Last week, there were 92 vulnerabilities disclosed in 88 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 37 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API and webhook integration are completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Individuals and Enterprises can use the vulnerability Database API to receive a complete dump of our database of over 12,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
_Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published. _
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Patch Status | Number of Vulnerabilities |
---|---|
Unpatched | 57 |
Patched | 35 |
Severity Rating | Number of Vulnerabilities |
---|---|
Low Severity | 1 |
Medium Severity | 80 |
High Severity | 11 |
Critical Severity | 0 |
Vulnerability Type by CWE | Number of Vulnerabilities |
---|---|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 37 |
Cross-Site Request Forgery (CSRF) | 30 |
Missing Authorization | 11 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 7 |
Information Exposure | 3 |
URL Redirection to Untrusted Site ('Open Redirect') | 1 |
Unrestricted Upload of File with Dangerous Type | 1 |
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') | 1 |
Guessable CAPTCHA | 1 |
Researcher Name | Number of Vulnerabilities |
---|---|
Mika | 19 |
Rio Darmawan | 7 |
yuyudhn | 5 |
Lana Codes | |
(Wordfence Vulnerability Researcher) | 5 |
Abdi Pranata | 5 |
Rafie Muhammad | 3 |
Vladislav Pokrovsky | 2 |
Taihei Shimamine | 2 |
minhtuanact | 2 |
spacecroupier | 2 |
Prasanna V Balaji | 2 |
Le Ngoc Anh | 2 |
deokhunKim | 2 |
Alex Thomas | |
(Wordfence Vulnerability Researcher) | 2 |
LEE SE HYOUNG | 2 |
BuShiYue | 1 |
Phd | 1 |
TomS | 1 |
OZ1NG (TOOR, LISA) | 1 |
thiennv | 1 |
konagash | 1 |
Robert DeVore | 1 |
qilin_99 | 1 |
Jonas Höbenreich | 1 |
NeginNrb | 1 |
emad | 1 |
Joshua Chan | 1 |
An Đặng | 1 |
Emili Castells | 1 |
resecured.io | 1 |
Marco Wotschka | |
(Wordfence Vulnerability Researcher) | 1 |
Nguyen Anh Tien | 1 |
n0paew | 1 |
Ravi Dharmawan | 1 |
Truoc Phan | 1 |
Yebin Lee | 1 |
Nithissh S | 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
Software Name | Software Slug |
---|---|
AI ChatBot | chatbot |
AI Content Writing Assistant (Content Writer, GPT 3 & 4, ChatGPT, Image Generator) All in One | ai-content-writing-assistant |
Abandoned Cart Lite for WooCommerce | woocommerce-abandoned-cart |
Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress | advanced-page-visit-counter |
AmpedSense – AdSense Split Tester | ampedsense-adsense-split-tester |
Automated Editor | automated-editor |
Blog Filter – Advanced Post Filtering with Categories Or Tags, Post Portfolio Gallery, Blog Design Template, Post Layout | blog-filter |
Blog Manager Light | blog-manager-light |
Bold Timeline Lite | bold-timeline-lite |
Booster for WooCommerce | woocommerce-jetpack |
Bulk NoIndex & NoFollow Toolkit | bulk-noindex-nofollow-toolkit-by-mad-fish |
Captcha/Honeypot (CF7, Avada, Elementor, Comments, WPForms) – GDPR ready | captcha-for-contact-form-7 |
Category Meta plugin | wp-category-meta |
Comment Reply Email | comment-reply-email |
Complete Open Graph | complete-open-graph |
Connect to external APIs – WPGetAPI | wpgetapi |
Contact Form by Supsystic | contact-form-by-supsystic |
Contact form Form For All – Easy to use, fast, 37 languages. | formforall |
Copy or Move Comments | copy-or-move-comments |
Customer Reviews for WooCommerce | customer-reviews-woocommerce |
Dropshipping & Affiliation with Amazon | wp-amazon-shop |
Export All Posts, Products, Orders, Refunds & Users | wp-ultimate-exporter |
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder | form-maker |
Fotomoto | fotomoto |
Geo Controller | cf-geoplugin |
GoodBarber | goodbarber |
Gumroad | gumroad |
Hitsteps Web Analytics | hitsteps-visitor-manager |
Hotjar | hotjar |
IRivYou – Add reviews from AliExpress and Amazon to woocommerce | wooreviews-importer |
Image vertical reel scroll slideshow | image-vertical-reel-scroll-slideshow |
Instagram for WordPress | instagram-for-wordpress |
Interactive World Map | interactive-world-map |
LeadSquared Suite | leadsquared-suite |
MStore API | mstore-api |
Mailrelay | mailrelay |
Marker.io – Visual Website Feedback | marker-io |
Media Library Assistant | media-library-assistant |
Mendeley Plugin | mendeleyplugin |
OPcache Dashboard | opcache |
Open User Map | open-user-map |
Optimize Database after Deleting Revisions | rvg-optimize-database |
Order auto complete for WooCommerce | order-auto-complete-for-woocommerce |
POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress | post-smtp |
Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | wp-user-avatar |
Permalinks Customizer | permalinks-customizer |
Pinpoint Booking System – #1 WordPress Booking Plugin | booking-system |
Podcast Subscribe Buttons | podcast-subscribe-buttons |
Post View Count | wp-simple-post-view |
Pressference Exporter | pressference-exporter |
Product Category Tree | product-category-tree |
Profile Extra Fields by BestWebSoft | profile-extra-fields |
Publish Confirm Message | publish-confirm-message |
Redirection for Contact Form 7 | wpcf7-redirect |
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | custom-registration-form-builder-with-submission-manager |
SendPulse Free Web Push | sendpulse-web-push |
Seriously Simple Stats | seriously-simple-stats |
Sharkdropship for AliExpress Dropship and Affiliate | wooshark-aliexpress-importer |
Short URL | shorten-url |
ShortCodes UI | shortcodes-ui |
Simple SEO | cds-simple-seo |
Smart Cookie Kit | smart-cookie-kit |
Social Feed | Custom Feed for Social Media Networks |
Social Metrics | social-metrics |
Social proof testimonials and reviews by Repuso | social-testimonials-and-reviews-widget |
Sp*tify Play Button for WordPress | spotify-play-button-for-wordpress |
Stout Google Calendar | stout-google-calendar |
Timely Booking Button | timely-booking-button |
Urvanov Syntax Highlighter | urvanov-syntax-highlighter |
User Location and IP | user-location-and-ip |
Video Gallery – Best WordPress YouTube Gallery Plugin | gallery-videos |
WOLF – WordPress Posts Bulk Editor and Manager Professional | bulk-editor |
WP Bing Map Pro | api-bing-map-2018 |
WP Content Pilot – Autoblogging & Affiliate Marketing Plugin | wp-content-pilot |
WP Custom Widget area | wp-custom-widget-area |
WP Forms Puzzle Captcha | wp-forms-puzzle-captcha |
WP Mail SMTP Pro | wp-mail-smtp-pro |
WP Power Stats | wp-power-stats |
WP Responsive header image slider | responsive-header-image-slider |
WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission Plugin | wp-user-frontend |
WhitePage | white-page-publication |
WooCommerce Login Redirect | woo-login-redirect |
WooODT Lite – WooCommerce Order Delivery or Pickup with Date Time Location | byconsole-woo-order-delivery-time |
WordPress Popular Posts | wordpress-popular-posts |
WordPress Simple HTML Sitemap | wp-simple-html-sitemap |
YouTube Playlist Player | youtube-playlist-player |
affiliate-toolkit – WordPress Affiliate Plugin | affiliate-toolkit-starter |
canvasio3D Light | canvasio3d-light |
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you'd like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
Affected Software: Dropshipping & Affiliation with Amazon CVE ID: CVE-2023-31215 CVSS Score: 8.8 (High) Researcher/s: spacecroupier Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/17240c75-4e2a-45d2-8114-414c7e81af87>
Affected Software: Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress CVE ID: CVE-2023-45074 CVSS Score: 8.8 (High) Researcher/s: TomS Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1810cea5-cfca-4699-bf09-0e474d04acb6>
Affected Software: MStore API CVE ID: CVE-2023-45055 CVSS Score: 8.8 (High) Researcher/s: Truoc Phan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a8b10d0c-e2fc-47a3-9df9-8df58eee964c>
Affected Software: Copy or Move Comments CVE ID: CVE-2023-28748 CVSS Score: 8.8 (High) Researcher/s: minhtuanact Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e2b020c3-0eb9-4ff1-b94e-e32452695b5d>
Affected Software: Sharkdropship for AliExpress Dropship and Affiliate CVE ID: CVE-2023-30870 CVSS Score: 7.3 (High) Researcher/s: spacecroupier Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f8812cfe-4bbe-44ba-9513-7f81bad68d11>
Affected Software: Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder CVE ID: CVE-2023-45071 CVSS Score: 7.2 (High) Researcher/s: Vladislav Pokrovsky Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/05b434f7-6bce-4ad0-bd12-db5b01f14953>
Affected Software: AmpedSense – AdSense Split Tester CVE ID: CVE-2023-25476 CVSS Score: 7.2 (High) Researcher/s: Prasanna V Balaji Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/266bbcab-7d41-4c38-b136-24da61728977>
Affected Software: POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress CVE ID: CVE Unknown CVSS Score: 7.2 (High) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3816a6cf-8157-4ad9-83f6-93c9b6c6275f>
Affected Software: Seriously Simple Stats CVE ID: CVE-2023-45001 CVSS Score: 7.2 (High) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/46150f65-e662-4539-ae99-eaee297a2608>
Affected Software: Video Gallery – Best WordPress YouTube Gallery Plugin CVE ID: CVE-2023-45069 CVSS Score: 7.2 (High) Researcher/s: Ravi Dharmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a8382051-ae17-4719-94b5-3cfb0b5e82b1>
Affected Software: Pressference Exporter CVE ID: CVE-2023-45046 CVSS Score: 7.2 (High) Researcher/s: Nithissh S Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c12ba39f-03bc-4a45-b2f4-368f48c0a57b>
Affected Software: YouTube Playlist Player CVE ID: CVE-2023-45049 CVSS Score: 6.4 (Medium) Researcher/s: yuyudhn Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/02cffe63-dad2-4f6b-9530-7f494e3071d7>
Affected Software: Podcast Subscribe Buttons CVE ID: CVE-2023-5308 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/17dbfb82-e380-464a-bfaf-2d0f6bf07f25>
Affected Software: Instagram for WordPress CVE ID: CVE-2023-5357 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3991d8d0-57a8-42e7-a53c-97508f7e137f>
Affected Software: WP Responsive header image slider CVE ID: CVE-2023-5334 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6953dea2-ca2d-4283-97c2-45c3420d9390>
Affected Software: User Location and IP CVE ID: CVE-2023-31217 CVSS Score: 6.4 (Medium) Researcher/s: deokhunKim Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7e501592-4411-4c0a-aa67-e2d0a29d5d35>
Affected Software: Smart Cookie Kit CVE ID: CVE-2023-45608 CVSS Score: 6.4 (Medium) Researcher/s: resecured.io Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9b726e21-ff76-43ea-beb1-f68e94d3b7a4>
Affected Software: Media Library Assistant CVE ID: CVE-2023-24385 CVSS Score: 6.4 (Medium) Researcher/s: n0paew Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a1603dc9-7f5e-47e1-8a81-27bb4df1aa4f>
Affected Software: WordPress Popular Posts CVE ID: CVE-2023-45607 CVSS Score: 6.4 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a91e8713-a760-4acd-9987-2a6b11dbdd56>
Affected Software: Contact form Form For All – Easy to use, fast, 37 languages. CVE ID: CVE-2023-5337 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/abe2f596-b2c3-49d3-b646-0f4b64f15674>
Affected Software: Blog Filter – Advanced Post Filtering with Categories Or Tags, Post Portfolio Gallery, Blog Design Template, Post Layout CVE ID: CVE-2023-5291 CVSS Score: 6.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b95c1bf7-bb05-44d3-a185-7e38e62b7201>
Affected Software: Gumroad CVE ID: CVE-2023-45059 CVSS Score: 6.4 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cd2abab4-f93c-454d-928d-128a490da0e2>
Affected Software: WordPress Simple HTML Sitemap CVE ID: CVE-2023-45067 CVSS Score: 6.4 (Medium) Researcher/s: deokhunKim Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fca6d469-60e7-4866-a53c-d207817c9204>
Affected Software: Connect to external APIs – WPGetAPI CVE ID: CVE Unknown CVSS Score: 6.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/39003835-80df-49c7-982a-346bf328565c>
Affected Software: Bulk NoIndex & NoFollow Toolkit CVE ID: CVE-2023-45065 CVSS Score: 6.1 (Medium) Researcher/s: Phd Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0e4f6305-d003-478e-a8ef-0b254084f56f>
Affected Software: Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder CVE ID: CVE-2023-45070 CVSS Score: 6.1 (Medium) Researcher/s: Vladislav Pokrovsky Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1b1db6b8-f005-488f-b2cc-667acc700b0a>
Affected Software: RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login CVE ID: CVE Unknown CVSS Score: 6.1 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2d010e55-d57a-49f7-a991-76b676b88f1e>
Affected Software: Fotomoto CVE ID: CVE-2023-45007 CVSS Score: 6.1 (Medium) Researcher/s: OZ1NG (TOOR, LISA) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2fbeee6b-cbc0-462e-96ba-2fd4f54786b0>
Affected Software: canvasio3D Light CVE ID: CVE-2023-45062 CVSS Score: 6.1 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/39b8f6d8-bca2-4bf2-93ab-868270df8752>
Affected Software: Product Category Tree CVE ID: CVE-2023-45054 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3e03ecc0-5ca1-4d64-a6d7-257325bcc5cb>
Affected Software: Seriously Simple Stats CVE ID: CVE-2023-45005 CVSS Score: 6.1 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/92734acf-2021-4217-8cdd-a9d269198db3>
Affected Software: OPcache Dashboard CVE ID: CVE-2023-45064 CVSS Score: 6.1 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d3d6104b-eb2d-4e7e-98bd-6a46bd69ef5c>
Affected Software: WooODT Lite – WooCommerce Order Delivery or Pickup with Date Time Location CVE ID: CVE-2023-45006 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ede4b8ad-3c12-4ed8-9eda-806afa580bad>
Affected Software: Social Feed | Custom Feed for Social Media Networks CVE ID: CVE-2023-45003 CVSS Score: 6.1 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f124b5a0-b58b-45ff-bd22-7a09a9abd9bd>
Affected Software: Simple SEO CVE ID: CVE-2023-45269 CVSS Score: 5.4 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/053b72c6-07bb-4e9f-ae25-da4bce91ae6e>
Affected Software: Post View Count CVE ID: CVE-2023-44996 CVSS Score: 5.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/114cf149-e923-4e21-9eb0-e38941799304>
Affected Software: WP Forms Puzzle Captcha CVE ID: CVE-2023-44997 CVSS Score: 5.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1c75edd2-fc38-48b1-b58c-1d19c95c3db8>
Affected Software: Urvanov Syntax Highlighter CVE ID: CVE-2023-45106 CVSS Score: 5.4 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3c85fa64-4761-4b92-bd4f-7c220cf18288>
Affected Software: Social proof testimonials and reviews by Repuso CVE ID: CVE-2023-45048 CVSS Score: 5.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/526aa2e5-06bd-4b4c-a331-315f8ab37858>
Affected Software: LeadSquared Suite CVE ID: CVE-2023-45047 CVSS Score: 5.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8da42003-f2d8-4837-84b2-e0e7171fa3fe>
Affected Software: Customer Reviews for WooCommerce CVE ID: CVE-2023-45101 CVSS Score: 5.4 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d60f3da1-1184-4629-880c-ce3893fb55a5>
Affected Software: Pinpoint Booking System – #1 WordPress Booking Plugin CVE ID: CVE-2023-45270 CVSS Score: 5.4 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f4dfb4b5-b2a5-40bd-9dfb-863baa563d06>
Affected Software: Optimize Database after Deleting Revisions CVE ID: CVE Unknown CVSS Score: 5.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/09050c1e-26e0-46e7-b5f0-ebaff4066b0a>
Affected Software: Captcha/Honeypot (CF7, Avada, Elementor, Comments, WPForms) – GDPR ready CVE ID: CVE-2023-45009 CVSS Score: 5.3 (Medium) Researcher/s: qilin_99 Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/60e9351a-302b-4a31-8a9c-c0a0b6ee3fcd>
Affected Software: Export All Posts, Products, Orders, Refunds & Users CVE ID: CVE-2023-2487 CVSS Score: 5.3 (Medium) Researcher/s: Jonas Höbenreich Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/61f7e01e-c9ce-47f6-96d0-de908ce7e90c>
Affected Software: Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress CVE ID: CVE-2023-44150 CVSS Score: 5.3 (Medium) Researcher/s: Joshua Chan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8f5357e0-1e1b-4090-a6ae-9587c6a8d290>
Affected Software: Profile Extra Fields by BestWebSoft CVE ID: CVE-2023-4469 CVSS Score: 5.3 (Medium) Researcher/s: Alex Thomas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/916c73e8-a150-4b35-8773-ea0ec29f7fd1>
Affected Software: Redirection for Contact Form 7 CVE ID: CVE-2023-39920 CVSS Score: 5.3 (Medium) Researcher/s: Nguyen Anh Tien Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9cf17c08-25b7-450d-acd9-963a1f79e495>
Affected Software: WP Mail SMTP Pro CVE ID: CVE-2023-3213 CVSS Score: 5.3 (Medium) Researcher/s: Alex Thomas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a813251b-a4c1-4b23-ad03-dcc1f4f19eb9>
Affected Software: AI ChatBot CVE ID: CVE-2023-44993 CVSS Score: 5.3 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/be9522c8-3561-48fe-89ef-62e0fcb085b0>
Affected Software: Open User Map CVE ID: CVE-2023-45056 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/08593415-bbc9-4159-b5d5-84e4dde6c2c9>
Affected Software: Complete Open Graph CVE ID: CVE-2023-45010 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0f3303db-9ba6-4638-ba96-151cf91db85b>
Affected Software: Timely Booking Button CVE ID: CVE-2023-44987 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2eb3b568-8689-4184-8091-0b84aa6b472d>
Affected Software: Abandoned Cart Lite for WooCommerce CVE ID: CVE-2023-44986 CVSS Score: 4.4 (Medium) Researcher/s: Robert DeVore Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/524e9ec1-9c7c-4b06-915c-8122ea6c3601>
Affected Software: Geo Controller CVE ID: CVE Unknown CVSS Score: 4.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6faf7e36-52d7-4578-bb71-2b64a761692b>
Affected Software: Mendeley Plugin CVE ID: CVE-2023-45073 CVSS Score: 4.4 (Medium) Researcher/s: NeginNrb Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7b56c684-90f6-4e8b-86fc-355a13b5368c>
Affected Software: WOLF – WordPress Posts Bulk Editor and Manager Professional CVE ID: CVE-2023-44990 CVSS Score: 4.4 (Medium) Researcher/s: emad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/85b439ea-08f9-4b4e-80da-7c5f80bc2818>
Affected Software: Image vertical reel scroll slideshow CVE ID: CVE-2023-45051 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/91b06d7d-7e92-49f0-b161-9b25318edfeb>
Affected Software: Order auto complete for WooCommerce CVE ID: CVE-2023-45072 CVSS Score: 4.4 (Medium) Researcher/s: Emili Castells Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9521ad5b-83c3-487e-a69e-ca057777bc9e>
Affected Software: Hotjar CVE ID: CVE-2023-1259 CVSS Score: 4.4 (Medium) Researcher/s: Marco Wotschka Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9c640bcb-b6bf-4865-b713-32ca846e4ed9>
Affected Software: Social Metrics CVE ID: CVE-2023-44263 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b3267339-2f28-40b9-b6ff-fdfe0d67bdc8>
Affected Software: Comment Reply Email CVE ID: CVE-2023-45008 CVSS Score: 4.4 (Medium) Researcher/s: Yebin Lee Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ba7d0ab4-55a5-47f4-b66e-27e963ab2268>
Affected Software: Hitsteps Web Analytics CVE ID: CVE-2023-45057 CVSS Score: 4.4 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f68a386b-544f-4aa2-8ae5-4d57ddd07b63>
Affected Software: Publish Confirm Message CVE ID: CVE-2023-32124 CVSS Score: 4.3 (Medium) Researcher/s: Taihei Shimamine Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/05c2707c-c737-4f95-83e0-b0a4e0883d4b>
Affected Software: Sp*tify Play Button for WordPress CVE ID: CVE-2023-41131 CVSS Score: 4.3 (Medium) Researcher/s: BuShiYue Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0b82fae0-4eec-41ea-90e2-9d08258805b3>
Affected Software: Contact Form by Supsystic CVE ID: CVE-2023-45068 CVSS Score: 4.3 (Medium) Researcher/s: Taihei Shimamine Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/16dc1927-2171-4234-805b-6e4eed99fa90>
Affected Software: WhitePage CVE ID: CVE-2023-45109 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1b377236-bb56-4d31-837a-c5064d46a6c6>
Affected Software: Automated Editor CVE ID: CVE-2023-45276 CVSS Score: 4.3 (Medium) Researcher/s: Prasanna V Balaji Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/27799988-cb2b-41c7-ad9a-aade59d31fa3>
Affected Software: Stout Google Calendar CVE ID: CVE-2023-45273 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/33efcbb4-2bb9-4414-bc95-55bedb92c551>
Affected Software: WP Content Pilot – Autoblogging & Affiliate Marketing Plugin CVE ID: CVE-2023-45053 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/373c10df-0d9c-4f76-8d1f-cad6bcfed141>
Affected Software: Blog Manager Light CVE ID: CVE-2023-45102 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/38307432-399e-4887-867c-9eb2a0d90d70>
Affected Software: Mailrelay CVE ID: CVE-2023-45108 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3c07a2fe-97b1-45ec-bbd9-9353d679ed49>
Affected Software: AI Content Writing Assistant (Content Writer, GPT 3 & 4, ChatGPT, Image Generator) All in One CVE ID: CVE-2023-45063 CVSS Score: 4.3 (Medium) Researcher/s: konagash Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3de1bcd7-24a8-4566-819b-d6653344e132>
Affected Software: IRivYou – Add reviews from AliExpress and Amazon to woocommerce CVE ID: CVE-2023-45267 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5607cc07-5104-45d0-8279-ba0ef3ebcbe9>
Affected Software: GoodBarber CVE ID: CVE-2023-45107 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/57774f93-e6c0-46e6-8019-eab00b2b48ff>
Affected Software: WP Bing Map Pro CVE ID: CVE-2023-45052 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5abc627d-2d8e-44e6-8e8e-ad9f55cbb0d8>
Affected Software: Interactive World Map CVE ID: CVE-2023-45060 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5b559a48-3c8b-4f8a-9627-c4f838d20af3>
Affected Software: WP Custom Widget area CVE ID: CVE-2023-45045 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/64559d37-0c6b-45f5-8a2a-6e70cb5e423c>
Affected Software: SendPulse Free Web Push CVE ID: CVE-2023-45274 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/654727e0-6129-47c7-94f3-10567b1a42d4>
Affected Software: Hitsteps Web Analytics CVE ID: CVE-2023-45268 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7252075f-9326-4f04-bdd9-b244609c9cd3>
Affected Software: WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission Plugin CVE ID: CVE-2023-45002 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8e8e967f-f627-4c0c-ac0f-0a66ae25c602>
Affected Software: ShortCodes UI CVE ID: CVE-2023-44994 CVSS Score: 4.3 (Medium) Researcher/s: An Đặng Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/90e69e43-597c-4c18-b581-d99dacefb9b8>
Affected Software: Short URL CVE ID: CVE-2023-45058 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/95c5a219-0b04-424c-a3dd-d705b1b41ddc>
Affected Software: Bold Timeline Lite CVE ID: CVE-2023-45110 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9bbabf5e-dbfc-4b01-94ae-0e8fd6b3cc26>
Affected Software: Booster for WooCommerce CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a1426809-b245-4868-be87-c96b3c5c05f9>
Affected Software: WP Power Stats CVE ID: CVE-2023-45011 CVSS Score: 4.3 (Medium) Researcher/s: Rio Darmawan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a86a694b-5e45-4e94-a22c-2c5faa7172a2>
Affected Software: WooCommerce Login Redirect CVE ID: CVE-2023-44995 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a8b0d708-4f74-4e6d-9581-f65caf976d45>
Affected Software: Permalinks Customizer CVE ID: CVE-2023-45103 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bf1f402d-98d7-42d7-8d8d-ff74a65e5293>
Affected Software: Category Meta plugin CVE ID: CVE-2023-44998 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bf2ddc42-9910-40e5-9546-89f229b852da>
Affected Software: Marker.io – Visual Website Feedback CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c49b3841-370b-42ed-9545-e69c2544642d>
Affected Software: Customer Reviews for WooCommerce CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c5429fb1-7072-4a00-8fb3-48d4f876417f>
Affected Software: affiliate-toolkit – WordPress Affiliate Plugin CVE ID: CVE-2023-45105 CVSS Score: 3.4 (Low) Researcher/s: minhtuanact Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/06b332de-4f94-47dc-a573-53514adaf5c0>
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (October 2, 2023 to October 8, 2023) appeared first on Wordfence.