Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now!
Last week, there were 126 vulnerabilities disclosed in 102 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 37 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Enterprises, Hosting Providers, and even Indivudals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 12,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
_Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published. _
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Patch Status | Number of Vulnerabilities |
---|---|
Unpatched | 40 |
Patched | 86 |
Severity Rating | Number of Vulnerabilities |
---|---|
Low Severity | 2 |
Medium Severity | 105 |
High Severity | 14 |
Critical Severity | 5 |
Vulnerability Type by CWE | Number of Vulnerabilities |
---|---|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 43 |
Missing Authorization | 36 |
Cross-Site Request Forgery (CSRF) | 26 |
Unrestricted Upload of File with Dangerous Type | 4 |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') | 3 |
Information Exposure | 2 |
Deserialization of Untrusted Data | 2 |
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') | 1 |
Improper Privilege Management | 1 |
Unverified Password Change | 1 |
Protection Mechanism Failure | 1 |
URL Redirection to Untrusted Site ('Open Redirect') | 1 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 1 |
Use of Less Trusted Source | 1 |
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') | 1 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 1 |
Improper Authorization | 1 |
Researcher Name | Number of Vulnerabilities |
---|---|
Abdi Pranata | 23 |
Rafie Muhammad | 18 |
Ngô Thiên An (ancorn_) | 10 |
Le Ngoc Anh | 5 |
István Márton | |
(Wordfence Vulnerability Researcher) | 4 |
Mika | 4 |
Marco Wotschka | |
(Wordfence Vulnerability Researcher) | 4 |
Paolo Tresso | |
(Wordfence Vulnerability Researcher) | 4 |
emad | 3 |
Huynh Tien Si | 3 |
Ala Arfaoui | 2 |
Vincenzo Turturro | 2 |
Gianluca Parisi | 2 |
Vincenzo Cantatore | 2 |
Revan Arifio | 1 |
Enrico Marcolini | 1 |
Claudio Marchesini (Dottormarc) | 1 |
wpdabh | 1 |
RIN MIYACHI | 1 |
Nicolas Surribas | 1 |
Naveen Muthusamy | 1 |
Vladislav Pokrovsky (ΞX.MI) | 1 |
niclo | 1 |
LEE SE HYOUNG | 1 |
Muhammad Daffa | 1 |
Brandon James Roldan (tomorrowisnew) | 1 |
BuShiYue | 1 |
Alex Sanford | 1 |
thiennv | 1 |
Nguyen Xuan Chien | 1 |
Furkan ÖZER | 1 |
DoYeon Park (p6rkdoye0n) | 1 |
Dmitrii Ignatyev | 1 |
Bartłomiej Marek | 1 |
Tomasz Swiadek | 1 |
resecured.io | 1 |
Ivy (TOOR, Lisa) | 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
Software Name | Software Slug |
---|---|
10WebAnalytics | wd-google-analytics |
AMP+ Plus | amp-plus |
ARI Stream Quiz – WordPress Quizzes Builder | ari-stream-quiz |
AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth | aweber-web-form-widget |
Accordion | accordions-wp |
Acme Fix Images | acme-fix-images |
Add Widgets to Page | add-widgets-to-page |
Ajax Domain Checker | ajax-domain-checker |
Anywhere Flash Embed | anywhere-flash-embed |
AppPresser – Mobile App Framework | apppresser |
Audio Merchant | audio-merchant |
BMI Calculator Plugin | bmi-calculator-shortcode |
BP Profile Shortcodes Extra | bp-profile-shortcodes-extra |
BSK Contact Form 7 Blacklist | bsk-contact-form-7-blacklist |
Bamboo Columns | bamboo-columns |
Better RSS Widget | better-rss-widget |
BetterDocs – Best Documentation & Knowledge Base Plugin | betterdocs |
Big File Uploads – Increase Maximum File Upload Size | tuxedo-big-file-uploads |
Bus Ticket Booking with Seat Reservation – WpBusTicketly | WordPress plugin |
Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress | sprout-invoices |
CodeBard's Patron Button and Widgets for Patreon | patron-button-and-widgets-by-codebard |
Comments – wpDiscuz | wpdiscuz |
Community by PeepSo – Social Network, Membership, Registration, User Profiles | peepso-core |
Conditional Fields for Contact Form 7 | cf7-conditional-fields |
Customer Reviews for WooCommerce | customer-reviews-woocommerce |
Daily Prayer Time | daily-prayer-time-for-mosques |
Delete Duplicate Posts | delete-duplicate-posts |
Ditty – Responsive News Tickers, Sliders, and Lists | ditty-news-ticker |
DrawIt (draw.io) | drawit |
EWWW Image Optimizer | ewww-image-optimizer |
Easy Call Now by ThikShare | easy-call-now |
EasyAzon – Amazon Associates Affiliate Plugin | easyazon |
Elementor Addon Elements | addon-elements-for-elementor-page-builder |
Email Encoder – Protect Email Addresses and Phone Numbers | email-encoder-bundle |
Email Verification / SMS Verification / OTP Verification / OTP Authentication / WooCommerce Notification | miniorange-otp-verification |
Embed Privacy | embed-privacy |
EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor | embedpress |
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates | essential-blocks |
Essential Grid Portfolio – Photo Gallery | essential-grid |
Events Addon for Elementor | events-addon-for-elementor |
Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty | chaty |
Footer Putter | footer-putter |
FormCraft – Contact Form Builder for WordPress | formcraft-form-builder |
Forminator – Contact Form, Payment Form & Custom Form Builder | forminator |
Frontend File Manager Plugin | nmedia-user-file-uploader |
Hreflang Manager | hreflang-manager-lite |
Image Compressor & Optimizer – iLoveIMG | iloveimg |
Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms | cf7-constant-contact |
Interactive World Map | interactive-world-map |
Jetpack – WP Security, Backup, Speed, & Growth | jetpack |
LWS Hide Login | lws-hide-login |
LayerSlider | layerslider |
Leadster | leadster-marketing-conversacional |
Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator | legal-pages |
Live Preview for Contact Form 7 | cf7-live-preview |
LuckyWP Scripts Control | luckywp-scripts-control |
MP3 Audio Player for Music, Radio & Podcast by Sonaar | mp3-music-player-by-sonaar |
Namaste! LMS | namaste-lms |
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions | paid-memberships-pro |
Permalinks Customizer | permalinks-customizer |
Phlox Shop | auxin-shop |
Popup Box – Best WordPress Popup Plugin | ays-popup-box |
Post Status Notifier Lite | post-status-notifier-lite |
Premium Portfolio Features for Phlox theme | auxin-portfolio |
Premmerce Redirect Manager | premmerce-redirect-manager |
Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic | shareaholic |
Pz-LinkCard | pz-linkcard |
Quick Call Button | quick-call-button |
Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress | quiz-master-next |
Restaurant & Cafe Addon for Elementor | restaurant-cafe-addon-for-elementor |
SearchIQ – The Search Solution | searchiq |
Shortcodes and extra features for Phlox theme | auxin-elements |
Simple 301 Redirects by BetterLinks | simple-301-redirects |
Simply Excerpts | simply-excerpts |
Slider Revolution | revslider |
Slider – Ultimate Responsive Image Slider | ultimate-responsive-image-slider |
Star CloudPRNT for WooCommerce | star-cloudprnt-for-woocommerce |
Theater for WordPress | theatre |
URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress | url-shortify |
Ultimate Dashboard – Custom WordPress Dashboard | ultimate-dashboard |
WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses | wp-courses |
WP Custom Admin Interface | wp-custom-admin-interface |
WP EXtra | wp-extra |
WP Fastest Cache | wp-fastest-cache |
WP Like Button | wp-like-button |
WP Maintenance | wp-maintenance |
WP Meta and Date Remover | wp-meta-and-date-remover |
WP Not Login Hide (WPNLH) | wp-not-login-hide-wpnlh |
WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation | wp-cafe |
Website Optimization – Plerdy | plerdy-heatmap |
Welcart e-Commerce | usc-e-shop |
Welcome Email Editor | welcome-email-editor |
WooCommerce | woocommerce |
WooCommerce Blocks | woo-gutenberg-products-block |
WooCommerce Bookings | woocommerce-bookings |
WooCommerce Product Carousel Slider | product-carousel-slider-for-woocommerce |
Woocommerce Shipping Canada Post | woocommerce-shipping-canada-post |
WordPress File Upload | wp-file-upload |
YOP Poll | yop-poll |
avalex – Automatisch sichere Rechtstexte | avalex |
eCommerce Product Catalog Plugin for WordPress | ecommerce-product-catalog |
wpMandrill | wpmandrill |
Software Name | Software Slug |
---|---|
Betheme | betheme |
Thrive Themes Builder | [thrive-theme](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/Thrive Themes Builder>) |
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you'd like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
Affected Software: Shortcodes and extra features for Phlox theme CVE ID: CVE-2023-37888 CVSS Score: 9.8 (Critical) Researcher/s: Rafie Muhammad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/09437329-f01a-4998-90ec-e4b2e271e896>
Affected Software: WP Fastest Cache CVE ID: CVE-2023-6063 CVSS Score: 9.8 (Critical) Researcher/s: Alex Sanford Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/876efd71-8867-44b8-8017-86fad2a1b89f>
Affected Software: Phlox Shop CVE ID: CVE-2023-39163 CVSS Score: 9.8 (Critical) Researcher/s: Rafie Muhammad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e11e4bab-f8a9-4ecb-b36e-09a55e47f1ae>
Affected Software: Premium Portfolio Features for Phlox theme CVE ID: CVE-2023-38399 CVSS Score: 9.8 (Critical) Researcher/s: Rafie Muhammad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f6f3f82e-6b1b-4138-b8f3-82e8dcd24479>
Affected Software: Frontend File Manager Plugin CVE ID: CVE-2023-5105 CVSS Score: 9.1 (Critical) Researcher/s: Dmitrii Ignatyev Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b59b5c41-6173-485e-869d-4165dc18e2bd>
Affected Software: Audio Merchant CVE ID: CVE-2023-6196 CVSS Score: 8.8 (High) Researcher/s: Ala Arfaoui Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/06513dfe-f263-48b7-ba01-2c205247095b>
Affected Software: Thrive Themes Builder CVE ID: CVE-2023-47781 CVSS Score: 8.8 (High) Researcher/s: Rafie Muhammad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/353c3cd9-5ada-466b-b8e5-d40e0ec4e867>
Affected Software: Thrive Themes Builder CVE ID: CVE-2023-47782 CVSS Score: 8.8 (High) Researcher/s: Rafie Muhammad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3b345dfe-3945-405a-9825-c88816b2adee>
Affected Software: WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses CVE ID: CVE Unknown CVSS Score: 8.8 (High) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8a6f7952-cb64-4cff-aae7-0f03692cd95f>
Affected Software: Welcart e-Commerce CVE ID: CVE Unknown CVSS Score: 8.8 (High) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f59004bb-b026-4137-a332-f46a09237e7b>
Affected Software: Welcart e-Commerce CVE ID: CVE Unknown CVSS Score: 8.8 (High) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f690e67c-119f-4ea6-9505-101e7f7a3dea>
Affected Software: Essential Grid Portfolio – Photo Gallery CVE ID: CVE-2023-47771 CVSS Score: 8.3 (High) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/326618eb-186b-44a2-a779-00d5366bfff2>
Affected Software: Thrive Themes Builder CVE ID: CVE-2023-47783 CVSS Score: 8.3 (High) Researcher/s: Rafie Muhammad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4fd6fa4f-8f4d-4d2f-ac67-98124cfa9592>
Affected Software: AppPresser – Mobile App Framework CVE ID: CVE-2023-4214 CVSS Score: 8.1 (High) Researcher/s: István Márton Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4c44c36a-c4c7-49c2-b750-1589e7840dde>
Affected Software: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions CVE ID: CVE-2023-6187 CVSS Score: 7.5 (High) Researcher/s: István Márton Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5979f2eb-2ca8-4b06-814c-c4236bb81af0>
Affected Software: Image Compressor & Optimizer – iLoveIMG CVE ID: CVE Unknown CVSS Score: 7.2 (High) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/501e9cd1-1187-4d01-a3cc-5edba64c391f>
Affected Software: Welcart e-Commerce CVE ID: CVE Unknown CVSS Score: 7.2 (High) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/91f86c22-94db-4c43-985a-2f3dd96ece21>
Affected Software: Slider Revolution CVE ID: CVE-2023-47784 CVSS Score: 7.2 (High) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e2d29afd-06e8-461a-918f-38228441a51a>
Affected Software: Bus Ticket Booking with Seat Reservation – WpBusTicketly | WordPress plugin CVE ID: CVE-2023-30496 CVSS Score: 7.2 (High) Researcher/s: Ivy (TOOR, Lisa) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e9960282-4730-4ee8-b338-adcc57f01cc6>
Affected Software: Forminator – Contact Form, Payment Form & Custom Form Builder CVE ID: CVE-2023-6133 CVSS Score: 6.6 (Medium) Researcher/s: István Márton Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/13cfa202-ab90-46c0-ab53-00995bfdcaa3>
Affected Software: Email Encoder – Protect Email Addresses and Phone Numbers CVE ID: CVE-2023-47821 CVSS Score: 6.4 (Medium) Researcher/s: Ngô Thiên An (ancorn_) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/09f328f6-8a66-46bf-80d9-3ffeaecfec32>
Affected Software: Better RSS Widget CVE ID: CVE-2023-47813 CVSS Score: 6.4 (Medium) Researcher/s: Ngô Thiên An (ancorn_) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/12660e7a-51fc-42c5-8a09-49df1db51efb>
Affected Software: eCommerce Product Catalog Plugin for WordPress CVE ID: CVE Unknown CVSS Score: 6.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/39695b53-9af7-42f0-8bde-3969398a7186>
Affected Software: LayerSlider CVE ID: CVE-2023-47786 CVSS Score: 6.4 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/441bc9fe-3dd6-40a6-b7f3-36511115c083>
Affected Software/s: WooCommerce, WooCommerce Blocks CVE ID: CVE-2023-47777 CVSS Score: 6.4 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/525dec5b-b457-483c-ab2d-09dd320edcaa>
Affected Software: Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress CVE ID: CVE-2023-47834 CVSS Score: 6.4 (Medium) Researcher/s: emad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5c482b6e-ce1e-46e2-8847-10c485594448>
Affected Software: Ajax Domain Checker CVE ID: CVE-2023-47810 CVSS Score: 6.4 (Medium) Researcher/s: Ngô Thiên An (ancorn_) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/699459a1-d407-4561-9d08-dd5d918ea601>
Affected Software: Add Widgets to Page CVE ID: CVE-2023-47808 CVSS Score: 6.4 (Medium) Researcher/s: Ngô Thiên An (ancorn_) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6af20a2c-065c-48d5-a95c-2883ceeb50c6>
Affected Software: Slider Revolution CVE ID: CVE-2023-47772 CVSS Score: 6.4 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/772e843b-00ea-45f5-b730-c9a793d4c2db>
Affected Software: Jetpack – WP Security, Backup, Speed, & Growth CVE ID: CVE-2023-45050 CVSS Score: 6.4 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/824360ab-c797-465a-8480-baeae941af29>
Affected Software: BMI Calculator Plugin CVE ID: CVE-2023-47814 CVSS Score: 6.4 (Medium) Researcher/s: Ngô Thiên An (ancorn_) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8bf0e224-d8c7-4bf9-b9a3-97545da9d90c>
Affected Software: Bamboo Columns CVE ID: CVE-2023-47812 CVSS Score: 6.4 (Medium) Researcher/s: Ngô Thiên An (ancorn_) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8e7b40e4-c80a-4317-acff-77696fd8098f>
Affected Software: Anywhere Flash Embed CVE ID: CVE-2023-47811 CVSS Score: 6.4 (Medium) Researcher/s: Ngô Thiên An (ancorn_) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a95d7ff6-55ce-4d63-8433-60cece306628>
Affected Software: DrawIt (draw.io) CVE ID: CVE-2023-47831 CVSS Score: 6.4 (Medium) Researcher/s: resecured.io Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ddde9db5-3ed7-42f7-97c1-4ff9b9d1f627>
Affected Software: WooCommerce Product Carousel Slider CVE ID: CVE-2023-47755 CVSS Score: 6.4 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e6f6dab2-da03-43b6-b9c1-ebc6a7e1d1c9>
Affected Software: BP Profile Shortcodes Extra CVE ID: CVE-2023-47815 CVSS Score: 6.4 (Medium) Researcher/s: Ngô Thiên An (ancorn_) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ea9eaca6-3441-4976-8556-0ce288d1a0c6>
Affected Software: ARI Stream Quiz – WordPress Quizzes Builder CVE ID: CVE-2023-47835 CVSS Score: 6.4 (Medium) Researcher/s: emad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/edb4f4b7-a59c-454b-82b5-d8e91c1c82a3>
Affected Software: Daily Prayer Time CVE ID: CVE-2023-47817 CVSS Score: 6.4 (Medium) Researcher/s: Ngô Thiên An (ancorn_) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f0ccd265-2e64-4b23-a032-aaeb9941df34>
Affected Software: Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic CVE ID: CVE-2023-4889 CVSS Score: 6.4 (Medium) Researcher/s: István Márton Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ff6932c6-f3ec-46a8-a03b-95512eee5bf1>
Affected Software: AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth CVE ID: CVE-2023-47757 CVSS Score: 6.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/397f20d8-2400-4403-8543-f57141378012>
Affected Software: Betheme CVE ID: CVE-2023-47770 CVSS Score: 6.3 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/72bdc81e-1a9d-4dd8-93a5-fb1026d6a2d9>
Affected Software: Interactive World Map CVE ID: CVE-2023-47767 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/09b0bfd3-93a7-4f13-828d-772f54085a60>
Affected Software: BSK Contact Form 7 Blacklist CVE ID: CVE-2023-5141 CVSS Score: 6.1 (Medium) Researcher/s: Enrico Marcolini, Claudio Marchesini (Dottormarc) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0e27b0a8-e052-49ed-8744-a2376aa386f5>
Affected Software: Star CloudPRNT for WooCommerce CVE ID: CVE-2023-4603 CVSS Score: 6.1 (Medium) Researcher/s: Vincenzo Turturro, Gianluca Parisi, Vincenzo Cantatore Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/110c6d41-e814-41c9-a3e7-d94ec3d953e6>
Affected Software: AMP+ Plus CVE ID: CVE-2023-5210 CVSS Score: 6.1 (Medium) Researcher/s: Nicolas Surribas Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/417ff4fd-e514-4366-b9a6-c04d7434eac1>
Affected Software: EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor CVE ID: CVE Unknown CVSS Score: 6.1 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/41edf49a-18a2-4cf0-b498-738e77287b90>
Affected Software: Footer Putter CVE ID: CVE Unknown CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/688353c9-e4e5-4717-9651-15d05248554f>
Affected Software: Post Status Notifier Lite CVE ID: CVE-2023-47766 CVSS Score: 6.1 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6af1224e-0ed3-4770-96c0-c15cc895d36d>
Affected Software: Permalinks Customizer CVE ID: CVE-2023-47773 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/702dca65-fa8c-48c7-89e4-cba4b151e2c4>
Affected Software: Namaste! LMS CVE ID: CVE-2023-4602 CVSS Score: 6.1 (Medium) Researcher/s: Vincenzo Turturro, Gianluca Parisi, Vincenzo Cantatore Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d014f512-9030-49ce-945d-4900594fb373>
Affected Software: Accordion CVE ID: CVE-2023-47809 CVSS Score: 5.5 (Medium) Researcher/s: Ngô Thiên An (ancorn_) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ff656409-2344-4190-a731-5a282e21375c>
Affected Software: Embed Privacy CVE ID: CVE-2023-48300 CVSS Score: 5.4 (Medium) Researcher/s: wpdabh Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/26d9dfc7-151c-4b32-9ae4-3085d08f137c>
Affected Software: Elementor Addon Elements CVE ID: CVE-2023-4689 CVSS Score: 5.4 (Medium) Researcher/s: Marco Wotschka, Paolo Tresso Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/472cdbc4-3bfa-4254-b35a-be7ae10782e6>
Affected Software: MP3 Audio Player for Music, Radio & Podcast by Sonaar CVE ID: CVE-2023-47822 CVSS Score: 5.4 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6bcb9d95-acb4-4405-b785-1e5eace10dc9>
Affected Software: Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator CVE ID: CVE-2023-47824 CVSS Score: 5.4 (Medium) Researcher/s: Brandon James Roldan (tomorrowisnew) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6fb9c8c3-e491-4bca-adeb-b87d9f8f3b32>
Affected Software: Pz-LinkCard CVE ID: CVE-2023-47790 CVSS Score: 5.4 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b6de97ac-127d-47ec-8b74-03e7fa4932f6>
Affected Software: eCommerce Product Catalog Plugin for WordPress CVE ID: CVE Unknown CVSS Score: 5.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ba70f811-543f-4da4-ba45-715dbd6be6be>
Affected Software: Audio Merchant CVE ID: CVE-2023-6197 CVSS Score: 5.4 (Medium) Researcher/s: Ala Arfaoui Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d7911337-57fa-4268-8366-d37ff13fae86>
Affected Software: Delete Duplicate Posts CVE ID: CVE-2023-47754 CVSS Score: 5.4 (Medium) Researcher/s: Huynh Tien Si Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f603a25f-7d56-4cf4-89aa-de87ee49522a>
Affected Software: Elementor Addon Elements CVE ID: CVE-2023-4690 CVSS Score: 5.4 (Medium) Researcher/s: Marco Wotschka, Paolo Tresso Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fd53b4e1-c6b7-4111-911a-04b14c7a9c4e>
Affected Software: Restaurant & Cafe Addon for Elementor CVE ID: CVE Unknown CVSS Score: 5.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/07712191-03b6-4de4-b0a4-e6f03ce9dc81>
Affected Software: Ditty – Responsive News Tickers, Sliders, and Lists CVE ID: CVE-2023-47764 CVSS Score: 5.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/08630dfd-df43-4a5a-8fc7-ba8ff753db3d>
Affected Software: FormCraft – Contact Form Builder for WordPress CVE ID: CVE-2023-47823 CVSS Score: 5.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/25d5735a-8eed-4b4a-9bbe-9e42fb18ddf2>
Affected Software: SearchIQ – The Search Solution CVE ID: CVE-2023-47832 CVSS Score: 5.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3001829b-f63b-4b99-91a0-53d615ac96c1>
Affected Software: YOP Poll CVE ID: CVE-2023-6109 CVSS Score: 5.3 (Medium) Researcher/s: RIN MIYACHI Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/360b1927-a863-46be-ad11-3f6251c75a3c>
Affected Software: WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation CVE ID: CVE-2023-47805 CVSS Score: 5.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4261bc62-a091-408b-8643-e6fa61d62103>
Affected Software: LWS Hide Login CVE ID: CVE-2023-47818 CVSS Score: 5.3 (Medium) Researcher/s: Naveen Muthusamy Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/532cffdb-16e8-4ced-9477-483c96db343c>
Affected Software: avalex – Automatisch sichere Rechtstexte CVE ID: CVE Unknown CVSS Score: 5.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7319293e-f921-46d1-aea6-2578d1a251a7>
Affected Software: WP Maintenance CVE ID: CVE-2023-47769 CVSS Score: 5.3 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/87a1cc00-330c-40c3-a174-8ea50075c4bd>
Affected Software: Elementor Addon Elements CVE ID: CVE-2023-4723 CVSS Score: 5.3 (Medium) Researcher/s: Marco Wotschka, Paolo Tresso Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/89489218-263f-4157-a5cd-a12bc6a0dfe6>
Affected Software: Welcome Email Editor CVE ID: CVE-2023-47756 CVSS Score: 5.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/943cd10b-1b58-4803-ba6f-291f73353422>
Affected Software: Events Addon for Elementor CVE ID: CVE Unknown CVSS Score: 5.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b7f52e71-da35-4b46-b658-d293f81b5dc9>
Affected Software: Acme Fix Images CVE ID: CVE-2023-47793 CVSS Score: 5.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b9047775-2d72-4eb5-9339-419f95aa19b2>
Affected Software: EWWW Image Optimizer CVE ID: CVE-2023-40600 CVSS Score: 5.3 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d20ff1a8-8794-41e1-9e66-1cda90f9ff77>
Affected Software: WP Meta and Date Remover CVE ID: CVE-2023-47836 CVSS Score: 5.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/faa9ad87-44b2-47b3-a05c-52e59af7255a>
Affected Software: Jetpack – WP Security, Backup, Speed, & Growth CVE ID: CVE-2023-47774 CVSS Score: 5 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/92a3e622-b3b2-450e-82a7-0a942711e8c0>
Affected Software: Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms CVE ID: CVE-2023-47779 CVSS Score: 4.7 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5c8404d2-7b37-40df-b756-328f827f273d>
Affected Software: Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty CVE ID: CVE-2023-47759 CVSS Score: 4.4 (Medium) Researcher/s: emad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/361deac0-f675-432c-b7d2-b99f168d476d>
Affected Software: Popup Box – Best WordPress Popup Plugin CVE ID: CVE Unknown CVSS Score: 4.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5a40bac7-d3b8-486d-938a-30591ff3016c>
Affected Software: Simply Excerpts CVE ID: CVE-2023-5137 CVSS Score: 4.4 (Medium) Researcher/s: niclo Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5e6a7f09-2166-426e-a548-daafb23363a6>
Affected Software: Quick Call Button CVE ID: CVE-2023-47829 CVSS Score: 4.4 (Medium) Researcher/s: Muhammad Daffa Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6b5e9c7f-e0c9-4c27-8b39-87e15fd29604>
Affected Software: Ultimate Dashboard – Custom WordPress Dashboard CVE ID: CVE-2023-4726 CVSS Score: 4.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/79cce1fc-a27f-4842-b1a2-2c53857add4c>
Affected Software: WP Not Login Hide (WPNLH) CVE ID: CVE-2023-5940 CVSS Score: 4.4 (Medium) Researcher/s: Furkan ÖZER Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9fc46de4-af1c-4e38-9caa-55b7b18a69ae>
Affected Software: Theater for WordPress CVE ID: CVE-2023-47833 CVSS Score: 4.4 (Medium) Researcher/s: DoYeon Park (p6rkdoye0n) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b0fdad22-5aee-468f-885c-f65c068cf413>
Affected Software: Premmerce Redirect Manager CVE ID: CVE Unknown CVSS Score: 4.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b3d4f658-e9ce-490b-bcaa-1061a463dbb2>
Affected Software: Elementor Addon Elements CVE ID: CVE-2023-5381 CVSS Score: 4.4 (Medium) Researcher/s: Paolo Tresso Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bd2bc2e7-960e-40db-9dcc-a6a60117bd83>
Affected Software: Website Optimization – Plerdy CVE ID: CVE-2023-5715 CVSS Score: 4.4 (Medium) Researcher/s: Huynh Tien Si Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/db18ac07-2e7a-466d-b00c-a598401f8633>
Affected Software: URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress CVE ID: CVE-2023-5605 CVSS Score: 4.4 (Medium) Researcher/s: Bartłomiej Marek, Tomasz Swiadek Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ddc4b758-5a1e-4d0a-949e-869fcd9df0bc>
Affected Software: Comments – wpDiscuz CVE ID: CVE Unknown CVSS Score: 4.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f68bc7e9-3bfe-4b2f-82a1-92bbde1a133a>
Affected Software: Community by PeepSo – Social Network, Membership, Registration, User Profiles CVE ID: CVE-2023-39925 CVSS Score: 4.3 (Medium) Researcher/s: Revan Arifio Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0aea5564-b1b9-4d57-9f7e-81dd791c8d48>
Affected Software: WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1127fe1e-4359-4dff-93a7-392a8bfded51>
Affected Software: Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2330b18e-0907-47e1-b91f-1fe466bcf76b>
Affected Software: BetterDocs – Best Documentation & Knowledge Base Plugin CVE ID: CVE-2023-47762 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2a7d6059-4cef-4bd1-a14d-ad544bfaeea3>
Affected Software: Conditional Fields for Contact Form 7 CVE ID: CVE-2023-47838 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3cfd8b2d-cf2a-439d-9f9a-dbe499b1cd48>
Affected Software: WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/487e23c9-9100-4240-8992-c4c85930c4a6>
Affected Software: LuckyWP Scripts Control CVE ID: CVE-2023-47778 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/51c42ca2-cdba-49f5-bea2-83c9b8cf0db7>
Affected Software: Events Addon for Elementor CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5256ef2b-e1fc-4746-b35e-07a265f47f95>
Affected Software: Comments – wpDiscuz CVE ID: CVE-2023-47775 CVSS Score: 4.3 (Medium) Researcher/s: Vladislav Pokrovsky (ΞX.MI) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/53af9dfd-eb2d-4f6f-b02f-daf790b95f1f>
Affected Software: Slider – Ultimate Responsive Image Slider CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5c92beb0-1fcf-4352-bd34-00e31b265c04>
Affected Software: 10WebAnalytics CVE ID: CVE-2023-47807 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5dd2a4cb-dd74-4b00-82f5-3bf1452e71a3>
Affected Software: Email Verification / SMS Verification / OTP Verification / OTP Authentication / WooCommerce Notification CVE ID: CVE-2023-47776 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/62ea1427-0990-4645-aa1a-42da6fd3944f>
Affected Software: WP EXtra CVE ID: CVE-2023-47825 CVSS Score: 4.3 (Medium) Researcher/s: Huynh Tien Si Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7e3f3104-e213-4b0f-9821-b3f1a5c06191>
Affected Software: Leadster CVE ID: CVE-2023-47791 CVSS Score: 4.3 (Medium) Researcher/s: BuShiYue Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/86837f87-ea91-404a-92ac-38d1abf14cde>
Affected Software: Live Preview for Contact Form 7 CVE ID: CVE-2023-47830 CVSS Score: 4.3 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/89dbf14f-1cc8-4a66-b3d3-3568cba9a0aa>
Affected Software: WP Custom Admin Interface CVE ID: CVE-2023-47763 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8b040f47-b126-4640-9fc5-bda8650f6c69>
Affected Software: EasyAzon – Amazon Associates Affiliate Plugin CVE ID: CVE-2023-47780 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/91ba93de-4c5f-4611-8296-adfc85c8dd2b>
Affected Software: LayerSlider CVE ID: CVE-2023-47785 CVSS Score: 4.3 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9225ebc6-bff9-4176-a86e-022ff8ec3b05>
Affected Software: Big File Uploads – Increase Maximum File Upload Size CVE ID: CVE-2023-47792 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/93b527a8-30c0-4e47-bb2b-522380b21699>
Affected Software: Easy Call Now by ThikShare CVE ID: CVE-2023-47819 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9bd8c4e5-ef53-47e8-8658-291509e9b987>
Affected Software: Restaurant & Cafe Addon for Elementor CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9d986739-d6a5-491d-948f-4c58af75369a>
Affected Software: Conditional Fields for Contact Form 7 CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a175d2b2-0a35-4c5a-b05b-4d334e444e85>
Affected Software: CodeBard's Patron Button and Widgets for Patreon CVE ID: CVE-2023-47765 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a4ea53bd-2ce7-4dce-8c57-51ba81838f1a>
Affected Software: WooCommerce Bookings CVE ID: CVE-2023-47787 CVSS Score: 4.3 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a54841af-65ce-4434-a67e-79ea673ec8f9>
Affected Software: Customer Reviews for WooCommerce CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b243722e-6510-48bd-be26-95ccbe79fa57>
Affected Software: WordPress File Upload CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b6048088-c11c-4741-8dde-da707f8f84f2>
Affected Software: ARI Stream Quiz – WordPress Quizzes Builder CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b6c5f933-b71b-4475-abdf-4cffff2a1a6c>
Affected Software: wpMandrill CVE ID: CVE-2023-47828 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b89cf8ef-9fa0-4ede-8ec9-c166d0db74fe>
Affected Software: Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates CVE ID: CVE-2023-47760 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c2136e1c-5f69-434d-bdc7-72a144da744b>
Affected Software: Hreflang Manager CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c357e34f-2d0f-4af4-bb67-cbbc6cd4e141>
Affected Software: Customer Reviews for WooCommerce CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c6e2710f-f51a-487d-a4bb-a19f614ff254>
Affected Software: Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/db0508dd-143f-4674-8193-d46967d2799f>
Affected Software: Simple 301 Redirects by BetterLinks CVE ID: CVE-2023-47761 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ddacd612-0cd5-4b07-9184-bec6f1adbb4c>
Affected Software: Jetpack – WP Security, Backup, Speed, & Growth CVE ID: CVE-2023-47788 CVSS Score: 4.3 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e62fa16f-a4a1-44a7-9a66-abafd8dddf67>
Affected Software: Woocommerce Shipping Canada Post CVE ID: CVE-2023-47789 CVSS Score: 4.3 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ff850f88-6e89-48dd-ad70-dda4018c22fc>
Affected Software: Restaurant & Cafe Addon for Elementor CVE ID: CVE-2023-47826 CVSS Score: 3.1 (Low) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ad003d57-a573-473e-80a9-5bf60d42a707>
Affected Software: WP Like Button CVE ID: CVE-2023-47820 CVSS Score: 3.1 (Low) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/da550fd7-3c1a-4b07-afc0-2366e0f5cccd>
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (November 13, 2023 to November 19, 2023) appeared first on Wordfence.