID: CVE-2023-46095
CVSS Score: 4.3 (Medium)
Researcher/s: Skalucy
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/49018b4b-2833-4ced-b36a-ebe69c5cb096
Open Graph Metabox <= 1.4.4 – Cross-Site Request Forgery
CVE ID: CVE-2023-46191
CVSS Score: 4.3 (Medium)
Researcher/s: Milad Hacking
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5a2b7aac-b11d-4c52-b3d8-7b3f4b3eecd5
Rocket Font <= 1.2.3 – Cross-Site Request Forgery via update_option_check_match_default
CVE ID: CVE-2023-46067
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/635f448b-5c51-4152-b6f5-076a686709bf
Widgets for Google Reviews <= 10.9 – Cross-Site Request Forgery to Plugin Settings Reset
CVE ID: CVE-2023-3254
CVSS Score: 4.3 (Medium)
Researcher/s: Alex Thomas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/70968476-b064-477f-999f-4aa2c51d89cc
Internal Link Building <= 1.2.3 – Cross-Site Request Forgery
CVE ID: CVE-2023-46193
CVSS Score: 4.3 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/78ce6a2a-aa28-4ae9-a2e7-ca3861a9677f
Just Custom Fields <= 3.3.2 – Cross-Site Request Forgery on AJAX Actions
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/79899dc1-4953-4f95-95f5-853d24e7b9ab
Serial Numbers for WooCommerce – License Manager <= 1.6.3 – Cross-Site Request Forgery
CVE ID: CVE-2023-46078
CVSS Score: 4.3 (Medium)
Researcher/s: Skalucy
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8671b549-2cce-4f38-ad2d-a9472f7e8e7b
WP Radio – Worldwide Online Radio Stations Directory for WordPress <= 3.1.9 – Cross-Site Request Forgery
CVE ID: CVE-2023-46150
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/874e9e14-1330-40f0-8199-8abcaae58e98
WOLF <= 1.0.7.1 – Cross-Site Request Forgery
CVE ID: CVE-2023-46152
CVSS Score: 4.3 (Medium)
Researcher/s: thiennv
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8b771d76-b79a-4ff2-9433-8d35734a4396
Auto Login New User After Registration <= 1.9.6 – Cross-Site Request Forgery to Settings Modification
CVE ID: CVE-2023-46202
CVSS Score: 4.3 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9311c7b6-2c32-4f30-8286-6d59c267c09d
DX Delete Attached Media <= 2.0.5.1 – Cross-Site Request Forgery via add_to_base
CVE ID: CVE-2023-46073
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/961d6d1d-46e8-489f-ac5f-51b55c5a0460
ApplyOnline – Application Form Builder and Manager <= 2.5.2 – Missing Authorization
CVE ID: CVE-2023-46080
CVSS Score: 4.3 (Medium)
Researcher/s: thiennv
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a3473b5e-2f50-4845-9cfa-d19129f2a430
Social Media Share Buttons & Social Sharing Icons <= 2.8.5 – Cross-Site Request Forgery
CVE ID: CVE-2023-5602
CVSS Score: 4.3 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d44a45fb-3bff-4a1f-8319-a58a47a9d76b
Duplicate Theme <= 0.1.6 – Cross-Site Request Forgery via themeDuplicationAction
CVE ID: CVE-2023-46204
CVSS Score: 4.3 (Medium)
Researcher/s: Elliot
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d93e0175-db55-42ab-8475-cd0f47e5dcbb
Social proof testimonials and reviews by Repuso <= 4.97 – Missing Authorization
CVE ID: CVE-2023-46196
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ec311df2-33af-4b91-80a1-252d934c7f61
WP EXtra <= 6.2 – Missing Authorization to Export Settings
CVE ID: CVE-2023-46212
CVSS Score: 4.3 (Medium)
Researcher/s: TP Cyber Security
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ed5c433b-eaab-4716-8749-2a5598a1dbb9
Freesoul Deactivate Plugins <= 2.1.3 – Cross-Site Request Forgery via eos_dp_pro_delete_transient
CVE ID: CVE-2023-46188
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f2949ff1-5c69-4189-99a9-e50c65c78461
Popup by Supsystic <= 1.10.19 – Missing Authorization to Sensitive Information Exposure
CVE ID: CVE-2023-46197
CVSS Score: 4.3 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f458663f-6b1a-4acd-b2db-c66d7a915ab7
Just Custom Fields <= 3.3.2 – Missing Authorization on AJAX Actions
CVE ID: CVE-2023-46203
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f6d44749-8b1a-4d22-9917-fee134737063
Novo-Map : your WP posts on custom google maps <= 1.1.2 – Cross-Site Request Forgery
CVE ID: CVE-2023-46190
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f6f91816-a263-4938-bac1-eeb3bb2fc120
Envo Extra <= 1.8.3 – Cross-Site Request Forgery
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f709fca2-b7b6-4567-8055-1156f510d1ca
wpDiscuz <= 7.6.3 – Authenticated(Author+) Insecure Direct Object Reference
CVE ID: CVE-2023-46311
CVSS Score: 2.7 (Low)
Researcher/s: Revan Arifio
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/359c573f-7031-4f56-b66f-c37339667aca
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
Comments