Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza! Register as a researcher and submit your vulnerabilities today!
Last week, there were 124 vulnerabilities disclosed in 123 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 39 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 12,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
_Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published. _
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following in real-time to our Premium, Care, and Response customers last week:
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Patch Status | Number of Vulnerabilities |
---|---|
Unpatched | 66 |
Patched | 58 |
Severity Rating | Number of Vulnerabilities |
---|---|
Low Severity | 0 |
Medium Severity | 113 |
High Severity | 10 |
Critical Severity | 1 |
Vulnerability Type by CWE | Number of Vulnerabilities |
---|---|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 53 |
Missing Authorization | 24 |
Cross-Site Request Forgery (CSRF) | 21 |
Information Exposure | 7 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 4 |
Unrestricted Upload of File with Dangerous Type | 3 |
Server-Side Request Forgery (SSRF) | 2 |
Incorrect Authorization | 1 |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') | 1 |
Authorization Bypass Through User-Controlled Key | 1 |
Guessable CAPTCHA | 1 |
Use of Less Trusted Source | 1 |
Protection Mechanism Failure | 1 |
Improper Access Control | 1 |
Improper Authorization | 1 |
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') | 1 |
Reliance on Untrusted Inputs in a Security Decision | 1 |
Researcher Name | Number of Vulnerabilities |
---|---|
Rafie Muhammad | 9 |
Abdi Pranata | 8 |
emad | 7 |
Mika | 7 |
DoYeon Park (p6rkdoye0n) | 6 |
NgΓ΄ ThiΓͺn An (ancorn_) | 6 |
Joshua Chan | 5 |
Le Ngoc Anh | 4 |
LEE SE HYOUNG | 4 |
qilin_99 | 4 |
LVT-tholv2k | 4 |
Rafshanzani Suhada | 3 |
Vladislav Pokrovsky (ΞX.MI) | 3 |
Abu Hurayra (HurayraIIT) | 3 |
Skalucy | 3 |
resecured.io | 2 |
Revan Arifio | 2 |
Francesco Carlucci | 2 |
yuyudhn | 2 |
IstvΓ‘n MΓ‘rton | |
(Wordfence Vulnerability Researcher) | 2 |
thiennv | 2 |
Elliot | 2 |
SeungYongLee | 2 |
Phd | 2 |
Abdullah Hussam | 1 |
Sebastian Neef | 1 |
Yudistira Arya | 1 |
Nguyen Xuan Chien | 1 |
Brandon James Roldan (tomorrowisnew) | 1 |
Alex Thomas | |
(Wordfence Vulnerability Researcher) | 1 |
Shahzaib Ali Khan | 1 |
Dmitrii Ignatyev | 1 |
Bob Matyas | 1 |
Krzysztof ZajΔ c | 1 |
Truoc Phan | 1 |
Dave Jong | 1 |
Nguyen Anh Tien | 1 |
Yuchen Ji | 1 |
Arvandy | 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
Software Name | Software Slug |
---|---|
12 Step Meeting List | 12-step-meeting-list |
360 Javascript Viewer | 360deg-javascript-viewer |
AMP for WP β Accelerated Mobile Pages | accelerated-mobile-pages |
Abandoned Cart Lite for WooCommerce | woocommerce-abandoned-cart |
AdFoxly β Ad Manager, AdSense Ads & Ads.txt | adfoxly |
Add to Cart Text Changer and Customize Button, Add Custom Icon | woo-add-to-cart-text-change |
Ads by datafeedr.com | ads-by-datafeedrcom |
Affiliate Booster β Pros & Cons, Notice, and CTA Blocks for Affiliates | affiliatebooster-blocks |
Antispam Bee | antispam-bee |
Aparat | aparat |
Aruba HiSpeed Cache | aruba-hispeed-cache |
Author Box, Guest Author and Co-Authors for Your Posts β Molongui | molongui-authorship |
Automatic Youtube Video Posts Plugin | automatic-youtube-video-posts |
BSK Forms Blacklist | bsk-gravityforms-blacklist |
Backup Migration | backup-backup |
Better Messages β Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss | bp-better-messages |
BigCommerce For WordPress | bigcommerce |
BookingPress β Appointment Booking Calendar Plugin and Online Scheduling Plugin | bookingpress-appointment-booking |
BrainCert β HTML5 Virtual Classroom | html5-virtual-classroom |
Bravo Translate | bravo-translate |
Button Generator β easily Button Builder | button-generation |
CF7 Google Sheets Connector | cf7-google-sheets-connector |
Campaign Monitor for WordPress | forms-for-campaign-monitor |
Chartify β WordPress Chart Plugin | chart-builder |
Chat Bubble β Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back | chat-bubble |
Client Dash | client-dash |
Coming soon and Maintenance mode | coming-soon-page |
CommentLuv | commentluv |
Contact Form 7 | contact-form-7 |
Contact Form β Custom Builder, Payment Form, and More | powr-pack |
Credit Tracker | credit-tracker |
Crypto Converter ![]() |
crypto-converter-widget |
Currency Converter Calculator | currency-converter-calculator |
Database for CF7 | database-for-cf7 |
Debug Log Manager | debug-log-manager |
Delete Post Revisions In WordPress | delete-post-revisions-on-single-click |
Doofinder WP & WooCommerce Search | doofinder-for-woocommerce |
Ecwid Ecommerce Shopping Cart | ecwid-shopping-cart |
Email Address Encoder | email-address-encoder |
Enhanced Text Widget | enhanced-text-widget |
Event post | event-post |
Evergreen Content Poster β Auto Post and Schedule Your Best Content to Social Media | evergreen-content-poster |
Export WP Page to Static HTML/CSS | export-wp-page-to-static-html |
File Gallery | file-gallery |
Form builder to get in touch with visitors, grow your email list and collect payments β Happyforms | happyforms |
Forms by CaptainForm β Form Builder for WordPress | captainform |
Formzu WP | formzu-wp |
GDPR Cookie Consent by Supsystic | gdpr-compliance-by-supsystic |
Gift Up Gift Cards for WordPress and WooCommerce | gift-up |
GoDaddy Email Marketing | godaddy-email-marketing-sign-up-forms |
Guest Author | guest-author |
HDW Player Plugin (Video Player & Video Gallery) | hdw-player-video-player-video-gallery |
HUSKY β Products Filter for WooCommerce Professional | woocommerce-products-filter |
Hubbub Lite (formerly Grow Social) | social-pug |
IdeaPush | ideapush |
Importify β Dropshipping WooCommerce Plugin for Aliexpress, Amazon, Etsy, Alibaba, Walmart & More | importify |
Innovs HR β Complete Human Resource Management System for Your Business | innovs-hr-manager |
JetBlocks for Elementor | jet-blocks |
JetBlog for Elementor | jet-blog |
JetCompareWishlist for Elementor | jet-compare-wishlist |
JetElements | jet-elements |
JetEngine | jet-engine |
JetFormBuilder β Dynamic Blocks Form Builder | jetformbuilder |
JetMenu for Elementor | jet-menu |
JetPopup | jet-popup |
JetProductGallery | jet-woo-product-gallery |
JetReviews for Elementor | jet-reviews |
JetSearch | jet-search |
JetSmartFilters for Elementor | jet-smart-filters |
JetTabs for Elementor | jet-tabs |
JetThemeCore for Elementor | jet-theme-core |
JetTricks for Elementor | jet-tricks |
JetWooBuilder for Elementor | jet-woo-builder |
KP Fastest Tawk.to Chat | kp-fastest-tawk-to-chat |
LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing⦠| ladipage |
List all posts by Authors, nested Categories and Titles | list-all-posts-by-authors-nested-categories-and-titles |
MSync | msync |
Media File Renamer: Rename Files (Manual, Auto & AI) | media-file-renamer |
MkRapel Regiones y Ciudades de Chile para WC | wc-ciudades-y-regiones-de-chile |
Mollie Payments for WooCommerce | mollie-payments-for-woocommerce |
Multiple Post Passwords | multiple-post-passwords |
MyTube PlayList | mytube |
Nested Pages | wp-nested-pages |
NextScripts: Social Networks Auto-Poster | social-networks-auto-poster-facebook-twitter-g |
Ocean Extra | ocean-extra |
Page Builder: Pagelayer β Drag and Drop website builder | pagelayer |
Parallax Slider Block | parallax-slider-block |
Participants Database | participants-database |
Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina) | wp-retina-2x |
PowerPack Pro for Elementor | powerpack-elements |
Prevent Landscape Rotation | prevent-landscape-rotation |
Product Size Chart For WooCommerce | product-size-chart-for-woo |
Qode Essential Addons | qode-essential-addons |
Quotes for WooCommerce | quotes-for-woocommerce |
Razorpay for WooCommerce | woo-razorpay |
RegistrationMagic β Custom Registration Forms, User Registration, Payment, and User Login | custom-registration-form-builder-with-submission-manager |
Related Post | related-post |
Responsive Lightbox & Gallery | responsive-lightbox |
SchedulePress β Best Editorial Calendar, Missed Schedule & Auto Social Share | wp-scheduled-posts |
Seraphinite Accelerator | seraphinite-accelerator |
Sign In Scheduling Online Appointment Booking System | 10to8-online-booking |
Simple Long Form | simple-long-form |
Site Offline Or Coming Soon Or Maintenance Mode | site-offline |
SiteOrigin Widgets Bundle | so-widgets-bundle |
Social Share Buttons & Analytics Plugin β GetSocial.io | wp-share-buttons-analytics-by-getsocial |
SoundCloud Shortcode | soundcloud-shortcode |
SpeedyCache β Cache, Optimization, Performance | speedycache |
Spiffy Calendar | spiffy-calendar |
Swift Performance Lite | swift-performance-lite |
Track Geolocation Of Users Using Contact Form 7 | track-geolocation-of-users-using-contact-form-7 |
UPS, Mondial Relay & Chronopost for WooCommerce β WCMultiShipping | wc-multishipping |
WP Catalogue | wp-catalogue |
WP CleanFix | wp-cleanfix |
WP Event Manager β Events Calendar, Registrations, Sell Tickets with WooCommerce | wp-event-manager |
WP Forms Puzzle Captcha | wp-forms-puzzle-captcha |
WP Pocket URLs | wp-pocket-urls |
WP Shortcodes Plugin β Shortcodes Ultimate | shortcodes-ultimate |
WordPress Brute Force Protection β Stop Brute Force Attacks | guardgiant |
YASR β Yet Another Star Rating Plugin for WordPress | yet-another-stars-rating |
affiliate-toolkit β WordPress Affiliate Plugin | affiliate-toolkit-starter |
canvasio3D Light | canvasio3d-light |
teachPress | teachpress |
which template file | which-template-file |
Software Name | Software Slug |
---|---|
adifier | adifier |
restricted-site-access | restricted-site-access |
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you shouldβve already been notified if your site was affected by any of these vulnerabilities. If you'd like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
Affected Software: HUSKY β Products Filter for WooCommerce Professional CVE ID: CVE-2023-40010 CVSS Score: 9.8 (Critical) Researcher/s: Nguyen Anh Tien Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b905b8ec-d13d-4455-9c5f-61aaa09d75ba>
Affected Software: JetEngine CVE ID: CVE-2023-48757 CVSS Score: 8.8 (High) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ad66015d-7831-4590-9583-3abf7ca43c3b>
Affected Software: CommentLuv CVE ID: CVE-2023-49159 CVSS Score: 8.2 (High) Researcher/s: Yuchen Ji Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/eeef2a59-47a1-4d8d-b815-8c74cc608e6c>
Affected Software: Backup Migration CVE ID: CVE-2023-6266 CVSS Score: 7.5 (High) Researcher/s: Rafshanzani Suhada Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/08801f53-3c57-41a3-a637-4b52637cc612>
Affected Software: CF7 Google Sheets Connector CVE ID: CVE-2023-44989 CVSS Score: 7.5 (High) Researcher/s: Joshua Chan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fad510b7-85f4-4cae-aaf0-eb68a32cf1b4>
Affected Software/s: JetTabs for Elementor, JetBlog for Elementor, JetThemeCore for Elementor, JetCompareWishlist for Elementor, JetElements, JetWooBuilder for Elementor, JetReviews for Elementor, JetTricks for Elementor, JetMenu for Elementor, JetBlocks for Elementor, JetProductGallery, JetSmartFilters for Elementor CVE ID: CVE-2023-48760 CVSS Score: 7.3 (High) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7addc83b-cde5-4f91-b286-70db6f384a9f>
Affected Software: MSync CVE ID: CVE-2023-49166 CVSS Score: 7.2 (High) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1f37ed0e-3e03-4f00-9967-16047beab1cf>
Affected Software: Mollie Payments for WooCommerce CVE ID: CVE-2023-6090 CVSS Score: 7.2 (High) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5d350095-125a-4445-89c1-bce437e4098c>
Affected Software: BookingPress β Appointment Booking Calendar Plugin and Online Scheduling Plugin CVE ID: CVE-2023-6219 CVSS Score: 7.2 (High) Researcher/s: IstvΓ‘n MΓ‘rton Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/710b8e4e-01de-4e99-8cf2-31abc2419b29>
Affected Software: JetEngine CVE ID: CVE-2023-48758 CVSS Score: 7.1 (High) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3f2c97f4-0a6e-4693-a6c8-bd81ca76988c>
Affected Software: WP CleanFix CVE ID: CVE-2023-48775 CVSS Score: 7.1 (High) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/57896fa8-9360-41e8-a60e-8b95d01c25ac>
Affected Software: WordPress Brute Force Protection β Stop Brute Force Attacks CVE ID: CVE-2023-48764 CVSS Score: 6.6 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0d3f7676-5ab0-4fe0-a0be-786f4cf84056>
Affected Software: Contact Form 7 CVE ID: CVE-2023-6449 CVSS Score: 6.6 (Medium) Researcher/s: IstvΓ‘n MΓ‘rton Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5d7fb020-6acb-445e-a46b-bdb5aaf8f2b6>
Affected Software: Bravo Translate CVE ID: CVE-2023-49161 CVSS Score: 6.6 (Medium) Researcher/s: Arvandy Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f256518c-9a3e-4e6e-8d49-d309e397c14d>
Affected Software: Chat Bubble β Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back CVE ID: CVE-2023-48769 CVSS Score: 6.5 (Medium) Researcher/s: Vladislav Pokrovsky (ΞX.MI) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/206261fa-58b6-4407-b8e1-2315836b6c88>
Affected Software: Prevent Landscape Rotation CVE ID: CVE-2023-48772 CVSS Score: 6.5 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4235f279-0975-4814-b156-b45b011e3ce6>
Affected Software: Database for CF7 CVE ID: CVE-2023-49167 CVSS Score: 6.5 (Medium) Researcher/s: Vladislav Pokrovsky (ΞX.MI) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4fcaab95-7940-45f9-a3c2-c3b0dc540b61>
Affected Software: MkRapel Regiones y Ciudades de Chile para WC CVE ID: CVE-2023-48781 CVSS Score: 6.5 (Medium) Researcher/s: qilin_99 Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/70bac5e0-8182-426c-94da-e6832af8c487>
Affected Software: Product Size Chart For WooCommerce CVE ID: CVE-2023-48778 CVSS Score: 6.5 (Medium) Researcher/s: qilin_99 Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7e15f804-f5a9-4e29-8aeb-4ba2b116dc46>
Affected Software: Guest Author CVE ID: CVE Unknown CVSS Score: 6.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0b7d7b64-8194-4b81-83f5-1f3b23109455>
Affected Software: Contact Form β Custom Builder, Payment Form, and More CVE ID: CVE-2023-45609 CVSS Score: 6.4 (Medium) Researcher/s: resecured.io Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0e67ce3b-144f-4ce1-b658-47d865312c6a>
Affected Software: Responsive Lightbox & Gallery CVE ID: CVE-2023-49174 CVSS Score: 6.4 (Medium) Researcher/s: emad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4b60c1e2-5a4b-4a7a-8224-f1afd3888e08>
Affected Software: 12 Step Meeting List CVE ID: CVE-2023-46641 CVSS Score: 6.4 (Medium) Researcher/s: Shahzaib Ali Khan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4d6e9cb0-6b90-4a5b-8626-0b3f378fbc92>
Affected Software: WP Shortcodes Plugin β Shortcodes Ultimate CVE ID: CVE-2023-6225 CVSS Score: 6.4 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/558e36f6-4678-46a2-8154-42770fbb5574>
Affected Software: WP Catalogue CVE ID: CVE-2023-48780 CVSS Score: 6.4 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5684d4b7-8a3e-47ee-9d7b-195cb5db9a66>
Affected Software: Ads by datafeedr.com CVE ID: CVE-2023-49169 CVSS Score: 6.4 (Medium) Researcher/s: NgΓ΄ ThiΓͺn An (ancorn_) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/61c71bbf-ddae-4f35-ac8d-9753fb3fb67f>
Affected Software: Event post CVE ID: CVE-2023-49179 CVSS Score: 6.4 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6a92b96b-ecbc-4414-8e42-04b5c3a02131>
Affected Software: Formzu WP CVE ID: CVE-2023-49160 CVSS Score: 6.4 (Medium) Researcher/s: resecured.io Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7ee73abf-0ab8-48ab-bd94-18ed66f877fd>
Affected Software: AMP for WP β Accelerated Mobile Pages CVE ID: CVE-2023-48321 CVSS Score: 6.4 (Medium) Researcher/s: NgΓ΄ ThiΓͺn An (ancorn_) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/983e8ec0-fec4-4420-8ef6-6bf43881f5f1>
Affected Software: Currency Converter Calculator CVE ID: CVE-2023-49149 CVSS Score: 6.4 (Medium) Researcher/s: NgΓ΄ ThiΓͺn An (ancorn_) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9a423266-89e1-422d-b1e3-6368051eb2fe>
Affected Software: Sign In Scheduling Online Appointment Booking System CVE ID: CVE-2023-49173 CVSS Score: 6.4 (Medium) Researcher/s: NgΓ΄ ThiΓͺn An (ancorn_) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9fbb5ed0-ed76-44fe-88c4-eb05ad87e510>
Affected Software: Better Messages β Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss CVE ID: CVE-2023-49168 CVSS Score: 6.4 (Medium) Researcher/s: Rafshanzani Suhada Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a4ccc7f8-c8e0-457a-b437-2a23530a9df4>
Affected Software: Email Address Encoder CVE ID: CVE-2023-48765 CVSS Score: 6.4 (Medium) Researcher/s: LVT-tholv2k Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ab5b7dc4-113d-4f58-956e-2a9284e1e25e>
Affected Software: Parallax Slider Block CVE ID: CVE-2023-49184 CVSS Score: 6.4 (Medium) Researcher/s: emad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ae3974e6-cba1-4976-a6af-9e60557cfde8>
Affected Software: Credit Tracker CVE ID: CVE-2023-49152 CVSS Score: 6.4 (Medium) Researcher/s: NgΓ΄ ThiΓͺn An (ancorn_) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b611f3ba-ac36-49fc-a75f-10003c5ca955>
Affected Software: Crypto Converter Widget CVE ID: CVE-2023-49150 CVSS Score: 6.4 (Medium) Researcher/s: NgΓ΄ ThiΓͺn An (ancorn_) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d621869c-31f7-4243-9815-f6d1bbe469e2>
Affected Software: Aparat CVE ID: CVE-2023-48770 CVSS Score: 6.4 (Medium) Researcher/s: Rafshanzani Suhada Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e6d14dd6-ff1c-475b-8cff-efc7736124b4>
Affected Software: Related Post CVE ID: CVE Unknown CVSS Score: 6.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f08ca5e3-8b48-4333-9c42-cc103d40394c>
Affected Software: Spiffy Calendar CVE ID: CVE Unknown CVSS Score: 6.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f433edb4-a8df-4548-a401-0089b605bbe5>
Affected Software/s: JetSearch, JetTabs for Elementor, JetBlog for Elementor, JetThemeCore for Elementor, JetCompareWishlist for Elementor, JetElements, JetPopup, JetWooBuilder for Elementor, JetReviews for Elementor, JetEngine, JetTricks for Elementor, JetMenu for Elementor, JetBlocks for Elementor, JetProductGallery, JetSmartFilters for Elementor CVE ID: CVE-2023-48761 CVSS Score: 6.3 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/893500ba-cc16-4429-bbe1-725aa65589c9>
Affected Software: File Gallery CVE ID: CVE-2023-48771 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0b51caf3-eff4-491f-b354-7d8939548a64>
Affected Software: affiliate-toolkit β WordPress Affiliate Plugin CVE ID: CVE-2023-46086 CVSS Score: 6.1 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0f45738b-fff6-438e-8870-508c622c1752>
Affected Software: NextScripts: Social Networks Auto-Poster CVE ID: CVE-2023-49183 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/15f00b65-8304-4132-a2cf-8145444ecfb1>
Affected Software: adifier CVE ID: CVE-2023-49187 CVSS Score: 6.1 (Medium) Researcher/s: Vladislav Pokrovsky (ΞX.MI) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2250d512-dfe0-47d3-a61f-4e501d105f30>
Affected Software: JetBlocks for Elementor CVE ID: CVE-2023-48756 CVSS Score: 6.1 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2614ca26-6efc-49f5-8cee-5b078721acc1>
Affected Software: WP Forms Puzzle Captcha CVE ID: CVE-2023-48278 CVSS Score: 6.1 (Medium) Researcher/s: qilin_99 Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2f34854a-5ca1-48a3-81d5-80f80f3a85fc>
Affected Software: PowerPack Pro for Elementor CVE ID: CVE-2023-49739 CVSS Score: 6.1 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2feabc97-0463-4e50-91a8-234445ca2504>
Affected Software: MyTube PlayList CVE ID: CVE-2023-48767 CVSS Score: 6.1 (Medium) Researcher/s: Abu Hurayra (HurayraIIT) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/523cfed4-0422-40f3-8d81-d7862bcb1792>
Affected Software: Seraphinite Accelerator CVE ID: CVE-2023-49740 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/53356d15-8db0-4015-addf-9bf66446e81f>
Affected Software: List all posts by Authors, nested Categories and Titles CVE ID: CVE-2023-49182 CVSS Score: 6.1 (Medium) Researcher/s: Skalucy Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6b84df5b-ff93-43b3-b9e4-cf963cf2af10>
Affected Software: BrainCert β HTML5 Virtual Classroom CVE ID: CVE-2023-49172 CVSS Score: 6.1 (Medium) Researcher/s: Abu Hurayra (HurayraIIT) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/76b3b5b7-fefe-44fb-a30e-c55226d4aaea>
Affected Software: HDW Player Plugin (Video Player & Video Gallery) CVE ID: CVE-2023-49178 CVSS Score: 6.1 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/778aa2be-ffcb-4d28-9efe-c29c8d5391bd>
Affected Software: Forms by CaptainForm β Form Builder for WordPress CVE ID: CVE-2023-49170 CVSS Score: 6.1 (Medium) Researcher/s: Abu Hurayra (HurayraIIT) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7f690ea9-b773-49d4-9fa4-2a8bb7593d62>
Affected Software: WP Pocket URLs CVE ID: CVE-2023-49176 CVSS Score: 6.1 (Medium) Researcher/s: SeungYongLee Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8a22873f-6f09-4183-92c5-a84e0d378920>
Affected Software: Campaign Monitor for WordPress CVE ID: CVE-2023-38474 CVSS Score: 6.1 (Medium) Researcher/s: Phd Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a4d7cab5-1641-4ed3-92c7-ad7594dcb74b>
Affected Software: which template file CVE ID: CVE-2023-49177 CVSS Score: 6.1 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/be3208c8-aceb-4ac9-91e1-d5de5a85f74d>
Affected Software: Doofinder WP & WooCommerce Search CVE ID: CVE-2023-49185 CVSS Score: 6.1 (Medium) Researcher/s: Phd Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e46a2031-e304-43fb-85bf-ec9abf0b2f90>
Affected Software: Innovs HR β Complete Human Resource Management System for Your Business CVE ID: CVE-2023-49171 CVSS Score: 6.1 (Medium) Researcher/s: SeungYongLee Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f43b5c02-fb10-48f1-9457-f67c5008fe5b>
Affected Software: Form builder to get in touch with visitors, grow your email list and collect payments β Happyforms CVE ID: CVE-2023-48752 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ff986a66-93f7-4926-8818-7af745c0166c>
Affected Software: SiteOrigin Widgets Bundle CVE ID: CVE-2023-6295 CVSS Score: 5.9 (Medium) Researcher/s: Sebastian Neef Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1dbdc673-b0ee-4d1d-8cd9-603056f41cda>
Affected Software: Automatic Youtube Video Posts Plugin CVE ID: CVE-2023-49180 CVSS Score: 5.5 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6a595b3c-2b21-43fe-8d4e-6721f4541c9b>
Affected Software: Client Dash CVE ID: CVE-2023-49165 CVSS Score: 5.5 (Medium) Researcher/s: emad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7f8839cf-9e48-4981-8a0d-bb0c06cdf441>
Affected Software: WP Event Manager β Events Calendar, Registrations, Sell Tickets with WooCommerce CVE ID: CVE-2023-49181 CVSS Score: 5.5 (Medium) Researcher/s: emad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f25b2a4b-d863-4f24-ae67-4c8e41602c6f>
Affected Software: canvasio3D Light CVE ID: CVE-2023-48776 CVSS Score: 5.4 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/11795557-74c0-469a-9751-adc759f9214b>
Affected Software: Export WP Page to Static HTML/CSS CVE ID: CVE-2023-6369 CVSS Score: 5.4 (Medium) Researcher/s: Alex Thomas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/47cb48aa-b556-4f25-ac68-ff0a812972c1>
Affected Software: Abandoned Cart Lite for WooCommerce CVE ID: CVE-2023-41671 CVSS Score: 5.4 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/51cfe955-f854-4f88-a009-93f92ae13d86>
Affected Software: UPS, Mondial Relay & Chronopost for WooCommerce β WCMultiShipping CVE ID: CVE Unknown CVSS Score: 5.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/16a3469d-6264-4ed7-b6ae-fdd7a80c8ca5>
Affected Software: Abandoned Cart Lite for WooCommerce CVE ID: CVE Unknown CVSS Score: 5.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1ce1316b-674a-4436-968f-9ffca4e8f726>
Affected Software: Hubbub Lite (formerly Grow Social) CVE ID: CVE-2023-49193 CVSS Score: 5.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/22b17fcb-0c97-462d-b67c-6da2919478d5>
Affected Software: Enhanced Text Widget CVE ID: CVE-2023-49192 CVSS Score: 5.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/25122475-fc2c-4a8c-90d3-f4a85fb3a8cc>
Affected Software: 360 Javascript Viewer CVE ID: CVE-2023-48779 CVSS Score: 5.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/25a8169d-1057-4cf2-9048-fb85f62d6ead>
Affected Software: YASR β Yet Another Star Rating Plugin for WordPress CVE ID: CVE-2023-39305 CVSS Score: 5.3 (Medium) Researcher/s: Revan Arifio Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/395b016f-018c-458d-a585-34f3de3eae5c>
Affected Software: Page Builder: Pagelayer β Drag and Drop website builder CVE ID: CVE Unknown CVSS Score: 5.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3a0c8ecc-f0a1-41fa-a5f7-2d65d610efc0>
Affected Software: Participants Database CVE ID: CVE-2023-48751 CVSS Score: 5.3 (Medium) Researcher/s: Yudistira Arya Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3cd2b2ba-c4ec-4799-91b4-b38c462baee4>
Affected Software: Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina) CVE ID: CVE-2023-44982 CVSS Score: 5.3 (Medium) Researcher/s: Joshua Chan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/52c2aae5-17c2-45eb-b55f-bb27555fb1f7>
Affected Software: WP Forms Puzzle Captcha CVE ID: CVE-2023-48276 CVSS Score: 5.3 (Medium) Researcher/s: qilin_99 Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/58502e48-c1cf-4b94-954c-71046256c917>
Affected Software: Media File Renamer: Rename Files (Manual, Auto & AI) CVE ID: CVE-2023-44991 CVSS Score: 5.3 (Medium) Researcher/s: Joshua Chan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/71e55161-f5ad-44e5-8a61-ce48c05e6dba>
Affected Software: Aruba HiSpeed Cache CVE ID: CVE-2023-44983 CVSS Score: 5.3 (Medium) Researcher/s: Joshua Chan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7391dd8c-0170-48c6-8451-9e7a00e268d0>
Affected Software: Button Generator β easily Button Builder CVE ID: CVE-2023-49154 CVSS Score: 5.3 (Medium) Researcher/s: Elliot Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/73dd286e-5338-42d2-9928-1e14150ccf56>
Affected Software: restricted-site-access CVE ID: CVE-2023-48753 CVSS Score: 5.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/804169d3-a53a-42ba-821d-e9647ac075c4>
Affected Software: Importify β Dropshipping WooCommerce Plugin for Aliexpress, Amazon, Etsy, Alibaba, Walmart & More CVE ID: CVE-2023-49194 CVSS Score: 5.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/830ff660-0265-46e5-8d16-ecd03cdf9f52>
Affected Software: Swift Performance Lite CVE ID: CVE-2023-6289 CVSS Score: 5.3 (Medium) Researcher/s: Krzysztof ZajΔ c Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8321f68f-da2d-4382-979d-54008de2cae7>
Affected Software: Gift Up Gift Cards for WordPress and WooCommerce CVE ID: CVE Unknown CVSS Score: 5.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/95abec2d-a03a-4b07-8890-18568650c41f>
Affected Software: teachPress CVE ID: CVE-2023-48755 CVSS Score: 5.3 (Medium) Researcher/s: LVT-tholv2k Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9956e04c-ff59-40c0-a8ab-3e2ed2c52d7f>
Affected Software: Coming soon and Maintenance mode CVE ID: CVE-2023-49741 CVSS Score: 5.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9fd9c076-d36c-4cda-b636-aa65195956d2>
Affected Software: JetElements CVE ID: CVE-2023-48759 CVSS Score: 5.3 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d199e597-64ed-4dcc-a153-b5c8e4e9e93d>
Affected Software: BigCommerce For WordPress CVE ID: CVE-2023-49162 CVSS Score: 5.3 (Medium) Researcher/s: Joshua Chan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e3a7e0b6-dc6d-4e3a-bb05-12d6ace330df>
Affected Software: JetFormBuilder β Dynamic Blocks Form Builder CVE ID: CVE-2023-48763 CVSS Score: 5.3 (Medium) Researcher/s: Revan Arifio Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f0343861-a376-43ea-826e-277c2a5ea635>
Affected Software: Antispam Bee CVE ID: CVE-2023-41134 CVSS Score: 5.3 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fb102891-b4a8-4089-b70c-43866ad85b7b>
Affected Software: KP Fastest Tawk.to Chat CVE ID: CVE-2023-49175 CVSS Score: 4.4 (Medium) Researcher/s: emad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/02ddfc75-8a9e-4a8e-8339-52348a963c69>
Affected Software: GDPR Cookie Consent by Supsystic CVE ID: CVE-2023-49191 CVSS Score: 4.4 (Medium) Researcher/s: DoYeon Park (p6rkdoye0n) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/158a63c1-1b2e-4fbf-ac86-43471ba8ebc2>
Affected Software: Author Box, Guest Author and Co-Authors for Your Posts β Molongui CVE ID: CVE-2023-39921 CVSS Score: 4.4 (Medium) Researcher/s: Abdullah Hussam Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/16130c5d-9865-4953-b078-0b448722e36d>
Affected Software: Chartify β WordPress Chart Plugin CVE ID: CVE Unknown CVSS Score: 4.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/18cbf346-91a3-4856-930e-7753eb1470d9>
Affected Software: SoundCloud Shortcode CVE ID: CVE-2023-34018 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5084afcc-b6fc-4d89-9ad7-c4ea3e4dae82>
Affected Software: Social Share Buttons & Analytics Plugin β GetSocial.io CVE ID: CVE-2023-49189 CVSS Score: 4.4 (Medium) Researcher/s: DoYeon Park (p6rkdoye0n) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/513124f6-ea14-46ca-94c5-f9fa15b19d8c>
Affected Software: Simple Long Form CVE ID: CVE-2023-41136 CVSS Score: 4.4 (Medium) Researcher/s: DoYeon Park (p6rkdoye0n) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/68c22e71-c704-44c1-86e6-856f6244393d>
Affected Software: Track Geolocation Of Users Using Contact Form 7 CVE ID: CVE-2023-49188 CVSS Score: 4.4 (Medium) Researcher/s: DoYeon Park (p6rkdoye0n) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/724d8f79-f683-4b06-841d-a9104c87f3c6>
Affected Software: BSK Forms Blacklist CVE ID: CVE-2023-5980 CVSS Score: 4.4 (Medium) Researcher/s: Bob Matyas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8283a502-6fb8-43ff-8f46-8afbfdbb22f7>
Affected Software: Multiple Post Passwords CVE ID: CVE-2023-49157 CVSS Score: 4.4 (Medium) Researcher/s: DoYeon Park (p6rkdoye0n) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8f220293-9789-4824-b736-ead014c45366>
Affected Software: Site Offline Or Coming Soon Or Maintenance Mode CVE ID: CVE-2023-49190 CVSS Score: 4.4 (Medium) Researcher/s: emad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/96f30a22-f218-48e7-9796-b9f1d5becc2c>
Affected Software: Evergreen Content Poster β Auto Post and Schedule Your Best Content to Social Media CVE ID: CVE-2023-41127 CVSS Score: 4.4 (Medium) Researcher/s: DoYeon Park (p6rkdoye0n) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d7b67c83-7fb7-4bac-a8eb-7fc318f2ff50>
Affected Software: Nested Pages CVE ID: CVE-2023-49195 CVSS Score: 4.4 (Medium) Researcher/s: emad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ec9029a3-be05-469a-a8e2-20987a4a4ad9>
Affected Software/s: JetSearch, JetTabs for Elementor, JetBlog for Elementor, JetThemeCore for Elementor, JetCompareWishlist for Elementor, JetElements, JetPopup, JetWooBuilder for Elementor, JetReviews for Elementor, JetEngine, JetTricks for Elementor, JetMenu for Elementor, JetBlocks for Elementor, JetProductGallery, JetSmartFilters for Elementor CVE ID: CVE-2023-48762 CVSS Score: 4.3 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1c85e5e0-d8ee-46d3-99b1-df6c6744f020>
Affected Software: teachPress CVE ID: CVE-2023-49163 CVSS Score: 4.3 (Medium) Researcher/s: LVT-tholv2k Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3544357f-97c9-49cb-a48d-74b60480111d>
Affected Software: Qode Essential Addons CVE ID: CVE-2023-47840 CVSS Score: 4.3 (Medium) Researcher/s: Brandon James Roldan (tomorrowisnew) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/443c59b9-275d-4d17-a870-9ae013c1a5c1>
Affected Software: WP Shortcodes Plugin β Shortcodes Ultimate CVE ID: CVE-2023-6226 CVSS Score: 4.3 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4d936a48-b300-4a41-8d28-ba34cb3c5cb7>
Affected Software: IdeaPush CVE ID: CVE-2023-48774 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5811fc63-da34-43cb-ae33-a34a8795bb72>
Affected Software: Quotes for WooCommerce CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5f7a5d4b-8ba2-45d8-92d4-3c66a81fb4f8>
Affected Software: Quotes for WooCommerce CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6954364e-567c-407c-afc6-983b7257cc88>
Affected Software: RegistrationMagic β Custom Registration Forms, User Registration, Payment, and User Login CVE ID: CVE-2023-47645 CVSS Score: 4.3 (Medium) Researcher/s: thiennv Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7dcde10d-4eb7-42fe-926e-05e56affc521>
Affected Software: Debug Log Manager CVE ID: CVE-2023-5772 CVSS Score: 4.3 (Medium) Researcher/s: Dmitrii Ignatyev Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7e539549-1125-4b0e-aa3c-c8844041c23a>
Affected Software: LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing⦠CVE ID: CVE-2023-49158 CVSS Score: 4.3 (Medium) Researcher/s: Truoc Phan Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8f88ff96-5bd7-448d-a030-e75fd268bff6>
Affected Software: Ocean Extra CVE ID: CVE-2023-49164 CVSS Score: 4.3 (Medium) Researcher/s: Dave Jong Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ac111175-2059-41dc-afa2-a659da3adaca>
Affected Software: SpeedyCache β Cache, Optimization, Performance CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ac7c0dde-5299-4938-beed-eb2fe227a812>
Affected Software: Button Generator β easily Button Builder CVE ID: CVE-2023-49155 CVSS Score: 4.3 (Medium) Researcher/s: Elliot Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b73467de-fb0c-45e3-b3ae-5158b261907b>
Affected Software: Add to Cart Text Changer and Customize Button, Add Custom Icon CVE ID: CVE-2023-49153 CVSS Score: 4.3 (Medium) Researcher/s: Skalucy Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c4470c03-64fc-46d9-b224-de5a3149c3d5>
Affected Software: GoDaddy Email Marketing CVE ID: CVE-2023-49156 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c8d9d19e-a080-40e9-8a71-01888393f618>
Affected Software: SchedulePress β Best Editorial Calendar, Missed Schedule & Auto Social Share CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cd2c9b28-d5b5-4930-a441-f889ee2778cd>
Affected Software: Ecwid Ecommerce Shopping Cart CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/db5d6cc9-24d7-42bf-905e-4c3764c659ed>
Affected Software: AdFoxly β Ad Manager, AdSense Ads & Ads.txt CVE ID: CVE-2023-46617 CVSS Score: 4.3 (Medium) Researcher/s: LVT-tholv2k Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e46513d2-65d0-4215-99a7-051603ec4569>
Affected Software: Affiliate Booster β Pros & Cons, Notice, and CTA Blocks for Affiliates CVE ID: CVE-2023-49148 CVSS Score: 4.3 (Medium) Researcher/s: LEE SE HYOUNG Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e4b9eeb9-7ce4-446d-8ac0-af9cea0c893a>
Affected Software: Razorpay for WooCommerce CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e6a2b2f6-c648-4755-be24-92c7f287813e>
Affected Software: Delete Post Revisions In WordPress CVE ID: CVE-2023-48754 CVSS Score: 4.3 (Medium) Researcher/s: Skalucy Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f1946a48-c1d6-4ca9-909f-0d4b78c25c36>
Affected Software: Razorpay for WooCommerce CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f59cf3d6-06a0-42ec-a604-5f59c6b2be40>
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfenceβs highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (November 27, 2023 to December 3, 2023) appeared first on Wordfence.