Wordfence Intelligence CE Weekly Vulnerability Report (Feb 6, 2023 to Feb 12, 2023)
In case you missed it, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence Community Edition.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Our mission with Wordfence Intelligence Community Edition is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence Community Edition user interface and vulnerability API are completely free to access and utilize both personally and commercially.
Last week, there were 71 vulnerabilities disclosed in WordPress based software that have been added to the Wordfence Intelligence Community Edition Vulnerability Database. You can find those vulnerabilities below.
ImageMagick Engine <= 1.7.5 – Cross-Site Request Forgery to PHAR Deserialization
CVSS Score: 8.8 (High)
Researcher/s: Rasoul Jahanshahi
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4a2ca2f0-1d4a-4614-86ba-a46e765f4a9f
Plugin for Google Reviews <= 2.2.3 – Authenticated (Subscriber+) SQL Injection
CVSS Score: 8.8 (High)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/75aa7541-d9d4-4526-9831-238327d0f3ae
GigPress <= 2.3.28 – Authenticated (Subscriber+) SQL Injection
CVSS Score: 8.8 (High)
Researcher/s: Erwan LR
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cb1dc7e4-a339-4760-9f63-aaa6590bd5e0
Auto Featured Image (Auto Post Thumbnail) <= 3.9.15 – Authenticated (Author+) Arbitrary File Upload
CVSS Score: 7.2 (High)
Researcher/s: dc11
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/18ff2556-9e20-42f6-a8fb-b81473c42576
My Sticky Elements <= 2.0.8 – Authenticated (Admin+) SQL Injection
CVSS Score: 7.2 (High)
Researcher/s: qerogram
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2b1933a5-48f3-4707-8e3d-824b60ce2635
Redirection for Contact Form 7 <= 2.7.0 – Authenticated(Editor+) Privilege Escalation
CVSS Score: 7.2 (High)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/527c344e-870e-4bd9-b111-86cc2821367d
Monolit <= 2.0.6 – Unauthenticated Stored Cross-Site Scripting
CVSS Score: 7.2 (High)
Researcher/s: FearZzZz
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/60a574c7-47de-4427-8d38-d510ea996f75
Gutenberg Forms <= 2.2.8.3 – Authenticated(Subscriber+) Sensitive Information Disclosure
CVSS Score: 6.5 (Medium)
Researcher/s: Nguyen Anh Tien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5964dd2a-e388-4454-89f6-aa71e1734d35
Shortcodes Ultimate <= 5.12.6 – Authenticated (Subscriber+) Arbitrary File Read via Shortcode
CVSS Score: 6.5 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5dad7348-39ba-4163-a5eb-939601645edb
Shortcodes Ultimate <= 5.12.6 – Authenticated (Subscriber+) Server-Side Request Forgery
CVSS Score: 6.5 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7bb6caf6-5676-49cd-8577-5a41b44b00c0
Cost of Goods for WooCommerce <= 2.8.6 – Missing Authorization in save_costs
CVSS Score: 6.5 (Medium)
Researcher/s: Cat
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/984ca0d3-26c3-40cf-8e77-2ec1e3b89ce2
Icegram Express <= 5.5.2 – Unauthenticated CSV Injection
CVSS Score: 6.5 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a8077d07-acaf-40f2-bc0f-e28a44ead94c
Quick Contact Form <= 8.0.3.1 – Cross-Site Request Forgery to Sensitive Information Disclosure
CVSS Score: 6.5 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b930ddd7-a2a3-4b83-a1a6-ea08bbcb07a3
WP-Optimize <= 3.2.11 – Cross-Site Request Forgery
CVSS Score: 6.5 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c3190f9f-8b2f-4251-8804-f386e2c5678f
Cost of Goods for WooCommerce <= 2.8.6 – Cross-Site Request Forgery in save_costs
CVSS Score: 6.5 (Medium)
Researcher/s: Cat
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ee50731f-696f-4e9f-a930-05b2b23752de
Scriptless Social Sharing <= 3.2.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Block Options
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/84c79b0e-01d2-4710-9a02-edceab8db22d
Quick Contact Form <= 8.0.3.1 – Authenticated (Contributor+) Stored Cross-Site Scripting
CVSS Score: 6.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/90654fac-b9c7-422f-8472-2a7c7fd0de0d
Icegram Collect <= 1.3.8 – Authenticated(Contributor+) Cross-Site Scripting via Shortcode
CVSS Score: 6.4 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/93920201-fd53-45ad-983a-a2b04b96db77
Interactive Geo Maps <= 1.5.9 – Authenticated (Editor+) Stored Cross-Site Scripting
CVSS Score: 6.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/95ce515a-377c-49b4-8d1b-7ac22769c759
Quebely <= 1.8.4 – Authenticated (Contributor+) Stored Cross-Site Scripting via 'className' Block Option
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/991aefb4-2e6b-48e6-bd19-98b21a57f6db
Visualizer <= 3.9.1 – Authenticated(Contributor+) Stored Cross-Site Scripting
CVSS Score: 6.4 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d32ceb67-8ad1-4f59-b4a8-63c9c3e8b90c
Shortcodes Ultimate <= 5.12.6 – Authenticated (Contributor+) Stored Cross Site Scripting
CVSS Score: 6.4 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d449466d-e78a-48a3-8eff-90b56646dd6b
WordPress Comments Import & Export <= 2.3.1 – CSV Injection
CVSS Score: 6.1 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5196a9f2-177d-48e1-b0dc-72e0727132d6
Pie Register <= 3.8.2.2 – Open Redirect
CVSS Score: 6.1 (Medium)
Researcher/s: Omar Amin
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8bbcbefa-f38d-4752-acca-3545976cc59f
微信机器人高级版 <= 6.0.1 – Reflectedite Scripting
CVSS Score: 6.1 (Medium)
Researcher/s: minhtuanact
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9d2a238f-7192-49f0-be2e-3a35fca651d9
Link Juice Keeper <= 2.0.2 – Authenticated(Admin+) Stored Cross-Site Scripting
CVSS Score: 5.5 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/06511129-fb43-4ac1-9f5d-c637c9577293
Chained Quiz <= 1.3.2.5 – Authenticated(Admin+) Stored Cross-Site Scripting
CVSS Score: 5.5 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/68ec28e8-345c-4017-ab0d-04ac4facd60c
Quick Paypal Payments <= 5.7.25 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVSS Score: 5.5 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/99e61ed1-df56-4e95-b4f9-3027ee7b7793
Arigato Autoresponder and Newsletter <= 2.7.1 – Authenticated(Admin+) Stored Cross-Site Scripting
CVSS Score: 5.5 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b1db421d-d935-4441-ae5e-cc01123e80e8
Wicked Folders <= 2.18.16 – Cross-Site Request Forgery via ajax_add_folder
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/08c0ea6c-7e2f-482f-b30c-0e3bcd992159
0mk Shortener <= 0.2 – Cross-Site Request Forgery to Stored Cross-Site Scripting
CVSS Score: 5.4 (Medium)
Researcher/s: Juampa Rodríguez
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3b798c64-3434-427d-b578-5abbdac8cd0e
Wicked Folders <= 2.18.16 – Missing Authorization on ajax_move_object
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0be428ae-40ae-4cc0-82ad-d121b6d2d27e
Wicked Folders <= 2.18.16 – Cross-Site Request Forgery via ajax_save_state
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/261a1bf0-a147-48c8-878e-f9b725ac74d8
Wicked Folders <= 2.18.16 – Missing Authorization on ajax_add_folder
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2764b360-228d-48c1-8a29-d3764e532799
Wicked Folders <= 2.18.16 – Missing Authorization via ajax_unassign_folders
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/29358ea9-21b7-4294-8fc9-0d38e689cf53
Wicked Folders <= 2.18.16 – Missing Authorization on ajax_save_folder
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2c26d6de-5653-4be8-9526-39b30cb61625
Wicked Folders <= 2.18.16 – Missing Authorization via ajax_delete_folder
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/35fb658f-6ffa-4df7-bfcd-25307d89fc26
Wicked Folders <= 2.18.16 – Missing Authorization on ajax_edit_folder
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3ad60a11-e307-4ec9-9099-091a87ff1d3b
Wicked Folders <= 2.18.16 – Cross-Site Request Forgery via ajax_save_folder_order
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4104f69f-b185-498a-aabf-2126ffb94ab3
Wicked Folders <= 2.18.16 – Cross-Site Request Forgery on ajax_save_folder
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/43b43802-f301-4748-98b9-eea78a249355
Wicked Folders <= 2.18.16 – Cross-Site Request Forgery via ajax_edit_folder
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/51b88442-3961-42e2-8ff4-7726819a7f0f
Wicked Folders <= 2.18.16 – Cross-Site Request Forgery via ajax_delete_folder
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/62b56928-7125-4211-b233-07b5b51881c1
Auto Affiliate Links <= 6.2.1.5 – Authenticated(Subscriber+) Plugin Settings Change
CVSS Score: 5.4 (Medium)
Researcher/s: Nguyen Anh Tien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7f787c75-7b27-4256-ac0c-abc2988ea7c8
Wicked Folders <= 2.18.16 – Cross-Site Request Forgery via ajax_clone_folder
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/80797183-c69f-4dce-a2e0-52a395ceffaa
Wicked Folders <= 2.18.16 – Missing Authorization on ajax_save_folder_order
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8d392d0b-f286-44da-aa32-a08d0279baed
Wicked Folders <= 2.18.16 – Missing Authorization on ajax_save_sort_order
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9b26604b-2423-4130-b0ef-8f63a392c760
Wicked Folders <= 2.18.16 – Cross-Site Request Forgery via ajax_save_sort_order
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ae8dbf54-ea62-4901-b34f-079b708ca0b5
Wicked Folders <= 2.18.16 – Missing Authorization on ajax_clone_folder
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c3728280-3487-4cb2-8e37-f33811bc0a22
WPCode <= 2.0.6 – Missing Authorization to Sensitive Key Disclosure/Update
CVSS Score: 5.4 (Medium)
Researcher/s: Sanjay Das
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c4b1cae3-dc08-43b1-9a20-62b7263efeba
Quiz And Survey Master <= 8.0.8 – Cross-Site Request Forgery to Arbitrary Media Deletion
CVSS Score: 5.4 (Medium)
Researcher/s: Julien Ahrens
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c75e6d27-7f6b-4bec-b653-c2024504f427
Wicked Folders <= 2.18.16 – Missing Authorization via ajax_save_state
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d1c43e93-69a3-407e-860e-ab25af5d7177
ShopLentor <= 2.5.1 – Cross-Site Request Forgery to Post Updates
CVSS Score: 5.4 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/db952443-2588-4da0-87d8-5bd2d3be039c
Wicked Folders <= 2.18.16 – Cross-Site Request Forgery on ajax_move_object
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dc01108f-e781-484b-997a-c1d4e218a3f4
Wicked Folders <= 2.18.16 – Cross-Site Request Forgery via ajax_unassign_folders
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e52b27fa-10e8-43d0-be29-774c2f5487ae
CURCY <= 2.1.25 – Missing Authorization to Currency Exchange Retrieval
CVSS Score: 5.3 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ca24aa2f-5d31-4128-af75-68bd24637ee7
Vulnerability: eCommerce Product Catalog plugin for WordPress <= 3.3.4 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/46db2d07-66a6-4d9e-b0fd-ddf6119ba5be
Under Construction <= 3.96 – Cross-Site Request Forgery via admin_action_ucp_dismiss_notice
CVSS Score: 4.3 (Medium)
Researcher/s: Ramuel Gall, Alex Thomas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/031a1203-6b0d-453b-be8a-12e7f55cb401
Booking Calendar Contact Form <= 1.2.34 – Missing Authorization to Authenticated (Subscriber+) Feedback Form Submission
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0563d2f0-fb29-4030-8d01-c257dda78241
Booking Calendar Contact Form <= 1.2.34 – Cross-Site Request Forgery via cpdexbccf_feedback
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/09932277-8af3-4790-96f0-fe5af0a0ed29
Podlove Podcast Publisher <= 3.8.3 – Cross-Site Request Forgery
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/17f2b07d-82de-4e25-9b17-ef4a1132e6c0
A2 Optimized WP <= 3.0.4 – Cross Site Request Forgery
CVSS Score: 4.3 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/463fdbde-1d98-4f52-b835-cba1ae567f4f
Under Construction <= 3.96 – Cross-Site Request Forgery via admin_action_install_weglot
CVSS Score: 4.3 (Medium)
Researcher/s: Ramuel Gall, Alex Thomas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4fa84388-3597-4a54-9ae8-d6e04afe9061
Void Contact Form 7 Widget For Elementor Page Builder <= 2.1.1 – Cross-Site Request Forgery in void_cf7_opt_in_user_data_track
CVSS Score: 4.3 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/56a2084c-5120-4115-a027-625900d23ebc
Ajax Search Lite <= 4.10.3 – Missing Authorization leading to Authenticated (Subscriber+) Sensitive Information Disclosure
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5f2c157b-cd5a-459d-8e26-859e686148dc
Google Maps CP <= 1.0.43 – Cross-Site Request Forgery via feedback_action
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a4aed6ba-23a2-46b6-b7e1-7b7e462b1f5b
All-in-one Google Analytics, Pixels and Product Feed Manager for WooCommerce <= 5.2.3 – Cross-Site Request Forgery
CVSS Score: 4.3 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/aae70da2-fcd8-4e33-8f38-5e19e0c14733
PayPal Brasil para WooCommerce <= 1.4.2 – Cross-Site Request Forgery
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b4a44a8a-740b-45dd-962c-945238f6ddee
Google Maps CP <= 1.0.43 – Missing Authorization to Authenticated (Subscriber+) Feedback Form Submission
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bc9a2639-cec8-408e-9ba2-ffb6c8c7da21
Mercado Pago payments for WooCommerce <= 6.3.1 – Cross-Site Request Forgery
CVSS Score: 4.3 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ce30649a-c1a0-42d5-b2e7-1ebe7989efa3
Album and Image Gallery plus Lightbox <= 1.6.2 – Cross-Site Request Forgery
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/df1a3425-b1d7-4914-ab19-c215d4e845ea
ColorWay <= 4.2.3 – Cross Site Request Forgery
CVSS Score: 4.3 (Medium)
Researcher/s: Dave Jong
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ecfa530c-a164-4215-b68a-7be81be3fd48
If you’d like to receive this weekly vulnerability report by email, along with Wordfence Intelligence CE product updates, sign up to the Wordfence Intelligence Community Edition Newsletter by filling out this form below.
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence Community Edition leaderboard along with being mentioned in our weekly vulnerability report.
Comments