Wordfence Intelligence Weekly WordPress Vulnerability Report (September 18, 2023 to September 24, 2023)

Last week, there were 42 vulnerabilities disclosed in 37 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 10 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API and webhook integration are completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Individuals and Enterprises can use the vulnerability Database API to receive a complete dump of our database of over 11,800 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.


New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:

Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.


Total Unpatched & Patched Vulnerabilities Last Week

Patch Status Number of Vulnerabilities
Unpatched 5
Patched 37

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating Number of Vulnerabilities
Low Severity 0
Medium Severity 37
High Severity 5
Critical Severity 0

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 21
Cross-Site Request Forgery (CSRF) 8
Missing Authorization 6
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) 2
Improper Neutralization of Formula Elements in a CSV File 1
Information Exposure 1
Deserialization of Untrusted Data 1
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) 1
Authorization Bypass Through User-Controlled Key 1

Researchers That Contributed to WordPress Security Last Week

Researcher Name Number of Vulnerabilities
Lana Codes
(Wordfence Vulnerability Researcher)
11
Marco Wotschka
(Wordfence Vulnerability Researcher)
3
Ivan Kuzymchak
(Wordfence Vulnerability Researcher)
3
Do Xuan Trung 1
Skalucy 1
Zeyad Alshahrani 1
Etharus 1
JackYu 1
Malek Althubiany 1
Nguyen Xuan Chien 1

 

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.


WordPress Plugins with Reported Vulnerabilities Last Week

Software Name Software Slug
Ad Inserter – Ad Manager & AdSense Ads ad-inserter
Anchor Episodes Index (Spotify for Podcasters) anchor-episodes-index
Astra Bulk Edit astra-bulk-edit
Brands for WooCommerce brands-for-woocommerce
Chat Button: WhatsApp, Facebook Messenger Chat, Telegram Chat, WeChat, Line Chat, Discord Chat for Customer Support Chat with floating Chat Widget bit-assist
Checkfront Online Booking System checkfront-wp-booking
Comment Blacklist Updater comment-blacklist-updater
Comments – wpDiscuz wpdiscuz
Connect Matomo (WP-Matomo, WP-Piwik) wp-piwik
Contact Form by FormGet – Best Form Builder Plugin for WordPress formget-contact-form
Copy Anything to Clipboard copy-the-code
DoFollow Case by Case dofollow-case-by-case
Drag and Drop Multiple File Upload for WooCommerce drag-and-drop-multiple-file-upload-for-woocommerce
Easy Registration Forms easy-registration-forms
Inactive Logout inactive-logout
Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free funnelforms-free
Leaflet Map leaflet-map
Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator legal-pages
Media Library Assistant media-library-assistant
Memberlite Shortcodes memberlite-shortcodes
Migration, Backup, Staging – WPvivid wpvivid-backuprestore
Payment gateway per Product for WooCommerce woocommerce-product-payments
Pop ups, WordPress Exit Intent Popup, Email Pop Up, Lightbox Pop Up, Spin the Wheel, Contact Form Builder – Poptin poptin
Pre-Publish Checklist pre-publish-checklist
School Management System – WPSchoolPress wpschoolpress
Simple Cloudflare Turnstile – CAPTCHA Alternative simple-cloudflare-turnstile
Statify – Extended Evaluation extended-evaluation-for-statify
Super Store Finder superstorefinder-wp
Table of Contents Plus table-of-contents-plus
WP Discord Invite wp-discord-invite
WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce wp-event-manager
WP Mailto Links – Protect Email Addresses wp-mailto-links
Weaver Xtreme Theme Support weaverx-theme-support
Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode coming-soon
Widget Responsive for Youtube youtube-widget-responsive
WordPress Charts wp-charts
iPanorama 360 – WordPress Virtual Tour Builder ipanorama-360-virtual-tour-builder-lite

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

wpDiscuz <= 7.6.5 – Unauthenticated SQL Injection

Affected Software: Comments – wpDiscuz
CVE ID: CVE Unknown
CVSS Score: 8.8 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9dd1e52c-83b7-4b3e-a791-a2c0ccd856bc

Migration, Backup, Staging – WPvivid <= 0.9.89 – Authenticated (Administrator+) Arbitrary Directory Deletion via Path Traversal

Affected Software: Migration, Backup, Staging – WPvivid
CVE ID: CVE-2023-4274
CVSS Score: 8.7 (High)
Researcher/s: Ivan Kuzymchak
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5d94f38f-4b52-4b0d-800c-a6fca40bda3c

iPanorama 360 – WordPress Virtual Tour Builder <= 1.7.3 – Authenticated (Admin+) SQL injection

Affected Software: iPanorama 360 – WordPress Virtual Tour Builder
CVE ID: CVE Unknown
CVSS Score: 7.2 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/00687370-8374-44cc-8fd1-53b462acd061

Weaver Xtreme Theme Support <= 6.3.0 – Authenticated (Administrator+) PHP Object Injection via Imported File

Affected Software: Weaver Xtreme Theme Support
CVE ID: CVE-2023-4971
CVSS Score: 7.2 (High)
Researcher/s: Do Xuan Trung
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/572689c6-d7d6-46c3-9e96-b9185337e8ce

Drag and Drop Multiple File Upload for WooCommerce <= 1.1.0 – Unauthenticated Stored Cross-Site Scripting

Affected Software: Drag and Drop Multiple File Upload for WooCommerce
CVE ID: CVE-2023-4821
CVSS Score: 7.2 (High)
Researcher/s: Zeyad Alshahrani
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/abc8ee11-c149-4a2b-a388-7bd234c2cc64

Funnelforms Free <= 3.3.9 – Unauthenticated Stored Cross-Site Scripting


WordPress Charts <= 0.7.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Affected Software: WordPress Charts
CVE ID: CVE-2023-5062
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2de2d2c5-1373-45b6-93a0-575713226669

Leaflet Map <= 3.3.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Affected Software: Leaflet Map
CVE ID: CVE-2023-5050
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3084c9ab-00aa-4b8e-aa46-bd70b335ec77

Widget Responsive for Youtube <= 1.6.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Affected Software: Widget Responsive for Youtube
CVE ID: CVE-2023-5063
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/72daa533-8b17-420c-9b51-b5f72da2726c

Poptin <= 1.3 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode


Simple Cloudflare Turnstile <= 1.23.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Affected Software: Simple Cloudflare Turnstile – CAPTCHA Alternative
CVE ID: CVE-2023-5135
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/91f6c9d3-641d-42f7-bf11-e3c3a44eeb76

Memberlite Shortcodes <= 1.3.8 – Authenticated (Contributor+) Stored Cross-Site Scripting

Affected Software: Memberlite Shortcodes
CVE ID: CVE Unknown
CVSS Score: 6.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/935054c3-8541-4ff3-a035-7ee8afe53f72

Anchor Episodes Index (Spotify for Podcasters) <= 2.1.7 – Authenticated (Contributor+) Stored Cross-Site Scripting

Affected Software: Anchor Episodes Index (Spotify for Podcasters)
CVE ID: CVE Unknown
CVSS Score: 6.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/96defcb7-6af1-4fb8-9fa0-231c6776bbc1

Media Library Assistant <= 3.10 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Affected Software: Media Library Assistant
CVE ID: CVE-2023-4716
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c5f6ae5d-7854-44c7-9fb8-efaa6e850d59

Copy Anything to Clipboard <= 2.6.4 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Affected Software: Copy Anything to Clipboard
CVE ID: CVE-2023-5086
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e834a211-ccc8-4a30-a15d-879ba34184e9

WP Mailto Links – Protect Email Addresses <= 3.1.3 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Affected Software: WP Mailto Links – Protect Email Addresses
CVE ID: CVE-2023-5109
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ec882062-0059-47ca-a007-3347e7adb70b

WP-Matomo Integration (WP-Piwik) <= 1.0.28 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Affected Software: Connect Matomo (WP-Matomo, WP-Piwik)
CVE ID: CVE-2023-4774
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/faa4f041-4740-4ebb-afb3-10019ce571be

Contact Form by FormGet <= 5.5.5 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Affected Software: Contact Form by FormGet – Best Form Builder Plugin for WordPress
CVE ID: CVE-2023-5125
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fdd73289-f292-4903-951e-6a89049d39a7

WPSchoolPress <= 2.2.4 – Cross-Site Request Forgery

Affected Software: School Management System – WPSchoolPress
CVE ID: CVE Unknown
CVSS Score: 6.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1a2fb050-1a7c-45cc-86c7-02331d47f780

Payment gateway per Product for WooCommerce <= 3.2.7 – Reflected Cross-Site Scripting

Affected Software: Payment gateway per Product for WooCommerce
CVE ID: CVE Unknown
CVSS Score: 6.1 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/597786ce-58eb-4e96-a80e-bad3e75787fa

WP Discord Invite <= 2.4.1 – Reflected Cross-Site Scripting via webhook

Affected Software: WP Discord Invite
CVE ID: CVE Unknown
CVSS Score: 6.1 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a961d30e-f2cb-458d-8f1a-18f6e769efbc

Super Store Finder <= 6.9.2 – Unauthenticated Email Creation/Sending

Affected Software: Super Store Finder
CVE ID: CVE-2023-5054
CVSS Score: 5.8 (Medium)
Researcher/s: Etharus
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d31d0553-9378-4c7e-a258-12562aa6b388

Statify – Extended Evaluation <= 2.6.3 – Authenticated (Admin+) CSV Injection

Affected Software: Statify – Extended Evaluation
CVE ID: CVE Unknown
CVSS Score: 5.5 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/35027df9-ae55-453f-bb42-4b2664d66293

Comment Blacklist Updater <= 1.1.0 – Cross-Site Request Forgery via update_blacklist_manual

Affected Software: Comment Blacklist Updater
CVE ID: CVE Unknown
CVSS Score: 5.4 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fc7bab78-4ebb-4be9-8891-1ac0e3ed0af3

Ad Inserter <= 2.7.30 – Unauthenticated Sensitive Information Exposure via ai_ajax

Affected Software: Ad Inserter – Ad Manager & AdSense Ads
CVE ID: CVE-2023-4645
CVSS Score: 5.3 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/57b3eef3-e165-45ac-89d7-2a2a6529b310

Pre-Publish Checklist <= 1.1.1 – Insecure Direct Object Reference to Arbitrary Post ‘_ppc_meta_key’ Update

Affected Software: Pre-Publish Checklist
CVE ID: CVE Unknown
CVSS Score: 5.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8e00a06c-9623-48e0-b212-20a2f1e7e640

Inactive Logout <= 3.2.2 – Missing Authorization

Affected Software: Inactive Logout
CVE ID: CVE Unknown
CVSS Score: 5.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c583ef34-ddec-4d6c-9685-ef4bce5e785e

Ad Inserter <= 2.7.30 – Unauthenticated Sensitive Information Exposure via ai-debug-processing-fe

Affected Software: Ad Inserter – Ad Manager & AdSense Ads
CVE ID: CVE-2023-4668
CVSS Score: 5.3 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ce457c98-c55b-4b71-a80b-393eceb9effd

Table of Contents Plus <= 2302 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Table of Contents Plus
CVE ID: CVE Unknown
CVSS Score: 4.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/05206a31-033e-49b9-9b66-5a6165782643

Migration, Backup, Staging – WPvivid <= 0.9.89 – Authenticated Stored Cross-Site Scripting

Affected Software: Migration, Backup, Staging – WPvivid
CVE ID: CVE-2023-5120
CVSS Score: 4.4 (Medium)
Researcher/s: Ivan Kuzymchak
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/320f4260-20c2-4f27-91ba-d2488b417f62

Bit Assist <= 1.1.9 – Authenticated (Administrator+) Stored Cross-Site Scripting


Migration, Backup, Staging – WPvivid <= 0.9.89 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Migration, Backup, Staging – WPvivid
CVE ID: CVE-2023-5121
CVSS Score: 4.4 (Medium)
Researcher/s: Ivan Kuzymchak
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cdcac5f9-a744-4853-8a80-ed38fec81dbb

WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce <= 3.1.37.1 – Authenticated (Admin+) Stored Cross-Site Scripting

Affected Software: WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce
CVE ID: CVE-2023-4423
CVSS Score: 4.4 (Medium)
Researcher/s: JackYu
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dd9d22b0-a84a-4bf2-b8b4-89bae2970f29

Astra Bulk Edit <= 1.2.7 – Missing Authorization

Affected Software: Astra Bulk Edit
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2548d5b0-1f1a-4847-a5ea-e3bb6f7a5013

Website Builder by SeedProd <= 6.15.13.1 – Cross-Site Request Forgery to Settings Update


Easy Registration Forms <= 2.1.1 – Authenticated (Subscriber+) Information Disclosure via Shortcode

Affected Software: Easy Registration Forms
CVE ID: CVE-2023-5134
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/562fe11f-36a0-4f23-9eed-50ada7ab2961

DoFollow Case by Case <= 3.4.1 Cross-Site Request Forgery via getEmail and getUrl

Affected Software: DoFollow Case by Case
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Skalucy
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/60c63be2-dd17-4224-ba96-ba30ed0b25ce

Brands for WooCommerce <= 3.8.2.2 – Cross-Site Request Forgery

Affected Software: Brands for WooCommerce
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/996dc1d7-12f8-467d-bf48-a7a82f1c0a41

Legal Pages <= 1.3.7 – Missing Authorization on ‘deleteLegalTemplate’

Affected Software: Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b3f87bd6-b432-4bf8-9046-8d66b45f6a85

Inactive Logout <= 3.2.2 – Cross-Site Request Forgery

Affected Software: Inactive Logout
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d9189eb3-be7f-42e1-92cc-b48af5615eb9

Brands for WooCommerce <= 3.8.2.2 – Missing Authorization to Unauthenticated Order Manipulation and Information Retrieval

Affected Software: Brands for WooCommerce
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f7afbe2b-72a8-40da-bc94-ff2a1b9569b4

Checkfront Online Booking System <= 3.6 – Cross-Site Request Forgery

Affected Software: Checkfront Online Booking System
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fc5a8506-b191-4ab3-9c59-4f1150be6a38

As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

Did you enjoy this post? Share it!

Comments

No Comments