Wordfence Intelligence Weekly WordPress Vulnerability Report (Mar 13, 2023 to Mar 19, 2023)

Last week, there were 92 vulnerabilities disclosed in 76 WordPress Plugins and 7 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 34 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

 

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface and vulnerability API are completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

 

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

 

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:

 

UpdraftPlus 1.22.14 to 1.23.2 and UpdraftPlus (Premium) 2.22.14 to 2.23.2 – Privilege Escalation via updraft_central_ajax_handler
WAF-RULE-565 – Data redacted while we work with the developer to ensure the vulnerability protected by this WAF rule gets patched.

 

Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.

Total Unpatched & Patched Vulnerabilities Last Week

Patch Status
Number of Vulnerabilities

Unpatched
44

Patched
48

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating
Number of Vulnerabilities

Low Severity
0

Medium Severity
80

High Severity
11

Critical Severity
1

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE
Number of Vulnerabilities

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
37

Cross-Site Request Forgery (CSRF)
34

Missing Authorization
13

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
3

Information Exposure
3

Server-Side Request Forgery (SSRF)
1

Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’)
1

Researchers That Contributed to WordPress Security Last Week

Researcher Name
Number of Vulnerabilities

Lana Codes
10

Rio Darmawan
7

Dave Jong
6

rezaduty
5

Mika
4

minhtuanact
3

Rafie Muhammad
3

yuyudhn
3

Rafshanzani Suhada
3

Nithissh S
3

Aman Rawat
2

Marco Wotschka
2

Cat
2

TEAM WEBoB of BoB 11th
2

Prasanna V Balaji
2

Daniel Kelley
2

Ayoub Safa
2

Muhammad Daffa
2

FearZzZz
1

Bhuvanesh Jayaprakash
1

Erwan LR
1

Etan Imanol Castro Aldrete
1

Dimas Aprilianto
1

dc11
1

Shreya Pohekar
1

Justiice
1

Nguyen Anh Tien
1

Vinay Kumar
1

Abdi Pranata
1

Brandon James Roldan
1

Pavak Tiwari
1

n0paew
1

Fariq Fadillah Gusti Insani
1

Le Ngoc Anh
1

 

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.

WordPress Plugins with Reported Vulnerabilities Last Week

Software Name
Software Slug

Admin side data storage for Contact Form 7
admin-side-data-storage-for-contact-form-7

Auto Rename Media On Upload
auto-rename-media-on-upload

Backup Bank: WordPress Backup Plugin
wp-backup-bank

Be POPIA Compliant
be-popia-compliant

Branda – White Label WordPress, Custom Login Page Customizer
branda-white-labeling

Bulk Resize Media
bulk-resize-media

CF7 Invisible reCAPTCHA
cf7-invisible-recaptcha

CMS Press
cms-press

Calendar Event Multi View
cp-multi-view-calendar

Chronoforms
chronoforms

Contact Form 7 Redirect & Thank You Page
cf7-redirect-thank-you-page

Contact Form 7 – PayPal & Stripe Add-on
contact-form-7-paypal-add-on

Contact Form Email
contact-form-to-email

Custom Options Plus
custom-options-plus

Customify – Intuitive Website Styling
customify

Data Tables Generator by Supsystic
data-tables-generator-by-supsystic

Drag and Drop Multiple File Upload PRO – Contact Form 7 Standard
drag-n-drop-upload-cf7-pro

Dynamics 365 Integration
integration-dynamics

Easy Event calendar
easy-event-calendar

Ecwid Ecommerce Shopping Cart
ecwid-shopping-cart

Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files
embed-any-document

Event Manager and Tickets Selling Plugin for WooCommerce
mage-eventpress

Exxp
exxp-wp

Fluid Checkout for WooCommerce – Lite
fluid-checkout

Force First and Last Name as Display Name
force-first-last

Google XML Sitemap for Images
google-image-sitemap

Google XML Sitemap for Videos
xml-sitemaps-for-videos

HT Feed
ht-instagram

Hotel Booking Lite
motopress-hotel-booking-lite

Import External Images
import-external-images

Klaviyo
klaviyo

LOGIN AND REGISTRATION ATTEMPTS LIMIT
login-attempts-limit-wp

Modern Events Calendar Lite
modern-events-calendar-lite

Modern Footnotes
modern-footnotes

Open RDW kenteken voertuiginformatie
open-rdw-kenteken-voertuiginformatie

PB SEO Friendly Images
pb-seo-friendly-images

PhonePe Payment Solutions
phonepe-payment-solutions

Photo Gallery, Images, Slider in Rbs Image Gallery
robo-gallery

Popup Maker – Popup for opt-ins, lead gen, & more
popup-maker

Print Invoice & Delivery Notes for WooCommerce
woocommerce-delivery-notes

RapidLoad Power-Up for Autoptimize
unusedcss

Redirection
redirect-redirection

Return and Warranty Management System for WooCommerce
wc-return-warrranty

Reusable Blocks Extended
reusable-blocks-extended

SEO Plugin by Squirrly SEO
squirrly-seo

SMTP2GO – Email Made Easy
smtp2go

Shopping Cart & eCommerce Store
wp-easycart

Site Reviews
site-reviews

Slide Anything – Responsive Content / HTML Slider and Carousel
slide-anything

Slideshow Gallery LITE
slideshow-gallery

Solidres – Hotel booking plugin for WordPress
solidres

Store Locator for WordPress with Google Maps – LotsOfLocales
store-locator

Surbma | GDPR Proof Cookie Consent & Notice Bar
surbma-gdpr-proof-google-analytics

Tags Cloud Manager
tags-cloud-manager

UpdraftPlus WordPress Backup Plugin
updraftplus

User Role by BestWebSoft – Add and Customize Roles and Capabilities in WordPress
user-role

WH Testimonials
wh-testimonials

WP Basic Elements
wp-basic-elements

WP Express Checkout (Accept PayPal Payments Easily)
wp-express-checkout

WP Job Portal – A Complete Job Board
wp-job-portal

WP Popup Banners
wp-popup-banners

WP Shortcode by MyThemeShop
wp-shortcode

WP Simple Events
wp-simple-events

WSB Brands
wsb-brands

Website Monetization by MageNet
website-monetization-by-magenet

WooCommerce Weight Based Shipping
weight-based-shipping-for-woocommerce

WordPress Console
wordpress-console

WordPress Email Marketing Plugin – WP Email Capture
wp-email-capture

WordPress Mortgage Calculator Estatik
estatik-mortgage-calculator

WordPress Online Booking and Scheduling Plugin – Bookly
bookly-responsive-appointment-booking-tool

WordPress Plugin for Google Maps – WP MAPS
wp-google-map-plugin

WordPress Simple Shopping Cart
wordpress-simple-paypal-shopping-cart

WordPress WP-Advanced-Search
wp-advanced-search

Yandex.News Feed by Teplitsa
yandexnews-feed-by-teplitsa

eCommerce Product Catalog Plugin for WordPress
ecommerce-product-catalog

wpml
wpml

WordPress Themes with Reported Vulnerabilities Last Week

Software Name
Software Slug

Brilliance
brilliance

Chankhe
chankhe

Mediciti Lite
mediciti-lite

NewsMag
newsmag

Real Estate Directory
real-estate-directory

Regina Lite
regina-lite

intrepidity
intrepidity

Vulnerability Details

Be POPIA Compliant <= 1.2.0 – Unauthenticated SQL Injection

Affected Software: Be POPIA Compliant
CVE ID: CVE-2022-47445
CVSS Score: 9.8 (Critical)
Researcher/s: TEAM WEBoB of BoB 11th
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/eecd1497-c94e-4f67-8cc5-72afffe9fae2

Intrepidity <= 1.5.1 – Cross-Site Request Forgery via mytheme_add_admin

Affected Software: intrepidity
CVE ID: CVE-2023-27634
CVSS Score: 8.8 (High)
Researcher/s: Dave Jong
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/01cc613a-d0b5-4c8f-8961-8f8aaf63b8ac

UpdraftPlus 1.22.14 to 1.23.2 and UpdraftPlus (Premium) 2.22.14 to 2.23.2 – Privilege Escalation via updraft_central_ajax_handler

Affected Software: UpdraftPlus WordPress Backup Plugin
CVE ID: CVE Unknown
CVSS Score: 8.8 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2e329432-c404-4312-969b-42cac345637d

WP Popup Banners <= 1.2.5 – Authenticated (Subscriber+) SQL Injection

Affected Software: WP Popup Banners
CVE ID: CVE-2023-1471
CVSS Score: 8.8 (High)
Researcher/s: Etan Imanol Castro Aldrete
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8281cb20-73d3-4ab5-910e-d353b2a5cbd8

User Role by BestWebSoft <= 1.6.6 – Cross-Site Request Forgery to Privilege Escalation

Affected Software: User Role by BestWebSoft – Add and Customize Roles and Capabilities in WordPress
CVE ID: CVE-2023-0820
CVSS Score: 8.8 (High)
Researcher/s: dc11
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8b4bc525-a21f-46f2-895a-c8474f72eb92

WordPress Email Marketing Plugin – WP Email Capture <= 3.10 – Missing Authorization to Email Capture List Download

Affected Software: WordPress Email Marketing Plugin – WP Email Capture
CVE ID: CVE Unknown
CVSS Score: 8.2 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a41d78b9-9bdb-48dd-b3ec-2559e79fa251

Admin side data storage for Contact Form 7 <= 1.1.1 – Unauthenticated Stored Cross-Site Scripting

Affected Software: Admin side data storage for Contact Form 7
CVE ID: CVE-2023-24420
CVSS Score: 7.2 (High)
Researcher/s: Bhuvanesh Jayaprakash
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/172b2191-6595-47dd-bf2d-97dc3d17e5ca

Tags Cloud Manager <= 1.0.0 – Unauthenticated Stored Cross-Site Scripting

Affected Software: Tags Cloud Manager
CVE ID: CVE-2023-28166
CVSS Score: 7.2 (High)
Researcher/s: Nithissh S
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6ad70391-7ea0-49c0-ac5c-ecf7ddb3c948

Shopping Cart & eCommerce Store <= 5.4.2 – Authenticated (Admin+) Local File Inclusion via import_file_url

Affected Software: Shopping Cart & eCommerce Store
CVE ID: CVE-2023-1124
CVSS Score: 7.2 (High)
Researcher/s: Shreya Pohekar
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/936e753b-b3e9-43c9-8686-c610faa8b20e

WH Testimonials <= 3.0.0 – Unauthenticated Stored Cross-Site Scripting

Affected Software: WH Testimonials
CVE ID: CVE-2023-1372
CVSS Score: 7.2 (High)
Researcher/s: Daniel Kelley
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b6fe5f1a-787e-4662-915f-c6f04961e194

Bookly <= 21.5 – Unauthenticated Stored Cross-Site Scripting via Name

Affected Software: WordPress Online Booking and Scheduling Plugin – Bookly
CVE ID: CVE-2023-1172
CVSS Score: 7.2 (High)
Researcher/s: Vinay Kumar
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c3efbd9d-e2b5-4915-a964-29a49c7fba86

Return and Warranty Management System for WooCommerce <= 1.2.3 – Unauthenticated Stored Cross-Site Scripting

Affected Software: Return and Warranty Management System for WooCommerce
CVE ID: CVE-2023-22710
CVSS Score: 7.2 (High)
Researcher/s: Le Ngoc Anh
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fa1e6527-d874-4003-b36b-5769c2950864

Slideshow Gallery LITE <= 1.7.6 – Authenticated(Admin+) SQL Injection

Affected Software: Slideshow Gallery LITE
CVE ID: CVE-2023-28491
CVSS Score: 6.5 (Medium)
Researcher/s: minhtuanact
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/61b07604-b206-4f13-b25f-7a6d54236eb1

Exxp <= 2.6.8 – Authenticated (Subscriber+) Stored Cross-Site Scripting

Affected Software: Exxp
CVE ID: CVE-2022-45812
CVSS Score: 6.4 (Medium)
Researcher/s: Aman Rawat
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0de75f3f-1e6b-42ea-9f08-54c32e37b4c7

Slide Anything <= 2.4.7 – Authenticated (Author+) Stored Cross-Site Scripting

Affected Software: Slide Anything – Responsive Content / HTML Slider and Carousel
CVE ID: CVE-2023-28499
CVSS Score: 6.4 (Medium)
Researcher/s: FearZzZz
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/130b069d-d224-44af-b2b4-26be7e081f6b

Surbma | GDPR Proof Cookie Consent & Notice Bar <= 17.5.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

Affected Software: Surbma | GDPR Proof Cookie Consent & Notice Bar
CVE ID: CVE-2023-23894
CVSS Score: 6.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/48b9f3e3-b7fd-4d7c-8f8b-b11ed977aa92

Robo Gallery <= 3.2.12 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes

Affected Software: Photo Gallery, Images, Slider in Rbs Image Gallery
CVE ID: CVE-2023-27620
CVSS Score: 6.4 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4e0424f8-f60f-49c3-9969-a88c830dc0e2

Ecwid Shopping Cart <= 6.11.4 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Affected Software: Ecwid Ecommerce Shopping Cart
CVE ID: CVE-2023-24408
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c8c530e2-ce42-40f3-82ab-1df9089a5407

Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files <= 2.7.1 – Authenticated (Author+) Stored Cross-Site Scripting via SVG files

Affected Software: Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files
CVE ID: CVE-2023-23707
CVSS Score: 6.4 (Medium)
Researcher/s: n0paew
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/eebe37bf-2983-47c0-afd8-0aa3e7982196

WP Job Portal <= 1.1.9 – Authenticated (Subscriber+) Stored Cross-Site Scripting

Affected Software: WP Job Portal – A Complete Job Board
CVE ID: CVE-2023-28534
CVSS Score: 6.4 (Medium)
Researcher/s: Fariq Fadillah Gusti Insani
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f11ea6b2-1225-42a5-aa7b-260315d0bec5

RapidLoad Power-Up for Autoptimize <= 1.7.1 – Cross-Site Request Forgery

Affected Software: RapidLoad Power-Up for Autoptimize
CVE ID: CVE-2023-1472
CVSS Score: 6.3 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8f9ee168-82b1-4d13-a84e-379f16dcb283

SEO Plugin by Squirrly SEO <= 12.1.20 – Missing Authorization

Affected Software: SEO Plugin by Squirrly SEO
CVE ID: CVE-2022-44626
CVSS Score: 6.3 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9251afbb-1a6d-40c6-b62e-a8866742f669

Data Tables Generator by Supsystic <= 1.10.25 – Missing Authorization

Affected Software: Data Tables Generator by Supsystic
CVE ID: CVE-2023-25043
CVSS Score: 6.3 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ae98e3bd-f663-4609-92ed-ed0431047d85

Open RDW kenteken voertuiginformatie <= 2.0.14 – Reflected Cross-Site Scripting via open_data_rdw_kenteken

Affected Software: Open RDW kenteken voertuiginformatie
CVE ID: CVE-2022-47431
CVSS Score: 6.1 (Medium)
Researcher/s: minhtuanact
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1fa87357-09c0-4e99-8ceb-41a7987c4a57

Solidres <= 0.9.4 – Reflected Cross-Site Scripting

Affected Software: Solidres – Hotel booking plugin for WordPress
CVE ID: CVE-2023-1377
CVSS Score: 6.1 (Medium)
Researcher/s: Erwan LR
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/36d9e9cd-7885-4127-b62c-ee0b3aad8846

SEO Plugin by Squirrly SEO <= 12.1.20 – Reflected Cross-Site Scripting via ‘page’ and ‘tab’

Affected Software: SEO Plugin by Squirrly SEO
CVE ID: CVE-2022-45065
CVSS Score: 6.1 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3edce64d-13c2-454a-b5da-0454453f69cb

WordPress Mortgage Calculator Estatik <= 2.0.7 – Reflected Cross-Site Scripting

Affected Software: WordPress Mortgage Calculator Estatik
CVE ID: CVE-2023-28490
CVSS Score: 6.1 (Medium)
Researcher/s: minhtuanact
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5ce9dd21-3c89-4ddd-9022-f1edf1224e2d

Drag and Drop Multiple File Upload PRO – Contact Form 7 Standard <= 2.11.0 – Reflected Cross-Site Scripting

Affected Software: Drag and Drop Multiple File Upload PRO – Contact Form 7 Standard
CVE ID: CVE Unknown
CVSS Score: 6.1 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/60ae8b8f-bc65-40df-b6ae-4ec8e328dbe5

WPML <= 4.6.1 – Cross-Site Scripting

Affected Software: wpml
CVE ID: CVE Unknown
CVSS Score: 6.1 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b5639c00-f34c-45e3-8ff1-dfde7856a80e

Brilliance <= 1.3.1 – Reflected Cross-Site Scripting

Affected Software: Brilliance
CVE ID: CVE-2023-28171
CVSS Score: 6.1 (Medium)
Researcher/s: Dave Jong
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e5726c70-c2c7-45b9-bd03-38cf1320646a

Mediciti Lite <= 1.3.0 – Reflected Cross-Site Scripting

Affected Software: Mediciti Lite
CVE ID: CVE-2023-28418
CVSS Score: 6.1 (Medium)
Researcher/s: Dave Jong
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ec2825b2-c8df-40fd-b44d-a840be66446f

Dynamics 365 Integration <= 1.3.12 – Missing Authorization via wp_ajax_wpcrm_log & wp_ajax_wpcrm_log_verbosity

Affected Software: Dynamics 365 Integration
CVE ID: CVE-2023-28417
CVSS Score: 5.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1671e437-09f0-46bc-87ef-3a5712c3dc98

Force First and Last Name as Display Name <= 1.2 – Cross-Site Request Forgery

Affected Software: Force First and Last Name as Display Name
CVE ID: CVE-2023-28419
CVSS Score: 5.4 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/27d579d5-a4d2-45f7-a7bb-8f384d851d7a

WP Google Map Plugin <= 4.4.2 – Cross-Site Request Forgery via delete()

Affected Software: WordPress Plugin for Google Maps – WP MAPS
CVE ID: CVE-2023-28172
CVSS Score: 5.4 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/71f58781-3fb3-4eba-8e5a-f98f006f4607

Redirect Redirection <= 1.1.4 – Cross-Site Request Forgery to Plugin De-Installation

Affected Software: Redirection
CVE ID: CVE Unknown
CVSS Score: 5.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7d500729-3b1a-4ece-81de-4c1f9afbf798

Regina Lite <= 2.0.7 – Reflected Cross-Site Scripting

Affected Software: Regina Lite
CVE ID: CVE-2023-27619
CVSS Score: 5.4 (Medium)
Researcher/s: Dave Jong
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7dcd3452-a340-44e5-b292-347dc69ab863

WooCommerce Weight Based Shipping <= 5.4.1 – Cross-Site Request Forgery leading to Plugin Settings Changes

Affected Software: WooCommerce Weight Based Shipping
CVE ID: CVE-2022-46794
CVSS Score: 5.4 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b5086b8d-6c74-4970-9937-5ddc5b528495

Site Reviews <= 6.5.1 – Missing Authorization

Affected Software: Site Reviews
CVE ID: CVE-2023-27625
CVSS Score: 5.4 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d94f6cdd-8232-4e0c-b510-0e755c280b58

Newsmag <= 2.4.4 – Reflected Cross-Site Scripting

Affected Software: NewsMag
CVE ID: CVE-2023-28493
CVSS Score: 5.4 (Medium)
Researcher/s: Brandon James Roldan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/debe6f54-0f56-4bc9-a0cd-4f2caa1ed9e3

WordPress Email Marketing Plugin – WP Email Capture <= 3.10 – Information Exposure via wp_email_capture_options_process

Affected Software: WordPress Email Marketing Plugin – WP Email Capture
CVE ID: CVE-2023-28421
CVSS Score: 5.3 (Medium)
Researcher/s: Nguyen Anh Tien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b4570948-1625-44b3-8af6-73765d9710ee

Popup Maker <= 1.17.1 – Sensitive Data Exposure via debug log file

Affected Software: Popup Maker – Popup for opt-ins, lead gen, & more
CVE ID: CVE-2022-47597
CVSS Score: 5.3 (Medium)
Researcher/s: rezaduty
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d0240b35-72d0-4943-84cd-5d1574609b36

Backup Bank: WordPress Backup Plugin <= 4.0.28 – Missing Authorization via post_user_feedback_backup_bank

Affected Software: Backup Bank: WordPress Backup Plugin
CVE ID: CVE-2023-28165
CVSS Score: 5.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e5ab6dcd-ef22-4fea-9e35-9358ede3ff5d

WP Simple Shopping Cart <= 4.6.3 – Information Disclosure

Affected Software: WordPress Simple Shopping Cart
CVE ID: CVE-2023-1431
CVSS Score: 5.3 (Medium)
Researcher/s: Ayoub Safa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ea4453bc-557b-4abf-85c6-4aecfd8f4012

WordPress Console <= 0.3.9 – Missing Authorization via reload.php

Affected Software: WordPress Console
CVE ID: CVE-2023-28168
CVSS Score: 5.3 (Medium)
Researcher/s: Prasanna V Balaji
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fd3cd605-6292-4a04-9aee-f4b9a8127e8e

PhonePe Payment Solutions <= 1.0.15 – Authenticated (Subscriber+) Server-Side Request Forgery

Affected Software: PhonePe Payment Solutions
CVE ID: CVE-2022-45835
CVSS Score: 5 (Medium)
Researcher/s: Aman Rawat
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8f24f7e2-2516-4f4d-955f-f3f6001cbce7

Auto Rename Media On Upload <= 1.0.5 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Auto Rename Media On Upload
CVE ID: CVE Unknown
CVSS Score: 4.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/25a566ed-9ed6-4c72-9728-49a0edfb5ba5

eCommerce Product Catalog plugin for WordPress <= 3.3.8 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: eCommerce Product Catalog Plugin for WordPress
CVE ID: CVE-2023-1470
CVSS Score: 4.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/26b7438e-438b-41eb-9458-2fba8ab1964d

WP Simple Events <= 1.0 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: WP Simple Events
CVE ID: CVE-2023-24376
CVSS Score: 4.4 (Medium)
Researcher/s: Nithissh S
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/53de68ad-76a6-4043-8369-7679c1c5c1cd

Easy Event calendar <= 1.0 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Easy Event calendar
CVE ID: CVE-2023-28169
CVSS Score: 4.4 (Medium)
Researcher/s: Nithissh S
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/57dda8e6-54d1-41db-a54d-4a5d635e23b7

Yandex.News Feed by Teplitsa <= 1.12.5 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Yandex.News Feed by Teplitsa
CVE ID: CVE-2023-25052
CVSS Score: 4.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/756810c0-d805-4391-a67b-19b40597d219

SMTP2GO <= 1.4.2 – Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings

Affected Software: SMTP2GO – Email Made Easy
CVE ID: CVE-2023-28496
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7cc618c8-63a9-4321-ad18-ee5277a5f5e0

WSB Brands <= 1.1.8 – Authenticated (Administrator+) Stored Cross-Site Scripting via $logo

Affected Software: WSB Brands
CVE ID: CVE-2022-47437
CVSS Score: 4.4 (Medium)
Researcher/s: TEAM WEBoB of BoB 11th
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/89321887-0116-47fb-b65b-008c9fb01b62

PB SEO Friendly Images <= 4.0.5 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: PB SEO Friendly Images
CVE ID: CVE-2022-47434
CVSS Score: 4.4 (Medium)
Researcher/s: Dimas Aprilianto
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/89fc8407-3d1f-4b1b-9b4c-13c0da928231

CMS Press <= 0.2.3 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: CMS Press
CVE ID: CVE-2023-25452
CVSS Score: 4.4 (Medium)
Researcher/s: Prasanna V Balaji
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/905cb57b-70ec-4324-ae66-9c06d1737939

Modern Footnotes <= 1.4.15 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Modern Footnotes
CVE ID: CVE-2023-28423
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/94b98842-8c75-4623-8cc9-ad3dc0916a18

Solidres <= 0.9.4 – Authenticated (Admin+) Stored Cross-Site Scripting

Affected Software: Solidres – Hotel booking plugin for WordPress
CVE ID: CVE-2023-1374
CVSS Score: 4.4 (Medium)
Researcher/s: Daniel Kelley
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b13ee51b-9f23-428f-9cef-4a9b9b06b0c4

WP Express Checkout <= 2.2.8 – Authenticated (Admin+) Stored Cross-Site Scripting via pec_coupon

Affected Software: WP Express Checkout (Accept PayPal Payments Easily)
CVE ID: CVE-2023-1469
CVSS Score: 4.4 (Medium)
Researcher/s: Ayoub Safa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b35ee801-f04d-4b22-8238-053b02a6ee0c

Branda – White Label WordPress <= 3.4.8.1 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Branda – White Label WordPress, Custom Login Page Customizer
CVE ID: CVE Unknown
CVSS Score: 4.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c3508b46-6920-48b9-9acb-620ea34e07e2

Klaviyo <= 3.0.7 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Klaviyo
CVE ID: CVE-2023-25456
CVSS Score: 4.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d2b66f27-e4d2-4f6e-be96-b7f967a30885

Modern Events Calendar lite <= 5.16.2 – Authenticated (Admin+) Stored Cross-Site Scripting

Affected Software: Modern Events Calendar Lite
CVE ID: CVE-2023-1400
CVSS Score: 4.4 (Medium)
Researcher/s: Pavak Tiwari
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e7465ca4-21e8-4935-b294-e7378b2b01a7

Slideshow Gallery LITE <= 1.7.6 – Cross-Site Request Forgery via admin_galleries

Affected Software: Slideshow Gallery LITE
CVE ID: CVE-2023-28497
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0a598274-3c67-4751-94d6-49abed38422c

Google XML Sitemap for Images <= 2.1.3 – Cross-Site Request Forgery via image_sitemap_generate

Affected Software: Google XML Sitemap for Images
CVE ID: CVE-2023-28173
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1165c68d-3da4-45f3-b054-4904e54d18ac

Slideshow Gallery LITE <= 1.7.6 – Cross-Site Request Forgery via admin_slides

Affected Software: Slideshow Gallery LITE
CVE ID: CVE-2023-28497
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/164ec659-e1a6-4267-b6e9-4e37a402e503

Real Estate Directory <= 1.0.4 – Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Activation

Affected Software: Real Estate Directory
CVE ID: CVE-2023-28532
CVSS Score: 4.3 (Medium)
Researcher/s: Dave Jong
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/17031e21-e697-4e01-8848-c3957f5dac7f

LOGIN AND REGISTRATION ATTEMPTS LIMIT <= 2.1 – Cross-Site Request Forgery

Affected Software: LOGIN AND REGISTRATION ATTEMPTS LIMIT
CVE ID: CVE-2022-47138
CVSS Score: 4.3 (Medium)
Researcher/s: rezaduty
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/257052f4-2b0a-4604-befd-651dc338b3d5

Chronoforms <= 7.0.9 – Cross-Site Request Forgery

Affected Software: Chronoforms
CVE ID: CVE-2022-47135
CVSS Score: 4.3 (Medium)
Researcher/s: rezaduty
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2c02b9b2-b41e-4a30-b69a-9cdae86dd7a7

Real Estate Directory <= 1.0.5 – Cross-Site Request Forgery via rdm_activate_plugin

Affected Software: Real Estate Directory
CVE ID: CVE-2023-28532
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/39a50c49-5c24-4ae7-8f77-4f3d98270f8f

CP Multi View Event Calendar <= 1.4.10 – Missing Authentication leading to Authenticated (Subscriber+) Private Form Submission

Affected Software: Calendar Event Multi View
CVE ID: CVE-2023-28492
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/49ebff14-ce09-4607-8246-50ae028957f6

Customify <= 2.10.4 – Cross-Site Request Forgery to Settings Update

Affected Software: Customify – Intuitive Website Styling
CVE ID: CVE-2023-27633
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4b1c0ee5-5329-411c-8030-14bec586d74d

Fluid Checkout for WooCommerce – Lite <= 2.3.1 – Cross-Site Request Forgery via dismiss_notice

Affected Software: Fluid Checkout for WooCommerce – Lite
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5c8caf17-7844-4f26-b989-d29593b3ffda

Website Monetization by MageNet <= 1.0.29.1 – Cross-Site Request Forgery via admin_magenet_settings

Affected Software: Website Monetization by MageNet
CVE ID: CVE-2023-22673
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5f1f3562-f869-4442-b77f-c06c5683c1b2

Bulk Resize Media <= 1.1 – Cross-Site Request Forgery via bulk_resize_resize_image

Affected Software: Bulk Resize Media
CVE ID: CVE-2022-46865
CVSS Score: 4.3 (Medium)
Researcher/s: Cat
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/605fbfb9-85d8-43ff-a738-ad1a8a9584c3

Import External Images <= 1.4 – Cross-Site Request Forgery via [placeholder]

Affected Software: Import External Images
CVE ID: CVE-2022-46866
CVSS Score: 4.3 (Medium)
Researcher/s: Cat
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6785be1c-85d4-48f1-be15-275c71284b3e

Reusable Blocks Extended <= 0.9 – Cross-Site Request Forgery via reblex_reusable_screen_block_pattern_registration

Affected Software: Reusable Blocks Extended
CVE ID: CVE-2023-27611
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/67c2cac8-c3cf-46d1-a592-229081bc31e1

WP Shortcode by MyThemeShop <= 1.4.16 – Cross-Site Request Forgery

Affected Software: WP Shortcode by MyThemeShop
CVE ID: CVE-2023-28495
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/763fec04-72c5-4910-af97-f58b5b69a02e

WP Basic Elements <= 5.2.15 – Cross-Site Request Forgery via wpbe_save_settings

Affected Software: WP Basic Elements
CVE ID: CVE-2022-47139
CVSS Score: 4.3 (Medium)
Researcher/s: rezaduty
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/78e79423-7b69-4d85-a939-96eb5385624c

Dynamics 365 Integration <= 1.3.12 – Cross-Site Request Forgery via wp_ajax_wpcrm_log

Affected Software: Dynamics 365 Integration
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7945110e-2a9d-4e0e-b0e8-77c16694993b

Hotel Booking Lite <= 4.6.0 – Cross-Site Request Forgery to Settings Update

Affected Software: Hotel Booking Lite
CVE ID: CVE-2023-28498
CVSS Score: 4.3 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7a874287-c648-4807-8387-b0b47187651e

CF7 Invisible reCAPTCHA <= 1.3.3 – Cross-Site Request Forgery via vsz_cf7_invisible_recaptcha_page

Affected Software: CF7 Invisible reCAPTCHA
CVE ID: CVE-2023-28167
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8fa1048e-bdcd-41d1-a7c4-196731a60843

HT Feed <= 1.2.7 – Cross-Site Request Forgery leading to Limited Plugin Activation

Affected Software: HT Feed
CVE ID: CVE-2023-23804
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/95723482-a6c5-4e95-a88d-c50a88108715

Contact Form Email <= 1.3.31 – Missing Authorization to Feedback Submission

Affected Software: Contact Form Email
CVE ID: CVE-2023-28494
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9596c243-4099-420a-aa2a-381b6299f927

Custom Options Plus <= 1.8.1 – Cross-Site Request Forgery via custom_options_plus_adm

Affected Software: Custom Options Plus
CVE ID: CVE-2023-28420
CVSS Score: 4.3 (Medium)
Researcher/s: Justiice
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/97c8858a-f05d-4159-b914-4e6ae9bf0d79

Store Locator <= 3.98.7 – Cross-Site Request Forgery to Settings Update

Affected Software: Store Locator for WordPress with Google Maps – LotsOfLocales
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/98ae3315-8361-43bb-be2c-1564f4df8d5b

Dynamics 365 Integration <= 1.3.12 – Cross-Site Request Forgery via wp_ajax_wpcrm_log_verbosity

Affected Software: Dynamics 365 Integration
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/98e0d103-2369-4c6a-93ae-6be2a1770bae

Contact Form 7 Redirect & Thank You Page <= 1.0.3 – Cross-Site Request Forgery via cf7rl_admin_table

Affected Software: Contact Form 7 Redirect & Thank You Page
CVE ID: CVE-2023-24395
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/99f831f2-fb96-4dc8-ba3d-6015fbc7e2e1

WP-Advanced-Search <= 3.3.8 – Cross-Site Request Forgery leading to Plugin Settings Updates

Affected Software: WordPress WP-Advanced-Search
CVE ID: CVE-2022-47447
CVSS Score: 4.3 (Medium)
Researcher/s: rezaduty
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a2ba21cd-d8f3-402a-b067-1758937d9eb4

Event Manager for WooCommerce <= 3.7.7 – Cross-Site Request Forgery leading to Uninstall Form Submission

Affected Software: Event Manager and Tickets Selling Plugin for WooCommerce
CVE ID: CVE-2022-47164
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/af59eb6d-1ffa-4593-9bfc-f910d907f6e0

Contact Form 7 – PayPal & Stripe Add-on <= 1.9.3 – Cross-Site Request Forgery

Affected Software: Contact Form 7 – PayPal & Stripe Add-on
CVE ID: CVE-2023-24405
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c0c13b83-6885-46db-bf33-0b2b63ff06db

WP Basic Elements <= 5.2.15 – Missing Authorization to Plugin Settings Update via wpbe_save_settings

Affected Software: WP Basic Elements
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d6516fc0-4ef8-423b-9cdb-a275996fd98b

Print Invoice & Delivery Notes for WooCommerce <= 4.7.2 – Cross-Site Request Forgery via ts_reset_tracking_setting

Affected Software: Print Invoice & Delivery Notes for WooCommerce
CVE ID: CVE-2022-46795
CVSS Score: 4.3 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d811782e-3b59-4a46-9a2e-f24ef3dfbd4a

Chankhe <= 1.0.5 – Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Activation

Affected Software: Chankhe
CVE ID: CVE-2023-28416
CVSS Score: 4.3 (Medium)
Researcher/s: Dave Jong
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/efa4b67c-1bb8-413a-8cb8-039168b0b586

Google XML Sitemap for Videos <= 2.6.1 – Cross-Site Request Forgery via video_sitemap_generate

Affected Software: Google XML Sitemap for Videos
CVE ID: CVE-2023-25055
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/feb4f3dc-9abf-4ee3-834e-e5516652d810

As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

 

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (Mar 13, 2023 to Mar 19, 2023) appeared first on Wordfence.

Leave a Comment