Lucene search

Chloe ChamberlandWORDFENCE:3C4F254DF618D7C77A9D3A4A92B53135

HistoryApr 04, 2024 - 5:35 p.m.

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 25, 2024 to March 31, 2024)

2024-04-0417:35:29

Chloe Chamberland

www.wordfence.com

bug bounty program

vulnerability database

vulnerability researchers

user interface

api

webhook integration

wordfence cli

mailing list

firewall rules

premium customers

9.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.4%

JSON

Did you know we're running a Bug Bounty Extravaganza again?

Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure!

Last week, there were 405 vulnerabilities disclosed in 320 WordPress Plugins and 7 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 81 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 15,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:

WAF-RULE-685 – Data redacted while we work with the vendor on a patch.
WAF-RULE-687 – Data redacted while we work with the vendor on a patch.

Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.

Total Unpatched & Patched Vulnerabilities Last Week

Patch Status	Number of Vulnerabilities
Patched	325
Unpatched	80

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating	Number of Vulnerabilities
Low Severity	1
Medium Severity	346
High Severity	33
Critical Severity	25

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE	Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	241
Missing Authorization	39
Cross-Site Request Forgery (CSRF)	35
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')	28
Information Exposure	9
Deserialization of Untrusted Data	7
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)	6
Unrestricted Upload of File with Dangerous Type	6
Authorization Bypass Through User-Controlled Key	5
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')	5
Server-Side Request Forgery (SSRF)	5
Use of Less Trusted Source	5
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')	3
Improper Input Validation	3
Guessable CAPTCHA	1
Improper Control of Generation of Code ('Code Injection')	1
Improper Neutralization of Special Elements used in a Command ('Command Injection')	1
Improper Privilege Management	1
Incomplete Blacklist to Cross-Site Scripting	1
Incorrect Privilege Assignment	1
URL Redirection to Untrusted Site ('Open Redirect')	1
Use of Insufficiently Random Values	1

Researchers That Contributed to WordPress Security Last Week

Researcher Name	Number of Vulnerabilities

LVT-tholv2k

| 50

Dimas Maulana

| 32

Rafie Muhammad

| 25

Ngô Thiên An (ancorn_)

| 24

| 16

| 15

| 14

| 14

| 12

| 12

| 11

| 10

| 9

| 9

| 8

| 7

| 7

| 6

| 6

| 6

| 5

| 5

| 5

| 5

| 4

| 4

| 4

| 4

| 3

| 3

| 3

| 3

| 3

| 3

Edwin Siebel (edwinsiebel)

| 3

Mochamad Sofyan

| 2

Joel Indra

| 2

resecured.io

| 2

Muhammad Zeeshan (Xib3rR4dAr)

| 2

Dave Jong

| 2

Kursat Cetin

| 2

Lucio Sá

| 2

Brandon James Roldan (tomorrowisnew)

| 2

| 2

| 2

| 2

| 2

| 2

Vincent Fourcade (vinceMatsui)

| 2

Sushmita Poudel

| 2

Elliot

| 1

Phuoc Pham (p3tl0v3r)

| 1

Yuchen Ji

| 1

Nguyen Xuan Chien

| 1

Felipe Restrepo Rodriguez (pfelilpe)

| 1

Esteban Segura Ripoll

| 1

Ray Wilson

| 1

cyc707

| 1

Tobias Weißhaar (kun_19)

| 1

| 1

| 1

| 1

| 1

| 1

| 1

| 1

| 1

| 1

Hoa Le Ngoc (lengochoa)

| 1

Sean Murphy

| 1

Priyanka Pande

| 1

Ivan Spiridonov (xbz0n)

| 1

| 1

| 1

| 1

| 1

| 1

| 1

| 1

Vladislav Pokrovsky (ΞX.MI)

| 1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.

WordPress Plugins with Reported Vulnerabilities Last Week

Software Name	Software Slug
10Web Map Builder for Google Maps	wd-google-maps
140+ Widgets	Best Addons For Elementor – FREE
A WordPress Testimonial Plugin to Showcase Testimonial Slider, Testimonial Grid and More: Solid Testimonials	gs-testimonial
Action Network	wp-action-network
Add Shortcodes Actions And Filters	add-actions-and-filters
AdsPlace'r – Ad Manager, Inserter, AdSense Ads	adsplacer
Advanced Search	advance-search
Advanced Sermons	advanced-sermons
Aesop Story Engine	aesop-story-engine
affiliate-toolkit – WordPress Affiliate Plugin	affiliate-toolkit-starter
AI Twitter Feeds (Twitter widget & shortcode)	ai-twitter-feeds
AI WP Writer – автонаполнение сайта ChatGPT 3.5, GPT 4 и изображениями лучших нейросетей	ai-wp-writer
All In One Redirection	all-in-one-redirection
Announcement & Notification Banner – Bulletin	bulletin-announcements
Aparat for WordPress	wp-aparat
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin	simply-schedule-appointments
Appointment Calendar	appointment-calendar
Author Box, Guest Author and Co-Authors for Your Posts – Molongui	molongui-authorship
Awesome Support – WordPress HelpDesk & Support Plugin	awesome-support
B Slider – Slider for your block editor	b-slider
BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net	woo-bulk-editor
Better Elementor Addons	better-elementor-addons
BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer for Elementor & Gutenberg	betterdocs
BizPrint – Print WooCommerce Order Receipts, Invoices, Labels & More.	print-google-cloud-print-gcp-woocommerce
Bold Page Builder	bold-page-builder
BoldGrid Easy SEO – Simple and Effective SEO	boldgrid-easy-seo
Booking Activities	booking-activities
Booking Package	booking-package
Booster for WooCommerce	woocommerce-jetpack
Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content	brave-popup-builder
Breeze – WordPress Cache Plugin	breeze
Broken Images	wp-broken-images
BuddyPress Moderation	youzify-moderation
Builderall Builder for WordPress	builderall-cheetah-for-wp
Bulk NoIndex & NoFollow Toolkit	bulk-noindex-nofollow-toolkit-by-mad-fish
Button	button
Calculated Fields Form	calculated-fields-form
Calendarista Basic Edition – WordPress appointment booking system	calendarista-basic-edition
Carousel Anything For WPBakery Page Builder – Touch Slider and Carousel	carousel-anything
CGC Maintenance Mode	cgc-maintenance-mode
Change default login logo,url and title	change-default-login-logo-url-and-title
Chauffeur Taxi Booking System for WordPress	chauffeur-booking-system
Check & Log Email	check-email
Christmas Greetings	christmas-greetings
Church Admin	church-admin
CM Download Manager – Document and File Management	cm-download-manager
CMP – Coming Soon & Maintenance Plugin by NiteoThemes	cmp-coming-soon-maintenance
Co-marquage service-public.fr	co-marquage-service-public
Collect.chat – Chatbot	collectchat
Comic Easel	comic-easel
Compact WP Audio Player	compact-wp-audio-player
Contact Form 7 Newsletter	contact-form-7-newsletter
Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce	enhanced-e-commerce-for-woocommerce-store
Convert Post Types	convert-post-types
Creative Image Slider – Responsive Slider Plugin	creative-image-slider
CRM Perks Forms – WordPress Form Builder	crm-perks-forms
Crypto Converter Widget	crypto-converter-widget
CubeWP – All-in-One Dynamic Content Framework	cubewp-framework
Custom Field Bulk Editor	custom-field-bulk-editor
Custom WooCommerce Checkout Fields Editor	add-fields-to-checkout-page-woocommerce
DD Rating	dd-rating
DELUCKS SEO	delucks-seo
Doneren met Mollie	doneren-met-mollie
Dracula Dark Mode – Enhanced Accessibility, Dark Mode & Reading Mode for WordPress	dracula-dark-mode
Dropdown multisite selector	dropdown-multisite-selector
DX-Watermark	dx-watermark
Easy Appointments	easy-appointments
Easy Form Builder	easy-form-builder
Easy Social Feed – Social Photos Gallery – Post Feed – Like Box	easy-facebook-likebox
Easy Social Share Buttons for WordPress	easy-social-share-buttons3
Easy Textillate	easy-textillate
Ecwid Ecommerce Shopping Cart	ecwid-shopping-cart
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)	bdthemes-element-pack-lite
Elementor Addon Elements	addon-elements-for-elementor-page-builder
Elementor Website Builder Pro	elementor-pro
Elementor Website Builder – More than Just a Page Builder	elementor
ElementsKit Elementor addons and Templates Library	elementskit-lite
Email Newsletter, Marketing, Email Automation and CRM Plugin for WordPress by FluentCRM	fluent-crm
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce	email-subscribers
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders	essential-addons-for-elementor-lite
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates	essential-blocks
Event Tickets and Registration	event-tickets
EventPrime – Events Calendar, Bookings and Tickets	eventprime-event-calendar-management
Events Manager – Calendar, Bookings, Tickets, and more!	events-manager
Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin	everest-backup
Exchange Rates Widget	exchange-rates-widget
Exclusive Addons for Elementor	exclusive-addons-for-elementor
Export and Import Users and Customers	users-customers-import-export-for-wp-woocommerce
Falang multilanguage for WordPress	falang
Fancy Comments WordPress	fancy-facebook-comments
Fancy Product Designer	fancy-product-designer
Favorites	favorites
FG PrestaShop to WooCommerce	fg-prestashop-to-woocommerce
Filter Custom Fields & Taxonomies Light	filter-custom-fields-taxonomies-light
Finale Lite – Sales Countdown Timer & Discount for WooCommerce	finale-woocommerce-sales-countdown-timer-discount
FlatPM – Ad Manager, AdSense and Custom Code	flatpm-wp
Forminator – Contact Form, Payment Form & Custom Form Builder	forminator
FOX – Currency Switcher Professional for WooCommerce	woocommerce-currency-switcher
Frontend Dashboard	frontend-dashboard
Fullscreen Galleria	fullscreen-galleria
FV Flowplayer Video Player	fv-wordpress-flowplayer
Gallery – Image and Video Gallery with Thumbnails	gallery-album
GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress	gamipress
Geo Controller	cf-geoplugin
GetResponse for WordPress	getresponse-integration
Gratisfaction- Loyalty, Rewards , Referral, Birthday and Giveaway Program	gratisfaction-all-in-one-loyalty-contests-referral-program-for-woocommerce
Grid Shortcodes	grid-shortcodes
Gutenberg Block Editor Toolkit – EditorsKit	block-options
Gutenberg Blocks with AI by Kadence WP – Page Builder Features	kadence-blocks
Hacklog Down As PDF	down-as-pdf
Hash Elements	hash-elements
Header Image Slider	header-image-slider
HeartThis	heart-this
Hot Random Image	hot-random-image
HT Mega – Absolute Addons For Elementor	ht-mega-for-elementor
Hubbub Lite – Fast, Reliable Social Sharing Buttons	social-pug
HUSKY – Products Filter Professional for WooCommerce	woocommerce-products-filter
iCalendrier	icalendrier
iFlyChat – WordPress Chat	iflychat
Image Hover Effects – Elementor Addon	image-hover-effects-addon-for-elementor
Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress Site	integrate-google-drive
Kanban Boards for WordPress	kanban
Klarna Payments for WooCommerce	klarna-payments-for-woocommerce
Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages	page-builder-add
Landingi Landing Pages	landingi-landing-pages
Layouts for Elementor	layouts-for-elementor
Lightbox slider – Responsive Lightbox Gallery	simple-lightbox-gallery
Limit Attempts by BestWebSoft – WordPress Anti-Bot and Security Plugin for Login and Forms	limit-attempts
Link Whisper Free	link-whisper
LionScripts: IP Blocker Lite	ip-address-blocker
List category posts	list-category-posts
Locatoraid Store Locator	locatoraid
Lordicon Animated Icons	lordicon-interactive-icons
LWS Optimize	lws-optimize
MailChimp Forms by MailMunch	mailchimp-forms-by-mailmunch
Mailster WordPress Newsletter Plugin Compatibility Tester	mailster
Mang Board WP	mangboard
Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor	master-addons
MasterStudy LMS WordPress Plugin – for Online Courses and Education	masterstudy-lms-learning-management-system
MDTF – Meta Data and Taxonomies Filter	wp-meta-data-filter-and-taxonomy-filter
Media Cloud for Bunny CDN, Amazon S3, Cloudflare R2, Google Cloud Storage, DigitalOcean and more	ilab-media-tools
Media Library Assistant	media-library-assistant
Media Library Folders	media-library-plus
Meta Box – WordPress Custom Fields Framework	meta-box
Meta Tag Manager	meta-tag-manager
Mighty Classic Pros And Cons	joomdev-wp-pros-cons
Move Addons for Elementor	move-addons
MP3 Audio Player for Music, Radio & Podcast by Sonaar	mp3-music-player-by-sonaar
Multiple Page Generator Plugin – MPG	multiple-pages-generator-by-porthas
MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution	dc-woocommerce-multi-vendor
MyBookTable Bookstore by Stormhill Media	mybooktable
Nelio Content – Best Editorial Calendar & Social Media Scheduling	nelio-content
New Order Notification for Woocommerce	new-order-notification-for-woocommerce
News Wall	news-wall
Newsletter – Send awesome emails from WordPress	newsletter
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress	ninja-forms
NPS computy	nps-computy
Off-Canvas Sidebars & Menus (Slidebars)	off-canvas-sidebars
OneClick Chat to Order	oneclick-whatsapp-order
OpenID	openid
OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer)	stepbyteservice-openstreetmap
OSS Aliyun	oss-aliyun
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE	otter-blocks
Page Builder: Pagelayer – Drag and Drop website builder	pagelayer
pageMash > Page Management	pagemash
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions	paid-memberships-pro
Paid Memberships Pro – Mailchimp Add On	pmpro-mailchimp
Paid Memberships Pro – Payfast Gateway Add On	pmpro-payfast
PDF Builder for WPForms	pdf-builder-for-wpforms
PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer – DearFlip	3d-flipbook-dflip-lite
PDF Viewer for Elementor	pdf-viewer-for-elementor
Photo Gallery by 10Web – Mobile-Friendly Image Gallery	photo-gallery
Photo Gallery by Ays – Responsive Image Gallery	gallery-photo-gallery
Photo Gallery by Supsystic	gallery-by-supsystic
Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress	contest-gallery
Piotnet Addons For Elementor	piotnet-addons-for-elementor
Platinum SEO	platinum-seo-pack
Pocket News Generator	pocket-news-generator
Podlove Podcast Publisher	podlove-podcasting-plugin-for-wordpress
Podlove Web Player	podlove-web-player
Pods – Custom Content Types and Fields	pods
Popup Builder – Create highly converting, mobile friendly marketing popups.	popup-builder
Popup Cart Lite for WooCommerce	woocommerce-woocart-popup-lite
Portfolio Gallery – Image Gallery Plugin	portfolio-filter-gallery
Post and Page Builder by BoldGrid – Visual Drag and Drop Editor	post-and-page-builder
Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)	buddyforms
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks	post-grid
Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget	post-grid-carousel-ultimate
Post-Plugin Library	post-plugin-library
PowerPack Addons for Elementor (Free Widgets, Extensions and Templates)	powerpack-lite-for-elementor
Premium Packages – Sell Digital Products Securely	wpdm-premium-packages
Prenotazioni	prenotazioni
Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin	pretty-link
Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)	bdthemes-prime-slider-lite
Print Page block – Print the entire page or Section.	print-page
Product Feed PRO for WooCommerce by AdTribes – WooCommerce Product Feeds for Google, Facebook/Meta, Bing, & More	woo-product-feed-pro
Product Import Export for WooCommerce	product-import-export-for-woo
ProfileGrid – User Profiles, Memberships, Groups and Communities	profilegrid-user-profiles-groups-and-communities
PropertyHive	propertyhive
Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress	radio-player
Real Media Library: Media Library Folder & File Manager	real-media-library-lite
ReDi Restaurant Reservation	redi-restaurant-reservation
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login	custom-registration-form-builder-with-submission-manager
Responsive flipbook wordpress plugin free download	wppdf
Responsive Tabs	responsive-tabs
ReviewX – Multi-criteria Rating & Reviews for WooCommerce	reviewx
RoyalSlider	new-royalslider
RT Easy Builder – Advanced addons for Elementor	rt-easy-builder-advanced-addons-for-elementor
Salon booking system	salon-booking-system
SellKit – Funnel builder and checkout optimizer for WooCommerce to sell more, faster	sellkit
SEO Backlink Monitor	seo-backlink-monitor
SEO Plugin by Squirrly SEO	squirrly-seo
SEO Title Tag	seo-title-tag
Seriously Simple Podcasting	seriously-simple-podcasting
Shipping with Venipak for WooCommerce	wc-venipak-shipping
Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension	shortcode-addons
Shortcodes and extra features for Phlox theme	auxin-elements
Simple Ajax Chat – Add a Fast, Secure Chat Box	simple-ajax-chat
Simple Buttons Creator	simple-buttons-creator
Simple Revisions Delete	simple-revisions-delete
Simply Static	simply-static
Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)	sina-extension-for-elementor
Sliced Invoices – WordPress Invoice Plugin	sliced-invoices
Slider by Supsystic	slider-by-supsystic
Slider Hero with Animation, Video Background	slider-hero
Slugs Manager: Delete Old Permalinks from WordPress Database	remove-old-slugspermalinks
Smart Forms – when you need more than just a contact form	smart-forms
Social Author Bio	social-autho-bio
Social Icons Widget & Block by WPZOOM	social-icons-widget-by-wpzoom
Social Media Share Buttons & Social Sharing Icons	ultimate-social-media-icons
Social Share, Social Login and Social Comments Plugin – Super Socializer	super-socializer
SP Project & Document Manager	sp-client-document-manager
Special Box for Content	special-box-for-content
SpiderFAQ	spider-faq
Spiffy Calendar	spiffy-calendar
Spin 360 deg and 3D Model Viewer	spin360
Sponsors	wp-sponsors
Stackable – Page Builder Gutenberg Blocks	stackable-ultimate-gutenberg-blocks
Sticky Anything	toast-stick-anything
Stratum – Elementor Widgets	stratum
StreamWeasels Twitch Integration	streamweasels-twitch-integration
Sunshine Photo Cart: Free Client Photo Galleries for Photographers	sunshine-photo-cart
Survey Maker – Best WordPress Survey Plugin	survey-maker
Sydney Toolbox	sydney-toolbox
Tainacan	tainacan
Tax Rate Upload	tax-rate-upload
Testimonial Slider	testimonial
The Plus Addons for Elementor	the-plus-addons-for-elementor-page-builder
The Plus Blocks for Block Editor	Gutenberg
Themify Event Post	themify-event-post
Themify Shortcodes	themify-shortcodes
Thumbs Rating	thumbs-rating
Top Bar	top-bar
Travelers' Map	travelers-map
Tumult Hype Animations	tumult-hype-animations
Tutor LMS Elementor Addons	tutor-lms-elementor-addons
Ultimate Addons for Beaver Builder – Lite	ultimate-addons-for-beaver-builder-lite
Ultimate Social Comments – Email Notification & Lazy Load	ultimate-facebook-comments
underConstruction	underconstruction
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)	unlimited-elements-for-elementor
User Rights Access Manager	user-rights-access-manager
VK All in One Expansion Unit	vk-all-in-one-expansion-unit
VS Contact Form	very-simple-contact-form
WC Builder – WooCommerce Page Builder for WPBakery	wc-builder
WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible	wc-frontend-manager
Web Icons	icon
Webinar and Video Conference with Jitsi Meet – Create Branded Webinars for WordPress, Meetings & Livestreaming	webinar-and-video-conference-with-jitsi-meet
Weekly Class Schedule	weekly-class-schedule
weForms – Easy Drag & Drop Contact Form Builder For WordPress	weforms
Whizzy	whizzy
Wholesale For WooCommerce	woocommerce-wholesale-pricing
WholesaleX – WooCommerce Wholesale Plugin (Wholesale Prices, Dynamic Pricing, Tiered Pricing)	wholesalex
WishSuite – Wishlist for WooCommerce	wishsuite
Woo Viet – WooCommerce for Vietnam	woo-viet
WooCommerce	post-new
WooCommerce Bookings Calendar	woo-bookings-calendar
WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce	cartflows
WooCommerce Customers Manager	woocommerce-customers-manager
WooCommerce Multilingual & Multicurrency with WPML	woocommerce-multilingual
WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels	print-invoices-packing-slip-labels-for-woocommerce
Woocommerce Social Media Share Buttons	woocommerce-social-media-share-buttons
WordPress Contact Forms by Cimatti	contact-forms
WordPress CRM Plugin – WP-CRM System	wp-crm-system
WordPress File Upload	wp-file-upload
WordPress Infinite Scroll – Ajax Load More	ajax-load-more
WordPress Page Builder – Zion Builder	zionbuilder
WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout	gs-pinterest-portfolio
WordPress Tooltips	wordpress-tooltips
WP Change Email Sender	wp-change-email-sender
WP Chat App	wp-whatsapp
WP Cost Estimation & Payment Forms Builder	wp-estimation-form
WP Customer Reviews	wp-customer-reviews
WP Directory Kit	wpdirectorykit
WP ERP	Complete HR solution with recruitment & job listings
WP Express Checkout (Accept PayPal Payments Easily)	wp-express-checkout
WP Fast Total Search – The Power of Indexed Search	fulltext-search
WP Go Maps (formerly WP Google Maps)	wp-google-maps
WP Hotel Booking	wp-hotel-booking
WP Poll Maker – Best WordPress Poll Plugin for Voting Contest	epoll-wp-voting
WP Post Disclaimer	wp-post-disclaimer
WP Reset – Most Advanced WordPress Reset Tool	wp-reset
WP Responsive Tabs horizontal vertical and accordion Tabs	responsive-horizontal-vertical-and-accordion-tabs
WP Smart Import : Import any XML File to WordPress	wp-smart-import
WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc	wp-sms
WP STAGING Pro WordPress Backup Plugin	wp-staging-pro
WP STAGING WordPress Backup Plugin – Migration Backup Restore	wp-staging
WP Travel Engine – Best Travel Booking WordPress Plugin	wp-travel-engine
WP Twitter Mega Fan Box Widget	wp-twitter-mega-fan-box
WP User Profile Avatar	wp-user-profile-avatar
WP-Eggdrop	wp-eggdrop
wp-forecast	wp-forecast
WP-Lister Lite for Amazon	wp-lister-for-amazon
WPBakery Page Builder Addons by Livemesh	addons-for-visual-composer
WPC Badge Management for WooCommerce	wpc-badge-management
WPCS – WordPress Currency Switcher Professional	currency-switcher
WPFront Notification Bar	wpfront-notification-bar
YITH WooCommerce Account Funds Premium	yith-woocommerce-account-funds-premium
Yoo Slider – Image Slider & Video Slider	yoo-slider
Zoho Campaigns	zoho-campaigns
Zotpress	zotpress

WordPress Themes with Reported Vulnerabilities Last Week

Software Name	Software Slug
Astra	astra
Jobeleon WPJobBoard	jobeleon-wpjobboard
Networker - Tech News WordPress Theme with Dark Mode	networker
Newsmatic	newsmatic
Nictitate	nictitate
OceanWP	oceanwp
Responsive	responsive

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you'd like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

Chauffeur Taxi Booking System for WordPress <= 6.9 - Unauthenticated Arbitrary File Upload

10.0

CVSS Rating
Critical (10.0)

CVE-ID
CVE-2024-31115

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
Chauffeur Taxi Booking System for WordPress

Researcher