Did you know we're running a Bug Bounty Extravaganza again?
Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure!
Last week, there were 95 vulnerabilities disclosed in 65 WordPress Plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 33 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 12,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
_Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published. _
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Patch Status | Number of Vulnerabilities |
---|---|
Unpatched | 13 |
Patched | 82 |
Severity Rating | Number of Vulnerabilities |
---|---|
Low Severity | 2 |
Medium Severity | 82 |
High Severity | 7 |
Critical Severity | 4 |
Vulnerability Type by CWE | Number of Vulnerabilities |
---|---|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 30 |
Cross-Site Request Forgery (CSRF) | 21 |
Missing Authorization | 18 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 5 |
Information Exposure | 3 |
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | 3 |
Deserialization of Untrusted Data | 2 |
Authorization Bypass Through User-Controlled Key | 2 |
Improper Access Control | 2 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 2 |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') | 1 |
Uncontrolled Resource Consumption ('Resource Exhaustion') | 1 |
Server-Side Request Forgery (SSRF) | 1 |
Insecure Storage of Sensitive Information | 1 |
Incorrect Authorization | 1 |
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') | 1 |
Improper Authorization | 1 |
Researcher Name | Number of Vulnerabilities |
---|---|
Francesco Carlucci | 24 |
Lucio Sá | 10 |
Dhabaleshwar Das | 7 |
Webbernaut | 6 |
Dimas Maulana | 3 |
Ngô Thiên An (ancorn_) | 3 |
Krzysztof Zając | 3 |
beluga | 2 |
Sh | 2 |
Rhynorater | 2 |
kodaichodai | 2 |
Kyle Sanchez | 2 |
Felipe Restrepo Rodriguez (pfelilpe) | 2 |
István Márton | |
(Wordfence Vulnerability Researcher) | 2 |
Rafie Muhammad | 2 |
Sean Murphy | 2 |
stealthcopter | 2 |
hir0ot | 1 |
Dave Jong | 1 |
Le Ngoc Anh | 1 |
villu164 | 1 |
Colin Xu | 1 |
Christian Angel | 1 |
LVT-tholv2k | 1 |
wesley (wcraft) | 1 |
Dmitrii Ignatyev | 1 |
Abu Hurayra (HurayraIIT) | 1 |
Muhammad Hassham Nagori | 1 |
Abdi Pranata | 1 |
Skalucy | 1 |
Pham Ho Anh Dung | 1 |
Savphill | 1 |
Scott Kingsley Clark | 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
Software Name | Software Slug |
---|---|
3D Tag Cloud | cardoza-3d-tag-cloud |
AMP for WP – Accelerated Mobile Pages | accelerated-mobile-pages |
Admin Menu Editor | admin-menu-editor |
Advanced Forms for ACF | advanced-forms |
All 404 Pages Redirect to Homepage | all-404-pages-redirect-to-homepage |
All-In-One Security (AIOS) – Security and Firewall | all-in-one-wp-security-and-firewall |
Apollo13 Framework Extensions | apollo13-framework-extensions |
Awesome Support – WordPress HelpDesk & Support Plugin | awesome-support |
Backuply – Backup, Restore, Migrate and Clone | backuply |
Basic Log Viewer | wpsimpletools-log-viewer |
Before After Image Slider WP | before-after-image-slider |
Buttons Shortcode and Widget | buttons-shortcode-and-widget |
Contact Form 7 Connector | ari-cf7-connector |
Content Cards | content-cards |
Coupon Referral Program | coupon-referral-program |
Custom Twitter Feeds – A Tweets Widget or X Feed Widget | custom-twitter-feeds |
Customer Reviews for WooCommerce | customer-reviews-woocommerce |
Elementor Addon Elements | addon-elements-for-elementor-page-builder |
Elementor Addons by Livemesh | addons-for-elementor |
Elementor Website Builder – More than Just a Page Builder | elementor |
Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin | wp-event-solution |
Honeypot for WP Comment | honeypot-for-wp-comment |
ImageRecycle pdf & image compression | imagerecycle-pdf-image-compression |
InfiniteWP Client | iwp-client |
Insert PHP Code Snippet | insert-php-code-snippet |
Internal Link Juicer: SEO Auto Linker for WordPress | internal-links |
Link Library | link-library |
Login Lockdown – Protect Login Form | login-lockdown |
Matomo Analytics – Ethical Stats. Powerful Insights. | matomo |
Meta Box – WordPress Custom Fields Framework | meta-box |
Minimal Coming Soon – Coming Soon Page | minimal-coming-soon-maintenance-mode |
My Calendar | my-calendar |
NextMove Lite – Thank You Page for WooCommerce | woo-thank-you-page-nextmove-lite |
PPWP – Password Protect Pages | password-protect-page |
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions | paid-memberships-pro |
Passster – Password Protect Pages and Content | content-protector |
Payment Forms for Paystack | payment-forms-for-paystack |
Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress | contest-gallery |
Podlove Podcast Publisher | podlove-podcasting-plugin-for-wordpress |
Podlove Subscribe button | podlove-subscribe-button |
Polls CP | cp-polls |
Portugal CTT Tracking for WooCommerce | portugal-ctt-tracking-woocommerce |
PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) | powerpack-lite-for-elementor |
Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, Product Slider, Ecommerce Slider) | bdthemes-prime-slider-lite |
Product Labels For Woocommerce (Sale Badges) | aco-product-labels-for-woocommerce |
Quiz Maker | quiz-maker |
RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator | feedzy-rss-feeds |
RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging | wp-rss-aggregator |
Royal Elementor Addons and Templates | royal-elementor-addons |
Shariff Wrapper | shariff |
Shield Security – Smart Bot Blocking & Intrusion Prevention Security | wp-simple-firewall |
Simple Page Access Restriction | simple-page-access-restriction |
Starbox – the Author Box for Humans | starbox |
Themify Builder | themify-builder |
Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) | timeline-widget-addon-for-elementor |
VK Poster Group | vk-poster-group |
WP 404 Auto Redirect to Similar Post | wp-404-auto-redirect-to-similar-post |
WP Booking Calendar | booking |
WP Club Manager – WordPress Sports Club Plugin | wp-club-manager |
WP Contact Form | wp-contact-form |
WP Recipe Maker | wp-recipe-maker |
WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc | wp-sms |
WP Shortcodes Plugin — Shortcodes Ultimate | shortcodes-ultimate |
Wonder Slider Lite | wonderplugin-slider-lite |
Woocommerce Vietnam Checkout | woo-vietnam-checkout |
Software Name | Software Slug |
---|---|
Blocksy | blocksy |
Royal Elementor Kit | [royal-elementor-kit](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/Royal Elementor Kit>) |
brooklyn | brooklyn |
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you'd like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
Affected Software: Shield Security – Smart Bot Blocking & Intrusion Prevention Security CVE ID: CVE-2023-6989 CVSS Score: 9.8 (Critical) Researcher/s: hir0ot Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/063826cc-7ff3-4869-9831-f6a4a4bbe74c>
Affected Software: Coupon Referral Program CVE ID: CVE-2024-25100 CVSS Score: 9.8 (Critical) Researcher/s: Dave Jong Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0e556ca2-1b83-4589-bff8-64323eb594e7>
Affected Software: WP Booking Calendar CVE ID: CVE-2024-1207 CVSS Score: 9.8 (Critical) Researcher/s: Muhammad Hassham Nagori Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7802ed1f-138c-4a3d-916c-80fb4f7699b2>
Affected Software: Honeypot for WP Comment CVE ID: CVE-2024-1350 CVSS Score: 9.1 (Critical) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b6b0bb48-eb61-4236-a03f-19d5d2084a75>
Affected Software: Elementor Website Builder – More than Just a Page Builder CVE ID: CVE-2024-24934 CVSS Score: 8.8 (High) Researcher/s: Rhynorater Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4915b769-9499-40ac-835e-279e3a910558>
Affected Software: Awesome Support – WordPress HelpDesk & Support Plugin CVE ID: CVE-2024-0594 CVSS Score: 8.8 (High) Researcher/s: Krzysztof Zając Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8494a0f6-7079-4fba-9901-76932b002c5a>
Affected Software: WP Recipe Maker CVE ID: CVE-2024-1206 CVSS Score: 8.8 (High) Researcher/s: Lucio Sá Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b10d8f8a-517f-4286-b501-0ca040529362>
Affected Software: RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator CVE ID: CVE-2024-1317 CVSS Score: 8.8 (High) Researcher/s: Lucio Sá Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cf57aeaa-e37e-4b22-aeaa-f0a9f4877484>
Affected Software: Podlove Subscribe button CVE ID: CVE-2024-1118 CVSS Score: 8.8 (High) Researcher/s: Lucio Sá Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f234f05f-e377-4e89-81e1-f47ff44eebc5>
Affected Software: Backuply – Backup, Restore, Migrate and Clone CVE ID: CVE-2024-0842 CVSS Score: 7.5 (High) Researcher/s: villu164 Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1f955d88-ab4c-4cf4-a23b-91119d412716>
Affected Software: brooklyn CVE ID: CVE-2024-24926 CVSS Score: 7.5 (High) Researcher/s: Rafie Muhammad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5dd962a5-ec0e-415f-8efa-91e78bb80d16>
Affected Software: NextMove Lite – Thank You Page for WooCommerce CVE ID: CVE-2024-25092 CVSS Score: 6.5 (Medium) Researcher/s: beluga Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0b04ab77-880b-423a-bba6-59822f0463bc>
Affected Software: RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator CVE ID: CVE-2024-1318 CVSS Score: 6.5 (Medium) Researcher/s: Lucio Sá Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/181edcec-a57d-4516-935d-6777d2de77ae>
Affected Software: AMP for WP – Accelerated Mobile Pages CVE ID: CVE-2024-1043 CVSS Score: 6.5 (Medium) Researcher/s: Sean Murphy Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ffb70e82-355b-48f3-92d0-19659ed2550e>
Affected Software: WP Shortcodes Plugin — Shortcodes Ultimate CVE ID: CVE-2024-0792 CVSS Score: 6.4 (Medium) Researcher/s: Webbernaut Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0d8c043c-e347-4dc8-8a72-943a7e6c4394>
Affected Software: Starbox – the Author Box for Humans CVE ID: CVE-2023-6806 CVSS Score: 6.4 (Medium) Researcher/s: Sh Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1f413fc2-8543-4478-987d-d983581027bf>
Affected Software: Royal Elementor Addons and Templates CVE ID: CVE-2024-0442 CVSS Score: 6.4 (Medium) Researcher/s: Webbernaut Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/256b4818-290b-4660-8e83-c18b068a8959>
Affected Software: Meta Box – WordPress Custom Fields Framework CVE ID: CVE-2023-6526 CVSS Score: 6.4 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2a6bfc87-6135-4d49-baa2-e8e6291148dc>
Affected Software: Apollo13 Framework Extensions CVE ID: CVE-2024-24880 CVSS Score: 6.4 (Medium) Researcher/s: LVT-tholv2k Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/33386b7b-fae3-42a4-96d3-df3cdc342317>
Affected Software: Content Cards CVE ID: CVE-2024-24928 CVSS Score: 6.4 (Medium) Researcher/s: Ngô Thiên An (ancorn_) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3e7d10ab-2525-407b-b814-ef7d884d5287>
Affected Software: Elementor Website Builder – More than Just a Page Builder CVE ID: CVE-2024-0506 CVSS Score: 6.4 (Medium) Researcher/s: wesley (wcraft) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4473d3f6-e324-40f5-b92b-167f76b17332>
Affected Software: Elementor Addon Elements CVE ID: CVE-2024-0834 CVSS Score: 6.4 (Medium) Researcher/s: Webbernaut Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6ebb5654-ba3e-4f18-8720-a6595a771964>
Affected Software: Elementor Addons by Livemesh CVE ID: CVE-2024-1235 CVSS Score: 6.4 (Medium) Researcher/s: Webbernaut Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/70bda4b7-e442-4956-b3cb-8df96043bcde>
Affected Software: Payment Forms for Paystack CVE ID: CVE-2023-5665 CVSS Score: 6.4 (Medium) Researcher/s: István Márton Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/98f80608-f24f-4019-a757-de71cba9902f>
Affected Software: Before After Image Slider WP CVE ID: CVE-2024-24931 CVSS Score: 6.4 (Medium) Researcher/s: Ngô Thiên An (ancorn_) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/af76e32b-ba7d-4eaa-97c8-ed6a25e8f387>
Affected Software: My Calendar CVE ID: CVE Unknown CVSS Score: 6.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d039ba8f-0452-4c14-a655-7f6880c1f1b4>
Affected Software: Buttons Shortcode and Widget CVE ID: CVE-2024-24930 CVSS Score: 6.4 (Medium) Researcher/s: Ngô Thiên An (ancorn_) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ea6e0856-ba3d-4fa1-ac90-45a51ff994ef>
Affected Software: VK Poster Group CVE ID: CVE-2024-24932 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/14f030bd-8d8d-4152-817d-d72c9b7a0152>
Affected Software: Matomo Analytics – Ethical Stats. Powerful Insights. CVE ID: CVE-2023-6923 CVSS Score: 6.1 (Medium) Researcher/s: Felipe Restrepo Rodriguez (pfelilpe) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2e2d54eb-c176-49c4-a4fc-833e17189cad>
Affected Software: WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc CVE ID: CVE-2024-24881 CVSS Score: 6.1 (Medium) Researcher/s: Dimas Maulana Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/31f7dc1e-2008-4672-85ba-56fa35f4f0e1>
Affected Software: WP 404 Auto Redirect to Similar Post CVE ID: CVE-2024-0509 CVSS Score: 6.1 (Medium) Researcher/s: kodaichodai Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6eef5549-3f89-4d6f-8c4e-6e4ee6082042>
Affected Software: Wonder Slider Lite CVE ID: CVE-2024-24877 CVSS Score: 6.1 (Medium) Researcher/s: Dimas Maulana Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/712d2d8b-2103-4262-807e-bb26cabb771c>
Affected Software: brooklyn CVE ID: CVE-2024-24927 CVSS Score: 6.1 (Medium) Researcher/s: Rafie Muhammad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/724d8382-cef3-4584-a255-c2ecc7c986b3>
Affected Software: Link Library CVE ID: CVE-2024-24879 CVSS Score: 6.1 (Medium) Researcher/s: beluga Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9d5f9d2e-6719-4ce7-bbdd-afaf437bd080>
Affected Software: Portugal CTT Tracking for WooCommerce CVE ID: CVE-2024-24878 CVSS Score: 6.1 (Medium) Researcher/s: stealthcopter Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a69e6ca8-efd6-4b89-ae63-b320f9936842>
Affected Software: All-In-One Security (AIOS) – Security and Firewall CVE ID: CVE-2024-1037 CVSS Score: 6.1 (Medium) Researcher/s: stealthcopter Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b50772e5-5142-4f50-b5c0-6116a8821cba>
Affected Software: Honeypot for WP Comment CVE ID: CVE-2024-24933 CVSS Score: 6.1 (Medium) Researcher/s: Dimas Maulana Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c1441e68-5c41-4c90-ba99-1656af87a29d>
Affected Software: All 404 Pages Redirect to Homepage CVE ID: CVE-2024-24889 CVSS Score: 6.1 (Medium) Researcher/s: Pham Ho Anh Dung Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/de5d5ffc-e76a-4ea9-be68-9ca5f847a363>
Affected Software: InfiniteWP Client CVE ID: CVE-2023-6565 CVSS Score: 5.9 (Medium) Researcher/s: Christian Angel Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2fdc32a4-adf8-4174-924b-5d0b763d010c>
Affected Software: PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) CVE ID: CVE-2024-1055 CVSS Score: 5.4 (Medium) Researcher/s: Webbernaut Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/036cf299-80c2-48a8-befc-02899ab96e3c>
Affected Software: Basic Log Viewer CVE ID: CVE-2024-24935 CVSS Score: 5.4 (Medium) Researcher/s: Dhabaleshwar Das Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/18acd104-a5a5-4811-9aea-abc227a1712c>
Affected Software: Login Lockdown – Protect Login Form CVE ID: CVE-2024-1340 CVSS Score: 5.4 (Medium) Researcher/s: Lucio Sá Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/34021007-b5d3-479b-a0d4-50e301f22c9c>
Affected Software: 3D Tag Cloud CVE ID: CVE-2022-41990 CVSS Score: 5.4 (Medium) Researcher/s: István Márton Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4dfa825c-b0f7-4588-9bf8-cd186a5fc0ff>
Affected Software: Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, Product Slider, Ecommerce Slider) CVE ID: CVE-2024-24883 CVSS Score: 5.4 (Medium) Researcher/s: Abu Hurayra (HurayraIIT) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/691b7428-73e5-4800-85a1-19daa85aff4e>
Affected Software: Passster – Password Protect Pages and Content CVE ID: CVE-2024-0616 CVSS Score: 5.3 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/00b81467-8d00-4816-895a-89d67c541c17>
Affected Software: Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin CVE ID: CVE-2024-1122 CVSS Score: 5.3 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0cbdf679-1657-4249-a433-8fe0cddd94be>
Affected Software: Polls CP CVE ID: CVE-2024-24873 CVSS Score: 5.3 (Medium) Researcher/s: Kyle Sanchez Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2c80de83-3996-4048-8aa3-3611b002fc01>
Affected Software: Podlove Podcast Publisher CVE ID: CVE-2024-1110 CVSS Score: 5.3 (Medium) Researcher/s: Lucio Sá Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2c9cf461-572c-4be8-96e6-659acf3208f3>
Affected Software: PPWP – Password Protect Pages CVE ID: CVE-2024-0620 CVSS Score: 5.3 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/41299927-2ed9-4cbe-b2b0-f306dc0e4a58>
Affected Software: Customer Reviews for WooCommerce CVE ID: CVE-2024-1044 CVSS Score: 5.3 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4420c334-1ea4-4549-b391-150702abc2f8>
Affected Software: Quiz Maker CVE ID: CVE-2024-1079 CVSS Score: 5.3 (Medium) Researcher/s: Lucio Sá Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/602df370-cd5b-46dc-a653-6522aef0c62f>
Affected Software: WP Club Manager – WordPress Sports Club Plugin CVE ID: CVE-2024-1177 CVSS Score: 5.3 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/64c2c8c2-58f5-4b7d-b226-39ba39e887d5>
Affected Software: Advanced Forms for ACF CVE ID: CVE-2024-1121 CVSS Score: 5.3 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7b33f2ee-3f20-4494-bdae-3f8cc3c6dc73>
Affected Software: Podlove Podcast Publisher CVE ID: CVE-2024-1109 CVSS Score: 5.3 (Medium) Researcher/s: Lucio Sá Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a7b25b66-e9d1-448d-8367-cce4c0dec635>
Affected Software: Royal Elementor Addons and Templates CVE ID: CVE-2024-0516 CVSS Score: 5.3 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d3457b87-c860-4cf2-ac3d-2c6521b629ea>
Affected Software: Simple Page Access Restriction CVE ID: CVE-2024-0965 CVSS Score: 5.3 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d99dc270-1b28-4e76-9346-38b2b96be01c>
Affected Software: Awesome Support – WordPress HelpDesk & Support Plugin CVE ID: CVE-2024-0596 CVSS Score: 5.3 (Medium) Researcher/s: Krzysztof Zając Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e4358e2a-b7f6-44b6-a38a-5b27cb15e1cd>
Affected Software: Polls CP CVE ID: CVE-2024-24874 CVSS Score: 5.3 (Medium) Researcher/s: Kyle Sanchez Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f28d7659-9244-4da8-97e9-4539d7d874f7>
Affected Software: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions CVE ID: CVE Unknown CVSS Score: 5.3 (Medium) Researcher/s: Scott Kingsley Clark Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f6c5e3f8-ebbd-4cc3-b9b1-3f1704e3c07a>
Affected Software: Woocommerce Vietnam Checkout CVE ID: CVE-2024-24885 CVSS Score: 4.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/02402620-89db-448d-9028-379856735a2a>
Affected Software: Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) CVE ID: CVE-2024-0977 CVSS Score: 4.4 (Medium) Researcher/s: Webbernaut Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/03073726-58d0-45b3-b7a6-7d12dbede919>
Affected Software: Product Labels For Woocommerce (Sale Badges) CVE ID: CVE-2024-24886 CVSS Score: 4.4 (Medium) Researcher/s: Dhabaleshwar Das Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/24226595-6ae7-44c2-a159-5b69808273fa>
Affected Software: Internal Link Juicer: SEO Auto Linker for WordPress CVE ID: CVE-2024-0657 CVSS Score: 4.4 (Medium) Researcher/s: Sh Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/41d39fe4-b114-4612-92f6-75d6597610f7>
Affected Software: Shariff Wrapper CVE ID: CVE-2024-1106 CVSS Score: 4.4 (Medium) Researcher/s: Dmitrii Ignatyev Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5ab9c383-14da-479d-9709-1ae154dae398>
Affected Software: My Calendar CVE ID: CVE Unknown CVSS Score: 4.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ad98db62-4253-4fd5-90b3-c28a563c7697>
Affected Software: Insert PHP Code Snippet CVE ID: CVE-2024-0658 CVSS Score: 4.4 (Medium) Researcher/s: Felipe Restrepo Rodriguez (pfelilpe) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c4a6b786-d0ef-41f6-b2bf-83307ec02b91>
Affected Software: Blocksy CVE ID: CVE-2024-24871 CVSS Score: 4.4 (Medium) Researcher/s: Savphill Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e781e1aa-7fa2-4cea-913b-4aa582ec6a4f>
Affected Software: ImageRecycle pdf & image compression CVE ID: CVE-2024-1334 CVSS Score: 4.3 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0318ec4a-185a-405d-90f8-008ba373114b>
Affected Software: All-In-One Security (AIOS) – Security and Firewall CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/05991bf2-ee61-4bf7-89df-c2f66db7caec>
Affected Software: ImageRecycle pdf & image compression CVE ID: CVE-2024-0983 CVSS Score: 4.3 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/175dd04d-ce06-45a0-8cfe-14498e2f9198>
Affected Software: Custom Twitter Feeds – A Tweets Widget or X Feed Widget CVE ID: CVE-2024-0379 CVSS Score: 4.3 (Medium) Researcher/s: Rhynorater, kodaichodai Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/29e2ff11-053b-45cc-adf1-d276f1ee576e>
Affected Software: ImageRecycle pdf & image compression CVE ID: CVE-2024-1339 CVSS Score: 4.3 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2d08e462-8297-477e-89da-47f26bd6beae>
Affected Software: ImageRecycle pdf & image compression CVE ID: CVE-2024-1091 CVSS Score: 4.3 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3cb8b08c-a028-48bd-acad-c00313fe06b8>
Affected Software: Royal Elementor Addons and Templates CVE ID: CVE-2024-0513 CVSS Score: 4.3 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3d3516e7-cce4-4def-be38-d16be3110d59>
Affected Software: Admin Menu Editor CVE ID: CVE-2024-24876 CVSS Score: 4.3 (Medium) Researcher/s: Dhabaleshwar Das Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/53fa9be4-a2b3-458c-af6e-d3ada639a622>
Affected Software: ImageRecycle pdf & image compression CVE ID: CVE-2024-1338 CVSS Score: 4.3 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5e3dd131-dbd8-431c-96f4-4ab2c3be4dbd>
Affected Software: Royal Elementor Kit CVE ID: CVE-2024-0835 CVSS Score: 4.3 (Medium) Researcher/s: Sean Murphy Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/603b6c52-48eb-4e8c-a2c1-77b12a2b1a2c>
Affected Software: Themify Builder CVE ID: CVE-2024-24872 CVSS Score: 4.3 (Medium) Researcher/s: Dhabaleshwar Das Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6840c91f-a5d9-4940-8a08-d62acc5d43eb>
Affected Software: Quiz Maker CVE ID: CVE-2024-1078 CVSS Score: 4.3 (Medium) Researcher/s: Lucio Sá Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7ba2b270-5f02-4cd8-8a22-1723c3873d67>
Affected Software: ImageRecycle pdf & image compression CVE ID: CVE-2024-1089 CVSS Score: 4.3 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8ff16906-2516-4b3c-8217-e3fb24924e27>
Affected Software: Royal Elementor Addons and Templates CVE ID: CVE-2024-0515 CVSS Score: 4.3 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a4178271-c09e-4094-a616-5a00d28f39a3>
Affected Software: Royal Elementor Addons and Templates CVE ID: CVE-2024-0514 CVSS Score: 4.3 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b0955689-43a0-442c-974b-5db5e4171f6a>
Affected Software: Royal Elementor Addons and Templates CVE ID: CVE-2024-0512 CVSS Score: 4.3 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b2ff2954-f494-4cd7-9f29-ee0e8551e339>
Affected Software: ImageRecycle pdf & image compression CVE ID: CVE-2024-1335 CVSS Score: 4.3 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b3900e4f-4ae4-4026-89df-b63bd869a763>
Affected Software: Contact Form 7 Connector CVE ID: CVE-2024-24884 CVSS Score: 4.3 (Medium) Researcher/s: Dhabaleshwar Das Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b74a5a4c-250a-46bc-bf08-2dd720de41ae>
Affected Software: Awesome Support – WordPress HelpDesk & Support Plugin CVE ID: CVE-2024-0595 CVSS Score: 4.3 (Medium) Researcher/s: Krzysztof Zając Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bfb77432-e58d-466e-a366-8b8d7f1b6982>
Affected Software: WP Contact Form CVE ID: CVE-2024-24929 CVSS Score: 4.3 (Medium) Researcher/s: Skalucy Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c5decbb3-05a0-403f-918a-9b516df85778>
Affected Software: ImageRecycle pdf & image compression CVE ID: CVE-2024-1336 CVSS Score: 4.3 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ca4cf299-9dee-4ebf-83f3-4c3471bd9fb0>
Affected Software: ImageRecycle pdf & image compression CVE ID: CVE-2024-0984 CVSS Score: 4.3 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cc9dd55d-3c37-4f24-81a1-fdc8ca284566>
Affected Software: Royal Elementor Addons and Templates CVE ID: CVE-2024-0511 CVSS Score: 4.3 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/dc8bef03-51e0-4448-bddd-85300104e875>
Affected Software: Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress CVE ID: CVE-2024-24887 CVSS Score: 4.3 (Medium) Researcher/s: Dhabaleshwar Das Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e4ed8c6e-5f80-4360-9478-fff49b1fee94>
Affected Software: ImageRecycle pdf & image compression CVE ID: CVE-2024-1090 CVSS Score: 4.3 (Medium) Researcher/s: Francesco Carlucci Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f3fae909-5564-4e0a-9114-edd0e45865e5>
Affected Software: Link Library CVE ID: CVE-2024-24875 CVSS Score: 4.3 (Medium) Researcher/s: Dhabaleshwar Das Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fefe4499-8b03-4c07-b248-ae0ae5153b4f>
Affected Software: RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging CVE ID: CVE-2024-0628 CVSS Score: 3.8 (Low) Researcher/s: Colin Xu Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2154383e-eabb-4964-8991-423dd68d5efb>
Affected Software: Minimal Coming Soon – Coming Soon Page CVE ID: CVE-2024-1075 CVSS Score: 3.7 (Low) Researcher/s: Lucio Sá Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/78203b98-15bc-4d8e-9278-c472b518be07>
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (February 5, 2024 to February 11, 2024) appeared first on Wordfence.