Did you know we're running a Bug Bounty Extravaganza again?
Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure!
Last week, there were 122 vulnerabilities disclosed in 110 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 52 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 12,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
_Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published. _
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Patch Status | Number of Vulnerabilities |
---|---|
Unpatched | 32 |
Patched | 90 |
Severity Rating | Number of Vulnerabilities |
---|---|
Low Severity | 1 |
Medium Severity | 104 |
High Severity | 12 |
Critical Severity | 5 |
Vulnerability Type by CWE | Number of Vulnerabilities |
---|---|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 34 |
Missing Authorization | 29 |
Cross-Site Request Forgery (CSRF) | 24 |
Information Exposure | 9 |
Deserialization of Untrusted Data | 5 |
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | 4 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 3 |
Improper Authorization | 3 |
Improper Access Control | 3 |
Unrestricted Upload of File with Dangerous Type | 2 |
Authentication Bypass by Spoofing | 1 |
Improper Input Validation | 1 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 1 |
Server-Side Request Forgery (SSRF) | 1 |
URL Redirection to Untrusted Site ('Open Redirect') | 1 |
Client-Side Enforcement of Server-Side Security | 1 |
Researcher Name | Number of Vulnerabilities |
---|---|
Francesco Carlucci | 12 |
Yudistira Arya | 8 |
NgΓ΄ ThiΓͺn An (ancorn_) | 7 |
Nguyen Xuan Chien | 7 |
Abdi Pranata | 6 |
Dmitrii Ignatyev | 5 |
Mika | 5 |
Lucio SΓ‘ | 4 |
Abu Hurayra (HurayraIIT) | 4 |
emad | 3 |
Webbernaut | 3 |
Karl Emil Nikka | 3 |
Dhabaleshwar Das | 3 |
Huynh Tien Si | 2 |
resecured.io | 2 |
Krzysztof ZajΔ c | 2 |
Dave Jong | 2 |
Muhammad Daffa | 2 |
Akbar Kustirama | 2 |
Revan Arifio | 1 |
Joshua Martinelle | 1 |
Dimas Maulana | 1 |
IstvΓ‘n MΓ‘rton | |
(Wordfence Vulnerability Researcher) | 1 |
Yuhang Liu | 1 |
Sean Murphy | 1 |
Le Ngoc Anh | 1 |
Skalucy | 1 |
Bob Matyas | 1 |
Steven Julian | 1 |
wpdabh | 1 |
Vulzap | 1 |
stealthcopter | 1 |
Nathaniel Oh (0x4n3) | 1 |
Jeongwoo-Lee(Roronoa) | 1 |
0x9567b | 1 |
Elliot | 1 |
Friday | 1 |
isacaya | 1 |
LVT-tholv2k | 1 |
thiennv | 1 |
Joshua Chan | 1 |
Faizal Abroni | 1 |
Marc-Alexandre Montpas | 1 |
Savphill | 1 |
Sh | 1 |
Richard Telleng (stueotue) | 1 |
Debangshu Kundu | 1 |
Arpeet Rathi | 1 |
kauenavarro | 1 |
Daniel Ruf | 1 |
Rob Stevens | 1 |
Rafie Muhammad | 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
Software Name | Software Slug |
---|---|
A no-code page builder for beautiful performance-based content | setka-editor |
ACF Photo Gallery Field | navz-photo-gallery |
ARMember β Membership Plugin, Content Restriction, Member Levels, User Profile & User signup | armember-membership |
Accessibility | accessibility |
Active Products Tables for WooCommerce. Professional products tables for WooCommerce store | profit-products-tables-for-woocommerce |
Add Customer for WooCommerce | add-customer-for-woocommerce |
Advanced iFrame | advanced-iframe |
Affiliates Manager | affiliates-manager |
Anonymous Restricted Content | anonymous-restricted-content |
Auto Listings β Car Listings & Car Dealership Plugin for WordPress | auto-listings |
BEAR β Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net | woo-bulk-editor |
Beds24 Online Booking | beds24-online-booking |
Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo | biteship |
BizPrint β Print WooCommerce Order Receipts, Invoices, Labels & More. | print-google-cloud-print-gcp-woocommerce |
Booking Calendar | Appointment Booking |
CC BMI Calculator | cc-bmi-calculator |
CP Media Player β Audio Player and Video Player | audio-and-video-player |
Calculated Fields Form | calculated-fields-form |
CalculatorPro Calculators | calculatorpro-calculators |
Chartify β WordPress Chart Plugin | chart-builder |
Cincopa video and media plug-in | video-playlist-and-gallery-plugin |
Click To Tweet | click-to-tweet |
Cookie Information | Free GDPR Consent Solution |
Custom Order Numbers for WooCommerce | custom-order-numbers-for-woocommerce |
Custom Order Status for WooCommerce | custom-order-statuses-woocommerce |
Database for Contact Form 7, WPforms, Elementor forms | contact-form-entries |
Debug | debug |
Don't Muck My Markup | dont-muck-my-markup |
ERE Recently Viewed β Essential Real Estate Add-On | ere-recently-viewed |
Easy Digital Downloads β Sell Digital Files (eCommerce Store & Payments Made Easy) | easy-digital-downloads |
Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) | bdthemes-element-pack-lite |
Email Before Download | email-before-download |
Essential Addons for Elementor β Best Elementor Templates, Widgets, Kits & WooCommerce Builders | essential-addons-for-elementor-lite |
Event Manager and Tickets Selling Plugin for WooCommerce β WpEvently β WordPress Plugin | mage-eventpress |
EventON Pro | eventon |
EventPrime β Events Calendar, Bookings and Tickets | eventprime-event-calendar-management |
FG Drupal to WordPress | fg-drupal-to-wp |
FG Joomla to WordPress | fg-joomla-to-wordpress |
FG PrestaShop to WooCommerce | fg-prestashop-to-woocommerce |
Fatal Error Notify | fatal-error-notify |
Feed Them Social β Page, Post, Video, and Photo Galleries | feed-them-social |
Five Star Restaurant Reviews | good-reviews-wp |
Form builder to get in touch with visitors, grow your email list and collect payments β Happyforms | happyforms |
GDPR Data Request Form | gdpr-data-request-form |
Happy Addons for Elementor | happy-elementor-addons |
Heateor Social Login WordPress | heateor-social-login |
Html5 Video Player | UNKNOWN-CVE-2023-6485-1 |
Icons Font Loader | icons-font-loader |
Instant Images β One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels | instant-images |
JTRT Responsive Tables | jtrt-responsive-tables |
JetBackup β WP Backup, Migrate & Restore | backup |
Kikote β Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerce | map-location-picker-at-checkout-for-woocommerce |
Knowledge Base for Documentation, FAQs with AI Assistance | echo-knowledge-base |
LearnDash LMS | sfwd-lms |
Load More Anything | ajax-load-more-anything |
MW WP Form | mw-wp-form |
MapPress Maps for WordPress | mappress-google-maps-for-wordpress |
Mighty Addons for Elementor | mighty-addons |
MultiVendorX Marketplace β WooCommerce MultiVendor Marketplace Solution | dc-woocommerce-multi-vendor |
NEX-Forms β Ultimate Form Builder β Contact forms and much more | nex-forms-express-wp-form-builder |
Ninja Forms Contact Form β The Drag and Drop Form Builder for WordPress | ninja-forms |
OWL Carousel β WordPress Owl Carousel Slider | lgx-owl-carousel |
Orbit Fox by ThemeIsle | themeisle-companion |
Order Delivery Date for WP e-Commerce | order-delivery-date |
PDF Flipbook, 3D Flipbook β DearFlip | 3d-flipbook-dflip-lite |
PT Sign Ups β Beautiful volunteer sign ups and management made easy | ptoffice-sign-ups |
Page Builder: Pagelayer β Drag and Drop website builder | pagelayer |
Page Restrict | pagerestrict |
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content β ProfilePress | wp-user-avatar |
Persian Fonts | persian-fonts |
PilotPress | pilotpress |
Popup More Popups, Lightboxes, and more popup modules | popup-more |
PopupAlly | popupally |
Post Thumbnail Editor | post-thumbnail-editor |
PowerPack Pro for Elementor | powerpack-elements |
Premium Addons for Elementor | premium-addons-for-elementor |
ProductX β WooCommerce Builder & Gutenberg WooCommerce Blocks | product-blocks |
Professional Social Sharing Buttons, Icons & Related Posts β Shareaholic | shareaholic |
PropertyHive | propertyhive |
Quicksand Post Filter jQuery Plugin | quicksand-jquery-post-filter |
RSS Aggregator by Feedzy β Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator | feedzy-rss-feeds |
Relevanssi β A Better Search (Pro) | relevanssi-premium |
Restrict Usernames Emails Characters | restrict-usernames-emails-characters |
SEO Plugin by Squirrly SEO | squirrly-seo |
SP Project & Document Manager | sp-client-document-manager |
Scheduling Plugin β Online Booking for WordPress | calendar-booking |
Scroll Triggered Box | dreamgrow-scroll-triggered-box |
SiteOrigin Widgets Bundle | so-widgets-bundle |
SlimStat Analytics | wp-slimstat |
Starbox β the Author Box for Humans | starbox |
Structured Content (JSON-LD) #wpsc | structured-content |
TablePress β Tables in WordPress made easy | tablepress |
The Plus Addons for Elementor | the-plus-addons-for-elementor-page-builder |
Total Upkeep β WordPress Backup Plugin plus Restore & Migrate by BoldGrid | boldgrid-backup |
Ultra Companion β Companion plugin for WPoperation Themes | ultra-companion |
User Activity Tracking and Log | user-activity-tracking-and-log |
UserPro - Community and User Profile WordPress Plugin | userpro |
W3SPEEDSTER | w3speedster-wp |
WOLF β WordPress Posts Bulk Editor and Manager Professional | bulk-editor |
WP Dummy Content Generator | wp-dummy-content-generator |
WP Hotel Booking | wp-hotel-booking |
WP STAGING WordPress Backup Plugin β Migration Backup Restore | wp-staging |
WP Visitor Statistics (Real Time Traffic) | wp-stats-manager |
WP-CFM | wp-cfm |
Website Builder by SeedProd β Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode | coming-soon |
WooCommerce Box Office | woocommerce-box-office |
WooCommerce Conversion Tracking | woocommerce-conversion-tracking |
Woostify Sites Library | woostify-sites-library |
WordPress Review & Structure Data Schema Plugin β Review Schema | review-schema |
WordPress Toolbar | wordpress-toolbar |
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you shouldβve already been notified if your site was affected by any of these vulnerabilities. If you'd like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
Affected Software: Knowledge Base for Documentation, FAQs with AI Assistance CVE ID: CVE-2024-24842 CVSS Score: 9.8 (Critical) Researcher/s: NgΓ΄ ThiΓͺn An (ancorn_) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/41cfe1d7-2fab-413c-80e5-40d77133d229>
Affected Software: ProductX β WooCommerce Builder & Gutenberg WooCommerce Blocks CVE ID: CVE-2024-23512 CVSS Score: 9.8 (Critical) Researcher/s: Yudistira Arya Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/470285d6-b309-409c-b2c3-8766a0cf9e98>
Affected Software: ERE Recently Viewed β Essential Real Estate Add-On CVE ID: CVE-2024-24797 CVSS Score: 9.8 (Critical) Researcher/s: Yudistira Arya Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7332fe2e-9bef-42b7-946e-4a2ee812ca26>
Affected Software: JetBackup β WP Backup, Migrate & Restore CVE ID: CVE-2023-7165 CVSS Score: 9.8 (Critical) Researcher/s: Dmitrii Ignatyev Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fd978ac0-42f2-4746-9430-37458375b588>
Affected Software: Quicksand Post Filter jQuery Plugin CVE ID: CVE-2024-24850 CVSS Score: 9.1 (Critical) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c6f3b765-396f-422f-864d-a48bee8c69cb>
Affected Software: Instant Images β One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels CVE ID: CVE-2024-0869 CVSS Score: 8.8 (High) Researcher/s: Sean Murphy Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/17941fbb-c5da-4f5c-a617-3792eb4ef395>
Affected Software: Cookie Information | Free GDPR Consent Solution CVE ID: CVE-2023-6700 CVSS Score: 8.8 (High) Researcher/s: Lucio SΓ‘ Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/42a4ef37-c842-4925-b06a-3e6423337567>
Affected Software: Event Manager and Tickets Selling Plugin for WooCommerce β WpEvently β WordPress Plugin CVE ID: CVE-2024-24796 CVSS Score: 8.8 (High) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/50812a8b-7d49-41fa-ba50-47d07a4b6caa>
Affected Software: SP Project & Document Manager CVE ID: CVE-2024-24868 CVSS Score: 8.8 (High) Researcher/s: Yudistira Arya Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fcdeba37-ba65-400d-9c07-36503a03e857>
Affected Software: MultiVendorX Marketplace β WooCommerce MultiVendor Marketplace Solution CVE ID: CVE-2024-24703 CVSS Score: 8.6 (High) Researcher/s: Le Ngoc Anh Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/26e07115-efee-4db5-ba24-25a063286e90>
Affected Software: TablePress β Tables in WordPress made easy CVE ID: CVE-2024-23825 CVSS Score: 8.5 (High) Researcher/s: isacaya Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8de52b68-c273-4561-98b0-e51afd6cd47b>
Affected Software: Website Builder by SeedProd β Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode CVE ID: CVE-2024-1072 CVSS Score: 8.2 (High) Researcher/s: Lucio SΓ‘ Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/78d7920b-3e20-43c7-a522-72bac824c2cb>
Affected Software: Woostify Sites Library CVE ID: CVE-2023-6279 CVSS Score: 8.1 (High) Researcher/s: Krzysztof ZajΔ c Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/977ab23a-06b2-4f54-a2c2-3be2316eaceb>
Affected Software: PropertyHive CVE ID: CVE-2024-23513 CVSS Score: 8.1 (High) Researcher/s: Yudistira Arya Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d8ee82cf-916c-41e9-82d2-f25cc7a632ae>
Affected Software: Total Upkeep β WordPress Backup Plugin plus Restore & Migrate by BoldGrid CVE ID: CVE-2024-24869 CVSS Score: 7.5 (High) Researcher/s: Yudistira Arya Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/159e14fc-0512-421a-8bbe-d16c0b04ddf9>
Affected Software: PowerPack Pro for Elementor CVE ID: CVE-2024-24844 CVSS Score: 7.5 (High) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/883e1f3c-7e47-4522-ae8c-a9a6b4160be2>
Affected Software: Database for Contact Form 7, WPforms, Elementor forms CVE ID: CVE-2024-1069 CVSS Score: 7.2 (High) Researcher/s: IstvΓ‘n MΓ‘rton Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/120313be-9f98-4448-9f5d-a77186a6ff08>
Affected Software: Icons Font Loader CVE ID: CVE-2024-24714 CVSS Score: 6.6 (Medium) Researcher/s: Vulzap Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/37426991-7778-4dc4-8cae-2725584fb8b8>
Affected Software: Html5 Video Player CVE ID: CVE-2024-1061 CVSS Score: 6.5 (Medium) Researcher/s: Joshua Martinelle Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0abd2533-5cb3-4568-8ad2-f2852ab3a8db>
Affected Software: Quicksand Post Filter jQuery Plugin CVE ID: CVE-2024-24849 CVSS Score: 6.5 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4dd63ea6-7821-42b8-9b52-e721a8b2382d>
Affected Software: Order Delivery Date for WP e-Commerce CVE ID: CVE-2024-0678 CVSS Score: 6.5 (Medium) Researcher/s: Krzysztof ZajΔ c Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/71fb90b6-a484-4a70-a9dc-795cbf2e275e>
Affected Software: WP Hotel Booking CVE ID: CVE Unknown CVSS Score: 6.5 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/86f15e94-6ca7-4eb2-8a38-b4add9251dab>
Affected Software: Starbox β the Author Box for Humans CVE ID: CVE-2024-0256 CVSS Score: 6.4 (Medium) Researcher/s: Lucio SΓ‘ Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0eafe473-9177-47c4-aa1e-2350cb827447>
Affected Software: Heateor Social Login WordPress CVE ID: CVE-2024-24712 CVSS Score: 6.4 (Medium) Researcher/s: NgΓ΄ ThiΓͺn An (ancorn_) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1a3ebfba-7523-48a4-a315-4395be2cebef>
Affected Software: Advanced iFrame CVE ID: CVE-2023-7069 CVSS Score: 6.4 (Medium) Researcher/s: Webbernaut Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2e32c51d-2d96-4545-956f-64f65c54b33b>
Affected Software: Five Star Restaurant Reviews CVE ID: CVE-2024-24838 CVSS Score: 6.4 (Medium) Researcher/s: Steven Julian Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2fe44e46-dfbf-4286-889c-606280d62218>
Affected Software: SlimStat Analytics CVE ID: CVE-2024-1073 CVSS Score: 6.4 (Medium) Researcher/s: Lucio SΓ‘ Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/33cba63c-4629-48fd-850f-f68dad626a67>
Affected Software: Ultra Companion β Companion plugin for WPoperation Themes CVE ID: CVE-2024-24803 CVSS Score: 6.4 (Medium) Researcher/s: wpdabh Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3639d0a6-6d9f-4f3e-bb25-85d4eb40b547>
Affected Software: OWL Carousel β WordPress Owl Carousel Slider CVE ID: CVE-2024-24801 CVSS Score: 6.4 (Medium) Researcher/s: resecured.io Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/511957c0-e4c3-4a50-b604-3b604d52d32f>
Affected Software: SiteOrigin Widgets Bundle CVE ID: CVE-2024-0961 CVSS Score: 6.4 (Medium) Researcher/s: Webbernaut Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6f7c164f-2f78-4857-94b9-077c2dea13df>
Affected Software: Scheduling Plugin β Online Booking for WordPress CVE ID: CVE-2024-23517 CVSS Score: 6.4 (Medium) Researcher/s: NgΓ΄ ThiΓͺn An (ancorn_) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/71a0aa95-f2a9-4537-a8d1-d78336e36125>
Affected Software: Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content β ProfilePress CVE ID: CVE-2024-1046 CVSS Score: 6.4 (Medium) Researcher/s: NgΓ΄ ThiΓͺn An (ancorn_) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7911c774-3fb0-4d6c-a847-101e5ad8637a>
Affected Software: Click To Tweet CVE ID: CVE-2024-23514 CVSS Score: 6.4 (Medium) Researcher/s: NgΓ΄ ThiΓͺn An (ancorn_) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7eee591c-2676-479c-ab15-96da10f51ae0>
Affected Software: Essential Addons for Elementor β Best Elementor Templates, Widgets, Kits & WooCommerce Builders CVE ID: CVE-2024-0954 CVSS Score: 6.4 (Medium) Researcher/s: Webbernaut Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/875db71d-c799-40b9-95e1-74d53046b0a9>
Affected Software: Structured Content (JSON-LD) #wpsc CVE ID: CVE-2024-24839 CVSS Score: 6.4 (Medium) Researcher/s: LVT-tholv2k Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a013106b-4e2a-4dd9-a0ab-7e6c91e715dd>
Affected Software: Auto Listings β Car Listings & Car Dealership Plugin for WordPress CVE ID: CVE-2024-24713 CVSS Score: 6.4 (Medium) Researcher/s: resecured.io Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b1a97776-03c7-403d-b803-023647b9d0f2>
Affected Software: Calculated Fields Form CVE ID: CVE-2024-0963 CVSS Score: 6.4 (Medium) Researcher/s: Richard Telleng (stueotue) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d870ff8d-ea4b-4777-9892-0d9982182b9f>
Affected Software: The Plus Addons for Elementor CVE ID: CVE-2024-23511 CVSS Score: 6.4 (Medium) Researcher/s: Abu Hurayra (HurayraIIT) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e66b5c12-3acb-41f7-ae5f-8a9130053e45>
Affected Software: CC BMI Calculator CVE ID: CVE-2024-23516 CVSS Score: 6.4 (Medium) Researcher/s: NgΓ΄ ThiΓͺn An (ancorn_) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ed0e7717-d9ac-4333-8e79-fc030a410dab>
Affected Software: GDPR Data Request Form CVE ID: CVE-2024-24836 CVSS Score: 6.4 (Medium) Researcher/s: NgΓ΄ ThiΓͺn An (ancorn_) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f0b8fd44-75af-4fb8-bcc1-94cb5fc9e4eb>
Affected Software: Premium Addons for Elementor CVE ID: CVE-2024-24831 CVSS Score: 6.4 (Medium) Researcher/s: Abu Hurayra (HurayraIIT) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f7222c7e-939a-4666-9d01-f715d2827954>
Affected Software: MapPress Maps for WordPress CVE ID: CVE-2023-7225 CVSS Score: 6.4 (Medium) Researcher/s: Akbar Kustirama Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fce76126-0cfd-464f-b644-45d4301e958d>
Affected Software: CalculatorPro Calculators CVE ID: CVE-2024-24847 CVSS Score: 6.1 (Medium) Researcher/s: Dimas Maulana Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0de79672-f0ba-42d3-a44a-01b93801d7de>
Affected Software: Mighty Addons for Elementor CVE ID: CVE-2024-24846 CVSS Score: 6.1 (Medium) Researcher/s: Yudistira Arya Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/484d8d14-049d-4fd5-adb8-ad9942bba794>
Affected Software: Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo CVE ID: CVE-2024-24866 CVSS Score: 6.1 (Medium) Researcher/s: thiennv Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a0247ba6-d193-4b7d-969d-0cd239c57faa>
Affected Software: PT Sign Ups β Beautiful volunteer sign ups and management made easy CVE ID: CVE-2024-24848 CVSS Score: 6.1 (Medium) Researcher/s: Faizal Abroni Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b751191b-35a8-4331-ac3f-f6090221c65f>
Affected Software: EventON Pro CVE ID: CVE-2023-7200 CVSS Score: 6.1 (Medium) Researcher/s: kauenavarro Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e0d5b1a5-0078-402b-b834-8091bfc02dd5>
Affected Software: PowerPack Pro for Elementor CVE ID: CVE-2024-24843 CVSS Score: 6.1 (Medium) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e68bbee2-1c1a-4751-988e-dde423f8aab3>
Affected Software: Ninja Forms Contact Form β The Drag and Drop Form Builder for WordPress CVE ID: CVE-2024-0685 CVSS Score: 5.9 (Medium) Researcher/s: stealthcopter Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3cb73d5d-ca4a-4103-866d-f7bb369a8ce4>
Affected Software: Easy Digital Downloads β Sell Digital Files (eCommerce Store & Payments Made Easy) CVE ID: CVE-2024-0659 CVSS Score: 5.5 (Medium) Researcher/s: emad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1ec207cd-cae5-4950-bbc8-d28f108b4ae7>
Affected Software: BEAR β Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net CVE ID: CVE-2024-24834 CVSS Score: 5.5 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/32682598-ad1c-4aa1-bdf2-a7966a4d1dbe>
Affected Software: Scroll Triggered Box CVE ID: CVE-2024-24865 CVSS Score: 5.5 (Medium) Researcher/s: Savphill Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b92c3d68-2e3e-4500-8da9-f89373126445>
Affected Software: MW WP Form CVE ID: CVE-2024-24804 CVSS Score: 5.5 (Medium) Researcher/s: Huynh Tien Si Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f2126761-cbff-4d46-a6df-4566d15216d7>
Affected Software: Accessibility CVE ID: CVE-2024-24705 CVSS Score: 5.4 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/432effd4-5c94-4ef9-bc19-b4eacd082264>
Affected Software: PilotPress CVE ID: CVE-2024-23524 CVSS Score: 5.4 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6a8d121d-434d-4445-874f-d3cf6b6e7233>
Affected Software: WOLF β WordPress Posts Bulk Editor and Manager Professional CVE ID: CVE-2024-0790 CVSS Score: 5.4 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6c48f94b-d193-429a-9383-628ae12bfdf3>
Affected Software: Load More Anything CVE ID: CVE-2024-24704 CVSS Score: 5.4 (Medium) Researcher/s: Elliot Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/797554c9-7008-451a-8e8d-3242a207347e>
Affected Software: PDF Flipbook, 3D Flipbook β DearFlip CVE ID: CVE-2024-0895 CVSS Score: 5.4 (Medium) Researcher/s: Muhammad Daffa Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/92e37b28-1a17-417a-b40f-cb4bbe6ec759>
Affected Software: Form builder to get in touch with visitors, grow your email list and collect payments β Happyforms CVE ID: CVE-2024-23521 CVSS Score: 5.3 (Medium) Researcher/s: Revan Arifio Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0578c49e-f820-42dd-bd53-f4a281843e69>
Affected Software: User Activity Tracking and Log CVE ID: CVE-2024-0970 CVSS Score: 5.3 (Medium) Researcher/s: Dmitrii Ignatyev Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0e2268fc-5f29-4c69-9585-81240354ae77>
Affected Software: EventPrime β Events Calendar, Bookings and Tickets CVE ID: CVE-2024-24832 CVSS Score: 5.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/17cbcf67-f10d-41bc-acf7-98e5d99b50af>
Affected Software: NEX-Forms β Ultimate Form Builder β Contact forms and much more CVE ID: CVE-2024-0907 CVSS Score: 5.3 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/26bd4058-ef00-48c8-8ab5-01535f0238a4>
Affected Software: WP Dummy Content Generator CVE ID: CVE-2024-24805 CVSS Score: 5.3 (Medium) Researcher/s: Huynh Tien Si Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3b44d23c-4872-491f-8a91-b0feb888ac54>
Affected Software: BEAR β Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net CVE ID: CVE-2024-24835 CVSS Score: 5.3 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/411b7889-c2c6-48cb-967d-091585705e17>
Affected Software: BizPrint β Print WooCommerce Order Receipts, Invoices, Labels & More. CVE ID: CVE Unknown CVSS Score: 5.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4fc76e1c-546f-4ecd-bd3b-a6f21b2c65bf>
Affected Software: NEX-Forms β Ultimate Form Builder β Contact forms and much more CVE ID: CVE-2024-1129 CVSS Score: 5.3 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/53db0f72-3353-42bb-ad75-4c5aa32d7939>
Affected Software: Relevanssi β A Better Search (Pro) CVE ID: CVE Unknown CVSS Score: 5.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/550872c8-3663-48fa-ab3f-f90351f3e169>
Affected Software: Orbit Fox by ThemeIsle CVE ID: CVE-2024-1047 CVSS Score: 5.3 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6147582f-578a-47ad-b16c-65c37896783d>
Affected Software: LearnDash LMS CVE ID: CVE-2024-1210 CVSS Score: 5.3 (Medium) Researcher/s: Karl Emil Nikka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/61ca5ab6-5fe9-4313-9b0d-8736663d0e89>
Affected Software: LearnDash LMS CVE ID: CVE-2024-1209 CVSS Score: 5.3 (Medium) Researcher/s: Karl Emil Nikka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7191955e-0db1-4ad1-878b-74f90ca59c91>
Affected Software: PropertyHive CVE ID: CVE-2024-24718 CVSS Score: 5.3 (Medium) Researcher/s: Yudistira Arya Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/84d55f24-c4de-4574-b0cc-cc1b4935d281>
Affected Software: LearnDash LMS CVE ID: CVE-2024-1208 CVSS Score: 5.3 (Medium) Researcher/s: Karl Emil Nikka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ae735117-e68b-448e-ad41-258d1be3aebc>
Affected Software: Post Thumbnail Editor CVE ID: CVE-2024-24845 CVSS Score: 5.3 (Medium) Researcher/s: Joshua Chan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b102af8f-2bc3-4548-9a90-d1280b058173>
Affected Software: UserPro - Community and User Profile WordPress Plugin CVE ID: CVE-2024-0701 CVSS Score: 5.3 (Medium) Researcher/s: Rob Stevens Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ea070d9c-c04c-432f-a110-47b9eaa67614>
Affected Software: ARMember β Membership Plugin, Content Restriction, Member Levels, User Profile & User signup CVE ID: CVE-2024-0969 CVSS Score: 5.3 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ea4e6718-4e1e-44ce-8463-860f0d3d80f5>
Affected Software: NEX-Forms β Ultimate Form Builder β Contact forms and much more CVE ID: CVE-2024-1130 CVSS Score: 5.3 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f2c3b646-d865-4425-bc8f-00b3555a3d74>
Affected Software: WP Visitor Statistics (Real Time Traffic) CVE ID: CVE-2024-24867 CVSS Score: 5.3 (Medium) Researcher/s: Yudistira Arya Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f2d69d59-390d-4f3c-96ba-487707cac7a6>
Affected Software: Anonymous Restricted Content CVE ID: CVE-2024-0909 CVSS Score: 5.3 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f478ff7c-7193-4c59-a84f-c7cafff9b6c0>
Affected Software: Email Before Download CVE ID: CVE-2024-23519 CVSS Score: 5.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fa918a65-0021-4c32-9f6d-d978926c3ef3>
Affected Software: WP STAGING WordPress Backup Plugin β Migration Backup Restore CVE ID: CVE-2023-7204 CVSS Score: 5.3 (Medium) Researcher/s: Dmitrii Ignatyev Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fe8816d8-1687-4a3c-9f2a-23f21d679cc5>
Affected Software: Booking Calendar | Appointment Booking | BookIt CVE ID: CVE-2024-24715 CVSS Score: 4.9 (Medium) Researcher/s: Debangshu Kundu, Arpeet Rathi Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d9938c7d-ef0d-45a2-900f-ac8bda9ce75a>
Affected Software: Popup More Popups, Lightboxes, and more popup modules CVE ID: CVE-2024-0844 CVSS Score: 4.7 (Medium) Researcher/s: 0x9567b Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7894a19c-b873-4c5b-8c82-6656cc306ee2>
Affected Software: Restrict Usernames Emails Characters CVE ID: CVE-2023-6165 CVSS Score: 4.4 (Medium) Researcher/s: Yuhang Liu Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/12532f84-bc76-4968-a01f-f879ab41b901>
Affected Software: Persian Fonts CVE ID: CVE-2023-7167 CVSS Score: 4.4 (Medium) Researcher/s: Bob Matyas Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2a427b26-4a0d-4351-8a8b-ec5da1345ebd>
Affected Software: Chartify β WordPress Chart Plugin CVE ID: CVE-2023-47526 CVSS Score: 4.4 (Medium) Researcher/s: Jeongwoo-Lee(Roronoa) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/49d0315e-fcb2-4232-8797-0421cf5d3cd8>
Affected Software: SEO Plugin by Squirrly SEO CVE ID: CVE-2024-0597 CVSS Score: 4.4 (Medium) Researcher/s: Akbar Kustirama Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a61a8d8b-f22f-4a16-95f6-6cf52cf545ad>
Affected Software: Page Builder: Pagelayer β Drag and Drop website builder CVE ID: CVE-2023-5124 CVSS Score: 4.4 (Medium) Researcher/s: Marc-Alexandre Montpas Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b8bd08d0-5c78-40a8-abc1-de387908df9d>
Affected Software: Add Customer for WooCommerce CVE ID: CVE-2024-24841 CVSS Score: 4.4 (Medium) Researcher/s: Dhabaleshwar Das Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ba08695e-009e-434a-9db0-06aa1dd6d57a>
Affected Software: Beds24 Online Booking CVE ID: CVE-2024-24717 CVSS Score: 4.4 (Medium) Researcher/s: Dhabaleshwar Das Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ca5bc2af-394b-4fc1-b6c3-ed9ff0a5959a>
Affected Software: Fatal Error Notify CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Dmitrii Ignatyev Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/08b75cac-7b1d-4bed-a1b7-bd1e872f2b4f>
Affected Software: Active Products Tables for WooCommerce. Professional products tables for WooCommerce store CVE ID: CVE-2024-0797 CVSS Score: 4.3 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0a94841f-b1dd-44f4-b7a1-65a9fdf7b18d>
Affected Software: WOLF β WordPress Posts Bulk Editor and Manager Professional CVE ID: CVE-2024-0791 CVSS Score: 4.3 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/13c66a8f-b35f-4943-8880-0799b0d150f7>
Affected Software: Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) CVE ID: CVE-2024-24840 CVSS Score: 4.3 (Medium) Researcher/s: Abu Hurayra (HurayraIIT) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/164a1e09-e967-450c-8938-84c18ebf267d>
Affected Software: Happy Addons for Elementor CVE ID: CVE-2024-24833 CVSS Score: 4.3 (Medium) Researcher/s: Abu Hurayra (HurayraIIT) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1b25df18-dd9a-4b24-8187-283d5f3f334e>
Affected Software: Cincopa video and media plug-in CVE ID: CVE-2024-23515 CVSS Score: 4.3 (Medium) Researcher/s: Skalucy Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/285d2b85-cdd0-4447-8cdc-b641751e4a5f>
Affected Software: Affiliates Manager CVE ID: CVE-2024-0859 CVSS Score: 4.3 (Medium) Researcher/s: Nathaniel Oh (0x4n3) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/433a03c2-09fd-4ce6-843b-55ad09f4b4f7>
Affected Software: WooCommerce Conversion Tracking CVE ID: CVE-2024-24711 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4775ef21-01d6-4c5a-9e3e-f9b6e093fc7f>
Affected Software: BizPrint β Print WooCommerce Order Receipts, Invoices, Labels & More. CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/487a131e-4911-42d6-bfd7-fc697c89552d>
Affected Software: Fatal Error Notify CVE ID: CVE-2023-7202 CVSS Score: 4.3 (Medium) Researcher/s: Dmitrii Ignatyev Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/50499cd6-0e27-494a-892c-5ca827d4433b>
Affected Software: Active Products Tables for WooCommerce. Professional products tables for WooCommerce store CVE ID: CVE-2024-0796 CVSS Score: 4.3 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5069fbc4-b3c4-4c0b-892c-2c83f35dc2fe>
Affected Software: Professional Social Sharing Buttons, Icons & Related Posts β Shareaholic CVE ID: CVE-2024-24709 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5cde239c-20bf-41fa-b7d6-e21b14dcbc22>
Affected Software: A no-code page builder for beautiful performance-based content CVE ID: CVE-2024-24701 CVSS Score: 4.3 (Medium) Researcher/s: emad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7058306f-ec20-4722-aaa1-552a75945a1e>
Affected Software: Kikote β Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerce CVE ID: CVE-2024-24719 CVSS Score: 4.3 (Medium) Researcher/s: Dhabaleshwar Das Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7394be7e-9a1f-4c85-ac2d-cace39def330>
Affected Software/s: FG Joomla to WordPress, FG PrestaShop to WooCommerce, FG Drupal to WordPress CVE ID: CVE-2024-24837 CVSS Score: 4.3 (Medium) Researcher/s: Friday Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7dc34ff1-1b7e-4974-907a-745911df5dc8>
Affected Software: Orbit Fox by ThemeIsle CVE ID: CVE-2024-1162 CVSS Score: 4.3 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/88f6a24f-f14a-4d0a-be5a-f8c84910b4fc>
Affected Software: JTRT Responsive Tables CVE ID: CVE-2024-24802 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/89ca9214-145e-43c6-a642-7c371f635332>
Affected Software: Page Restrict CVE ID: CVE-2024-24702 CVSS Score: 4.3 (Medium) Researcher/s: emad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/956984d4-4f8b-4e20-8002-4e9809b3872c>
Affected Software: WP-CFM CVE ID: CVE-2024-24706 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9790c592-1445-4f9d-987e-ae5ab49c4dcd>
Affected Software: RSS Aggregator by Feedzy β Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator CVE ID: CVE-2024-1092 CVSS Score: 4.3 (Medium) Researcher/s: Muhammad Daffa Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/98053141-fe97-4bd4-b820-b6cca3426109>
Affected Software: Custom Order Numbers for WooCommerce CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/981908d3-e1e7-4093-a2ee-69aa50127731>
Affected Software: PopupAlly CVE ID: CVE-2024-23520 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a6bef410-8706-4440-b50f-08824ef754f6>
Affected Software: Debug CVE ID: CVE-2024-24798 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/aa7276bb-6a9b-4cbd-8333-14c4dfac4108>
Affected Software: Custom Order Status for WooCommerce CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ab2a4903-2c69-48da-bd4a-79b39b78806c>
Affected Software: WordPress Review & Structure Data Schema Plugin β Review Schema CVE ID: CVE-2024-0836 CVSS Score: 4.3 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b7039206-a25a-4aa0-87e2-be11dd1f12eb>
Affected Software: Starbox β the Author Box for Humans CVE ID: CVE-2024-0366 CVSS Score: 4.3 (Medium) Researcher/s: Sh Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c47601b4-bf16-4f59-b5f3-584a8eac7c67>
Affected Software: CP Media Player β Audio Player and Video Player CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ced380a5-04a6-40c1-a731-0d3b929e4428>
Affected Software: Don't Muck My Markup CVE ID: CVE-2024-23510 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d1390c22-3c8d-47f1-b225-1bcbc215832a>
Affected Software: W3SPEEDSTER CVE ID: CVE-2024-24708 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e358355e-097c-4a6d-a21a-3d08098efff0>
Affected Software: WordPress Toolbar CVE ID: CVE-2023-6389 CVSS Score: 4.3 (Medium) Researcher/s: Daniel Ruf Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e88a45e5-f882-419e-b0b0-612912666693>
Affected Software: ACF Photo Gallery Field CVE ID: CVE-2024-23518 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f557ddf1-cee3-498c-87bc-fa81bf574591>
Affected Software: WooCommerce Box Office CVE ID: CVE-2024-24799 CVSS Score: 4.3 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ff2097a9-fe7a-48f3-be9c-dc0caef74262>
Affected Software: Feed Them Social β Page, Post, Video, and Photo Galleries CVE ID: CVE-2024-24710 CVSS Score: 3.5 (Low) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e86152a6-cd8d-4466-bcc5-830413500e12>
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfenceβs highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (January 29, 2024 to February 4, 2024) appeared first on Wordfence.