Wordfence Intelligence Weekly WordPress Vulnerability Report (August 28, 2023 to September 3, 2023)
Last week, there were 64 vulnerabilities disclosed in 61 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 32 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API and webhook notifications are completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
| Unpatched | 37 |
| Patched | 27 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
| Low Severity | 2 |
| Medium Severity | 53 |
| High Severity | 6 |
| Critical Severity | 3 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
| Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 29 |
| Missing Authorization | 12 |
| Cross-Site Request Forgery (CSRF) | 11 |
| Unrestricted Upload of File with Dangerous Type | 5 |
| Server-Side Request Forgery (SSRF) | 1 |
| URL Redirection to Untrusted Site (‘Open Redirect’) | 1 |
| Improper Input Validation | 1 |
| Authorization Bypass Through User-Controlled Key | 1 |
| Improper Control of Generation of Code (‘Code Injection’) | 1 |
| Use of Less Trusted Source | 1 |
| Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) | 1 |
Researchers That Contributed to WordPress Security Last Week
| Researcher Name | Number of Vulnerabilities |
| Rio Darmawan | 11 |
| Rafie Muhammad | 5 |
| Lana Codes (Wordfence Vulnerability Researcher) |
4 |
| thiennv | 3 |
| LEE SE HYOUNG | 3 |
| Mika | 2 |
| Zlrqh | 2 |
| Dmitrii | 2 |
| László Radnai | 2 |
| Elliot | 2 |
| Marco Wotschka (Wordfence Vulnerability Researcher) |
2 |
| Bartłomiej Marek | 2 |
| Tomasz Swiadek | 2 |
| Abdi Pranata | 2 |
| Phd | 1 |
| Emili Castells | 1 |
| Pavitra Tiwari | 1 |
| Ramuel Gall (Wordfence Vulnerability Researcher) |
1 |
| FearZzZz | 1 |
| emad | 1 |
| Prasanna V Balaji | 1 |
| deokhunKim | 1 |
| yuyudhn | 1 |
| Le Ngoc Anh | 1 |
| Dipak Panchal | 1 |
| mehmet | 1 |
| Lokesh Dachepalli | 1 |
| Jonas Höbenreich | 1 |
| Enrico Marcolini | 1 |
| Animesh Gaurav | 1 |
| Jonatas Souza Villa Flor | 1 |
| Ravi Dharmawan | 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
| Activity Log | aryo-activity-log |
| AffiliateWP | AffiliateWP |
| All-in-One WP Migration Box Extension | all-in-one-wp-migration-box-extension |
| All-in-One WP Migration Dropbox Extension | all-in-one-wp-migration-dropbox-extension |
| All-in-One WP Migration Google Drive Extension | all-in-one-wp-migration-gdrive-extension |
| All-in-One WP Migration OneDrive Extension | all-in-one-wp-migration-onedrive-extension |
| Better Elementor Addons | better-elementor-addons |
| Bridge Core | bridge-core |
| Ditty – Responsive News Tickers, Sliders, and Lists | ditty-news-ticker |
| DoLogin Security | dologin |
| Easy Coming Soon | easy-coming-soon |
| Easy Newsletter Signups | easy-newsletter-signups |
| Email Encoder – Protect Email Addresses and Phone Numbers | email-encoder-bundle |
| Fast & Effective Popups & Lead-Generation for WordPress – HollerBox | holler-box |
| FileOrganizer – Manage WordPress and Website Files | fileorganizer |
| Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager | folders |
| Font Awesome 4 Menus | font-awesome-4-menus |
| Forminator – Contact Form, Payment Form & Custom Form Builder | forminator |
| GiveWP – Donation Plugin and Fundraising Platform | give |
| GuruWalk Affiliates | guruwalk-affiliates |
| Happy Addons for Elementor Pro | happy-elementor-addons-pro |
| Import XML and RSS Feeds | import-xml-feed |
| Localize Remote Images | localize-remote-images |
| Login and Logout Redirect | login-and-logout-redirect |
| LuckyWP Scripts Control | luckywp-scripts-control |
| Maintenance Switch | maintenance-switch |
| MakeStories (for Google Web Stories) | makestories-helper |
| Metform Elementor Contact Form Builder | metform |
| Multi-column Tag Map | multi-column-tag-map |
| Olive One Click Demo Import | olive-one-click-demo-import |
| Order Tracking – WordPress Status Tracking Plugin | order-tracking |
| Ovic Product Bundle | ovic-product-bundle |
| Popup Builder – Create highly converting, mobile friendly marketing popups. | popup-builder |
| Popup box | ays-popup-box |
| PowerPress Podcasting plugin by Blubrry | powerpress |
| Prevent files / folders access | prevent-file-access |
| Pricing Deals for WooCommerce | pricing-deals-for-woocommerce |
| RSVPMaker | rsvpmaker |
| Remove/hide Author, Date, Category Like Entry-Meta | removehide-author-date-category-like-entry-meta |
| Responsive Gallery Grid | responsive-gallery-grid |
| Sermon’e – Sermons Online | sermone-online-sermons-management |
| Simple 301 Redirects by BetterLinks | simple-301-redirects |
| Site Reviews | site-reviews |
| Sitekit | sitekit |
| Slimstat Analytics | wp-slimstat |
| Smarty for WordPress | smarty-for-wordpress |
| Snap Pixel | snap-pixel |
| Social Media Share Buttons & Social Sharing Icons | ultimate-social-media-icons |
| Social Share Boost | social-share-boost |
| Surfer – WordPress Plugin | surferseo |
| URL Shortener by MyThemeShop | mts-url-shortener |
| Ultimate Addons for Contact Form 7 | ultimate-addons-for-contact-form-7 |
| WP Bannerize Pro | wp-bannerize-pro |
| WP GoToWebinar | wp-gotowebinar |
| WP Search Analytics | search-analytics |
| WP Super Minify | wp-super-minify |
| WP Synchro – WordPress Migration Plugin for Database & Files | wpsynchro |
| WP Users Media | wp-users-media |
| WP-dTree | wp-dtree-30 |
| WordPress Ecommerce For Creating Fast Online Stores – By SureCart | surecart |
| authLdap | authldap |
WordPress Themes with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
| Arya Multipurpose Pro | arya-multipurpose-pro |
| Everest News Pro | everest-news-pro |
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities.
Forminator <= 1.24.6 – Unauthenticated Arbitrary File Upload
Affected Software: Forminator – Contact Form, Payment Form & Custom Form Builder
CVE ID: CVE-2023-4596
CVSS Score: 9.8 (Critical)
Researcher/s: mehmet
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9cd87da6-1f4c-4a15-8ebb-6e0f8ef72513
CVE ID: CVE-2023-4596
CVSS Score: 9.8 (Critical)
Researcher/s: mehmet
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9cd87da6-1f4c-4a15-8ebb-6e0f8ef72513
Import XML and RSS Feeds <= 2.1.4 – Unauthenticated Remote Code Execution
Affected Software: Import XML and RSS Feeds
CVE ID: CVE-2023-4521
CVSS Score: 9.8 (Critical)
Researcher/s: Enrico Marcolini
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c0856920-5463-4dd3-a4fd-e56901a89b83
CVE ID: CVE-2023-4521
CVSS Score: 9.8 (Critical)
Researcher/s: Enrico Marcolini
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c0856920-5463-4dd3-a4fd-e56901a89b83
RSVPMarker <= 10.6.6 – Unauthenticated SQL Injection
Affected Software: RSVPMaker
CVE ID: CVE-2023-41652
CVSS Score: 9.8 (Critical)
Researcher/s: Ravi Dharmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f655704d-70a1-40d8-ae36-39029185d262
CVE ID: CVE-2023-41652
CVSS Score: 9.8 (Critical)
Researcher/s: Ravi Dharmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f655704d-70a1-40d8-ae36-39029185d262
Folders <= 2.9.2 – Authenticated (Author+) Arbitrary File Upload in handle_folders_file_upload
Affected Software: Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager
CVE ID: CVE-2023-40204
CVSS Score: 8.8 (High)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9ab28410-76c5-43cb-b87a-c99f8867167c
CVE ID: CVE-2023-40204
CVSS Score: 8.8 (High)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9ab28410-76c5-43cb-b87a-c99f8867167c
Give – Donation Plugin <= 2.33.0 – Authenticated(Give Manager+) Privilege Escalation
Affected Software: GiveWP – Donation Plugin and Fundraising Platform
CVE ID: CVE-2023-41665
CVSS Score: 7.2 (High)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/22ff4b09-063b-425e-9d59-be2e5d283186
CVE ID: CVE-2023-41665
CVSS Score: 7.2 (High)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/22ff4b09-063b-425e-9d59-be2e5d283186
Olive One Click Demo Import <= 1.0.9 – Authenticated (Administrator+) Arbitrary File Upload in olive_one_click_demo_import_save_file
Affected Software: Olive One Click Demo Import
CVE ID: CVE-2023-29102
CVSS Score: 7.2 (High)
Researcher/s: deokhunKim
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4f3e3311-11d8-4e4f-9d99-36533fe44d56
CVE ID: CVE-2023-29102
CVSS Score: 7.2 (High)
Researcher/s: deokhunKim
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4f3e3311-11d8-4e4f-9d99-36533fe44d56
DoLogin Security <= 3.6 – Unauthenticated Stored Cross-Site Scripting
Affected Software: DoLogin Security
CVE ID: CVE-2023-4549
CVSS Score: 7.2 (High)
Researcher/s: Bartłomiej Marek, Tomasz Swiadek
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ad34d657-da59-46ff-a54a-64e6c8974b69
CVE ID: CVE-2023-4549
CVSS Score: 7.2 (High)
Researcher/s: Bartłomiej Marek, Tomasz Swiadek
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ad34d657-da59-46ff-a54a-64e6c8974b69
Prevent files / folders access <= 2.5.1 – Authenticated (Administrator+) Arbitrary File Upload in mo_media_restrict_page
Affected Software: Prevent files / folders access
CVE ID: CVE-2023-4238
CVSS Score: 7.2 (High)
Researcher/s: Dmitrii
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b266bd10-dbc6-4058-a5b2-1578c0814cb4
CVE ID: CVE-2023-4238
CVSS Score: 7.2 (High)
Researcher/s: Dmitrii
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b266bd10-dbc6-4058-a5b2-1578c0814cb4
Import XML and RSS Feeds <= 2.1.3 – Authenticated (Admin+) Arbitrary File Upload
Affected Software: Import XML and RSS Feeds
CVE ID: CVE-2023-4300
CVSS Score: 7.2 (High)
Researcher/s: Jonatas Souza Villa Flor
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f45b4c43-c6c4-41da-bd59-9a355800815a
CVE ID: CVE-2023-4300
CVSS Score: 7.2 (High)
Researcher/s: Jonatas Souza Villa Flor
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f45b4c43-c6c4-41da-bd59-9a355800815a
Easy Newsletter Signups <= 1.0.4 – Missing Authorization
Affected Software: Easy Newsletter Signups
CVE ID: CVE-2023-41664
CVSS Score: 6.5 (Medium)
Researcher/s: Emili Castells
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/288946ae-6e58-42e6-89d1-8951539728d3
CVE ID: CVE-2023-41664
CVSS Score: 6.5 (Medium)
Researcher/s: Emili Castells
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/288946ae-6e58-42e6-89d1-8951539728d3
Slimstat Analytics <= 5.0.9 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: Slimstat Analytics
CVE ID: CVE-2023-4597
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/52aee4b8-f494-4eeb-8357-71ce8d5bc656
CVE ID: CVE-2023-4597
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/52aee4b8-f494-4eeb-8357-71ce8d5bc656
Sitekit <= 1.3 – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘sitekit_iframe ‘ shortcode
Affected Software: Sitekit
CVE ID: CVE-2023-27628
CVSS Score: 6.4 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7f0be29a-7896-4166-a2a6-64f99d845236
CVE ID: CVE-2023-27628
CVSS Score: 6.4 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7f0be29a-7896-4166-a2a6-64f99d845236
Font Awesome 4 Menus <= 4.7.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: Font Awesome 4 Menus
CVE ID: CVE-2023-4718
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dc59510c-6eaf-4526-8acb-c07e39923ad9
CVE ID: CVE-2023-4718
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dc59510c-6eaf-4526-8acb-c07e39923ad9
Email Encoder <= 2.1.7 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: Email Encoder – Protect Email Addresses and Phone Numbers
CVE ID: CVE-2023-4599
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e90f04e4-eb4c-4822-89c6-79f553987c37
CVE ID: CVE-2023-4599
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e90f04e4-eb4c-4822-89c6-79f553987c37
Login and Logout Redirect <= 2.0.2 – Open Redirect
Affected Software: Login and Logout Redirect
CVE ID: CVE-2023-41648
CVSS Score: 6.1 (Medium)
Researcher/s: Phd
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/09a0639e-4b14-4dc9-a50c-d18234faa7b1
CVE ID: CVE-2023-41648
CVSS Score: 6.1 (Medium)
Researcher/s: Phd
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/09a0639e-4b14-4dc9-a50c-d18234faa7b1
Arya Multipurpose Pro <= 1.0.8 – Reflected Cross-Site Scripting
Affected Software: Arya Multipurpose Pro
CVE ID: CVE-2023-41237
CVSS Score: 6.1 (Medium)
Researcher/s: László Radnai
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/22cfbaa1-5412-4944-899c-7ae41d017384
CVE ID: CVE-2023-41237
CVSS Score: 6.1 (Medium)
Researcher/s: László Radnai
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/22cfbaa1-5412-4944-899c-7ae41d017384
Social Media & Share Icons <= 2.8.3 – Reflected Cross-Site Scripting
Affected Software: Social Media Share Buttons & Social Sharing Icons
CVE ID: CVE-2023-41238
CVSS Score: 6.1 (Medium)
Researcher/s: FearZzZz
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3a8998db-ffc2-40b2-a191-09380984adac
CVE ID: CVE-2023-41238
CVSS Score: 6.1 (Medium)
Researcher/s: FearZzZz
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3a8998db-ffc2-40b2-a191-09380984adac
URL Shortener by MyThemeShop <= 1.0.17 – Reflected Cross-Site Scripting via ‘page’
Affected Software: URL Shortener by MyThemeShop
CVE ID: CVE-2023-30472
CVSS Score: 6.1 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/52c2837e-8947-4ce9-bda5-e0c2f831fb36
CVE ID: CVE-2023-30472
CVSS Score: 6.1 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/52c2837e-8947-4ce9-bda5-e0c2f831fb36
Sermon’e – Sermons Online <= 1.0.0 – Reflected Cross-Site Scripting
Affected Software: Sermon’e – Sermons Online
CVE ID: CVE-2023-41653
CVSS Score: 6.1 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5c17678e-6598-4e80-b121-beae822b9f81
CVE ID: CVE-2023-41653
CVSS Score: 6.1 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5c17678e-6598-4e80-b121-beae822b9f81
WP-dTree <= 4.4.5 – Reflected Cross-Site Scripting
Affected Software: WP-dTree
CVE ID: CVE-2023-41662
CVSS Score: 6.1 (Medium)
Researcher/s: Le Ngoc Anh
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6c01da54-fbbe-42f9-a76e-8e823027d62a
CVE ID: CVE-2023-41662
CVSS Score: 6.1 (Medium)
Researcher/s: Le Ngoc Anh
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6c01da54-fbbe-42f9-a76e-8e823027d62a
Everest News Pro <= 1.1.7 – Reflected Cross-Site Scripting
Affected Software: Everest News Pro
CVE ID: CVE-2023-41235
CVSS Score: 6.1 (Medium)
Researcher/s: László Radnai
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bb967453-59d6-4b03-8c75-1906b99bff80
CVE ID: CVE-2023-41235
CVSS Score: 6.1 (Medium)
Researcher/s: László Radnai
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bb967453-59d6-4b03-8c75-1906b99bff80
Bridge Core <= 3.0.9 – Reflected Cross-Site Scripting
Affected Software: Bridge Core
CVE ID: CVE-2023-40333
CVSS Score: 6.1 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bc698c40-4a2b-4dab-93f0-647e4db79d2c
CVE ID: CVE-2023-40333
CVSS Score: 6.1 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bc698c40-4a2b-4dab-93f0-647e4db79d2c
Ditty <= 3.1.24 – Reflected Cross-Site Scripting
Affected Software: Ditty – Responsive News Tickers, Sliders, and Lists
CVE ID: CVE-2023-4148
CVSS Score: 6.1 (Medium)
Researcher/s: Animesh Gaurav
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cabf7aae-0673-4358-a2df-0ca22c8432b5
CVE ID: CVE-2023-4148
CVSS Score: 6.1 (Medium)
Researcher/s: Animesh Gaurav
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cabf7aae-0673-4358-a2df-0ca22c8432b5
Happy Elementor Addons Pro <= 2.8.0 – Reflected Cross-Site Scripting
Affected Software: Happy Addons for Elementor Pro
CVE ID: CVE-2023-41236
CVSS Score: 6.1 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d536d3a8-9ac5-4ea9-8c65-16ad8b3a7106
CVE ID: CVE-2023-41236
CVSS Score: 6.1 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d536d3a8-9ac5-4ea9-8c65-16ad8b3a7106
Ultimate Addons for Contact Form 7 <= 3.1.32 – Reflected Cross-Site Scripting via ‘page’
Affected Software: Ultimate Addons for Contact Form 7
CVE ID: CVE-2023-30493
CVSS Score: 6.1 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d857324c-94c9-471a-9da8-0b8c9bb50262
CVE ID: CVE-2023-30493
CVSS Score: 6.1 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d857324c-94c9-471a-9da8-0b8c9bb50262
Order Tracking Pro <= 3.3.6 – Reflected Cross-Site Scripting
Affected Software: Order Tracking – WordPress Status Tracking Plugin
CVE ID: CVE-2023-4471
CVSS Score: 6.1 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ed64d0ff-4f49-4c18-86ec-2c6fbd559d2e
CVE ID: CVE-2023-4471
CVSS Score: 6.1 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ed64d0ff-4f49-4c18-86ec-2c6fbd559d2e
WP Bannerize Pro <= 1.6.9 – Reflected Cross-Site Scripting
Affected Software: WP Bannerize Pro
CVE ID: CVE-2023-41663
CVSS Score: 6.1 (Medium)
Researcher/s: thiennv
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/edc35f8c-f916-433e-9d3f-4992e8c9d7cd
CVE ID: CVE-2023-41663
CVSS Score: 6.1 (Medium)
Researcher/s: thiennv
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/edc35f8c-f916-433e-9d3f-4992e8c9d7cd
WP Search Analytics <= 1.4.7 – Reflected Cross-Site Scripting via ‘render_stats_page’
Affected Software: WP Search Analytics
CVE ID: CVE-2023-30471
CVSS Score: 6.1 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f6433a17-0017-46a9-a8e6-4d4a4a55f2db
CVE ID: CVE-2023-30471
CVSS Score: 6.1 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f6433a17-0017-46a9-a8e6-4d4a4a55f2db
PowerPress <= 11.0.6 – Authenticated (Contributor+) Server-Side Request Forgery via wp_ajax_powerpress_media_info
Affected Software: PowerPress Podcasting plugin by Blubrry
CVE ID: CVE-2023-41239
CVSS Score: 5.4 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/031c31b2-6e27-47bb-9f63-2bbaa1edbbb2
CVE ID: CVE-2023-41239
CVSS Score: 5.4 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/031c31b2-6e27-47bb-9f63-2bbaa1edbbb2
Site Reviews <= 6.10.2 – Missing Authorization
Affected Software: Site Reviews
CVE ID: CVE Unknown
CVSS Score: 5.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1accc41e-41d2-49e3-a80a-6b95b02cb42e
CVE ID: CVE Unknown
CVSS Score: 5.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1accc41e-41d2-49e3-a80a-6b95b02cb42e
Responsive Gallery Grid <= 2.3.10 – Cross-Site Request Forgery
Affected Software: Responsive Gallery Grid
CVE ID: CVE-2023-41659
CVSS Score: 5.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3abe2de8-9127-4ef0-9194-cf331b20868a
CVE ID: CVE-2023-41659
CVSS Score: 5.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3abe2de8-9127-4ef0-9194-cf331b20868a
LuckyWP Scripts Control <= 1.2.1 – Missing Authorization via multiple AJAX actions
Affected Software: LuckyWP Scripts Control
CVE ID: CVE-2023-29239
CVSS Score: 5.4 (Medium)
Researcher/s: Elliot
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3ed93c5c-38bb-4e84-8fe8-03dd75b4d9f3
CVE ID: CVE-2023-29239
CVSS Score: 5.4 (Medium)
Researcher/s: Elliot
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3ed93c5c-38bb-4e84-8fe8-03dd75b4d9f3
Maintenance Switch <= 1.5.2 – Cross-Site Request Forgery via ‘admin_action_request’
Affected Software: Maintenance Switch
CVE ID: CVE-2023-29235
CVSS Score: 5.4 (Medium)
Researcher/s: Elliot
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6f14f19d-95b3-474b-a2ea-d846c85644cd
CVE ID: CVE-2023-29235
CVSS Score: 5.4 (Medium)
Researcher/s: Elliot
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6f14f19d-95b3-474b-a2ea-d846c85644cd
Simple 301 Redirects <= 2.0.7 – Cross-Site Request Forgery via ‘clicked’
Affected Software: Simple 301 Redirects by BetterLinks
CVE ID: CVE Unknown
CVSS Score: 5.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9945c85b-a97a-4ad0-9d0a-69faf157563a
CVE ID: CVE Unknown
CVSS Score: 5.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9945c85b-a97a-4ad0-9d0a-69faf157563a
Surfer <= 1.1.2.298 – Missing Authorization
Affected Software: Surfer – WordPress Plugin
CVE ID: CVE-2023-35037
CVSS Score: 5.4 (Medium)
Researcher/s: Jonas Höbenreich
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c06f9f6d-3cd0-4700-834b-435a99983453
CVE ID: CVE-2023-35037
CVSS Score: 5.4 (Medium)
Researcher/s: Jonas Höbenreich
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c06f9f6d-3cd0-4700-834b-435a99983453
Pricing Deals for WooCommerce <= 2.0.3.2 – Missing Authorization via vtprd_ajax_clone_rule
Affected Software: Pricing Deals for WooCommerce
CVE ID: CVE-2023-41240
CVSS Score: 5.3 (Medium)
Researcher/s: thiennv
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1101bfe6-2075-4f44-933b-6d9f372100a2
CVE ID: CVE-2023-41240
CVSS Score: 5.3 (Medium)
Researcher/s: thiennv
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1101bfe6-2075-4f44-933b-6d9f372100a2
Ovic Product Bundle <= 1.1.2 – Missing Authorization
Affected Software: Ovic Product Bundle
CVE ID: CVE-2023-41649
CVSS Score: 5.3 (Medium)
Researcher/s: thiennv
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5657ffe2-7d04-4834-bcec-ab6afaeda7df
CVE ID: CVE-2023-41649
CVSS Score: 5.3 (Medium)
Researcher/s: thiennv
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5657ffe2-7d04-4834-bcec-ab6afaeda7df
Multiple ServMask Plugins <= (Various Versions) – Missing Authorization to Access Token Update
Affected Software/s: All-in-One WP Migration Dropbox Extension, All-in-One WP Migration OneDrive Extension, All-in-One WP Migration Google Drive Extension, All-in-One WP Migration Box Extension
CVE ID: CVE-2023-40004
CVSS Score: 5.3 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/86bb44f0-142d-4c4e-8fc5-a50526118130
CVE ID: CVE-2023-40004
CVSS Score: 5.3 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/86bb44f0-142d-4c4e-8fc5-a50526118130
Localize Remote Images <= 1.0.9 – Cross-Site Request Forgery via admin menu
Affected Software: Localize Remote Images
CVE ID: CVE-2023-41244
CVSS Score: 5.3 (Medium)
Researcher/s: Lokesh Dachepalli
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ab96123e-17aa-461f-b460-e8eba82c78e1
CVE ID: CVE-2023-41244
CVSS Score: 5.3 (Medium)
Researcher/s: Lokesh Dachepalli
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ab96123e-17aa-461f-b460-e8eba82c78e1
Multi-column Tag Map <= 17.0.26 – Missing Authorization
Affected Software: Multi-column Tag Map
CVE ID: CVE-2023-41651
CVSS Score: 5.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d2a60cb2-fe7d-4c51-9995-5cb4682d9d26
CVE ID: CVE-2023-41651
CVSS Score: 5.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d2a60cb2-fe7d-4c51-9995-5cb4682d9d26
Activity Log <= 2.8.7 – IP Address Spoofing
Affected Software: Activity Log
CVE ID: CVE-2023-4281
CVSS Score: 5.3 (Medium)
Researcher/s: Bartłomiej Marek, Tomasz Swiadek
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/de821236-f878-46a4-9265-bcf6e8661910
CVE ID: CVE-2023-4281
CVSS Score: 5.3 (Medium)
Researcher/s: Bartłomiej Marek, Tomasz Swiadek
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/de821236-f878-46a4-9265-bcf6e8661910
Order Tracking Pro <= 3.3.6 – Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Order Tracking – WordPress Status Tracking Plugin
CVE ID: CVE-2023-4500
CVSS Score: 4.7 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/81f9a4c6-971f-4f6d-8bb1-e97bf75cf8d3
CVE ID: CVE-2023-4500
CVSS Score: 4.7 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/81f9a4c6-971f-4f6d-8bb1-e97bf75cf8d3
GuruWalk Affiliates <= 1.0.0 – Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
Affected Software: GuruWalk Affiliates
CVE ID: CVE-2023-27622
CVSS Score: 4.4 (Medium)
Researcher/s: Pavitra Tiwari
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2b2714f7-9877-4d3d-a692-70fbf8584728
CVE ID: CVE-2023-27622
CVSS Score: 4.4 (Medium)
Researcher/s: Pavitra Tiwari
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2b2714f7-9877-4d3d-a692-70fbf8584728
SureCart <= 2.5.0 – Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
Affected Software: WordPress Ecommerce For Creating Fast Online Stores – By SureCart
CVE ID: CVE-2023-41241
CVSS Score: 4.4 (Medium)
Researcher/s: emad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/416c13ff-15ae-4ba4-8a95-7c07bec75c22
CVE ID: CVE-2023-41241
CVSS Score: 4.4 (Medium)
Researcher/s: emad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/416c13ff-15ae-4ba4-8a95-7c07bec75c22
Smarty for WordPress <= 3.1.35 – Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Smarty for WordPress
CVE ID: CVE-2023-41661
CVSS Score: 4.4 (Medium)
Researcher/s: Prasanna V Balaji
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/498a10a1-8da6-4309-833f-950f6442d5ae
CVE ID: CVE-2023-41661
CVSS Score: 4.4 (Medium)
Researcher/s: Prasanna V Balaji
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/498a10a1-8da6-4309-833f-950f6442d5ae
WP GoToWebinar <= 14.45 – Authenticated (Administrator+) Cross-Site Scripting
Affected Software: WP GoToWebinar
CVE ID: CVE Unknown
CVSS Score: 4.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4a7b32f5-5d27-4f5a-89f3-abf4f8da79e4
CVE ID: CVE Unknown
CVSS Score: 4.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4a7b32f5-5d27-4f5a-89f3-abf4f8da79e4
HollerBox <= 2.3.2 – Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Fast & Effective Popups & Lead-Generation for WordPress – HollerBox
CVE ID: CVE-2023-41657
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5c76871e-b774-4284-ad00-f8ef7f6df389
CVE ID: CVE-2023-41657
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5c76871e-b774-4284-ad00-f8ef7f6df389
Popup Builder <= 4.1.15 – Authenticated (Admin+) Stored Cross-Site Scripting
Affected Software: Popup Builder – Create highly converting, mobile friendly marketing popups.
CVE ID: CVE-2023-3226
CVSS Score: 4.4 (Medium)
Researcher/s: Dipak Panchal
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7f97af51-1532-4034-8b2a-8356b65cb617
CVE ID: CVE-2023-3226
CVSS Score: 4.4 (Medium)
Researcher/s: Dipak Panchal
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7f97af51-1532-4034-8b2a-8356b65cb617
Snap Pixel <= 1.5.7 – Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Snap Pixel
CVE ID: CVE-2023-41242
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c37686f8-6bd7-4c06-b80a-7d6849bbc7b0
CVE ID: CVE-2023-41242
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c37686f8-6bd7-4c06-b80a-7d6849bbc7b0
Easy Coming Soon <= 2.3 – Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
Affected Software: Easy Coming Soon
CVE ID: CVE-2023-25483
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e46139c8-dd7e-4904-81b2-283952cea9b5
CVE ID: CVE-2023-25483
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e46139c8-dd7e-4904-81b2-283952cea9b5
Popup Box <= 3.7.1 – Authenticated(Administrator+) Stored Cross-Site Scripting
Affected Software: Popup box
CVE ID: CVE Unknown
CVSS Score: 4.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e6dbbb52-4202-4d69-837f-c7d5ca06fab5
CVE ID: CVE Unknown
CVSS Score: 4.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e6dbbb52-4202-4d69-837f-c7d5ca06fab5
WP Users Media <= 4.2.3 – Cross-Site Request Forgery in wpusme_save_settings
Affected Software: WP Users Media
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Zlrqh
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/07a82335-d738-4c14-b385-04843f12e4ef
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Zlrqh
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/07a82335-d738-4c14-b385-04843f12e4ef
Metform Elementor Contact Form Builder <= 3.3.1 – Authenticated (Subscriber+) Information Disclosure via ‘mf_first_name’ shortcode
Affected Software: Metform Elementor Contact Form Builder
CVE ID: CVE-2023-0689
CVSS Score: 4.3 (Medium)
Researcher/s: Ramuel Gall
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/356cf06e-16e7-438b-83b5-c8a52a21f903
CVE ID: CVE-2023-0689
CVSS Score: 4.3 (Medium)
Researcher/s: Ramuel Gall
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/356cf06e-16e7-438b-83b5-c8a52a21f903
Social Share Boost <= 4.5 – Cross-Site Request Forgery via ‘syntatical_settings_content’
Affected Software: Social Share Boost
CVE ID: CVE-2023-25033
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/53a265b8-e34c-4683-a653-4b4b2410e9de
CVE ID: CVE-2023-25033
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/53a265b8-e34c-4683-a653-4b4b2410e9de
Better Elementor Addons <= 1.3.5 – Missing Authorization
Affected Software: Better Elementor Addons
CVE ID: CVE-2023-41656
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5a628eef-937c-4391-afac-22128ec5b51c
CVE ID: CVE-2023-41656
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5a628eef-937c-4391-afac-22128ec5b51c
WP Users Media <= 4.2.3 – Missing Authorization via wpusme_save_settings
Affected Software: WP Users Media
CVE ID: CVE-2023-27428
CVSS Score: 4.3 (Medium)
Researcher/s: Zlrqh
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8e125188-4aff-4c64-b4ec-a363db2431b7
CVE ID: CVE-2023-27428
CVSS Score: 4.3 (Medium)
Researcher/s: Zlrqh
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8e125188-4aff-4c64-b4ec-a363db2431b7
WP Super Minify <= 1.5.1 – Cross-Site Request Forgery via ‘wpsmy_admin_options’
Affected Software: WP Super Minify
CVE ID: CVE-2023-27615
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/af59fcf6-4435-45f0-8904-ff520ea86157
CVE ID: CVE-2023-27615
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/af59fcf6-4435-45f0-8904-ff520ea86157
Remove/hide Author, Date, Category Like Entry-Meta <= 2.1 – Cross-Site Request Forgery
Affected Software: Remove/hide Author, Date, Category Like Entry-Meta
CVE ID: CVE-2023-41650
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cd0abdf2-24da-4e87-825b-0796af6c3ccd
CVE ID: CVE-2023-41650
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cd0abdf2-24da-4e87-825b-0796af6c3ccd
MakeStories (for Google Web Stories) <= 2.8.0 – Cross-Site Request Forgery via ‘ms_set_options’
Affected Software: MakeStories (for Google Web Stories)
CVE ID: CVE-2023-27448
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d9f7130d-883a-4db4-9edf-f5526724de11
CVE ID: CVE-2023-27448
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d9f7130d-883a-4db4-9edf-f5526724de11
AffiliateWP <= 2.14.0 – Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Activation
Affected Software: AffiliateWP
CVE ID: CVE-2023-4600
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/eab422b8-8cf5-441e-a21f-6a0e1b7642b2
CVE ID: CVE-2023-4600
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/eab422b8-8cf5-441e-a21f-6a0e1b7642b2
authLdap <= 2.5.8 – Cross-Site Request Forgery
Affected Software: authLdap
CVE ID: CVE-2023-41654
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/eddce6e0-2ea7-4980-97a7-857b2e1e3b69
CVE ID: CVE-2023-41654
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/eddce6e0-2ea7-4980-97a7-857b2e1e3b69
WP Migration Plugin DB & Files – WP Synchro <= 1.9.1 – Cross-Site Request Forgery
Affected Software: WP Synchro – WordPress Migration Plugin for Database & Files
CVE ID: CVE-2023-41660
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f1b6f041-5ea6-48ca-9ca7-4ce96cbfa275
CVE ID: CVE-2023-41660
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f1b6f041-5ea6-48ca-9ca7-4ce96cbfa275
authLdap <= 2.5.8 – Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: authLdap
CVE ID: CVE-2023-41655
CVSS Score: 3.3 (Low)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5b91ad8b-79ec-4ef7-bb39-edb06309da5e
CVE ID: CVE-2023-41655
CVSS Score: 3.3 (Low)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5b91ad8b-79ec-4ef7-bb39-edb06309da5e
FileOrganizer <= 1.0.2 – Authenticated (Admin+) Arbitrary File Access
Affected Software: FileOrganizer – Manage WordPress and Website Files
CVE ID: CVE-2023-3664
CVSS Score: 2.7 (Low)
Researcher/s: Dmitrii
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/11c9124d-80e0-435d-9eb4-901c4f481a6f
CVE ID: CVE-2023-3664
CVSS Score: 2.7 (Low)
Researcher/s: Dmitrii
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/11c9124d-80e0-435d-9eb4-901c4f481a6f
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
Comments