Wordfence Intelligence CE Weekly Vulnerability Report (Feb 13, 2023 to Feb 19, 2023)
Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence Community Edition.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Our mission with Wordfence Intelligence Community Edition is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence Community Edition user interface and vulnerability API are completely free to access and utilize both personally and commercially.
Last week, there were 104 vulnerabilities disclosed in WordPress based software that have been added to the Wordfence Intelligence Community Edition Vulnerability Database. You can find those vulnerabilities below.
GamiPress <= 2.5.7 – Unauthenticated SQL Injection
CVSS Score: 9.8 (Critical)
Researcher/s: Dave Jong
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1b097ab2-7675-4409-b22a-ad70cee35ab1
WatchTowerHQ <= 3.6.16 – Type Juggling to Authentication Bypass in check_ota
CVSS Score: 9.8 (Critical)
Researcher/s: Dave Jong
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/481c738e-d544-4587-8632-e85a7ddd8b14
WooCommerce Checkout Field Manager <= 17.3 – Unauthenticated Arbitrary File Upload
CVSS Score: 9.8 (Critical)
Researcher/s: cydave
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9be94d63-f027-4988-ab41-673658c1fa5f
WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.5.14 – Cross-Site Request Forgery
CVSS Score: 8.8 (High)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/faac24e5-94f2-40e5-932e-93ddc2c8af7c
Get URL Cron <= 1.4.7 – Missing Authorization via geturlcron_action_handle
CVSS Score: 7.5 (High)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/766003e7-712e-481b-b09d-91d62a325718
Quick Paypal Payments <= 5.7.25 – Missing Authorization
CVSS Score: 7.3 (High)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b8133d84-e28c-4132-9eb5-941800320f84
RSVPMaker <= 9.9.3 – Authenticated (Admin+) SQL Injection via 'delete' parameter
CVSS Score: 7.2 (High)
Researcher/s: Muhammad Arsalan Diponegoro
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/13101551-d62e-4b27-9156-5b3d022f0e55
RSVPMaker <= 9.9.3 – Authenticated (Admin+) SQL Injection via $email value
CVSS Score: 7.2 (High)
Researcher/s: Aldo Dimas Anugrah K
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/44373541-adc5-4aa0-abde-0693f2760afb
Quiz And Survey Master <= 8.0.8 – Unauthenticated Arbitrary Media Deletion
CVSS Score: 7.2 (High)
Researcher/s: Julien Ahrens
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/68110321-db1a-4634-98cd-0afd3ec933b8
Multi Rating <= 5.0.5 – Unauthenticated Stored Cross-Site Scripting
CVSS Score: 7.2 (High)
Researcher/s: minhtuanact
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/979699fd-ff31-4cba-bbf2-03fa51554031
WP Coder – add custom html, css and js code <= 2.5.3 – Authenticated (Admin+) SQL Injection
CVSS Score: 7.2 (High)
Researcher/s: Etan Imanol Castro Aldrete
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e4b6a9cd-4d29-4bd8-afa3-b5d455ad8340
Media Library Assistant <= 3.05 – Authenticated (Administrator+) SQL Injection
CVSS Score: 7.2 (High)
Researcher/s: Daniel Krohmer, Kunal Sharma
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ecc59a6f-5e4a-44b4-932d-ed990ebb075a
Archivist – Custom Archive Templates <= 1.7.4 – Cross-Site Request Forgery
CVSS Score: 7.1 (High)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4e381ad7-efe6-48c4-af3a-22d01d73a065
Ocean Extra <= 2.1.2 – Authenticated (Subscriber+) Arbitrary Post Access
CVSS Score: 6.5 (Medium)
Researcher/s: Erwan LR
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/32192878-930a-4947-a38f-ec395c17e515
Protected Posts Logout Button <= 1.4.5 – Missing Authorization on pplb_options_save
CVSS Score: 6.5 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b87f8bd6-d00d-4062-bf27-b698a1d7e757
Profile Builder – User Profile & User Registration Forms <= 3.9.0 – Sensitive Information Disclosure via Shortcode
CVSS Score: 6.5 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bbedad66-a5a6-4fb5-b03e-0ecf9fbef19a
Google Maps v3 Shortcode <= 1.2.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/15123d5f-eb24-46e3-81ec-7dd4f108a42d
WordPress Fancy Comments <= 1.2.10 – Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2508adc4-2a2f-4b6c-9b5a-da85d94226a0
Portfolio Slideshow <= 1.13.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/26b5c665-b7f6-4481-b9e9-010f9e451d9b
Resume Builder <= 3.1.1 – Authenticated (Subscriber+) Stored Cross-Site Scripting
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3005c53e-eb09-479f-a4e4-b8d40583d80d
Ocean Extra <= 2.1.2 – Authenticated (Contributor+) Stored Cross-Site Scripting
CVSS Score: 6.4 (Medium)
Researcher/s: Erwan LR
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/596e970b-5a40-46cd-aa32-ac6ace39c21b
Olevmedia Shortcodes <= 1.1.9 – Authenticated (Contributor+) Stored Cross-Site Scripting
CVSS Score: 6.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/66607be6-cca1-4cbb-b1c0-708d640b1151
vSlider Multi Image Slider <= 4.1.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/72a2449c-4292-45e6-bfe8-106f8043fcad
Portfolio – WordPress Portfolio Plugin <= 2.8.10 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7c95bbba-6459-420f-a072-3b02c7d58ea0
Campaign URL Builder <= 1.8.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b2839fdc-5904-4c3b-894f-7bf7e8b2986a
Quick Paypal Payments <= 5.7.25 – Authenticated (Contributor+) Cross Site Scripting
CVSS Score: 6.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b36303d6-ad28-4354-9f60-acc7df15f468
Ultimate WP Query Search Filter <= 1.0.10 – Authenticated (Contributor+) Stored Cross Site Scripting
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f3ef0c46-5765-458e-80c0-ecfc6ead6df6
vSlider Multi Image Slider <= 4.1.2 – Cross-Site Request Forgery
CVSS Score: 6.3 (Medium)
Researcher/s: Unknown
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/14376064-13c4-4874-afea-395af2a1933d
Shoppable Images Lite <= 1.2.3 – Missing Authorization
CVSS Score: 6.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/413b2b38-44f2-4756-b66d-b6544c7ecaa2
ALD Dropping and Fulfillment for AliExpress and WooCommerce <= 1.0.21 – Missing Authorization to Order Information Disclosure
CVSS Score: 6.3 (Medium)
Researcher/s: Cat
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/75f0bc5a-f588-4aeb-9e55-72e180d39ddf
vSlider Multi Image Slider <= 4.1.2 – Missing Authorization
CVSS Score: 6.3 (Medium)
Researcher/s: Unknown
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f0c7324f-4c22-44e0-8d2a-9b95fd89467d
Twitch Player <= 2.1.0 – Authenticated (Admin+) Stored Cross-Site Scripting
CVSS Score: 6.1 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/03c8ec0a-f75f-450f-86e7-a18dfbae9461
WPGlobus Translate Options <= 2.1.0 – Reflected Cross-Site Scripting via page
CVSS Score: 6.1 (Medium)
Researcher/s: Ngo Van Thien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bf0a1568-e97c-41ea-b2c3-ba335f0b4360
Interactive SVG Image Map Builder <= 1.0 – Authenticated(Admin+) Stored Cross-Site Scripting
CVSS Score: 5.5 (Medium)
Researcher/s: Lokesh Dachepalli
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/12d84de4-d97e-40cc-9805-fc9b7de8fa21
Zeno Font Resizer <= 1.7.9 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVSS Score: 5.5 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4dbba653-e23e-43e6-9dc5-83a6c99f8dc6
Quick Event Manager <= 9.6.4 – Authenticated(Admin+) Stored Cross-Site Scripting
CVSS Score: 5.5 (Medium)
Researcher/s: Justiice
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8962c601-2c2c-4b96-b8a4-fdc2ad8a2c08
Archivist – Custom Archive Templates <= 1.7.4 – Authenticated(Admin+) Stored Cross-Site Scripting
CVSS Score: 5.5 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/90333dc7-8bdf-4a59-8001-7eb76b4bc61d
Click to Call or Chat Buttons <= 1.4.0 – Authenticated(Admin+) Stored Cross-Site Scripting
CVSS Score: 5.5 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/92880588-a733-43df-adf6-74fe6291822d
WP Prayer <= 1.9.6 – Authenticated(Admin+) Stored Cross-Site Scripting
CVSS Score: 5.5 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b9738054-058f-47be-9973-f119fbfd4396
Robots.txt optimization <= 1.4.5 – Cross Site Request Forgery
CVSS Score: 5.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/03eed366-c018-44b9-bb72-56911e9957b8
Cart All In One For WooCommerce <= 1.1.10 – Cross-Site Request Forgery to Cart Changes
CVSS Score: 5.4 (Medium)
Researcher/s: Cat
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1d5d2217-306c-4ea2-9727-5c02f7d67c2d
Advanced Dynamic Pricing for WooCommerce <= 4.1.5 – Cross-Site Request Forgery via handleSubmitAction function
CVSS Score: 5.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/272c6fbb-bc85-46d9-b139-87534b2a0842
Shoppable Images <= 1.2.3 – Cross Site Request Forgery
CVSS Score: 5.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2e6a78dc-9b67-4ab5-83f9-be82d05d3a13
VikBooking Hotel Booking Engine & PMS <= 1.5.12 – Cross-Site Request Forgery in saveconfig function
CVSS Score: 5.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/385c6324-3d8e-4dc7-b8ca-309b05e7bdcc
ALD Dropping and Fulfillment for AliExpress and WooCommerce <= 1.0.21 – Cross-Site Request Forgery to Order Information Disclosure
CVSS Score: 5.4 (Medium)
Researcher/s: Cat
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4352b2dc-d2a7-4cc9-a44f-1f5be46e2482
VikBooking Hotel Booking Engine & PMS <= 1.5.12 – Cross-Site Request Forgery in savetmplfile function
CVSS Score: 5.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4ad32ff7-0557-439d-aa0f-49c5ea4271ab
Simple PDF Viewer <= 1.9 – Authenticated (Contributor+) Stored Cross-Site Scripting via googlepdf Shortcode
CVSS Score: 5.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/89bc17fd-14e8-4210-8cf7-a043d1ea9c22
Podlove Subscribe button <= 1.3.7 – Cross-Site Request Forgery via process_form function
CVSS Score: 5.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/af695224-24e7-4d5b-b472-dee53eb6073f
Protected Posts Logout Button <= 1.4.4 – Cross-Site Request Forgery to Settings Update
CVSS Score: 5.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c79fd08c-97bc-4d55-832e-92d0897bc3dc
VikBooking Hotel Booking Engine & PMS <= 1.5.12 – Cross-Site Request Forgery in savetranslation function
CVSS Score: 5.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d0631ac6-2d85-4073-be2c-05480deecf97
VikBooking Hotel Booking Engine & PMS <= 1.5.12 – Cross-Site Request Forgery in savetranslationstay function
CVSS Score: 5.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d2594cef-6bde-425f-9412-fd4ed3da312e
Conditional Payments for WooCommerce <= 2.3.1 – Cross-Site Request Forgery
CVSS Score: 5.4 (Medium)
Researcher/s: Cat
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/db15295f-505f-4a0a-bb3a-3ff6daf73008
Podlove Subscribe button <= 1.3.7 – Cross-Site Request Forgery via save function
CVSS Score: 5.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/eb9a6c9b-24fb-436f-b583-55adeedb726e
Meta Slider and Carousel with Lightbox <= 1.6.2 – Cross-Site Request Forgery
CVSS Score: 5.4 (Medium)
Researcher/s: Cat
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f5f59b16-b38a-451b-b220-044598872735
RegistrationMagic <= 5.1.9.2 – Cross-Site Request Forgery leading to Form Metadata Deletion
CVSS Score: 5.4 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fcfb3a6e-7b58-4568-8439-e9c68a2223b9
WordPress Social Login and Register <= 7.6.0 – Missing Authorization to Unauthenticated Arbitrary Content Deletion
CVSS Score: 5.3 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/021a25c9-7fad-425f-8104-bb4852603613
WP Post Rating <= 2.4.6 – Missing Authorization to Vote Manipulation
CVSS Score: 5.3 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/96ab5bb0-724c-434b-acc4-be8265b4838f
Woodmart <= 7.0.4 – Unauthenticated Arbitrary Content Injection
CVSS Score: 5.3 (Medium)
Researcher/s: FearZzZz
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cb1db880-0942-4fac-a548-8b6a28dce8c0
VikBooking Hotel Booking Engine & PMS <= 1.5.12 – Cross-Site Request Forgery in save_admin_widgets function
CVSS Score: 5.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e2945971-80c6-44a2-bc65-1243af365692
All-In-One Security (AIOS) <= 5.1.4 – Authenticated(Admin+) Directory Traversal
CVSS Score: 4.9 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/03bf84e2-c101-416d-a953-c63ecd1dba7d
Campaign URL Builder <= 1.8.1 – Authenticated (Admin+) Stored Cross-Site Scripting via Create Link
CVSS Score: 4.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/06294c35-6d58-4270-b143-757831fc5da6
WP BaiDu Submit <= 1.2.1 – Authenticated (Admin+) Stored Cross-Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2241fa07-b6b7-4e5d-8951-ae844a7b88e8
Announce from the Dashboard <= 1.5.1 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2b75dce8-3e31-45e8-b193-5df3e4391e56
Sticky Ad Bar <= 1.3.1 – Authenticated (Admin+) Stored Cross-Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/750a4a94-458c-4944-a99b-a1c8e23e57d1
Easy Panorama <= 1.1.4 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/783829c2-fe09-44a1-bbb5-2a694ad816ee
Eyes Only: User Access Shortcode <= 1.8.2 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7bbc181f-318e-48ea-a2f7-c668ad15c8a6
Podlove Subscribe button <= 1.3.7 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/89058e5a-0f67-4162-ba3b-0a4353d1e0a9
Quick Contact Form <= 8.0.3.1 – Authenticated (Admin+) Stored Cross Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8b5e86be-8a35-48d8-a676-9f7074b81cb7
Feed Changer <= 0.2 – Authenticated (Admin+) Stored Cross-Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9198ffe4-2f9e-4d80-9f5d-cf967b3feb43
Inline Tweet Sharer <= 2.5.3 – Authenticated (Admin+) Stored Cross-Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9a85b549-f6a4-4dc3-9f2a-35d783099f96
Peadig's Like & Share Button <= 1.1.5 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9d8e0ad2-3cfb-443f-9958-9639d0745dd7
JSON Content Importer <= 1.3.15 – Authenticated (Admin+) Cross Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a3839c47-5fd0-48e7-9637-d40bd237e122
Tapfiliate <= 3.0.12 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a472e78c-ebd7-4ab8-9b47-96c526754387
Google Analytics Opt-Out <= 2.3.4 – Authenticated (Admin+) Stored Cross-Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a90ea845-9f7f-4a89-887d-cf4337f8471f
WP资源下载管理 <= 1.3.9 – Authenticatministrator+) Stored Cross-Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/aa7aad43-54b4-4b9f-9584-292e40be71bc
WP Open Social <= 5.0 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/be0dc9be-f597-46d8-badd-452e442a6d1a
WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.5.14 – Authenticated (Contributor+) Stored Cross-Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ca91046d-61c1-4a65-a078-c7dffb27092c
Service Area Postcode Checker <= 2.0.8 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/da8dd02f-0d9f-44a2-bcad-1e392668dd67
Nooz <= 1.6.0 – Authenticated (Admin+) Stored Cross-Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e8b5bc1b-c9dc-4ce5-86db-2802f5b49d0b
Simple Yearly Archive <= 2.1.8 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e8d41006-ab36-4eed-8c17-2937ca7aff1b
Upload File Type Settings Plugin <= 1.1 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f4dd4479-2f41-426f-b98c-7c654a82ccfe
Wp-Insert <= 2.5.0 Authenticated (Admin+) Stored Cross Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f607b33a-58ef-4526-9ca1-aaa444aa12bc
VikBooking Hotel Booking Engine & PMS <= 1.5.12 – Cross-Site Request Forgery in admin_widgets_welcome function
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/035d5f4a-1145-48e0-8388-e319088ebd52
Advanced Dynamic Pricing for WooCommerce <= 4.1.5 – Cross-Site Request Forgery via migrateCommonToProductOnly function
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/048768bf-326c-455e-919c-9691d6537062
Advanced Dynamic Pricing for WooCommerce <= 4.1.5 – Missing Authorization in ajaxCalculatePrice function
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0cefa293-c934-413e-b946-07e3060472ee
WP VR <= 8.2.7 – Cross-Site Request Forgery
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/13a0dd72-1124-4b5d-9bad-fe4fea8e3e68
Schema – All In One Schema Rich Snippets <= 1.6.5 – Cross-Site Request Forgery in rich_snippet_dashboard
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/23b018d3-3451-4ae8-b571-07e931ad23df
GamiPress <= 2.5.6 – Missing Authorization to User Points Updates
CVSS Score: 4.3 (Medium)
Researcher/s: Dave Jong
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4c2ce765-018a-4292-b150-7905723d1335
Advanced Dynamic Pricing for WooCommerce <= 4.1.5 – Cross-Site Request Forgery via migrateProductOnlyToCommon function
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4f062ef2-ef94-47c2-8eba-dc7ff6c2537d
Advanced Dynamic Pricing for WooCommerce <= 4.1.5 – Missing Authorization in migrateProductOnlyToCommon function
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/59ff3445-0dfd-4a1a-9ac8-d088b8f4dbf3
AutomatorWP <= 2.5.8 – Cross Site Request Forgery via bulk_delete
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5ebdf903-828e-4a22-953a-17d85984b576
VikBooking Hotel Booking Engine & PMS <= 1.5.12 – Cross-Site Request Forgery in exec_multitask_widgets function
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6adc0154-169a-4d72-8687-66dbf6766139
Locatoraid Store Locator <= 3.9.11 – Cross Site Request Forgery in grab
CVSS Score: 4.3 (Medium)
Researcher/s: Ngo Van Thien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7feecce5-f2ce-4278-b648-e363b1fa5d7a
WordPress Email Marketing Plugin – WP Email Capture <= 3.9.3 – Cross Site Request Forgery
CVSS Score: 4.3 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8f052dfc-609d-43ed-a8bb-e30294749d03
Get URL Cron <= 1.4.7 – Cross-Site Request Forgery via geturlcron_action_handle
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/934b2767-eae4-4c2d-a635-2e6a27fd9f49
OAuth Single Sign On – SSO (OAuth Client) <= 6.24.1- Cross-Site Request Forgery
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a250f678-1ec7-48ea-8b81-e5ef89992155
NextGEN Gallery <= 3.28 – Cross-Site Request Forgery leading to Post Thumbnail Change
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a841456c-2a01-4caf-bebe-e018b92697d8
VikBooking Hotel Booking Engine & PMS <= 1.5.12 – Cross-Site Request Forgery in widgets_watch_data function
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b07b46a6-8a5d-40cb-8af9-baf0f1722736
VikBooking Hotel Booking Engine & PMS <= 1.5.12 – Cross-Site Request Forgery in exec_admin_widget function
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b5ef15c4-c96b-4e88-a941-e34d23a0e06a
Tickera <= 3.5.1.0 – Cross-Site Request Forgery to Ticket Post Status Change
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bb0f8a0c-d02f-46e2-8808-3ffada105d13
TeraWallet – For WooCommerce <= 1.3.24 – Cross-Site Request Forgery via admin_options
CVSS Score: 4.3 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d274f8b1-0f7c-44cc-8063-3d04a33a9404
Advanced Dynamic Pricing for WooCommerce <= 4.1.5 – Missing Authorization in migrateCommonToProductOnly function
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/de46743b-2cc6-4a29-bbc4-bc6cfb540e26
Advanced Dynamic Pricing for WooCommerce <= 4.1.5 – Missing Authorization in ajaxCalculateSeveralProducts function
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f58f994e-0a9b-4b40-9e38-535169c793d3
GamiPress <= 2.5.6 – Cross-Site Request Forgery to User Earnings Deletion
CVSS Score: 4.3 (Medium)
Researcher/s: Dave Jong
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ff4b757a-9ede-496b-b559-cf952d39fe70
If you’d like to receive this weekly vulnerability report by email, along with Wordfence Intelligence CE product updates, sign up to the Wordfence Intelligence Community Edition Newsletter by filling out this form below.
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence Community Edition leaderboard along with being mentioned in our weekly vulnerability report.
Comments