Last week, there were 66 vulnerabilities disclosed in 56 WordPress Plugins and 1 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 34 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface and vulnerability API are completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
_Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published. _
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Patch Status | Number of Vulnerabilities |
---|---|
Unpatched | 26 |
Patched | 40 |
Severity Rating | Number of Vulnerabilities |
---|---|
Low Severity | 0 |
Medium Severity | 52 |
High Severity | 9 |
Critical Severity | 5 |
Vulnerability Type by CWE | Number of Vulnerabilities |
---|---|
Cross-Site Request Forgery (CSRF) | 22 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 17 |
Missing Authorization | 8 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 4 |
Authorization Bypass Through User-Controlled Key | 3 |
Authentication Bypass Using an Alternate Path or Channel | 2 |
Information Exposure | 2 |
Server-Side Request Forgery (SSRF) | 2 |
Improper Neutralization of Formula Elements in a CSV File | 2 |
Improper Privilege Management | 1 |
Incorrect Privilege Assignment | 1 |
Use of Hard-coded Cryptographic Key | 1 |
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') | 1 |
Researcher Name | Number of Vulnerabilities |
---|---|
Lana Codes | |
(Wordfence Vulnerability Researcher) | 6 |
Cat | 5 |
Erwan LR | 4 |
Rafie Muhammad | 4 |
Rafshanzani Suhada | 3 |
Dave Jong | 2 |
Marco Wotschka | |
(Wordfence Vulnerability Researcher) | 2 |
Dipak Panchal | 1 |
NeginNrb | 1 |
emad | 1 |
Ravi Dharmawan | 1 |
Justiice | 1 |
Marc-Alexandre Montpas | 1 |
Lukas Kinneberg | 1 |
Kenichiro Ito | 1 |
coogee86 | 1 |
Muhammad Daffa | 1 |
Mika | 1 |
Elliot | 1 |
Chris Shultz | 1 |
Le Ngoc Anh | 1 |
Hoang Van Hiep | 1 |
FearZzZz | 1 |
Felipe Restrepo Rodriguez | 1 |
Edison Poveda | 1 |
yuyudhn | 1 |
Etan Imanol Castro Aldrete | 1 |
Abdi Pranata | 1 |
qilin_99 | 1 |
Taurus Omar | 1 |
Luca Greeb | 1 |
Andreas Krüger | 1 |
Abu Hurayra | 1 |
Rafael B. | 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
Software Name | Software Slug |
---|---|
AN_GradeBook | an-gradebook |
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup | armember-membership |
Active Directory Integration / LDAP Integration | ldap-login-for-intranet-sites |
ApplyOnline – Application Form Builder and Manager | apply-online |
Autochat Automatic Conversation | auyautochat-for-wp |
AutomateWoo | automatewoo |
Booked - Appointment Booking for WordPress | booked |
Caldera Forms Google Sheets Connector | gsheetconnector-caldera-forms |
Catalyst Connect Zoho CRM Client Portal | catalyst-connect-client-portal |
Duplicate Post Page Menu & Custom Post Type | duplicate-post-page-menu-custom-post-type |
Easy Accordion FAQ and Knowledge Base Software for WordPress | knowledge-center |
Editorial Calendar | editorial-calendar |
Email download link | email-download-link |
EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor | embedpress |
Enhanced Text Widget | enhanced-text-widget |
Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty | chaty |
Form Builder | Create Responsive Contact Forms |
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor | front-editor |
Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite | image-map-pro-lite |
Image Regenerate & Select Crop | image-regenerate-select-crop |
Layer Slider | slider-slideshow |
LearnDash LMS | sfwd-lms |
LiquidPoll – Advanced Polls for Creators and Brands | wp-poll |
Login Configurator | login-configurator |
Login/Signup Popup ( Inline Form + Woocommerce ) | easy-login-woocommerce |
My Content Management | my-content-management |
NEX-Forms – Ultimate Form Builder – Contact forms and much more | nex-forms-express-wp-form-builder |
NOO Timetable | noo-timetable |
POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress | post-smtp |
Poll Maker – Best WordPress Poll Plugin | poll-maker |
Post Hit Counter | post-hit-counter |
Post to CSV by BestWebSoft | post-to-csv |
Quiz Expert – Easy Quiz Maker, Exam and Test Manager | quiz-expert |
Request a Quote | request-a-quote |
SP Project & Document Manager | sp-client-document-manager |
SW Product Bundles | sw-product-bundles |
Salon booking system | salon-booking-system |
Short URL | shorten-url |
Subscribe2 – Form, Email Subscribers & Newsletters | subscribe2 |
TrustProfile and reviews for WordPress | trustprofile |
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | ultimate-member |
WP Abstracts | wp-abstracts-manuscripts-manager |
WP Job Board | wpjobboard |
WP Post Author – The Ideal Author Box for WordPress Posts, Co-Authors and Guest Authors with Author Login and Registration Form Builder | wp-post-author |
WP Social AutoConnect | wp-fb-autoconnect |
WPFactory Helper | wpcodefactory-helper |
WPGraphQL | wp-graphql |
Waitlist Woocommerce ( Back in stock notifier ) | waitlist-woocommerce |
Web3 – Crypto wallet Login & NFT token gating | web3-authentication |
WebwinkelKeur: Webshop keurmerk & reviews for WordPress | webwinkelkeur |
WooCommerce Google Sheet Connector | wc-gsheetconnector |
WooCommerce Pre-Orders | woocommerce-pre-orders |
WooCommerce Ship to Multiple Addresses | woocommerce-shipping-multiple-addresses |
Woocommerce Order Barcodes | woocommerce-order-barcodes |
WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) | miniorange-login-openid |
houzez-crm | houzez-crm |
Software Name | Software Slug |
---|---|
The7 — Website and eCommerce Builder for WordPress | [dt-the7](<https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/The7 — Website and eCommerce Builder for WordPress>) |
Affected Software: WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) CVE ID: CVE-2023-2982 CVSS Score: 9.8 (Critical) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/08ca186a-2486-4a58-9c53-03e9eba13e66>
Affected Software: WP Post Author – The Ideal Author Box for WordPress Posts, Co-Authors and Guest Authors with Author Login and Registration Form Builder CVE ID: CVE Unknown CVSS Score: 9.8 (Critical) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/155e3de1-e115-4683-bb4d-a0c5667dc3d3>
Affected Software: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin CVE ID: CVE-2023-3460 CVSS Score: 9.8 (Critical) Researcher/s: Marc-Alexandre Montpas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4b0e763e-f03e-41fb-8c6c-4de5d3acae00>
Affected Software: WP Job Board CVE ID: CVE-2023-36525 CVSS Score: 9.8 (Critical) Researcher/s: FearZzZz Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8cd1d385-001c-4c84-9a80-553315336a63>
Affected Software: Web3 – Crypto wallet Login & NFT token gating CVE ID: CVE-2023-3249 CVSS Score: 9.8 (Critical) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e30b62de-7280-4c29-b882-dfa83e65966b>
Affected Software: LearnDash LMS CVE ID: CVE-2023-3105 CVSS Score: 8.8 (High) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2318b3e1-268d-45fa-83bf-c6e88f1b9013>
Affected Software: houzez-crm CVE ID: CVE-2023-36529 CVSS Score: 8.8 (High) Researcher/s: Dave Jong Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/54c14f04-32ec-4d05-b47b-3ff5e70c4daf>
Affected Software: AN_GradeBook CVE ID: CVE-2023-2636 CVSS Score: 8.8 (High) Researcher/s: Lukas Kinneberg Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/60d59753-5b6b-4f3e-8faf-8053750ae05d>
Affected Software: SP Project & Document Manager CVE ID: CVE-2023-3063 CVSS Score: 8.8 (High) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6dc2e720-85d9-42d9-94ef-eb172425993d>
Affected Software: Short URL CVE ID: CVE-2022-46860 CVSS Score: 8.8 (High) Researcher/s: Le Ngoc Anh Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/86908097-a5b2-427a-85c9-fbe29b519883>
Affected Software: Form Builder | Create Responsive Contact Forms CVE ID: CVE-2023-23796 CVSS Score: 8.3 (High) Researcher/s: Rafshanzani Suhada Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/432807d0-64d8-49b1-a4ab-33aa8fbc5189>
Affected Software: Active Directory Integration / LDAP Integration CVE ID: CVE-2023-3447 CVSS Score: 7.6 (High) Researcher/s: Luca Greeb, Andreas Krüger Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cd7553e8-e43d-4740-b2ee-e3d8dc351e53>
Affected Software: Post to CSV by BestWebSoft CVE ID: CVE-2023-36527 CVSS Score: 7.4 (High) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/74f0af24-e4d9-4b89-b91e-c6ec3e3918e7>
Affected Software: Autochat Automatic Conversation CVE ID: CVE-2023-3041 CVSS Score: 7.2 (High) Researcher/s: Rafael B. Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e9ad533d-4ec0-42a0-99fc-75fc59498c94>
Affected Software: Email download link CVE ID: CVE-2023-36523 CVSS Score: 6.5 (Medium) Researcher/s: Rafshanzani Suhada Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/29d6df4e-eaf6-42ec-8cd9-7cf86908f4ef>
Affected Software: POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress CVE ID: CVE-2023-3179 CVSS Score: 6.5 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6ca16602-52e6-4d14-99a5-ca4e26b9f377>
Affected Software: Booked - Appointment Booking for WordPress CVE ID: CVE-2022-36399 CVSS Score: 6.5 (Medium) Researcher/s: coogee86 Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6f917973-e207-4ba3-b61b-e562e884fe0f>
Affected Software: Image Regenerate & Select Crop CVE ID: CVE Unknown CVSS Score: 6.5 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b0eb165f-c979-4318-8362-ca47500ed845>
Affected Software: AutomateWoo CVE ID: CVE-2023-36512 CVSS Score: 6.5 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cb51383f-03c8-4e81-bfed-40fd9f5c4d20>
Affected Software: Image Regenerate & Select Crop CVE ID: CVE Unknown CVSS Score: 6.5 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e8596412-53d5-45ed-998a-49799bd269d0>
Affected Software: Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor CVE ID: CVE Unknown CVSS Score: 6.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5bc03b4a-f7ec-4827-b914-0560b9268b6f>
Affected Software: NOO Timetable CVE ID: CVE-2022-45821 CVSS Score: 6.4 (Medium) Researcher/s: Cat Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/5fab1ae8-2aa4-452a-a594-64088c92b5c3>
Affected Software: Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite CVE ID: CVE-2023-3412 CVSS Score: 6.4 (Medium) Researcher/s: Unknown Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b58403df-af09-4d74-88e6-140e3f2f291b>
Affected Software: Layer Slider CVE ID: CVE-2023-23798 CVSS Score: 6.4 (Medium) Researcher/s: Rafshanzani Suhada Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f5ac3714-27f1-4258-a1ab-12b969b31793>
Affected Software: Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite CVE ID: CVE-2023-3411 CVSS Score: 6.1 (Medium) Researcher/s: Kenichiro Ito Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/63e108f4-5d9d-4bcf-aef9-aa856f4241ea>
Affected Software: WPFactory Helper CVE ID: CVE Unknown CVSS Score: 6.1 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7c77259a-cdf3-4fa0-b468-9e98645293fe>
Affected Software: WooCommerce Pre-Orders CVE ID: CVE Unknown CVSS Score: 6.1 (Medium) Researcher/s: Chris Shultz Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7f73d0a6-2eae-4d85-96ce-db5902bd6e3a>
Affected Software: Login Configurator CVE ID: CVE-2023-1893 CVSS Score: 6.1 (Medium) Researcher/s: Taurus Omar Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cb148264-c75e-4e73-95d7-3a06cdd8990e>
Affected Software: WPGraphQL CVE ID: CVE-2023-23684 CVSS Score: 5.5 (Medium) Researcher/s: Ravi Dharmawan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/38efd6d6-b931-41a7-b55d-b98cdeef4145>
Affected Software: Waitlist Woocommerce ( Back in stock notifier ) CVE ID: CVE Unknown CVSS Score: 5.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/69cc2fd1-b576-49f6-8afc-54f00058de8c>
Affected Software: Editorial Calendar CVE ID: CVE-2023-36520 CVSS Score: 5.4 (Medium) Researcher/s: Elliot Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7f01ad95-7a51-408c-917f-4350dbeabb2b>
Affected Software: Salon booking system CVE ID: CVE-2023-3427 CVSS Score: 5.4 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/93875f19-d9b9-4e33-bba9-afc75cf26bf2>
Affected Software: EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor CVE ID: CVE-2023-3371 CVSS Score: 5.3 (Medium) Researcher/s: Lana Codes Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c1033b4d-82a0-4484-aebf-f35d6a2a9a13>
Affected Software: NEX-Forms – Ultimate Form Builder – Contact forms and much more CVE ID: CVE-2023-0439 CVSS Score: 4.8 (Medium) Researcher/s: Felipe Restrepo Rodriguez, Edison Poveda Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a333d5b4-cedf-40ac-8da9-f4965d2a397a>
Affected Software: Poll Maker – Best WordPress Poll Plugin CVE ID: CVE-2023-34013 CVSS Score: 4.7 (Medium) Researcher/s: Abu Hurayra Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e55ba61d-6fd0-4269-8ee9-3b8645d52e1d>
Affected Software: Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty CVE ID: CVE-2023-3245 CVSS Score: 4.4 (Medium) Researcher/s: Dipak Panchal Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0a158653-f80c-48a3-840e-20ee7e85925a>
Affected Software: SP Project & Document Manager CVE ID: CVE-2023-36530 CVSS Score: 4.4 (Medium) Researcher/s: emad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/37eb77ed-0b2e-46ea-806d-8041742eab5d>
Affected Software: Easy Accordion FAQ and Knowledge Base Software for WordPress CVE ID: CVE Unknown CVSS Score: 4.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6309c706-f84a-4997-9a9b-1bd8cf8f711a>
Affected Software: Catalyst Connect Zoho CRM Client Portal CVE ID: CVE-2022-44629 CVSS Score: 4.4 (Medium) Researcher/s: Hoang Van Hiep Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/88cea535-1042-4011-aee9-684d7661e193>
Affected Software: My Content Management CVE ID: CVE Unknown CVSS Score: 4.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9fc18fee-5813-4134-8c4d-44710665857a>
Affected Software: ApplyOnline – Application Form Builder and Manager CVE ID: CVE-2023-24391 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a5dbcc22-ab2e-4114-a7d7-bac01a5c5b3f>
Affected Software: Short URL CVE ID: CVE-2023-1602 CVSS Score: 4.4 (Medium) Researcher/s: Etan Imanol Castro Aldrete Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a5f29f35-da79-4389-a0a5-a1be0b0b8996>
Affected Software: ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup CVE ID: CVE-2022-47421 CVSS Score: 4.4 (Medium) Researcher/s: Cat Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fa2ed43b-cd8f-4d09-8576-d215c835a684>
Affected Software: NOO Timetable CVE ID: CVE-2022-45828 CVSS Score: 4.3 (Medium) Researcher/s: Cat Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/13046019-f390-48ae-bf08-53293c41f178>
Affected Software: Waitlist Woocommerce ( Back in stock notifier ) CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/20910787-b99d-475e-acc9-cc2bb669aa56>
Affected Software: TrustProfile and reviews for WordPress CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/296f15eb-0782-4351-a2c5-c8ef6f005352>
Affected Software: Quiz Expert – Easy Quiz Maker, Exam and Test Manager CVE ID: CVE-2023-36522 CVSS Score: 4.3 (Medium) Researcher/s: NeginNrb Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/32ee3eb8-18b7-47da-b4f9-cb252ffabc71>
Affected Software: Login/Signup Popup ( Inline Form + Woocommerce ) CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3fa62b8f-1c2f-4bc9-9f2a-8b9765c2d30d>
Affected Software: Post Hit Counter CVE ID: CVE-2023-36518 CVSS Score: 4.3 (Medium) Researcher/s: Cat Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4049f8fb-ad81-4f09-97b3-39ac6a9275d6>
Affected Software: Duplicate Post Page Menu & Custom Post Type CVE ID: CVE-2023-36526 CVSS Score: 4.3 (Medium) Researcher/s: Justiice Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/44e84fd9-bc83-4780-ab7a-8898a8c5c78a>
Affected Software: The7 — Website and eCommerce Builder for WordPress CVE ID: CVE-2023-32123 CVSS Score: 4.3 (Medium) Researcher/s: Dave Jong Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4f481478-5dc9-4b11-ba3e-1942882a9f43>
Affected Software: WP Social AutoConnect CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/50f69182-66c0-4d3a-aabe-015b72937f3e>
Affected Software: Enhanced Text Widget CVE ID: CVE-2023-23823 CVSS Score: 4.3 (Medium) Researcher/s: Muhammad Daffa Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7487f72c-9852-4651-a848-239d4882bbf8>
Affected Software: Subscribe2 – Form, Email Subscribers & Newsletters CVE ID: CVE-2023-3407 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/92b4d800-2895-4f7b-8b3b-ee6df75a7908>
Affected Software: Request a Quote CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9854d09a-2fab-46e6-9fc1-ff6d68df2662>
Affected Software: WebwinkelKeur: Webshop keurmerk & reviews for WordPress CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a077e95f-7912-4b94-89f3-54f37adfcd8e>
Affected Software: AutomateWoo CVE ID: CVE-2023-36513 CVSS Score: 4.3 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a33c8a80-e11e-403d-9eb0-e1c5b59204b0>
Affected Software: LiquidPoll – Advanced Polls for Creators and Brands CVE ID: CVE-2023-36531 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/aa154536-9f9f-48c3-96c7-4091991e4f6c>
Affected Software: SW Product Bundles CVE ID: CVE-2023-36519 CVSS Score: 4.3 (Medium) Researcher/s: Cat Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b0ceff94-e312-41da-acec-15d550aba792>
Affected Software: POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress CVE ID: CVE-2023-3178 CVSS Score: 4.3 (Medium) Researcher/s: Erwan LR Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b1af4be1-a9d6-4f44-91b3-22cf3130cc34>
Affected Software: Caldera Forms Google Sheets Connector CVE ID: CVE-2023-2330 CVSS Score: 4.3 (Medium) Researcher/s: Erwan LR Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b5ec03e9-06bb-4677-b480-4ebdb33acd08>
Affected Software: WooCommerce Ship to Multiple Addresses CVE ID: CVE-2023-36514 CVSS Score: 4.3 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bda44801-6599-459d-a70c-164f563bf158>
Affected Software: Subscribe2 – Form, Email Subscribers & Newsletters CVE ID: CVE-2023-1844 CVSS Score: 4.3 (Medium) Researcher/s: Marco Wotschka Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c34ce601-5cf9-433f-bc9d-5c705eba6b08>
Affected Software: WP Abstracts CVE ID: CVE-2023-36517 CVSS Score: 4.3 (Medium) Researcher/s: qilin_99 Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c5b74908-65ed-4b6f-856f-e95cfd64f998>
Affected Software: Woocommerce Order Barcodes CVE ID: CVE-2023-36511 CVSS Score: 4.3 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cefa38d0-7da1-48dd-98d7-fe2f36e19d7c>
Affected Software: WooCommerce Google Sheet Connector CVE ID: CVE-2023-2329 CVSS Score: 4.3 (Medium) Researcher/s: Erwan LR Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e30e64e7-5de9-4eb3-914f-457daa6f3fe5>
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (June 26, 2023 to July 2, 2023) appeared first on Wordfence.