Wordfence Intelligence Weekly WordPress Vulnerability Report (December 18, 2023 to December 31, 2023)
🎉Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now!
Over the last two weeks, there were 263 vulnerabilities disclosed in 217 WordPress Plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 42 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 12,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
New Firewall Rules Deployed Last Two Weeks
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
- Directory Traversal via HTTP Headers
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Total Unpatched & Patched Vulnerabilities Last Week
Patch Status | Number of Vulnerabilities |
Unpatched | 43 |
Patched | 220 |
Total Vulnerabilities by CVSS Severity Last Week
Severity Rating | Number of Vulnerabilities |
Low Severity | 1 |
Medium Severity | 212 |
High Severity | 30 |
Critical Severity | 20 |
Total Vulnerabilities by CWE Type Last Week
Vulnerability Type by CWE | Number of Vulnerabilities |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 77 |
Missing Authorization | 51 |
Cross-Site Request Forgery (CSRF) | 47 |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) | 30 |
Unrestricted Upload of File with Dangerous Type | 9 |
Deserialization of Untrusted Data | 7 |
Information Exposure Through Log Files | 7 |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) | 5 |
Information Exposure | 4 |
Protection Mechanism Failure | 3 |
Authorization Bypass Through User-Controlled Key | 3 |
Server-Side Request Forgery (SSRF) | 2 |
URL Redirection to Untrusted Site (‘Open Redirect’) | 2 |
Storage of Sensitive Data in a Mechanism without Access Control | 2 |
Weak Password Recovery Mechanism for Forgotten Password | 2 |
Improper Input Validation | 2 |
Improper Privilege Management | 1 |
Reliance on IP Address for Authentication | 1 |
External Control of File Name or Path | 1 |
Information Exposure Through Debug Information | 1 |
Use of Less Trusted Source | 1 |
Improper Authentication | 1 |
Improper Authorization | 1 |
Improper Access Control | 1 |
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) | 1 |
Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) | 1 |
Researchers That Contributed to WordPress Security Last Week
Researcher Name | Number of Vulnerabilities |
Rafie Muhammad | 61 |
Brandon James Roldan (tomorrowisnew) | 24 |
Muhammad Daffa | 23 |
Ngô Thiên An (ancorn_) | 16 |
LVT-tholv2k | 14 |
emad | 11 |
Abdi Pranata | 10 |
Joshua Chan | 10 |
Nguyen Xuan Chien | 9 |
Abu Hurayra (HurayraIIT) | 9 |
Mika | 6 |
Skalucy | 6 |
Dave Jong | 6 |
thiennv | 5 |
resecured.io | 5 |
Revan Arifio | 5 |
Huynh Tien Si | 3 |
wpdabh | 3 |
Le Ngoc Anh | 3 |
Dmitrii Ignatyev | 3 |
DoYeon Park (p6rkdoye0n) | 3 |
Hiroho Shimada | 2 |
Kyle Sanchez | 2 |
Hung -mov Nguyen | 2 |
Webbernaut | 2 |
Nguyen Anh Tien | 2 |
Jeongwoo-Lee(Roronoa) | 2 |
Elliot | 1 |
István Márton (Wordfence Vulnerability Researcher) |
1 |
Taihei Shimamine | 1 |
Rein Daelman (trein) | 1 |
Robert DeVore | 1 |
Marc-Alexandre Montpas | 1 |
Vladislav Pokrovsky (ΞX.MI) | 1 |
Yuchen Ji | 1 |
Fariq Fadillah Gusti Insani (fariqfgi) | 1 |
Yudistira Arya | 1 |
Lucio Sá | 1 |
Francesco Carlucci | 1 |
Benmalek Aymen (centaurus) | 1 |
Nex Team | 1 |
Françoa Taffarel | 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
Software Name | Software Slug |
404 Solution | 404-solution |
AI Power: Complete AI Pack – Powered by GPT-4 | gpt3-ai-content-generator |
AMP for WP – Accelerated Mobile Pages | accelerated-mobile-pages |
ARI Stream Quiz – WordPress Quizzes Builder | ari-stream-quiz |
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup | armember-membership |
Accredible Certificates & Open Badges | accredible-certificates |
Active Products Tables for WooCommerce. Professional products tables for WooCommerce store | profit-products-tables-for-woocommerce |
Add Any Extension to Pages | add-any-extension-to-pages |
Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More | advanced-access-manager |
Advanced Category Template | advanced-category-template |
Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms | advanced-form-integration |
Affiliates Manager | affiliates-manager |
All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs – My Sticky Elements | mystickyelements |
Apollo13 Framework Extensions | apollo13-framework-extensions |
Appointment & Event Booking Calendar Plugin – Webba Booking | webba-booking-lite |
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | simply-schedule-appointments |
Author Box, Guest Author and Co-Authors for Your Posts – Molongui | molongui-authorship |
Auto Amazon Links – Amazon Associates Affiliate Plugin | amazon-auto-links |
Awesome Support – WordPress HelpDesk & Support Plugin | awesome-support |
BERTHA AI. Your AI co-pilot for WordPress and Chrome | bertha-ai-free |
Back Button Widget | back-button-widget |
Backup Migration | backup-backup |
Beaver Builder – WordPress Page Builder | beaver-builder-lite-version |
Block IPs for Gravity Forms | gf-block-ips |
Booking Calendar | Appointment Booking | BookIt | bookit |
Booking Manager | booking-manager |
Booking for Appointments and Events Calendar – Amelia | ameliabooking |
BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin | bookingpress-appointment-booking |
Booster Elite for WooCommerce | booster-elite-for-woocommerce |
Branda – White Label WordPress, Custom Login Page Customizer | branda-white-labeling |
Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content | brave-popup-builder |
BuddyPress | buddypress |
Build App Online | build-app-online |
BulkGate SMS Plugin for WooCommerce | woosms-sms-module-for-woocommerce |
Business Directory Plugin – Easy Listing Directories for WordPress | business-directory-plugin |
CBX Bookmark & Favorite | cbxwpbookmark |
CRM Perks Forms – WordPress Form Builder | crm-perks-forms |
CSS & JavaScript Toolbox | css-javascript-toolbox |
CURCY – Multi Currency for WooCommerce | UNKNOWN-CVE-2023-50831-1 |
Calculated Fields Form | calculated-fields-form |
Checkout Mestres WP | checkout-mestres-wp |
Clockwork SMS Notfications | mediaburst-email-to-sms |
Clone | wp-clone-by-wp-academy |
Colibri Page Builder | colibri-page-builder |
Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce | enhanced-e-commerce-for-woocommerce-store |
Crowdsignal Dashboard – Polls, Surveys & more | polldaddy |
Currency Converter Widget – Exchange Rates | currency-converter-widget |
Custom 404 Pro | custom-404-pro |
Custom Post Carousels with Owl | dd-post-carousel |
Custom Twitter Feeds – A Tweets Widget or X Feed Widget | custom-twitter-feeds |
Customer Reviews for WooCommerce | customer-reviews-woocommerce |
Customize My Account for WooCommerce | customize-my-account-for-woocommerce |
Dan’s Embedder for Google Calendar | dans-gcal |
Database Cleaner: Clean, Optimize & Repair | database-cleaner |
Defender Security – Malware Scanner, Login Security & Firewall | defender-security |
Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan | antihacker |
Doofinder WP & WooCommerce Search | doofinder-for-woocommerce |
Duplicator – WordPress Migration & Backup Plugin | duplicator |
Dynamic Content for Elementor | dynamic-content-for-elementor |
E2Pdf – Export To Pdf Tool for WordPress | e2pdf |
Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy) | easy-digital-downloads |
Easy PayPal & Stripe Buy Now Button | wp-ecommerce-paypal |
Easy Video Player | easy-video-player |
Eazy Plugin Manager – Powerful Plugin Management Solution for WordPress | plugins-on-steroids |
Enable Media Replace | enable-media-replace |
EnvÃaloSimple: Email Marketing y Newsletters | envialosimple-email-marketing-y-newsletters-gratis |
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates | essential-blocks |
Event Monster – Event Management, Tickets Booking, Upcoming Event | event-monster |
Events Shortcodes For The Events Calendar | template-events-calendar |
Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin | everest-backup |
Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease! | everest-forms |
Export Media URLs | export-media-urls |
FOX – Currency Switcher Professional for WooCommerce | woocommerce-currency-switcher |
FastDup – Fastest WordPress Migration & Duplicator | fastdup |
Floating Button | floating-button |
Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin | fluent-support |
Form plugin for WordPress – Zoho Forms | zoho-forms |
Frontend Admin by DynamiApps | acf-frontend-form-element |
Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels & Maximize Profits | funnel-builder |
FunnelKit Checkout | woofunnels-aero-checkout |
GEO my WordPress | geo-my-wp |
GeoDirectory – WordPress Business Directory Plugin, or Classified Directory | geodirectory |
Google Photos Gallery with Shortcodes | google-picasa-albums-viewer |
HT Mega – Absolute Addons For Elementor | ht-mega-for-elementor |
HTML Forms | html-forms |
HUSKY – Products Filter for WooCommerce Professional | woocommerce-products-filter |
Happy Addons for Elementor | happy-elementor-addons |
HashBar – WordPress Notification Bar | hashbar-wp-notification-bar |
Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building | icegram |
If-So Dynamic Content Personalization | if-so |
Image Optimizer, Resizer and CDN – Sirv | sirv |
Image Source Control Lite – Show Image Credits and Captions | image-source-control-isc |
Impreza – WordPress Website and WooCommerce Builder | impreza |
Inline Image Upload for BBPress | image-upload-for-bbpress |
Insert or Embed Articulate Content into WordPress | insert-or-embed-articulate-content-into-wordpress |
Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site | integrate-google-drive |
JS Help Desk – Best Help Desk & Support Plugin | js-support-ticket |
JSM file_get_contents() Shortcode | wp-file-get-contents |
JVM Gutenberg Rich Text Icons | jvm-rich-text-icons |
Job Manager & Career – Manage job board listings, and recruitments | job-manager-career |
LA-Studio Element Kit for Elementor | lastudio-element-kit |
Limit Login Attempts Reloaded | limit-login-attempts-reloaded |
Loan Repayment Calculator and Application Form | quick-interest-slider |
Local Delivery Drivers for WooCommerce | local-delivery-drivers-for-woocommerce |
Login Lockdown – Protect Login Form | login-lockdown |
Login as User or Customer | login-as-customer-or-user |
Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation | gs-logo-slider |
MC4WP: Mailchimp for WordPress | mailchimp-for-wp |
MF Gig Calendar | mf-gig-calendar |
MStore API | mstore-api |
Mail logging – WP Mail Catcher | wp-mail-catcher |
Malware Scanner | miniorange-malware-protection |
Media File Renamer: Rename Files (Manual, Auto & AI) | media-file-renamer |
Menu Image, Icons made easy | menu-image |
Metform Elementor Contact Form Builder | metform |
Most And Least Read Posts Widget | most-and-least-read-posts-widget |
Multi Step Form | multi-step-form |
MultiVendorX Marketplace – WooCommetrce MultiVendor Marketplace Solution | dc-woocommerce-multi-vendor |
My Agile Privacy – The only GDPR solution for WordPress that you can truly trust | myagileprivacy |
NEX-Forms – Ultimate Form Builder – Contact forms and much more | nex-forms-express-wp-form-builder |
New User Approve | new-user-approve |
NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images | nitropack |
Page Generator | page-generator |
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction | paid-member-subscriptions |
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions | paid-memberships-pro |
Pay with Vipps for WooCommerce | woo-vipps |
Photo Gallery by 10Web – Mobile-Friendly Image Gallery | photo-gallery |
Piotnet Forms | piotnetforms |
Poll Maker – Best WordPress Poll Plugin | poll-maker |
Pre* Party Resource Hints | pre-party-browser-hints |
Product Catalog Simple | post-type-x |
Product Code for WooCommerce | product-code-for-woocommerce |
Product Feed Manager – WooCommerce to Google Shopping, Social Catalogs, and 170+ Popular Marketplaces | best-woocommerce-feed |
Product Filter by WBW | woo-product-filter |
Product Table by WBW | woo-product-tables |
Product Vendors | woocommerce-product-vendors |
ProfileGrid – User Profiles, Memberships, Groups and Communities | profilegrid-user-profiles-groups-and-communities |
Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress | quiz-master-next |
Rate my Post – WP Rating System | rate-my-post |
Recipe Maker For Your Food Blog from Zip Recipes | zip-recipes |
Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit | wp-marketing-automations |
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | custom-registration-form-builder-with-submission-manager |
Rencontre – Dating Site | rencontre |
Republish Old Posts | republish-old-posts |
Restaurant Reservations | nd-restaurant-reservations |
Rise Blocks – A Complete Gutenberg Page Builder | rise-blocks |
Schema & Structured Data for WP & AMP | schema-and-structured-data-for-wp |
Send Users Email | send-users-email |
Sensei LMS – Online Courses, Quizzes, & Learning | sensei-lms |
Seos Contact Form | seos-contact-form |
Simple Counter | abwp-simple-counter |
Simple Job Board | simple-job-board |
Simple Membership | simple-membership |
Simple Staff List | simple-staff-list |
Slider by Soliloquy – Responsive Image Slider for WordPress | soliloquy-lite |
Spam protection, Anti-Spam, FireWall by CleanTalk | cleantalk-spam-protect |
Split Test For Elementor | split-test-for-elementor |
Squirrly SEO – Advanced Pack | squirrly-seo-pack |
Sticky Chat Widget: WhatsApp, Messenger, Click to chat, SMS, Email, Messages, Call Button, Contact form and more Chat buttons | sticky-chat-widget |
Stock Ticker | stock-ticker |
Store Locator WordPress | agile-store-locator |
Strong Testimonials | strong-testimonials |
Stylish Price List – Price Table Builder & QR Code Restaurant Menu | stylish-price-list |
SureFeedback Client Site | projecthuddle-child-site |
TerraClassifieds – Simple Classifieds Plugin | terraclassifieds |
Theme per user | theme-per-user |
Themify Icons | themify-icons |
Thrive Automator | thrive-automator |
Ultimate Addons for Beaver Builder | bb-ultimate-addon |
Ultimate Addons for WPBakery | Ultimate_VC_Addons |
Ultimate Dashboard – Custom WordPress Dashboard | ultimate-dashboard |
Uncanny Automator – Automate everything with the #1 no-code automation and integration plugin | uncanny-automator |
User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds | userfeedback-lite |
Verge3D Publishing and E-Commerce | verge3d |
WP Adminify – WordPress Dashboard Customization | Custom Login | Admin Columns | Dashboard Widget | Media Library Folders | adminify |
WP Affiliate Disclosure | wp-affiliate-disclosure |
WP Chat App | wp-whatsapp |
WP Crowdfunding | wp-crowdfunding |
WP Edit Username | wp-edit-username |
WP Frontend Profile | wp-front-end-profile |
WP Go Maps (formerly WP Google Maps) | wp-google-maps |
WP Job Portal – A Complete Job Board | wp-job-portal |
WP MLM SOFTWARE PLUGIN | wp-mlm |
WP Mail Log | wp-mail-log |
WP Optin Wheel – Gamified Optin Email Marketing Tool for WordPress and WooCommerce | wp-optin-wheel |
WP Remote Site Search | wp-remote-site-search |
WP Review Slider | wp-facebook-reviews |
WP Shortcodes Plugin — Shortcodes Ultimate | shortcodes-ultimate |
WP Simple Booking Calendar | wp-simple-booking-calendar |
WP Stripe Checkout | wp-stripe-checkout |
WP Tabs – Responsive Tabs Plugin for WordPress | wp-expand-tabs-free |
WP User Profile Avatar | wp-user-profile-avatar |
WPC Product Bundles for WooCommerce | woo-product-bundle |
WPCS – WordPress Currency Switcher Professional | currency-switcher |
WS Form LITE – Drag & Drop Contact Form Builder for WordPress | ws-form |
Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition | webinar-ignition |
Welcart e-Commerce | usc-e-shop |
White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard | white-label |
WooCommerce Easy Duplicate Product | woo-easy-duplicate-product |
WooCommerce Menu Extension | woocommerce-menu-extension |
WooCommerce PDF Invoice Builder, Create invoices, packing slips and more | woo-pdf-invoice-builder |
WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels | print-invoices-packing-slip-labels-for-woocommerce |
WooCommerce Per Product Shipping | woocommerce-shipping-per-product |
WooCommerce Ship to Multiple Addresses | woocommerce-shipping-multiple-addresses |
WooCommerce Stripe Payment Gateway | woocommerce-gateway-stripe |
WooCommerce Warranty Requests | woocommerce-warranty |
WooPayments – Fully Integrated Solution Built and Supported by Woo | woocommerce-payments |
Woocommerce Shipping Canada Post | woocommerce-shipping-canada-post |
WordPress Infinite Scroll – Ajax Load More | ajax-load-more |
WordPress.com Editing Toolkit | full-site-editing |
YITH WooCommerce Product Add-Ons | yith-woocommerce-product-add-ons |
ZeroBounce Email Verification & Validation | zerobounce |
eCommerce Product Catalog Plugin for WordPress | ecommerce-product-catalog |
iframe | iframe |
iframe Shortcode | iframe-shortcode |
uncode-core | uncode-core |
weForms – Easy Drag & Drop Contact Form Builder For WordPress | weforms |
WordPress Themes with Reported Vulnerabilities Last Week
Software Name | Software Slug |
BuddyBoss Theme | buddyboss-theme |
Divi | Divi |
TheGem | thegem |
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
BERTHA AI Plugin <= 1.11.10.7 – Unauthenticated Arbitrary File Upload
CVE ID: CVE-2023-51419
CVSS Score: 9.8 (Critical)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1b4630f7-74db-46c4-bf86-f1ff64be3463
WebinarIgnition <= 3.05.0 – Missing Authorization to Unauthenticated Privilege Escalation
CVE ID: CVE-2023-51424
CVSS Score: 9.8 (Critical)
Researcher/s: Rafie Muhammad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/24517dc6-4995-48ee-9b02-5c7c29d359f6
Piotnet Forms Plugin <= 1.0.25 – Unauthenticated Arbitrary File Upload
CVE ID: CVE-2023-51412
CVSS Score: 9.8 (Critical)
Researcher/s: Rafie Muhammad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2f52298b-344b-4561-b1bf-93bea95a3e53
WP Clone <= 2.4.2 – Sensitive Information Exposure
CVE ID: CVE-2023-6750
CVSS Score: 9.8 (Critical)
Researcher/s: Dmitrii Ignatyev
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/44a921e7-cce3-4347-968d-76dab243fcd6
Rencontre – Dating Site <= 3.10.1 – Unauthenticated Arbitrary File Upload
CVE ID: CVE-2023-51468
CVSS Score: 9.8 (Critical)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/59be1fc7-2854-404d-8e9d-dd9bd26e6a2c
Login as User or Customer (User Switching) <= 3.8 – Authentication Bypass
CVE ID: CVE-2023-51484
CVSS Score: 9.8 (Critical)
Researcher/s: Rafie Muhammad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5b07ea6a-511d-44ab-b0b7-5124702ad47d
Build App Online <= 1.0.19 – Account Takeover via Weak Password Reset Mechanism
CVE ID: CVE-2023-51478
CVSS Score: 9.8 (Critical)
Researcher/s: Rafie Muhammad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/743e40f6-dde3-4d8f-938e-b2a0dcdfb901
Frontend Admin by DynamiApps Plugin <= 3.18.3 – Unauthenticated Arbitrary File Upload
CVE ID: CVE-2023-51411
CVSS Score: 9.8 (Critical)
Researcher/s: Rafie Muhammad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7815322d-a240-4855-b458-60caa3cec96c
JS Help Desk <= 2.8.1 – Unauthenticated SQL Injection via email and trackingid
CVE ID: CVE-2023-50839
CVSS Score: 9.8 (Critical)
Researcher/s: Fariq Fadillah Gusti Insani (fariqfgi)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7a3e89cc-56cb-42d7-b4f6-bfc7ca0e03e6
Checkout Mestres WP <= 7.1.9.6 – Authentication Bypass via Password Reset
CVE ID: CVE-2023-51472
CVSS Score: 9.8 (Critical)
Researcher/s: Rafie Muhammad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7ad16d1e-e778-4cb4-a15d-ddb906f27762
Checkout Mestres WP <= 7.1.9.6 – Missing Authorization to Unauthenticated Arbitrary Options Update
CVE ID: CVE-2023-51471
CVSS Score: 9.8 (Critical)
Researcher/s: Rafie Muhammad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8a52bf70-667b-400f-8912-75fae20a3f5b
WP Frontend Profile <= 1.3.1 – Unauthenticated Privilege Escalation
CVE ID: CVE-2023-51483
CVSS Score: 9.8 (Critical)
Researcher/s: Rafie Muhammad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/91de6cf4-e5df-4130-bb96-92b89717a678
WP MLM Unilevel <= 4.0 – Unauthenticated Privilege Escalation
CVE ID: CVE-2023-51476
CVSS Score: 9.8 (Critical)
Researcher/s: Rafie Muhammad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/abcc1ed6-1871-4e8c-9469-c44dbfca5a17
TerraClassifieds <= 2.0.3 Unauthenticated Arbitrary File Upload
CVE ID: CVE-2023-51473
CVSS Score: 9.8 (Critical)
Researcher/s: Rafie Muhammad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b0399b60-6e40-4f35-985f-845a32f69d64
Rencontre – Dating Site <= 3.10.1 – Privilege Escalation
CVE ID: CVE-2023-51425
CVSS Score: 9.8 (Critical)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b1278291-9fef-40f5-a432-d96f4bed31fe
WP MLM <= 4.0 – Unauthenticated Arbitrary File Upload
CVE ID: CVE-2023-51475
CVSS Score: 9.8 (Critical)
Researcher/s: Rafie Muhammad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b3451ed9-9a9a-443f-b1ce-dcd07bd3e6ce
Theme per user <= 1.0.1 – Unauthenticated PHP Object Injection
CVE ID: CVE-2023-52181
CVSS Score: 9.8 (Critical)
Researcher/s: Rafie Muhammad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bc7e6844-23e2-4523-8261-21d4cba87db3
Active Products Tables for WooCommerce <= 1.0.6 – Unauthenticated PHP Object Injection
CVE ID: CVE-2023-51505
CVSS Score: 9.8 (Critical)
Researcher/s: LVT-tholv2k
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c5519d4e-84b5-4901-b55c-a0a919f4b6c9
Checkout Mestres WP <= 7.1.9.6 – Unauthenticated SQL Injection
CVE ID: CVE-2023-51469
CVSS Score: 9.8 (Critical)
Researcher/s: Rafie Muhammad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e068573d-bc3e-48de-b4e7-6a0666086ac3
WebinarIgnition <= 3.05.0 – Unauthenticated SQL Injection
CVE ID: CVE-2023-51423
CVSS Score: 9.8 (Critical)
Researcher/s: Rafie Muhammad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f4ea6044-bf7b-469d-89ec-a9b89ef5715e
Recipe Maker For Your Food Blog from Zip Recipes <= 8.1.0 – Authenticated(Contributor+) SQL Injection
CVE ID: CVE-2023-52180
CVSS Score: 8.8 (High)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/01ab2ed8-ff2f-41ac-bbbd-d8878fd067d6
WP Mail Log Plugin <= 1.1.2 – Authenticated(Contributor+) Arbitrary File Upload
CVE ID: CVE-2023-51410
CVSS Score: 8.8 (High)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0542f8bf-8fb1-4c47-89b7-106a6feacca1
Ultimate Addons for Beaver Builder <= 1.35.14 – Authenticated(Contributor+) Privilege Escalation
CVE ID: CVE-2023-51398
CVSS Score: 8.8 (High)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1b29048e-cf06-463c-82e0-f1d973e50232
ARI Stream Quiz <= 1.3.0 – Authenticated (Contributor+) PHP Object Injection
CVE ID: CVE-2023-52182
CVSS Score: 8.8 (High)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/36ad7fe2-0dc9-427d-811b-8fb1fdb78579
TerraClassifieds <= 2.0.3 – Cross-Site Request Forgery
CVE ID: CVE-2023-51474
CVSS Score: 8.8 (High)
Researcher/s: Rafie Muhammad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4a6e5f89-ebc0-413a-a76e-3cf4339430ba
Verge3D <= 4.5.2 – Authenticated(Subscriber+) Arbitrary File Upload
CVE ID: CVE-2023-51421
CVSS Score: 8.8 (High)
Researcher/s: Rafie Muhammad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/71dd864f-1975-4cee-be26-0cdb0d54be95
Rencontre – Dating Site <= 3.11.1 – Authenticated (Subscriber+) PHP Object Injection
CVE ID: CVE-2023-51470
CVSS Score: 8.8 (High)
Researcher/s: Rafie Muhammad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/722c35e5-4084-46a4-a3d4-c73f8e7a1882
MF Gig Calendar <=1.2.1 – Authenticated(Contributor+) SQL Injection
CVE ID: CVE-2023-50842
CVSS Score: 8.8 (High)
Researcher/s: Abu Hurayra (HurayraIIT)
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7d977636-a509-4f32-9ad3-762720fdb433
Job Manager & Career – Manage job board listings, and recruitments <= 1.4.4 – Cross-Site Request Forgery to PHP Object Injection
CVE ID: CVE-2023-51545
CVSS Score: 8.8 (High)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8558cd96-3b2a-4282-950b-6d9753698291
Booking Manager <= 2.1.5 – Authenticated(Contributor+) SQL Injection via Shortcode
CVE ID: CVE-2023-50840
CVSS Score: 8.8 (High)
Researcher/s: Ngô Thiên An (ancorn_)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9829ec10-ad37-4345-b4d6-cd0429b2d8f7
JVM rich text icons <= 1.2.6 – Directory Traversal to Authenticated(Subscriber+) Arbitrary File Deletion
CVE ID: CVE-2023-51418
CVSS Score: 8.8 (High)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a3e54f9b-db12-42ef-a0fa-2d40c0f7908c
Uncode Core <= 2.8.8 – Privilege Escalation
CVE ID: CVE-2023-51515
CVSS Score: 8.8 (High)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bb5e6767-d0a9-4ac4-816f-6fb57b1e5f9b
Events Shortcodes & Templates For The Events Calendar <= 2.3.1 – Authenticated (Contributor+) SQL Injection via shortcode
CVE ID: CVE-2023-52142
CVSS Score: 8.8 (High)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c1d9ee9f-d8d0-4a9d-b414-bc79c4255b4e
ARMember <= 4.0.10 – Authenticated(Subscriber+) Privilege Escalation
CVE ID: CVE-2023-51356
CVSS Score: 8.8 (High)
Researcher/s: Revan Arifio
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c681d1ac-a5d0-43f2-a1e4-0684cd56a3b8
JVM rich text icons <= 1.2.3 – Authenticated(Subscriber+) Arbitrary File Upload
CVE ID: CVE-2023-51417
CVSS Score: 8.8 (High)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ca064db0-2718-4521-9467-335b59208858
BookingPress <= 1.0.72 – Authenticated (Contributor+) SQL Injection
CVE ID: CVE-2023-50841
CVSS Score: 8.8 (High)
Researcher/s: Ngô Thiên An (ancorn_)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e1a3cc98-3bee-4d52-a4bf-2a1a284b9311
Build App Online <= 1.0.19 – Missing Authorization Authenticated(Subscriber+) Arbitrary Options Update
CVE ID: CVE-2023-51479
CVSS Score: 8.8 (High)
Researcher/s: Rafie Muhammad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e3551218-e272-4c96-94fe-9db0aee0d4f4
Most And Least Read Posts Widget <=2.5.16 – Authenticated(Contributor+) SQL Injection via Widget settings
CVE ID: CVE-2023-52133
CVSS Score: 8.8 (High)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e9fa55cc-c686-43e4-a028-dd2721d2db85
Uncode Core <= 2.8.8 – Authenticated (Subscriber+) Arbitrary File Deletion
CVE ID: CVE-2023-51500
CVSS Score: 8.1 (High)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/74ab025d-4e76-46e5-b8f8-963eeea5b802
Backup Migration 1.0.8 – 1.3.9 – Remote File Inclusion via content-dir
CVE ID: CVE-2023-6971
CVSS Score: 8.1 (High)
Researcher/s: Hiroho Shimada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b380283c-0dbb-4d67-9f66-cb7c400c0427
Backup Migration <= 1.3.9 – Unauthenticated Path Traversal to Arbitrary File Deletion
CVE ID: CVE-2023-6972
CVSS Score: 7.5 (High)
Researcher/s: Hiroho Shimada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0a3ae696-f67d-4ed2-b307-d2f36b6f188c
Everest Backup <= 2.1.9 – Sensitive Information Exposure via Log File
CVE ID: CVE-2023-52185
CVSS Score: 7.5 (High)
Researcher/s: Joshua Chan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/31a54705-99e8-4e41-bf57-9365ab387228
WP Stripe Checkout <= 1.2.2.37 – Sensitive Information Exposure via Debug Log
CVE ID: CVE-2023-52143
CVSS Score: 7.5 (High)
Researcher/s: Joshua Chan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3f244b8e-94ae-4d95-83a7-53b826e98656
WC Marketplace <= 4.0.23 – Missing Authorization via mvx_save_dashpages
CVE ID: CVE-2023-51355
CVSS Score: 7.5 (High)
Researcher/s: thiennv
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6cdc0096-8e21-4b82-b9d0-961f48907a09
WebinarIgnition <= 3.05.0 – Authenticated(Subscriber+) PHP Object Injection
CVE ID: CVE-2023-51422
CVSS Score: 7.5 (High)
Researcher/s: Rafie Muhammad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/aa4244d3-a611-416d-8159-2f6a8cf61b30
Local Delivery Drivers for WooCommerce <= 1.9.0 – Missing Authorization to Driver Account Takeover
CVE ID: CVE-2023-51481
CVSS Score: 7.3 (High)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/99f4f1dc-13a9-4fa0-bdb1-77a0d416c80f
Custom 404 Pro <= 3.10.0 – Unauthenticated Stored Cross-Site Scripting via logging
CVE ID: CVE-2023-51540
CVSS Score: 7.2 (High)
Researcher/s: Kyle Sanchez
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1106e7b2-eac7-459d-8eb3-fe84c76f3b67
WooCommerce PDF Invoices <= 4.2.1 – Authenticated(Shop Manager+) Arbitrary Options Update via JSON Import
CVE ID: CVE-2023-51546
CVSS Score: 7.2 (High)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7927edf2-b092-4b56-83aa-038f99ea658e
Welcart e-Commerce <= 2.9.3 – Authenticated(Editor+) SQL Injection
CVE ID: CVE-2023-50847
CVSS Score: 7.2 (High)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a328643a-ab12-427e-9bcd-2d40738afb61
Backup Migration <= 1.3.9 – Authenticated (Admin+) OS Command Injection via url
CVE ID: CVE-2023-7002
CVSS Score: 7.2 (High)
Researcher/s: Françoa Taffarel
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cc49db10-988d-42bd-a9cf-9a86f4c79568
Clockwork SMS Notfications <= 3.0.4 – Authenticated(Administrator+) SQL Injection
CVE ID: CVE-2023-50843
CVSS Score: 6.6 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/08fb51d6-30c1-4a48-b626-a8c6f203ac83
Media File Renamer <= 5.7.7 – Authenticated(Administrator+) Remote Code Execution
CVE ID: CVE-2023-50897
CVSS Score: 6.6 (Medium)
Researcher/s: Taihei Shimamine
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/32b2b8e9-aa49-4cc3-97b7-249695969461
E2Pdf <= 1.20.23 – Authenticated(Administrator+) SQL Injection
CVE ID: CVE-2023-50849
CVSS Score: 6.6 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3f0ed355-b5c8-4143-b391-7436d67ba0de
404 Solution <= 2.34.0 – Authenticated(Administrator+) SQL Injection
CVE ID: CVE-2023-50848
CVSS Score: 6.6 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/477d3d7a-6028-4dd3-b713-6098bfe32832
Mail logging – WP Mail Catcher <= 2.1.3 – Authenticated(Administrator+) SQL Injection
CVE ID: CVE-2023-50844
CVSS Score: 6.6 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/47aed582-efb6-4caf-a65b-57995907ecaa
WP Adminify <= 3.1.6 – Authenticated(Administrator+) SQL Injection
CVE ID: CVE-2023-52132
CVSS Score: 6.6 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/555dce5e-9868-464a-9cb4-67644cc6a61c
Page Generator <= 1.7.1 – Authenticated(Administrator+) SQL Injection
CVE ID: CVE-2023-52131
CVSS Score: 6.6 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/73ea7672-4e3f-4a26-a59e-043c2cd10a7a
Simply Schedule Appointments <= 1.6.5.27 – Authenticated(Administrator+) SQL Injection
CVE ID: CVE-2023-50851
CVSS Score: 6.6 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/775d4ba7-7198-493c-bae0-7f3f78741b90
Pre* Party Resource Hints <= 1.8.18 – Authenticated(Administrator+) SQL Injection
CVE ID: CVE-2023-50855
CVSS Score: 6.6 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7c043945-d327-4f26-98b4-99ac5b4761f1
Login Lockdown – Protect Login Form <= 2.06 – Authenticated(Administrator+) SQL Injection
CVE ID: CVE-2023-50837
CVSS Score: 6.6 (Medium)
Researcher/s: LVT-tholv2k
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7c9d088c-e71a-4e73-a7e3-d99f3511e519
YITH WooCommerce Product Add-Ons <= 4.3.0 – Authenticated(Shop Manager+) PHP Object Injection
CVE ID: CVE-2023-49777
CVSS Score: 6.6 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7edd06d9-3897-4644-a77e-e58ab6d14c95
Fluent Support <= 1.7.6 – Authenticated(Administrator+) SQL Injection
CVE ID: CVE-2023-51547
CVSS Score: 6.6 (Medium)
Researcher/s: Yudistira Arya
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8909dafa-3383-405e-a264-f0770e6714a4
Automation By Autonami <= 2.6.1 – Authenticated(Administrator+) SQL Injection
CVE ID: CVE-2023-50857
CVSS Score: 6.6 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8af44af4-ea56-4686-ad35-5bcdd98ba2cc
Store Locator WordPress <= 1.4.14 – Authenticated(Administrator+) Directory Traversal to Arbitrary File Deletion
CVE ID: CVE-2023-50885
CVSS Score: 6.6 (Medium)
Researcher/s: Abu Hurayra (HurayraIIT)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8cb5c386-eee3-4e88-a827-766a4901f432
Squirrly SEO – Advanced Pack <= 2.3.8 – Authenticated(Administrator+) SQL Injection
CVE ID: CVE-2023-50854
CVSS Score: 6.6 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8ce4204f-3ee3-4877-8e9d-123d01ae80f5
GEO my WordPress <= 4.0.2 – Authenticated(Administrator+) SQL Injection
CVE ID: CVE-2023-52134
CVSS Score: 6.6 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/94f118c3-d470-43c4-a61a-1ec998694880
RegistrationMagic Plugin <= 5.2.4.5 – Authenticated(Administrator+) SQL Injection
CVE ID: CVE-2023-50846
CVSS Score: 6.6 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9b378df7-b182-4a56-a7fa-3228c06f960f
WS Form LITE <= 1.9.170 – Authenticated(Administrator+) SQL Injection
CVE ID: CVE-2023-52135
CVSS Score: 6.6 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a3171015-227d-420a-ba3a-e6e2dc17ba8c
GeoDirectory <= 2.3.28 – Authenticated(Administrator+) SQL Injection
CVE ID: CVE-2023-50845
CVSS Score: 6.6 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b3d48aca-3db5-4585-bd71-5548f3b36ea1
Funnel Builder for WordPress by FunnelKit <= 2.14.3 – Authenticated(Administrator+) SQL Injection
CVE ID: CVE-2023-50856
CVSS Score: 6.6 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bf172a41-31dc-4864-9385-53decdc70aeb
Advanced Form Integration <= 1.75.0 – Authenticated(Administrator+) SQL Injection
CVE ID: CVE-2023-50853
CVSS Score: 6.6 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c5782b71-3234-4e53-9b26-225472f604c5
BookIt <= 2.4.3 – Authenticated(Administrator+) SQL Injection
CVE ID: CVE-2023-50852
CVSS Score: 6.6 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d4e97c01-7e8a-41b7-90ad-029d8c5fd37c
EnvÃaloSimple <= 2.1 Unauthenticated PHP Object Injection
CVE ID: CVE-2023-51414
CVSS Score: 6.5 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/13245eab-9a72-44d7-bbcd-a0d3e2879814
WooCommerce Stripe Payment Gateway <= 7.6.1 – Insecure Direct Object Reference via update_payment_intent_ajax
CVE ID: CVE-2023-51502
CVSS Score: 6.5 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6ee04e4d-4385-4854-9bfe-1b957ca13963
Affiliates Manager <= 2.9.31 – Cross-Site Request Forgery via multiple AJAX actions
CVE ID: CVE-2023-52130
CVSS Score: 6.5 (Medium)
Researcher/s: Brandon James Roldan (tomorrowisnew)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/756b5e3e-46fa-483e-945a-86166e79d989
FunnelKit Checkout <= 3.10.3 – Unauthenticated Arbitrary Content Deletion
CVE ID: CVE-2023-51672
CVSS Score: 6.5 (Medium)
Researcher/s: Dave Jong
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c9d07faf-cc88-4233-a552-55e3376a2fc4
Piotnet Forms <= 1.0.25 – Missing Authorization via multiple AJAX actions
CVE ID: CVE-2023-51413
CVSS Score: 6.5 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f119c6c2-cd4e-415a-b717-2bfc90ed729e
weForms <= 1.6.18 – Missing Authorization via export_form_entries
CVE ID: CVE-2023-51524
CVSS Score: 6.5 (Medium)
Researcher/s: emad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f2b7258e-c594-415a-a872-d5b28397e40d
Sensei LMS <= 4.17.0 – Authenticated (Contributor+) Stored Cross-Site Scripting
CVE ID: CVE-2023-50875
CVSS Score: 6.4 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/031995fb-48c4-4f56-8b64-d66a47b2fbe9
Schema & Structured Data for WP & AMP <= 1.23 – Authenticated (Contributor+) Stored Cross-Site Scripting
CVE ID: CVE-2023-51677
CVSS Score: 6.4 (Medium)
Researcher/s: LVT-tholv2k
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0752b4f3-b9f0-4c39-8e4c-2db188600087
Product Code for WooCommerce <= 1.4.4 – Authenticated (Contributor+) Stored Cross-Site Scripting
CVE ID: CVE-2023-51669
CVSS Score: 6.4 (Medium)
Researcher/s: LVT-tholv2k
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0be84866-2a49-42da-b498-962fc1bcb811
Icegram <= 3.1.19 – Authenticated (Contributor+) Stored Cross-Site Scripting via Campaign Message
CVE ID: CVE-2023-51532
CVSS Score: 6.4 (Medium)
Researcher/s: Huynh Tien Si
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0feeca6b-b611-44d3-90a6-569e4d2ccf5a
Insert or Embed Articulate Content into WordPress <= 4.3000000021 – Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
CVE ID: CVE-2023-50824
CVSS Score: 6.4 (Medium)
Researcher/s: LVT-tholv2k
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/128d3046-94a0-465c-9225-a3ce652f5282
WooCommerce Menu Extension <= 1.6.2 – Authenticated (Contributor+) Stored Cross-Site Scripting
CVE ID: CVE-2023-50834
CVSS Score: 6.4 (Medium)
Researcher/s: wpdabh
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/173c8c8a-a015-4522-b957-1805f520a77d
Active Products Tables for WooCommerce <= 1.0.6 – Authenticated (Contributor+) Stored Cross-Site Scripting
CVE ID: CVE-2023-51480
CVSS Score: 6.4 (Medium)
Researcher/s: LVT-tholv2k
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1f18147d-60e6-447d-a6f5-6ad7b633e62c
WP Crowdfunding <= 2.1.6 – Authenticated (Contributor+) Stored Cross-Site Scripting
CVE ID: CVE-2023-50859
CVSS Score: 6.4 (Medium)
Researcher/s: Abu Hurayra (HurayraIIT)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/294b5bd1-a7c8-4c06-b107-e80bf3b35da8
Pay with Vipps for WooCommerce <= 1.14.13 – Authenticated (Contributor+) Stored Cross-Site Scripting
CVE ID: CVE-2023-51485
CVSS Score: 6.4 (Medium)
Researcher/s: resecured.io
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2950a264-b60c-48ad-b8e0-6d0e1a230982
Colibri Page Builder <= 1.0.239 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-6988
CVSS Score: 6.4 (Medium)
Researcher/s: Hung -mov Nguyen
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/300b24af-10a1-45b9-87ec-7c98dc94e76b
Booking for Appointments and Events Calendar – Amelia <= 1.0.85 – Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-50860
CVSS Score: 6.4 (Medium)
Researcher/s: Ngô Thiên An (ancorn_)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/33398af8-7b7f-47e5-b95b-c9faa33d0c80
My Agile Privacy <= 2.1.7 – Authenticated (Contributor+) Stored Cross-Site Scripting vis Shortcode
CVE ID: CVE-2023-51404
CVSS Score: 6.4 (Medium)
Researcher/s: resecured.io
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/35c40c81-c7b4-4453-bd2f-7910fcb7f13e
WP Tabs <= 2.2.0 – Authenticated (Contributor+) Stored Cross-Site Scripting
CVE ID: CVE-2023-52124
CVSS Score: 6.4 (Medium)
Researcher/s: wpdabh
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/433c8908-587e-4086-9d0c-c9b1819b26e8
Currency Converter Widget <= 3.0.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
CVE ID: CVE-2023-50822
CVSS Score: 6.4 (Medium)
Researcher/s: Ngô Thiên An (ancorn_)
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/47f051dd-138c-4c71-8a92-150c9ffd3601
Colibri Page Builder <= 1.0.240 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-50833
CVSS Score: 6.4 (Medium)
Researcher/s: LVT-tholv2k
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/532d185c-4384-4b15-a104-42f8d2a1ca23
Zoho Forms <= 3.0.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-50891
CVSS Score: 6.4 (Medium)
Researcher/s: Abu Hurayra (HurayraIIT)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/57e9b09c-adfb-4fc2-8d2b-41cfc1f73e22
Advanced Access Manager <= 6.9.15 – Authenticated (Contributor+) Stored Cross-Site Scripting
CVE ID: CVE-2023-50881
CVSS Score: 6.4 (Medium)
Researcher/s: Ngô Thiên An (ancorn_)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5c50b451-519c-4da8-93ce-b84e594e6775
WP Affiliate Disclosure <= 1.2.7 – Authenticated (Contributor+) Stored Cross-Site Scripting via $id
CVE ID: CVE-2023-52178
CVSS Score: 6.4 (Medium)
Researcher/s: resecured.io
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5e38ee27-30a4-45be-bab6-a3e65ada215f
Seos Contact Form <= 1.8.0 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-50830
CVSS Score: 6.4 (Medium)
Researcher/s: DoYeon Park (p6rkdoye0n)
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/62b2113a-70a2-4223-8c6c-6cd15057d72d
HashBar – WordPress Notification Bar <= 1.4.1 – Authenticated (Author+) Stored Cross-Site Scripting
CVE ID: CVE-2023-51372
CVSS Score: 6.4 (Medium)
Researcher/s: emad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6f3e4e53-3a4a-4b9d-845c-927a59e03488
WPCS – WordPress Currency Switcher Professional <= 1.2.0 – Authenticated (Contributor+) Stored Cross-Site Scripting
CVE ID: CVE-2023-51506
CVSS Score: 6.4 (Medium)
Researcher/s: Ngô Thiên An (ancorn_)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/72a06690-f40a-472b-b9d1-985a49b914b3
WP Remote Site Search <= 1.0.4 – Authenticated (Contributor+) Stored Cross-Site Scripting
CVE ID: CVE-2023-51397
CVSS Score: 6.4 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/79d4e5a8-028a-488e-b419-77a0981a28a9
CURCY – Multi Currency for WooCommerce <= 2.2.0 – Authenticated (Contributor+) Stored Cross-Site Scripting
CVE ID: CVE-2023-50831
CVSS Score: 6.4 (Medium)
Researcher/s: LVT-tholv2k
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7b7dee9e-1272-4e70-926c-a73e2897968c
If-So Dynamic Content Personalization <= 1.6.3.1 – Authenticated (Contributor+) Stored Cross-Site Scripting
CVE ID: CVE-2023-51492
CVSS Score: 6.4 (Medium)
Researcher/s: Abu Hurayra (HurayraIIT)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8407b678-76c5-4232-b17e-8db05f9e7b12
Auto Amazon Links <= 5.3.6 – Authenticated (Contributor+) Stored Cross-Site Scripting
CVE ID: CVE-2023-52175
CVSS Score: 6.4 (Medium)
Researcher/s: Nguyen Anh Tien
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8b2a5938-232e-487c-b31b-f48e2b9acb65
Limit Login Attempts Reloaded <= 2.25.26 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-6934
CVSS Score: 6.4 (Medium)
Researcher/s: Hung -mov Nguyen
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/906049c0-4710-47aa-bf44-cdf29032dc1f
Divi <= 4.23.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-6744
CVSS Score: 6.4 (Medium)
Researcher/s: Francesco Carlucci
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/999475c5-5f17-47fa-a0d0-47cb5a8a0eb4
iframe Shortcode <= 2.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
CVE ID: CVE-2023-50825
CVSS Score: 6.4 (Medium)
Researcher/s: LVT-tholv2k
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a3c323d5-59bc-4ecc-8211-2104fd22639f
Restaurant Reservations <= 1.8 – Authenticated (Contributor+) Stored Cross-Site Scripting
CVE ID: CVE-2023-51403
CVSS Score: 6.4 (Medium)
Researcher/s: resecured.io
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a4fa8aa9-0af8-4202-b219-863bbef8d02c
CSS & JavaScript Toolbox <= 11.7 – Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
CVE ID: CVE-2023-50823
CVSS Score: 6.4 (Medium)
Researcher/s: Ngô Thiên An (ancorn_)
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ace85b25-251b-4549-8f6e-1a1494cbabb6
WordPress.com Editing Toolkit <= 3.78784 – Authenticated (Contributor+) Stored Cross-Site Scripting
CVE ID: CVE-2023-50879
CVSS Score: 6.4 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b54307fb-ecbc-4742-9deb-59dbb85b4a7c
BuddyPress <= 11.3.1 – Authenticated (Contributor+) Stored Cross-Site Scripting
CVE ID: CVE-2023-50880
CVSS Score: 6.4 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b824cab6-d340-487d-90ba-5b554db1da14
Stock Ticker <= 3.23.4 – Authenticated (Contributor+) Stored Cross-Site Scritping
CVE ID: CVE-2023-51541
CVSS Score: 6.4 (Medium)
Researcher/s: resecured.io
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b8e921f4-d889-490f-a817-53d132a56f83
Back Button Widget <= 1.6.3 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-51399
CVSS Score: 6.4 (Medium)
Researcher/s: Ngô Thiên An (ancorn_)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bcd28bc3-f893-4eb7-946f-34a2e9c7ff27
Easy Video Player <= 1.2.2.10 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-51689
CVSS Score: 6.4 (Medium)
Researcher/s: Ngô Thiên An (ancorn_)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bd28f7f0-ed52-45d0-8d97-5ff95d17eb26
AMP for WP – Accelerated Mobile Pages <= 1.0.92 – Authenticated (Contributor+) Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-6782
CVSS Score: 6.4 (Medium)
Researcher/s: Ngô Thiên An (ancorn_)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c1cae64e-caed-43c0-9a75-9aa4234946a0
WP User Profile Avatar <= 1.0 – Authenticated (Contributor+) Stored Cross-Site Scripting
CVE ID: CVE-2023-52118
CVSS Score: 6.4 (Medium)
Researcher/s: Abu Hurayra (HurayraIIT)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c291aa80-f1cd-4933-b522-73ec115a3a68
Dan’s Embedder for Google Calendar <= 1.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-51504
CVSS Score: 6.4 (Medium)
Researcher/s: Ngô Thiên An (ancorn_)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cbca88e0-1563-43cb-adf4-4f89856a07d0
CBX Bookmark & Favorite <= 1.7.13 – Authenticated (Contributor+) Stored Cross-Site Scripting
CVE ID: CVE-2023-51514
CVSS Score: 6.4 (Medium)
Researcher/s: Ngô Thiên An (ancorn_)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cddda02e-c36f-4ed8-b3ac-6cb3f17c6ce2
Easy Digital Downloads <= 3.2.5 – Authenticated (Contributor+) Stored Cross-Site Scripting
CVE ID: CVE-2023-51684
CVSS Score: 6.4 (Medium)
Researcher/s: LVT-tholv2k
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d19a9c96-918f-4f19-82a9-badd5765cea3
WordPress Infinite Scroll – Ajax Load More <= 6.1.0.1 – Authenticated (Contributor+) Stored Cross-Site Scripting
CVE ID: CVE-2023-50874
CVSS Score: 6.4 (Medium)
Researcher/s: Ngô Thiên An (ancorn_)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e3bcc0aa-281f-4c59-b3de-dde4277cc989
Themify Icons <= 2.0.1 – Authenticated (Contributor+) Stored Cross-Site Scripting
CVE ID: CVE-2023-51693
CVSS Score: 6.4 (Medium)
Researcher/s: wpdabh
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/efa156b7-ab18-414d-80a5-3a1c2a977b3b
Advanced Access Manager <= 6.9.18 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-51674
CVSS Score: 6.4 (Medium)
Researcher/s: LVT-tholv2k
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f1bf4f77-9539-4a9f-afec-f43f602c684f
Simple Membership <= 4.3.8 – Reflected Cross-Site Scripting
CVE ID: CVE-2023-50376
CVSS Score: 6.1 (Medium)
Researcher/s: Le Ngoc Anh
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/18fe9769-3681-4a5e-866a-640b4cc76199
Simple Membership <= 4.3.8 – Reflected Cross-Site Scripting Vulnerability via environment_mode
CVE ID: CVE-2023-6882
CVSS Score: 6.1 (Medium)
Researcher/s: Rein Daelman (trein)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/366165fe-93e5-49ab-b2e5-1de624f22286
WP Google Maps <= 9.0.27 – Unauthenticated Stored Cross-Site Scripting via REST API
CVE ID: CVE-2023-6627
CVSS Score: 6.1 (Medium)
Researcher/s: Marc-Alexandre Montpas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3a468814-ecb7-4414-9472-6c2aaa5f5c2c
New User Approve <= 2.5.1 – Cross-Site Request Forgery via admin_notices
CVE ID: CVE-2023-50902
CVSS Score: 6.1 (Medium)
Researcher/s: Vladislav Pokrovsky (ΞX.MI)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3abde27c-8234-4146-9e55-ea20b275ca48
HT Mega – Absolute Addons For Elementor <= 2.3.8 – Reflected Cross-Site Scripting
CVE ID: CVE-2023-50901
CVSS Score: 6.1 (Medium)
Researcher/s: Le Ngoc Anh
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6745be2e-d151-452a-8e65-0db2409dd54d
Impreza <= 8.17.4 – Reflected Cross-Site Scripting
CVE ID: CVE-2023-50893
CVSS Score: 6.1 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7bd931a9-18ec-48fa-9382-d4c2d99258c5
TheGem <= 5.9.1 – Reflected Cross-Site Scripting
CVE ID: CVE-2023-50892
CVSS Score: 6.1 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a243fbde-951b-43e0-a432-c92ae4b04c26
Crowdsignal Dashboard – Polls, Surveys & more <= 3.0.11 – Reflected Cross-Site Scripting
CVE ID: CVE-2023-51488
CVSS Score: 6.1 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a78da5c5-fb12-4fc9-8c51-6d9f6f7a4043
Google Photos Gallery with Shortcodes <= 4.0.2 – Reflected Cross-Site Scripting
CVE ID: CVE-2023-51373
CVSS Score: 6.1 (Medium)
Researcher/s: Le Ngoc Anh
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c5ab6a1f-181c-4bc2-bcc3-e19f94fc5e46
Uncode Core <= 2.8.6 – Reflected Cross-Site Scripting
CVE ID: CVE-2023-51501
CVSS Score: 6.1 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d4efe60a-d8e3-4e51-95b2-246e30e90e89
HTML Forms <= 1.3.28 – Authenticated (Administrator+) Cross-Site Scripting
CVE ID: CVE-2023-50836
CVSS Score: 5.5 (Medium)
Researcher/s: Huynh Tien Si
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2921ea67-e88a-489a-8c45-cfe458f29d2b
NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.5.5 – Authenticated (Admin+) SQL Injection
CVE ID: CVE-2023-50838
CVSS Score: 5.5 (Medium)
Researcher/s: Abu Hurayra (HurayraIIT)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6b5964a7-410b-4fea-9de2-22ffda80c8e8
ZeroBounce Email Verification & Validation <= 1.0.11 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-51374
CVSS Score: 5.5 (Medium)
Researcher/s: DoYeon Park (p6rkdoye0n)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c7d215e9-e615-46ab-b0b8-b37f10cfae98
Stylish Price List <= 7.0.17 – Missing Authorization
CVE ID: CVE-2023-51673
CVSS Score: 5.4 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0d9cea4e-b619-4935-bb7c-a64ddf52d480
JSM file_get_contents() Shortcode <= 2.7.0 – Authenticated (Contributor+) Server-Side Request Forgery via Shortcode
CVE ID: CVE-2023-6991
CVSS Score: 5.4 (Medium)
Researcher/s: Dmitrii Ignatyev
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/191d5bcc-70d8-430b-9215-00ffdc04be87
Simple Staff List <= 2.2.4 – Missing Authorization via ajax_flush_rewrite_rules and staff_member_export
CVE ID: CVE-2023-51526
CVSS Score: 5.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3ef8bf84-768f-4ef1-8037-4e51ccc20c83
ARI Stream Quiz <= 1.2.32 – Cross-Site Request Forgery
CVE ID: CVE-2023-51487
CVSS Score: 5.4 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/45180c8e-0625-4a21-b3a1-673abe52d78f
WP Shortcodes Plugin — Shortcodes Ultimate <= 7.0.0 – Authenticated (Contributor+) Stored Cross-Site Scripting
CVE ID: CVE-2023-6488
CVSS Score: 5.4 (Medium)
Researcher/s: Webbernaut
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/50a89ad1-a3d0-49e3-8d2e-4cb81ac115ba
Happy Addons for Elementor <= 3.9.1.1 – Server Side Request Forgery (SSRF)
CVE ID: CVE-2023-51676
CVSS Score: 5.4 (Medium)
Researcher/s: Yuchen Ji
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/64ae36a3-d102-4d51-b685-395283155101
Molongui <= 4.7.3 – Missing Authorization
CVE ID: CVE-2023-50876
CVSS Score: 5.4 (Medium)
Researcher/s: Abu Hurayra (HurayraIIT)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6f01ecab-2dfe-45d2-9d9a-ba1e30c7d75f
FOX – Currency Switcher Professional for WooCommerce <= 1.4.1.6 – Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
CVE ID: CVE-2023-6556
CVSS Score: 5.4 (Medium)
Researcher/s: Lucio Sá
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8cb37019-33f6-4f72-adfc-befbfbf69e47
Doofinder for WooCommerce <= 2.0.33 – Missing Authorization via multiple AJAX actions
CVE ID: CVE-2023-51678
CVSS Score: 5.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ad50e216-f522-4294-a4dc-7f3bd52820b3
Business Directory Plugin <= 6.3.9 – Missing Authorization via dispatch
CVE ID: CVE-2023-51516
CVSS Score: 5.4 (Medium)
Researcher/s: thiennv
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ea3c5188-4570-4958-8b2d-69048b10c5f9
Essential Blocks for Gutenberg <= 4.2.0 – Incorrect Authorization Checks
CVE ID: CVE-2023-51359
CVSS Score: 5.4 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/eca703ec-645c-4d12-ae57-75db14e08f3e
WooCommerce Warranty Requests <= 2.2.7 – Missing Authorization
CVE ID: CVE-2023-51496
CVSS Score: 5.3 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/03e96aea-30a2-4cd3-8967-52e1870cc293
Block IPs for Gravity Forms <= 1.0.1 – Cross-Site Request Forgery
CVE ID: CVE-2023-51358
CVSS Score: 5.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/19958187-7eb1-479e-bd36-d40974ae65ca
WP Optin Wheel <= 1.4.2 – Sensitive Information Exposure via Log File
CVE ID: CVE-2023-51408
CVSS Score: 5.3 (Medium)
Researcher/s: Joshua Chan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2a83ade5-5e53-4d53-ada0-43d487e5e23f
Rate my Post – WP Rating System <= 3.4.2 – IP Address Spoofing
CVE ID: CVE-2023-51667
CVSS Score: 5.3 (Medium)
Researcher/s: Brandon James Roldan (tomorrowisnew)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2d24aa7e-bbf1-4a54-b53b-7a37e613e0e6
Customer Reviews for WooCommerce <= 5.38.1 – Missing Authorization via CR_Manual
CVE ID: CVE-2023-51692
CVSS Score: 5.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2e093d1f-9c5a-44f8-bc27-9c320e220358
Poll Maker <= 4.8.0 – Missing Authorization
CVE ID: CVE-2023-50904
CVSS Score: 5.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/345097c7-8f0e-46ed-9a1d-7c8a4a589e3f
Paid Memberships Pro <= 2.12.5 – Missing Authorization via API
CVE ID: CVE-2023-6855
CVSS Score: 5.3 (Medium)
Researcher/s: Webbernaut
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/383c7837-e7b7-4608-9cdc-91b7dbc7f4e2
AI Power: Complete AI Pack – Powered by GPT-4 <= 1.8.1 – Missing Authorization to Sensitive Data Exposure
CVE ID: CVE-2023-51527
CVSS Score: 5.3 (Medium)
Researcher/s: Brandon James Roldan (tomorrowisnew)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3f95c288-7710-46aa-898b-a923afa7a4ab
Database Cleaner <= 0.9.8 – Sensitive Information Exposure via Log File
CVE ID: CVE-2023-51508
CVSS Score: 5.3 (Medium)
Researcher/s: Joshua Chan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4031f857-9712-4f4a-93e8-0b01f9a9c32d
Beaver Builder – WordPress Page Builder <= 2.7.2 – Authenticated (Contributor+) Stored Cross-Site Scripting
CVE ID: CVE-2023-50889
CVSS Score: 5.3 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4a13c7a1-f904-41b1-ab7f-2df95c9b2880
RegistrationMagic <= 5.2.5.0 – IP Spoofing
CVE ID: CVE-2023-51543
CVSS Score: 5.3 (Medium)
Researcher/s: Brandon James Roldan (tomorrowisnew)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4b37b57c-4a11-4971-b38f-12c70d71b76b
MC4WP <= 4.9.9 – Missing Authorization via listen
CVE ID: CVE-2023-51682
CVSS Score: 5.3 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4f289527-3a89-4db9-887d-fb0980848734
Product Catalog Simple <= 1.7.6 – Sensitive Information Exposure via Product CSV
CVE ID: CVE-2023-51687
CVSS Score: 5.3 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4f4099b3-6c79-42c2-be41-4ad8d73cc2b8
Uncanny Automator <= 5.1.0.2 – Sensitive Information Exposure via Log File
CVE ID: CVE-2023-52151
CVSS Score: 5.3 (Medium)
Researcher/s: Joshua Chan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5098e74a-9a99-48b3-9f44-b780bfdeb24e
LA-Studio Element Kit for Elementor <= 1.1.5 – Missing Authorization
CVE ID: CVE-2023-50884
CVSS Score: 5.3 (Medium)
Researcher/s: thiennv
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/523f7a8a-d06d-4778-be14-d0b7ca32dab3
WooCommerce Canada Post Shipping <= 2.8.3 – Missing Authorization
CVE ID: CVE-2023-51498
CVSS Score: 5.3 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/549788e3-e31a-46a6-a2de-361747c98514
Branda <= 3.4.14 – IP Address Spoofing
CVE ID: CVE-2023-51542
CVSS Score: 5.3 (Medium)
Researcher/s: Brandon James Roldan (tomorrowisnew)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/552bc1cc-df98-4608-a50e-db1381ca8e0a
Send Users Email <= 1.4.3 – Sensitive Information Exposure via Error Logs
CVE ID: CVE-2023-52126
CVSS Score: 5.3 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5d50e9bb-e357-42d3-b131-468511b8e98a
User Feedback <= 1.0.10 – Missing Authorization
CVE ID: CVE-2023-50887
CVSS Score: 5.3 (Medium)
Researcher/s: Revan Arifio
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/63c7bb29-c8b2-49ee-8ac4-1046b61b7e6a
WooPayments – Fully Integrated Solution Built and Supported by Woo <= 6.6.2 – Unauthenticated Insecure Direct Object Reference
CVE ID: CVE-2023-51503
CVSS Score: 5.3 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/68f5bc13-b0b2-48b6-82ac-ff02367f4780
404 Solution <= 2.33.0 – Sensitive Information Exposure via Log File
CVE ID: CVE-2023-52146
CVSS Score: 5.3 (Medium)
Researcher/s: Joshua Chan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/73643d45-9542-4372-a7a2-0a443819b8a2
WP User Profile Avatar <= 1.0.0 – Authenticated (Author+) Insecure Direct Object Reference to Avatar Deletion/Update
CVE ID: CVE-2023-6384
CVSS Score: 5.3 (Medium)
Researcher/s: Dmitrii Ignatyev
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/75c325a1-1a88-4b67-a5f8-6307627d8c6a
Awesome Support <= 6.1.5 – Missing Authorization via wpas_load_reply_history
CVE ID: CVE-2023-51537
CVSS Score: 5.3 (Medium)
Researcher/s: Brandon James Roldan (tomorrowisnew)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7d713de0-40a4-4926-9942-e5e2bf7434c4
RegistrationMagic <= 5.2.5.0 – Form Submission Limit Bypass
CVE ID: CVE-2023-51544
CVSS Score: 5.3 (Medium)
Researcher/s: Kyle Sanchez
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/86ebb3d1-5fd1-48cb-95b7-f82014323f01
Quiz And Survey Master <= 8.1.16 – Missing Authorization
CVE ID: CVE-2023-51507
CVSS Score: 5.3 (Medium)
Researcher/s: Brandon James Roldan (tomorrowisnew)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/89ee5d27-9123-4fd2-94f8-4395db5663ec
Defender Security <= 4.1.0 – Sensitive Information Exposure via Log File
CVE ID: CVE-2023-51490
CVSS Score: 5.3 (Medium)
Researcher/s: Joshua Chan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/94c8979a-db2e-490f-b055-cdf19a48cf73
Metform Elementor Contact Form Builder <= 3.4.0 – Missing Authorization via submit
CVE ID: CVE-2023-50903
CVSS Score: 5.3 (Medium)
Researcher/s: Revan Arifio
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a6425d39-cc8b-4130-8f67-2d6de7954934
Affiliates Manager <= 2.9.30 – Sensitive Information Exposure via Log File
CVE ID: CVE-2023-52148
CVSS Score: 5.3 (Medium)
Researcher/s: Joshua Chan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/abc3f352-8568-4649-bf3c-dd0ce0295589
Conversios.io <= 6.5.0 – Missing Authorization
CVE ID: CVE-2023-51357
CVSS Score: 5.3 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ae007dc0-9ac7-459d-bfe6-bcde87028b14
eCommerce Product Catalog <= 3.3.26 – Sensitive Information Exposure via CSV Files
CVE ID: CVE-2023-51688
CVSS Score: 5.3 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b48b9170-4dd9-4004-a081-488cafbc7597
FastDup <= 2.1.7 – Sensitive Information Exposure via Log File
CVE ID: CVE-2023-51406
CVSS Score: 5.3 (Medium)
Researcher/s: Joshua Chan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b8261317-462b-49c5-9526-20b695895e49
All-in-one Floating Contact Form – My Sticky Elements <= 2.1.3 – Missing Authorization
CVE ID: CVE-2023-51362
CVSS Score: 5.3 (Medium)
Researcher/s: Revan Arifio
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c4098a47-986c-4b2c-b27a-18ff81da0f58
WooCommerce Warranty Requests <= 2.2.7 – Missing Authorization
CVE ID: CVE-2023-51495
CVSS Score: 5.3 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c8970d08-6c75-4dbb-ad24-6d9ba4c07530
Everest Forms <= 2.0.3 – Unauthorized Form Submission via Disabled Forms
CVE ID: CVE-2023-51377
CVSS Score: 5.3 (Medium)
Researcher/s: Revan Arifio
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cc3d49c5-3054-4e1f-b571-6591a0b31d69
BuddyBoss Theme <= 2.4.60 – Missing Authorization
CVE ID: CVE-2023-51477
CVSS Score: 5.3 (Medium)
Researcher/s: Dave Jong
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ccbeb69e-6476-42a6-86ac-723947c70301
Easy Digital Downloads <= 3.1.5 – Missing Authorization
CVE ID: CVE-2023-40005
CVSS Score: 5.3 (Medium)
Researcher/s: Nguyen Anh Tien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dbce48b2-aa7c-4c92-8df8-ee3a17336e97
Image Source Control <= 2.17.0 – Sensitive Information Exposure via Log File
CVE ID: CVE-2023-52187
CVSS Score: 5.3 (Medium)
Researcher/s: Joshua Chan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e3b3ce65-b226-4b93-ab0c-984f774454f7
WooCommerce Product Vendors <= 2.2.2 – Missing Authorization
CVE ID: CVE-2023-52186
CVSS Score: 5.3 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e4457df6-81ca-4149-bcca-623cff2cbeef
Malware Scanner <= 4.7.1 – IP Spoofing
CVE ID: CVE-2023-52176
CVSS Score: 5.3 (Medium)
Researcher/s: Brandon James Roldan (tomorrowisnew)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fb19fd06-7b2c-41a1-a470-230da7ce944d
WooCommerce Product Vendors <= 2.2.1 – Missing Authorization
CVE ID: CVE-2023-51494
CVSS Score: 5.3 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fcce0a92-520d-45ac-845e-a1635f763eed
iFrame <= 4.8 – Authenticated (Contributor+) Stored Cross-Site Scripting via srcdoc
CVE ID: CVE-2023-52125
CVSS Score: 5 (Medium)
Researcher/s: LVT-tholv2k
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/66f392d0-d5fb-4a8c-b972-becfac6cf6e7
Enable Media Replace <= 4.1.4 – Reflected Cross-Site Scripting
CVE ID: CVE-2023-6737
CVSS Score: 4.7 (Medium)
Researcher/s: Nex Team
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c37d8218-6059-46f2-a5d9-d7c22486211e
Menu Image, Icons made easy <= 3.10 – Authenticated (Administrator+) Stored Cross-Site Scripting via settings
CVE ID: CVE-2023-50826
CVSS Score: 4.4 (Medium)
Researcher/s: emad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0ff001c2-95f9-42a2-b5a3-74937be41756
Ultimate Dashboard <= 3.7.11 – Authenticated (Administrator+) Stored Cross-Site Scripting via settings
CVE ID: CVE-2023-50828
CVSS Score: 4.4 (Medium)
Researcher/s: emad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/10c1b000-537a-4009-a740-19666505989e
Accredible Certificates & Open Badges <= 1.4.8 – Authenticated (Administrator+) Stored Cross-Site Scripting via settings
CVE ID: CVE-2023-50827
CVSS Score: 4.4 (Medium)
Researcher/s: emad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1d5ac3df-ddaf-4c78-acd3-baddea42443f
Photo Gallery by 10Web <= 1.8.18 – Authenticated (Administrator+) Stored Cross-Site Scripting via Widget
CVE ID: CVE-2023-6924
CVSS Score: 4.4 (Medium)
Researcher/s: István Márton
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/21b4d1a1-55fe-4241-820c-203991d724c4
Everest Forms <= 2.0.4.1 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-51695
CVSS Score: 4.4 (Medium)
Researcher/s: Robert DeVore
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/381ec612-2086-4925-98cd-652a6c2ac081
WP Review Slider <= 12.7 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-51685
CVSS Score: 4.4 (Medium)
Researcher/s: emad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/62233370-3b54-4d89-93e7-07afdae4a413
WP Chat App <= 3.4.4 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-51370
CVSS Score: 4.4 (Medium)
Researcher/s: emad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/73232bff-b11a-4580-8cde-5bf085ba749c
weForms – Easy Drag & Drop Contact Form Builder For WordPress <= 1.6.17 – Authenticated (Admin+) Stored Cross-Site Scripting
CVE ID: CVE-2023-50896
CVSS Score: 4.4 (Medium)
Researcher/s: emad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7c44efe0-bdc0-42e0-9bdd-cf25bff1d2d5
Brave Popup Builder <= 0.6.2 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-51534
CVSS Score: 4.4 (Medium)
Researcher/s: Huynh Tien Si
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/88cf21c3-52d7-472f-8f55-8e1a5819f133
Sticky Chat Widget <= 1.1.8 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-51361
CVSS Score: 4.4 (Medium)
Researcher/s: emad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/892fe839-57ca-45bc-aa9b-f1bf87994a77
Event Management Tickets Booking <= 1.3.2 – Authenticated (Administrator+) Stored Cross-Site Scripting via settings
CVE ID: CVE-2023-47525
CVSS Score: 4.4 (Medium)
Researcher/s: Jeongwoo-Lee(Roronoa)
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8f4f2317-945e-4fd8-8a0b-981b88a8412c
Multi Step Form <= 1.7.13 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-50832
CVSS Score: 4.4 (Medium)
Researcher/s: Benmalek Aymen (centaurus)
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a5e6b508-35ef-45da-bf17-c038d3b7ce52
Custom Post Carousels with Owl <= 1.4.6 – Authenticated (Editor+) Stored Cross-Site Scripting
CVE ID: CVE-2023-51493
CVSS Score: 4.4 (Medium)
Researcher/s: Ngô Thiên An (ancorn_)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a89f795d-246d-4a3c-a7a7-5c9867d7a01e
CRM Perks Forms <= 1.1.2 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-51536
CVSS Score: 4.4 (Medium)
Researcher/s: Ngô Thiên An (ancorn_)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ca954d68-18a5-47e2-af56-261c7a55b017
Simple Counter <= 1.0.2 – Authenticated (Administrator+) Stored Cross-Site Scripting via settings
CVE ID: CVE-2023-50377
CVSS Score: 4.4 (Medium)
Researcher/s: Abu Hurayra (HurayraIIT)
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cb4eb28a-3dd5-4d8d-bef0-53cee7285180
WP Edit Username <= 1.0.5 – Authenticated (Administrator+) Stored Cross-Site Scripting via settings
CVE ID: CVE-2023-47527
CVSS Score: 4.4 (Medium)
Researcher/s: Jeongwoo-Lee(Roronoa)
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f445de97-b6fd-4180-b63e-5b8da40dae6a
Loan Repayment Calculator and Application Form <= 2.9.3 – Authenticated (Admin+) Stored Cross-Site Scripting
CVE ID: CVE-2023-50829
CVSS Score: 4.4 (Medium)
Researcher/s: DoYeon Park (p6rkdoye0n)
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f8756fb7-ee15-4fc7-b5bd-b4f2e64f8e6f
WooCommerce Easy Duplicate Product <= 0.3.0.7 – Missing Authorization via wedp_duplicate_product_action
CVE ID: CVE-2023-51523
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/02d11be0-2e2e-4c76-8a8e-f3f637b99809
EnvÃaloSimple <= 2.1 – Cross-Site Request Forgery
CVE ID: CVE-2023-51416
CVSS Score: 4.3 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0c533277-5cea-419f-93ec-e510c0fbd75d
Simple Job Board <= 2.10.6 – Cross-Site Request Forgery
CVE ID: CVE-2023-52122
CVSS Score: 4.3 (Medium)
Researcher/s: Brandon James Roldan (tomorrowisnew)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/100b6786-7cad-4d65-b457-9beb179e293a
Webba Booking <= 4.5.33 – Cross-Site Request Forgery
CVE ID: CVE-2023-51354
CVSS Score: 4.3 (Medium)
Researcher/s: Skalucy
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/12a195a0-f992-462d-9b4e-69e8a2975635
Spam protection, AntiSpam, FireWall by CleanTalk <= 6.20 – Cross-Site Request Forgery via apbct_settings__update_account_email
CVE ID: CVE-2023-51696
CVSS Score: 4.3 (Medium)
Researcher/s: Elliot
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/19dd6670-2813-4944-abcd-c26fb9b82092
Custom Twitter Feeds (Tweets Widget) <= 2.1.2 – Cross-Site Request Forgery
CVE ID: CVE-2023-52136
CVSS Score: 4.3 (Medium)
Researcher/s: thiennv
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1ab56d29-7e35-4bc3-812e-d82890f60c8e
Republish Old Posts <= 1.21 – Cross-Site Request Forgery via rop_options_page
CVE ID: CVE-2023-52145
CVSS Score: 4.3 (Medium)
Researcher/s: Skalucy
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1e1db52a-3966-4e04-b0ed-08bda9ba1ff6
Advanced Access Manager <= 6.9.18 – Authenticated (Author+) Open Redirect
CVE ID: CVE-2023-51675
CVSS Score: 4.3 (Medium)
Researcher/s: LVT-tholv2k
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1eb25ef3-28ea-4f8f-932a-e90ca1914e8d
Floating Button <= 6.0 – Cross-Site Request Forgery via process_bulk_action
CVE ID: CVE-2023-52149
CVSS Score: 4.3 (Medium)
Researcher/s: Skalucy
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/20151f80-c25f-482e-a2b0-34607dba9d1e
Rise Blocks – A Complete Gutenberg Page Builder <= 3.1 – Cross-Site Request Forgery
CVE ID: CVE-2023-51378
CVSS Score: 4.3 (Medium)
Researcher/s: emad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2b249842-c480-495a-8eec-6c7d0893ef1c
WP Simple Booking Calendar <= 2.0.8.4 – Cross-Site Request Forgery
CVE ID: CVE-2023-51525
CVSS Score: 4.3 (Medium)
Researcher/s: Brandon James Roldan (tomorrowisnew)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2f72e5bb-e076-4379-8699-e399761c043f
Icegram <= 3.1.18 – Cross-Site Request Forgery via save_campaign_preview
CVE ID: CVE-2023-52119
CVSS Score: 4.3 (Medium)
Researcher/s: Brandon James Roldan (tomorrowisnew)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3000b140-2e38-463d-9128-b486293e3cf6
White Label <= 2.9.0 – Cross-Site Request Forgery via white_label_reset_wl_admins
CVE ID: CVE-2023-52128
CVSS Score: 4.3 (Medium)
Researcher/s: Brandon James Roldan (tomorrowisnew)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/383da457-b930-470c-a68a-db3e87af7a80
Ultimate Addons for Beaver Builder <= 1.35.13 – Authenticated(Contributor+) Directory Traversal to Arbitrary File Download
CVE ID: CVE-2023-51401
CVSS Score: 4.3 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/38a5be0c-f905-4e27-b5c3-8c0606d71a61
HUSKY – Products Filter for WooCommerce (formerly WOOF) <= 1.3.4.3 – Cross-Site Request Forgery
CVE ID: CVE-2023-50861
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3d9179d2-2e90-4de7-8178-073a0ce5865b
Duplicator <= 1.5.7 – Cross-Site Request Forgery via views/tools/diagnostics/information.php
CVE ID: CVE-2023-51681
CVSS Score: 4.3 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/416da5d4-3d47-443b-a82c-c059c38f5218
Quiz And Survey Master <= 8.1.18 – Cross-Site Request Forgery
CVE ID: CVE-2023-51521
CVSS Score: 4.3 (Medium)
Researcher/s: Brandon James Roldan (tomorrowisnew)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4cfdbf80-3733-4d5c-9bc6-01e543ee08b1
Thrive Automator <= 1.17 – Cross-Site Request Forgery
CVE ID: CVE-2023-51531
CVSS Score: 4.3 (Medium)
Researcher/s: Brandon James Roldan (tomorrowisnew)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4d5b1a3d-ce7f-4d5d-b72b-61024d5c5378
Spam protection, AntiSpam, FireWall by CleanTalk <= 6.20 – Cross-Site Request Forgery
CVE ID: CVE-2023-51535
CVSS Score: 4.3 (Medium)
Researcher/s: Brandon James Roldan (tomorrowisnew)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4eb4400d-d629-4c88-9ec5-06da9089f6d1
WPC Product Bundles for WooCommerce <= 7.3.1 – Cross-Site Request Forgery
CVE ID: CVE-2023-52127
CVSS Score: 4.3 (Medium)
Researcher/s: Brandon James Roldan (tomorrowisnew)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5188dc72-a00d-4a07-b178-3f3ef26d7fc1
GPT3 AI Content Writer <= 1.8.12 – Cross-Site Request Forgery
CVE ID: CVE-2023-51528
CVSS Score: 4.3 (Medium)
Researcher/s: Brandon James Roldan (tomorrowisnew)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5511c5f4-b71c-484b-ab6f-2389a29809cd
Apollo13 Framework Extensions <= 1.9.1 – Cross-Site Request Forgery
CVE ID: CVE-2023-51539
CVSS Score: 4.3 (Medium)
Researcher/s: Brandon James Roldan (tomorrowisnew)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/575b51f4-fed4-4057-9e8b-762fda275ef3
WooCommerce Ship to Multiple Addresses <= 3.8.9 – Missing Authorization
CVE ID: CVE-2023-51497
CVSS Score: 4.3 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/63ab255f-e061-447b-a2b6-21a85eed9d57
WooCommerce PDF Invoice Builder <= 1.2.101 – Cross-Site Request Forgery
CVE ID: CVE-2023-51486
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/652367a0-fca2-4313-8217-d8811ada0ab5
Paid Member Subscriptions <= 2.10.4 – Cross-Site Request Forgery via ajax_add_log_entry
CVE ID: CVE-2023-51522
CVSS Score: 4.3 (Medium)
Researcher/s: Brandon James Roldan (tomorrowisnew)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/69ab17fc-8290-4230-8c44-25d12009c08a
HT Mega <= 2.3.3 – Cross-Site Request Forgery via Several Functions
CVE ID: CVE-2023-51529
CVSS Score: 4.3 (Medium)
Researcher/s: Brandon James Roldan (tomorrowisnew)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6f26b04f-2a25-40a6-9b2c-27d9970acb8f
FunnelKit Checkout <= 3.10.3 – Authenticated(Subscriber+) Missing Authorization to Arbitrary Plugin Activation
CVE ID: CVE-2023-51670
CVSS Score: 4.3 (Medium)
Researcher/s: Dave Jong
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6f789ff9-5d86-4911-8b2f-2a425393c61d
ProfileGrid <= 5.6.6 – Missing Authorization
CVE ID: CVE-2023-52117
CVSS Score: 4.3 (Medium)
Researcher/s: emad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/71fb1cef-6e01-4bd7-b0bc-5d21295f119a
Dynamic Content for Elementor < 2.12.5 – Cross-Site Request Forgery
CVE ID: CVE-2023-52150
CVSS Score: 4.3 (Medium)
Researcher/s: Dave Jong
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/77a85024-33ff-4056-89f6-991182d71b80
Product Filter by WBW <= 2.5.0 – Missing Authorization via getListForTbl
CVE ID: CVE-2023-50877
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/77acb885-1776-4a74-96d0-4edbf1a92917
Export Media URLs <= 1.0 – Cross-Site Request Forgery
CVE ID: CVE-2023-51510
CVSS Score: 4.3 (Medium)
Researcher/s: Skalucy
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7b121abf-3842-43ac-a3dc-bde6d5e0b263
Calculated Fields Form <= 1.2.28 – Authenticated (Contributor+) Open Redirect via Shortcode
CVE ID: CVE-2023-51517
CVSS Score: 4.3 (Medium)
Researcher/s: Ngô Thiên An (ancorn_)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/85555a8f-5d23-458d-9166-d30f8f0551e0
Inline Image Upload for BBPress <= 1.1.18 – Cross-Site Request Forgery via hm_bbpui_admin_page
CVE ID: CVE-2023-51668
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/86bd6ae1-e74d-4aab-98e1-3c47cb484fe9
WooCommerce Shipping Per Product <= 2.5.4 – Missing Authorization
CVE ID: CVE-2023-51499
CVSS Score: 4.3 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8b0504f3-f8df-4b37-bafa-5320920e9571
Easy PayPal Buy Now Button <= 1.8.1 – Cross-Site Request Forgery
CVE ID: CVE-2023-51683
CVSS Score: 4.3 (Medium)
Researcher/s: LVT-tholv2k
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8f6fd0bb-d37b-40b6-b84e-9b21aae891cc
BulkGate SMS Plugin for WooCommerce <= 3.0.2 – Missing Authorization via Multiple AJAX Actions
CVE ID: CVE-2023-51679
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/93e590f8-5f8d-4ee5-bcff-96bcb8daf4b7
FunnelKit Checkout <= 3.10.3 – Authenticated(Subscriber+) Missing Authorization to Settings Change
CVE ID: CVE-2023-51671
CVSS Score: 4.3 (Medium)
Researcher/s: Dave Jong
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9603e394-b358-4599-8610-ef5737a39de0
Booster Elite for WooCommerce <= 7.1.2 – Authenticated(Subscriber+) Content Injection
CVE ID: CVE-2023-51511
CVSS Score: 4.3 (Medium)
Researcher/s: Dave Jong
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/995a086a-4795-4092-823c-b941445dc361
MStore API <= 4.10.1 – Cross-Site Request Forgery
CVE ID: CVE-2023-50878
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9d32bda7-2d2d-4364-8ac9-e32950f889ed
Add Any Extension to Pages <= 1.4 – Cross-Site Request Forgery via aaetp_options_page
CVE ID: CVE-2023-50873
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9f49e727-cac4-4a46-b649-5ca48d5e2402
Sirv <= 7.1.2 – Missing Authorization via sirv_disconnect
CVE ID: CVE-2023-50898
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a4a67ec6-ee13-4532-8213-d17dbf5f2c55
Integrate Google Drive <= 1.3.3 – Missing Authorization via save_settings
CVE ID: CVE-2023-52177
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a4c8d390-145a-4926-99e9-b386dfe5e6ac
Anti Hacker <= 4.34 – Cross-Site Request Forgery via antihacker_ajax_scan
CVE ID: CVE-2023-50858
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a8ae5712-09a8-45a4-9f79-3e5b7786e652
NEX-Forms – Ultimate Form Builder <= 8.5.2 – Cross-Site Request Forgery
CVE ID: CVE-2023-52120
CVSS Score: 4.3 (Medium)
Researcher/s: Brandon James Roldan (tomorrowisnew)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a9b45e9b-57a6-4bfd-b9e4-d07780370f02
Split Test For Elementor <= 1.6.9 – Cross-Site Request Forgery
CVE ID: CVE-2023-51407
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/be23388e-9371-4ea0-974b-80f76de90012
GS Logo Slider <= 3.5.1 – Cross-Site Request Forgery
CVE ID: CVE-2023-51530
CVSS Score: 4.3 (Medium)
Researcher/s: Brandon James Roldan (tomorrowisnew)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c89a8001-ab50-466c-aa51-62c0ff5f86dc
WP Job Portal <= 2.0.6 – Cross-Site Request Forgery
CVE ID: CVE-2023-52184
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d0aa1fad-1ff4-4bc5-a584-99b528470990
ProjectHuddle Client Site <= 1.0.34 – Missing Authorization via ph_child_ajax_notice_handler
CVE ID: CVE-2023-51376
CVSS Score: 4.3 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d484500f-c8c1-4278-8a38-82a7fd5674f9
Slider by Soliloquy <= 2.7.2 – Missing Authorization
CVE ID: CVE-2023-51519
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d6331b42-f15b-46c6-b8bd-7f65c28c4a12
Awesome Support <= 6.1.5 – Cross-Site Request Forgery
CVE ID: CVE-2023-51538
CVSS Score: 4.3 (Medium)
Researcher/s: Brandon James Roldan (tomorrowisnew)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d69915e9-af9b-4c07-ac43-21c6e350c3c4
Advanced Category Template <= 0.1 – Cross-Site Request Forgery
CVE ID: CVE-2023-50835
CVSS Score: 4.3 (Medium)
Researcher/s: Skalucy
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/da09b158-3626-455b-b3bc-b1109d0fab2e
NitroPack <= 1.10.2 – Cross-Site Request Forgery
CVE ID: CVE-2023-52121
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/daa30370-0d11-45b7-8ca3-b2a3b9046127
Crowdsignal Dashboard – Polls, Surveys & more <= 3.0.11 – Cross-Site Request Forgery via update_rating
CVE ID: CVE-2023-51489
CVSS Score: 4.3 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e03390e5-5604-4b9d-ab1b-dac2b19270cd
Strong Testimonials <= 3.1.10 – Cross-Site Request Forgery
CVE ID: CVE-2023-52123
CVSS Score: 4.3 (Medium)
Researcher/s: Brandon James Roldan (tomorrowisnew)
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e0ccdc0d-7c38-4dd3-be39-2359d63b2b6c
Eazy Plugin Manager <= 4.1.2 – Missing Authorization via update_options
CVE ID: CVE-2023-51482
CVSS Score: 4.3 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e214fadf-73fd-430f-8608-6630ce82b78c
Ultimate Addons for WPBakery <= 3.19.17 – Cross-Site Request Forgery
CVE ID: CVE-2023-51402
CVSS Score: 4.3 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ece4eca1-9dc1-4f17-92e4-8b2e3e1a7306
Product Table by WBW <= 1.8.6 – Cross-Site Request Forgery via saveGroup
CVE ID: CVE-2023-51512
CVSS Score: 4.3 (Medium)
Researcher/s: Skalucy
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/eff03dbc-1bb7-4a72-b57c-f1bde966c286
Customize My Account for WooCommerce <= 1.8.3 – Cross-Site Request Forgery via restore_my_account_tabs
CVE ID: CVE-2023-51369
CVSS Score: 4.3 (Medium)
Researcher/s: thiennv
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f79f9385-f8d1-44a0-9e53-7576a9453163
Product Feed Manager <= 7.3.15 – Authenticated (Admin+) Directory Traversal
CVE ID: CVE-2023-52144
CVSS Score: 2.7 (Low)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7a20b65a-6d3a-41fc-80c5-94cce0459a6b
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
Comments
11:09 am
Wow, what a busy week. Thank you folks and Happy New Year, to each of you.