Last week, there were 107 vulnerabilities disclosed in 89 WordPress Plugins and 5 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 36 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API and webhook notifications are completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
New Firewall Rules Deployed Last Week
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
Form Maker by 10Web <= 1.15.19 – Unauthenticated Arbitrary File Upload
Media Library Assistant <= 3.09 – Unauthenticated Local/Remote File Inclusion & Remote Code Execution
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Total Unpatched & Patched Vulnerabilities Last Week
Patch Status
Number of Vulnerabilities
Unpatched
44
Patched
63
Total Vulnerabilities by CVSS Severity Last Week
Severity Rating
Number of Vulnerabilities
Low Severity
2
Medium Severity
89
High Severity
11
Critical Severity
5
Total Vulnerabilities by CWE Type Last Week
Vulnerability Type by CWE
Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
35
Cross-Site Request Forgery (CSRF)
31
Missing Authorization
24
Unrestricted Upload of File with Dangerous Type
3
Authorization Bypass Through User-Controlled Key
2
Deserialization of Untrusted Data
2
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
2
External Control of File Name or Path
1
Improper Input Validation
1
Server-Side Request Forgery (SSRF)
1
Improper Privilege Management
1
Improper Neutralization of Formula Elements in a CSV File
1
Improper Encoding or Escaping of Output
1
Information Exposure
1
Improper Authorization
1
Researchers That Contributed to WordPress Security Last Week
Researcher Name
Number of Vulnerabilities
Rio Darmawan
11
Mika
10
Abdi Pranata
10
thiennv
5
yuyudhn
4
Marco Wotschka
(Wordfence Vulnerability Researcher)
2
Lana Codes
(Wordfence Vulnerability Researcher)
2
Skalucy
2
Elliot
2
FearZzZz
2
qilin_99
2
Pepitoh
1
emad
1
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
Software Name
Software Slug
AcyMailing – Newsletter & mailing automation for WordPress
acymailing
All in One B2B for WooCommerce
all-in-one-b2b-for-woocommerce
Analytify – Google Analytics Dashboard For WordPress (GA4 made easy)
wp-analytify
Auto Amazon Links – Amazon Associates Affiliate Plugin
amazon-auto-links
Automatic YouTube Gallery
automatic-youtube-gallery
Back To The Top Button
back-to-the-top-button
BackupBliss – Backup Migration Staging
backup-backup
BitPay Checkout for WooCommerce
bitpay-checkout-for-woocommerce
Bulk NoIndex & NoFollow Toolkit
bulk-noindex-nofollow-toolkit-by-mad-fish
CP Blocks
cp-blocks
Carousel Slider
carousel-slider
Click To Tweet
click-to-tweet
Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms
fluentform
Cookie Notice & Consent
cookie-notice-consent
Customizable WordPress Gallery Plugin – Modula Image Gallery
modula-best-grid-gallery
Directorist – WordPress Business Directory Plugin with Classified Ads Listings
directorist
Duplicate Post Page Menu & Custom Post Type
duplicate-post-page-menu-custom-post-type
EWWW Image Optimizer
ewww-image-optimizer
Easy Form by AYS
easy-form
Easy WP Cleaner
easy-wp-cleaner
Email posts to subscribers
email-posts-to-subscribers
EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor
embedpress
Export Import Menus
export-import-menus
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
form-maker
Goods Catalog
goods-catalog
Hide admin notices – Admin Notification Center
wp-admin-notification-center
Insert Estimated Reading Time
insert-estimated-reading-time
Laposta Signup Basic
laposta-signup-basic
Laposta Signup Embed
laposta-signup-embed
Leadster
leadster-marketing-conversacional
Live News
live-news-lite
Locations
locations
MailMunch – Grow your Email List
mailmunch
Media Library Assistant
media-library-assistant
My Account Page Editor
my-account-page-editor
MyCryptoCheckout – Bitcoin, Ethereum, and 100+ altcoins for WooCommerce
mycryptocheckout
Notice Bar
notice-bar
Order Delivery Date for WP e-Commerce
order-delivery-date
Outbound Link Manager
outbound-link-manager
POEditor
poeditor
Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
wp-user-avatar
PeproDev CF7 Database
pepro-cf7-database
Poll Maker – Best WordPress Poll Plugin
poll-maker
Premium Starter Templates
astra-pro-sites
RSVPMaker
rsvpmaker
Realbig For WordPress
realbig-media
Regpack
regpack
Rescue Shortcodes
rescue-shortcodes
Restrict – membership, site, content and user access restrictions for WordPress
restricted-content
SAML Single Sign On – SSO Login Standard
miniorange-saml-20-single-sign-on
SIS Handball
sis-handball
SendPress Newsletters
sendpress
Simple Download Counter
simple-download-counter
Simple Membership
simple-membership
Slider Pro
sliderpro
Social Share, Social Login and Social Comments Plugin – Super Socializer
super-socializer
Staff / Employee Business Directory for Active Directory
ldap-ad-staff-employee-directory-search
StagTools
stagtools
Starter Templates — Elementor, WordPress & Beaver Builder Templates
astra-sites
Stock Quotes List
stock-quotes-list
Sunshine Photo Cart
sunshine-photo-cart
Swifty Bar, sticky bar by WPGens
swifty-bar
TelSender – Сontact form 7, Events, Wpforms and wooccommerce to telegram bot
telsender
Tilda Publishing
tilda-publishing
Travel Map
travelmap-blog
UniConsent CMP for GDPR CPRA GPP TCF
uniconsent-cmp
Use Memcached
use-memcached
User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds
userfeedback-lite
User Submitted Posts – Enable Users to Submit Posts from the Front End
user-submitted-posts
VS Contact Form
very-simple-contact-form
WP Accessibility Helper (WAH)
wp-accessibility-helper
WP Crowdfunding
wp-crowdfunding
WP Custom Post Template
wp-custom-post-template
WP Directory Kit
wpdirectorykit
WP Gallery Metabox
wp-gallery-metabox
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts
wedevs-project-manager
WP iCal Availability
wp-ical-availability
WP-dTree
wp-dtree-30
WRC Pricing Tables – WordPress Responsive CSS3 Pricing Tables
wrc-pricing-tables
WiserNotify Social Proof & FOMO Notification, WooCommerce Sales Popup, Review Popups, Notification Bars & Urgency Widgets
wiser-notify
WooCommerce PensoPay
woo-pensopay
Woocommerce Support System
wc-support-system
WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds
another-wordpress-classifieds-plugin
WordPress File Sharing Plugin
user-private-files
WordPress Social Login
wordpress-social-login
iFolders – Ultimate Folder Manager for Media, Pages, Posts & etc
ifolders
rtMedia for WordPress, BuddyPress and bbPress
buddypress-media
wordpress publish post email notification
publish-post-email-notification
wpCentral
wp-central
WordPress Themes with Reported Vulnerabilities Last Week
Software Name
Software Slug
Attorney
attorney
Flatsome
flatsome
Raise Mag
raise-mag
Wishful Blog
wishful-blog
Woodmart
woodmart
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities.
Media Library Assistant <= 3.09 – Unauthenticated Local/Remote File Inclusion & Remote Code Execution
CVE ID: CVE-2023-4634
CVSS Score: 9.8 (Critical)
Researcher/s: Pepitoh
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/05c68377-feb6-442d-a3a0-1fbc246c7cbf
RSVPMaker <= 10.6.6 – Unauthenticated PHP Object Injection
CVE ID: CVE-2023-25054
CVSS Score: 9.8 (Critical)
Researcher/s: Ravi Dharmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/647cc71d-4d3a-4722-b498-baaee2450809
All in One B2B for WooCommerce <= 1.0.3 – Unauthenticated Privilege Escalation
CVE ID: CVE-2023-4703
CVSS Score: 9.8 (Critical)
Researcher/s: Alexander Concha
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/aab3016d-5834-4b4a-a206-0b626884b335
Flatsome <= 3.17.5 – Unauthenticated PHP Object Injection
CVE ID: CVE-2023-40555
CVSS Score: 9.8 (Critical)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bfc4863a-1b8c-4b13-9df1-18f221b40b26
Form Maker by 10Web <= 1.15.19 – Unauthenticated Arbitrary File Upload
CVE ID: CVE Unknown
CVSS Score: 9.8 (Critical)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c691d129-35db-4de8-a28e-5e77347e2280
WP Project Manager <= 2.6.0 – Authenticated (Subscriber+) SQL Injection
CVE ID: CVE-2023-34383
CVSS Score: 8.8 (High)
Researcher/s: Theodoros Malachias
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/79dabaa6-d907-4fa6-bc6f-f28f39578256
Export Import Menus <= 1.8.0 – Authenticated (Contributor+) Arbitrary File Upload
CVE ID: CVE-2023-34385
CVSS Score: 8.8 (High)
Researcher/s: Emili Castells
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d74efb03-4a1c-4163-bd79-ef17975a609e
My Account Page Editor <= 1.3.1 – Authenticated (Subscriber+) Arbitrary File Upload
CVE ID: CVE-2023-4536
CVSS Score: 8.8 (High)
Researcher/s: Alex Concha
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f87b6987-8896-4edf-9b14-8582426adeb0
ProfilePress <= 4.13.2 – Limited Privilege Escalation via ‘acceptable_defined_roles’
CVE ID: CVE Unknown
CVSS Score: 7.3 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5b2840ee-3b48-415e-9bed-d34d0b6e36d7
Woocommerce Support System <= 1.2.0 – Missing Authorization
CVE ID: CVE-2023-41686
CVSS Score: 7.3 (High)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8004a306-4c8f-40e9-accc-a12d65b5f2f9
Woocommerce Support System <= 1.2.0 – Authenticated (Administrator+) SQL Injection via ‘orderby’
CVE ID: CVE-2023-41685
CVSS Score: 7.2 (High)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/efab7ec7-7143-4556-8d68-4a7e34f46e9e
Travel Map <= 1.0.1 – Unauthenticated Cross-Site Scripting
CVE ID: CVE-2023-41860
CVSS Score: 7.2 (High)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3f04a742-56be-42e9-9080-2131c6e98325
Click To Tweet <= 2.0.14 – Unauthenticated Cross-Site Scripting
CVE ID: CVE-2023-41856
CVSS Score: 7.2 (High)
Researcher/s: thiennv
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b5031140-9a48-43da-b946-00ce9c70258b
PeproDev CF7 Database <= 1.7.0 – Unauthenticated Stored Cross-Site Scripting via form submission
CVE ID: CVE-2023-41863
CVSS Score: 7.2 (High)
Researcher/s: FearZzZz
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c7a7df90-a542-48cf-a58e-bcbddc978df2
Simple Membership <= 4.3.5 – Reflected Cross-Site Scripting
CVE ID: CVE-2023-4719
CVSS Score: 7.2 (High)
Researcher/s: FearZzZz
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e4b10172-7e54-4ff8-9fbb-41d160ce49e4
User Feedback <= 1.0.7 – Unauthenticated Stored Cross-Site Scripting
CVE ID: CVE-2023-39308
CVSS Score: 7.2 (High)
Researcher/s: Revan Arifio
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f9e45bc2-6db6-49cd-8a4a-58489a8ddac2
All in One B2B for WooCommerce <= 1.0.3 – Cross-Site Request Forgery
CVE ID: CVE-2023-3547
CVSS Score: 6.5 (Medium)
Researcher/s: Alex Sanford
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bd53bc57-b10e-47a7-8c10-96bf1f1e82a5
Auto Amazon Links <= 5.3.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via style
CVE ID: CVE-2023-4482
CVSS Score: 6.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/11ffb8a1-55d2-44c5-bcd2-ba866b94e8bc
Goods Catalog <= 2.4.1 – Authenticated (Contributor+) Stored Cross-Site Scripting
CVE ID: CVE-2023-41687
CVSS Score: 6.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/21542a9e-efa2-4655-b076-d282e3678fdf
Rescue Shortcodes <= 2.5 – Authenticated (Contributor+) Stored Cross-Site Scripting
CVE ID: CVE-2023-41728
CVSS Score: 6.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6a11e7c9-f565-4a8c-895f-425c6654b5a9
Starter Templates <= 3.2.4 – Authenticated (Contributor+) Server-Side Request Forgery
CVE ID: CVE-2023-41804
CVSS Score: 6.4 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6e0bdbba-2b67-42b9-8c26-115d472aed0e
Simple Download Counter <= 1.6 – Authenticated (Contributor+) Stored Cross-Site Scripting
CVE ID: CVE-2023-4838
CVSS Score: 6.4 (Medium)
Researcher/s: NGÔ THIÊN AN
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/aa5f7f2a-c7b7-4339-a608-51fd684c18bf
User Submitted Posts <= 20230901 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-41696
CVSS Score: 6.4 (Medium)
Researcher/s: NGÔ THIÊN AN
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b7fca965-86f8-4ee4-a9d6-cb18fe5f098e
WordPress Social Login <= 3.0.4 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-4773
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b987822d-2b1b-4f79-988b-4bd731864b63
User Submitted Posts – Enable Users to Submit Posts from the Front End <= 20230811 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVE ID: CVE-2023-4779
CVSS Score: 6.4 (Medium)
Researcher/s: NGÔ THIÊN AN
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d21ca709-183f-4dd1-849c-f1b2a4f7ec43
Notice Bar <= 3.1.0 – Authenticated (Contributor+) Stored Cross-Site Scripting
CVE ID: CVE-2023-41847
CVSS Score: 6.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/defc5b5a-243d-4564-a9f8-3ecf3538129b
Locations <= 4.0 – Authenticated (Contributor+) Stored Cross-Site Scripting
CVE ID: CVE-2023-41797
CVSS Score: 6.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fe10acf6-2649-4e85-abd1-b6840169eb41
Attorney <= 3 – Reflected Cross-Site Scripting
CVE ID: CVE-2023-41692
CVSS Score: 6.1 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/026443b6-4ab5-4f31-8a8d-2019097bde4c
Restrict <= 2.2.4 – Reflected Cross-Site Scripting
CVE ID: CVE-2023-41861
CVSS Score: 6.1 (Medium)
Researcher/s: thiennv
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/62029ce5-ab97-4594-93e6-469ef5692320
WooCommerce PensoPay <= 6.3.1 – Reflected Cross-Site Scripting via ‘pensopay_action’
CVE ID: CVE-2023-41691
CVSS Score: 6.1 (Medium)
Researcher/s: Le Ngoc Anh
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6845b506-3d38-47f6-9348-d7931e65707a
WoodMart <= 7.2.4 – Reflected Cross-Site Scripting
CVE ID: CVE-2023-41872
CVSS Score: 6.1 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6fc92b8f-6794-461a-b6b6-598de21f5e2d
AcyMailing SMTP Newsletter <= 8.6.2 – Reflected Cross-Site Scripting
CVE ID: CVE-2023-41867
CVSS Score: 6.1 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9f82ec7c-72a0-4c3b-8041-c6ad080a48f1
Stagtools <= 2.3.7 – Reflected Cross-Site Scripting
CVE ID: CVE-2023-41868
CVSS Score: 6.1 (Medium)
Researcher/s: Le Ngoc Anh
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ca09ce0d-3989-420d-9457-f0acd709cc6b
Poll Maker <= 4.7.0 – Reflected Cross-Site Scripting
CVE ID: CVE-2023-41871
CVSS Score: 6.1 (Medium)
Researcher/s: Le Ngoc Anh
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/faad9cf7-5d83-4ade-b121-c38fb0de78a5
Wishful Blog <= 2.0.1 & Raise Mag <= 1.0.7 – Unauthenticated Cross-Site Scripting
CVE ID: CVE-2023-28621
CVSS Score: 6.1 (Medium)
Researcher/s: László Radnai
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fb33f779-d045-48dd-babe-8b1fab903124
Stock Quotes List <= 2.9.9 – Authenticated (Contributor+) Stored Cross-Site Scripting
CVE ID: CVE-2023-41666
CVSS Score: 5.4 (Medium)
Researcher/s: deokhunKim
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1dffbb2d-69d1-495c-8c96-64c5fd878fcd
Tilda Publishing <= 0.3.21 – Missing Authorization
CVE ID: CVE-2023-31234
CVSS Score: 5.4 (Medium)
Researcher/s: spacecroupier
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4a992bb2-67b9-48db-a536-c3af79e93af4
Staff / Employee Business Directory for Active Directory <= 1.2.1 – Insufficient Escaping of Stored LDAP Values
CVE ID: CVE-2023-4757
CVSS Score: 5.4 (Medium)
Researcher/s: Pedro José Navas Pérez
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b1355e9f-fa3a-439a-a13f-49b10dd4473a
Easy WP Cleaner <= 1.9 – Cross-Site Request Forgery
CVE ID: CVE-2023-41697
CVSS Score: 5.4 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c4c2689d-be51-4907-b624-c85da39f545d
Contact Form for Plugin by Fluent Forms <= 5.0.8 – Insecure Direct Object Reference
CVE ID: CVE-2023-41952
CVSS Score: 5.3 (Medium)
Researcher/s: Revan Arifio
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/20f31e48-0dbb-498a-a400-681cacea7c9c
Sunshine Photo Cart <= 3.0.5 – Insecure Direct Object Reference to Order Manipulation
CVE ID: CVE-2023-41796
CVSS Score: 5.3 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2eae7c33-2347-4b34-8b5f-7f4a6ee3e9c1
TelSender <= 1.14.7 – Missing Authorization
CVE ID: CVE-2023-41683
CVSS Score: 5.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/39193ebd-005a-4497-9939-99947323a1a0
WP Directory Kit <= 1.2.6 – Missing Authorization
CVE ID: CVE-2023-41875
CVSS Score: 5.3 (Medium)
Researcher/s: Debangshu Kundu, Arpeet Rathi
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/60083262-198d-4a7d-bb0a-717a744e20f9
Email posts to subscribers <= 6.2 – Missing Authorization to Sensitive Information Exposure
CVE ID: CVE-2023-41735
CVSS Score: 5.3 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7730d670-d270-4755-bc9a-550498a28edb
WRC Pricing Tables <= 2.3.7 – Missing Authorization
CVE ID: CVE-2023-32293
CVSS Score: 5.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/823dc422-12f4-4f7d-a305-2e4db18bafdf
WiserNotify Social Proof <= 2.5 – Missing Authorization
CVE ID: CVE-2023-41690
CVSS Score: 5.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/86055b1b-23a6-4e33-8818-0af58c8e6383
EWWW Image Optimizer <= 7.2.0 – Sensitive Information Exposure
CVE ID: CVE Unknown
CVSS Score: 5.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d7d08bfd-9861-4e21-a696-25b00233ad94
VS Contact Form <= 13.9 – Missing Authorization
CVE ID: CVE-2023-41862
CVSS Score: 5.3 (Medium)
Researcher/s: qilin_99
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e3f665b8-fbd5-4100-baf6-3fa99332a5dc
BitPay Checkout for WooCommerce <= 4.1.0 – Missing Authorization
CVE ID: CVE-2023-41803
CVSS Score: 5.3 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ea489c69-d4d9-4e05-8cac-25fd17d48506
UniConsent Cookie Consent CMP for GDPR / CCPA <= 1.4.2 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-41800
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/19c9cf3e-553b-4cbd-9f2c-803e188a2581
WordPress File Sharing Plugin <= 2.0.3 – Authenticated (Admin+) Stored Cross-Site Scripting
CVE ID: CVE-2023-4636
CVSS Score: 4.4 (Medium)
Researcher/s: Shuning Xu
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1df04293-87e9-4ab4-975d-54d36a993ab0
Insert Estimated Reading Time <= 1.2 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-41734
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/45426cdd-2721-4959-8f0b-13025f775d62
Cookie Notice & Consent 1.6.0 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-41948
CVSS Score: 4.4 (Medium)
Researcher/s: DoYeon Park
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/489dc156-b8cb-4e08-a847-73a891398d5c
SendPress Newsletters <= 1.22.3.31 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-41729
CVSS Score: 4.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5d173077-06c4-4a23-a664-0be8516053ec
Swifty Bar, sticky bar by WPGens <= 1.2.10 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-41737
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/66c90387-af23-48fc-94da-708b9c223fe3
wordpress publish post email notification <= 1.0.2.2 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-41731
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/705d11b1-0924-46ae-a6e6-8fab16a4df00
iFolders <= 1.5.0 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-41949
CVSS Score: 4.4 (Medium)
Researcher/s: emad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d1f957ce-7bb0-4701-8b2a-522211c408d8
Order Delivery Date for WP e-Commerce <= 1.2 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-41859
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d74f5813-cf7a-4ffb-9306-56f29b3a7d04
Email posts to subscribers <= 6.2 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-41736
CVSS Score: 4.4 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e818a5db-acb7-4b16-80b1-939904e93791
Back To The Top Button <= 2.1.5 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-41733
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ed8cd92a-c791-4781-a7bc-9b2a4d559d7d
Regpack <= 0.1 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVE ID: CVE-2023-41855
CVSS Score: 4.4 (Medium)
Researcher/s: Pavitra Tiwari
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f3cdc0ba-d28f-488c-a703-f9d880f0582e
Backup Migration <= 1.2.9 – Cross-Site Request Forgery
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/00274313-9079-4877-b72e-310e312aa814
Automatic YouTube Gallery <= 2.3.3 – Missing Authorization via AJAX actions
CVE ID: CVE-2023-41866
CVSS Score: 4.3 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0a58d45b-c91b-4141-992e-336650d7252b
rtMedia for WordPress, BuddyPress and bbPress <= 4.6.14 – Missing Authorization via export_settings
CVE ID: CVE-2023-41951
CVSS Score: 4.3 (Medium)
Researcher/s: thiennv
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0cb5df54-a6a7-4c2e-8df0-5d050218622e
Super Socializer <= 7.13.54 – Missing Authorization
CVE ID: CVE-2023-41802
CVSS Score: 4.3 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/101dd211-c3eb-4d27-9194-841bc2a968e6
Laposta Signup Embed <= 1.1.0 – Missing Authorization
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/12b81441-d22c-4211-a8da-811182de622d
CP Blocks <= 1.0.20 – Cross-Site Request Forgery to Settings Update
CVE ID: CVE-2023-41732
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/35cd1788-1756-4d03-8f6f-e5e4153e3f4f
Leadster <= 1.1.2 – Cross-Site Request Forgery
CVE ID: CVE-2023-41668
CVSS Score: 4.3 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/361216af-b939-4ac1-ae06-97552d283670
EmbedPress <= 3.8.3 – Cross-Site Request Forgery
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/36ba23ea-7e79-4048-8030-7ed6b2ff45a6
Live News <= 1.06 – Cross-Site Request Forgery
CVE ID: CVE-2023-41669
CVSS Score: 4.3 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3ee59570-85c3-4394-bebb-c3f49c08be67
WP Gallery Metabox <= 1.0.0 – Cross-Site Request Forgery
CVE ID: CVE-2023-41876
CVSS Score: 4.3 (Medium)
Researcher/s: Skalucy
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/46c4b7f7-e3e6-46b8-b959-07775db8bb6c
wpCentral <= 1.5.7 – Cross-Site Request Forgery
CVE ID: CVE-2023-41854
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/49d03254-7399-4a5d-9ce9-7d4736b8b2ee
Laposta Signup Embed <= 1.1.0 – Cross-Site Request Forgery
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4c0cbf44-f6b4-408d-9a96-98f45d890822
POEditor <= 0.9.4 – Cross-Site Request Forgery
CVE ID: CVE-2023-32091
CVSS Score: 4.3 (Medium)
Researcher/s: Elliot
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4e81e947-4892-4028-8a09-6a048bf6a572
Carousel Slider <= 2.2.2 – Missing Authorization
CVE ID: CVE-2023-41848
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Anh Tien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5465eaab-03c0-438a-8553-c1f8b06b82bc
SIS Handball <= 1.0.45 – Cross-Site Request Forgery
CVE ID: CVE-2023-41684
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5973afaa-5a64-4db1-8e32-3b39d1367eb8
Bulk NoIndex & NoFollow Toolkit <= 1.5 – Missing Authorization
CVE ID: CVE-2023-41688
CVSS Score: 4.3 (Medium)
Researcher/s: Skalucy
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5cb79fbc-705a-4fb4-b441-7fe7ab6dea10
rtMedia for WordPress, BuddyPress and bbPress <= 4.6.14 – Missing Authorization to Settings Update
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5dfc145e-d2d4-4137-a5c6-dec2ebb41876
WP-dTree <= 4.4.5 – Cross-Site Request Forgery
CVE ID: CVE-2023-41667
CVSS Score: 4.3 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/61808624-b2c7-4e86-b5a1-56f32fca9eaa
Realbig <= 1.0.2 – Cross-Site Request Forgery
CVE ID: CVE-2023-41694
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/70ae0f3e-75a8-41c7-91c0-52d672809835
Order Delivery Date for WP e-Commerce <= 1.2 – Cross-Site Request Forgery
CVE ID: CVE-2023-41858
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/74a74817-30ff-42ec-9bd4-7d0638d6643c
Click To Tweet <= 2.0.14 – Missing Authorization
CVE ID: CVE-2023-41857
CVSS Score: 4.3 (Medium)
Researcher/s: thiennv
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7f765327-3872-46cc-a4f9-40219bf0dd99
Outbound Link Manager <= 1.2 – Cross-Site Request Forgery
CVE ID: CVE-2023-41850
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8dfc0d5e-bdc4-4f71-8aa3-0a4fbd7ef37d
Analytify Dashboard <= 5.1.0 – Missing Authorization to Opt-In
CVE ID: CVE-2023-41695
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/970b3a0f-c1cc-4d85-8271-a523ccdbcc39
AWP Classifieds <= 4.3 – Cross-Site Request Forgery
CVE ID: CVE-2023-41801
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b06a1b66-9057-4f16-878c-4fa66489f0ff
Use Memcached <= 1.0.5 – Cross-Site Request Forgery
CVE ID: CVE-2023-41670
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b63f4de2-32e1-4c5e-a64d-fb66d2e2b3a8
WP Custom Post Template <= 1.0 – Cross-Site Request Forgery
CVE ID: CVE-2023-41851
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b796b514-b6ca-4a22-9340-df02fec97075
Laposta Signup Basic <= 1.4.1 – Missing Authorization
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b7e417c2-bf9c-4c88-be2b-9c2324897b07
WP Accessibility Helper (WAH) <= 0.6.2.4 – Missing Authorization via AJAX action
CVE ID: CVE-2023-41869
CVSS Score: 4.3 (Medium)
Researcher/s: thiennv
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b97b84a8-cf4e-4648-8d58-b81a71b7988c
Hide admin notices – Admin Notification Center <= 2.3.2 – Cross-Site Request Forgery
CVE ID: CVE-2023-41672
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b98c5623-15fe-4937-9a0e-770aa0ab06f3
WP iCal Availability <= 1.0.3 – Cross-Site Request Forgery
CVE ID: CVE-2023-41853
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bc3f1d4e-84f7-4878-8b06-10444caa7dcf
Super Socializer <= 7.13.54 – Cross-Site Request Forgery
CVE ID: CVE-2023-41802
CVSS Score: 4.3 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bc6cfad1-d23a-4a96-9d6c-841b6d795a01
rtMedia for WordPress, BuddyPress and bbPress <= 4.6.14 – Missing Authorization to Sensitive Information Exposure
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/be837a77-9b25-43af-aaba-94a8aa59e7e3
SAML SP Single Sign On <= 5.0.4 – Missing Authorization to notice dismissal
CVE ID: CVE-2023-41873
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c3114906-fac1-42b9-9ba1-0a5d44c2fb3a
WP Crowdfunding <= 2.1.4 – Missing Authorization via settings_reset
CVE ID: CVE-2023-41870
CVSS Score: 4.3 (Medium)
Researcher/s: Elliot
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cddf4aa1-5c7d-4aa1-9384-1c352f0c6da9
Laposta Signup Basic <= 1.4.1 – Cross-Site Request Forgery
CVE ID: CVE-2023-41950
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d1ba4b18-ff46-45ef-b7d4-0a314cf2d74c
Duplicate Post Page Menu & Custom Post Type <= 2.3.1 – Missing Authorization to Post Duplication
CVE ID: CVE-2023-4792
CVSS Score: 4.3 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d6bb08e8-9ef5-41db-a111-c377a5dfae77
ProfilePress <= 4.13.1 Cross-Site Request Forgery via ‘admin_notice’
CVE ID: CVE-2023-41953
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e103f59a-00fa-4d4c-b4fc-834754886d49
WP Crowdfunding <= 2.1.5 – Cross-Site Request Forgery
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e4dc8f18-d990-4e41-8bf8-dfa9de4c0f6e
MyCryptoCheckout <= 2.125 – Cross-Site Request Forgery
CVE ID: CVE-2023-41693
CVSS Score: 4.3 (Medium)
Researcher/s: qilin_99
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e5575725-99ba-4499-93e5-f7648c82ac52
Starter Templates <= 3.2.5 – Incorrect Authorization
CVE ID: CVE-2023-41805
CVSS Score: 4.3 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ebd78e52-f20d-42be-8f68-3d09d5abf837
Easy Form by AYS <= 1.3.8 – Cross-Site Request Forgery
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ee595f48-b72f-4569-a248-7dbd0b9152ae
MailMunch – Grow your Email List <= 3.1.2 – Cross-Site Request Forgery
CVE ID: CVE-2023-41852
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f6409626-c8cb-412c-aff3-cbb2da212e5d
Slider Pro <= 4.8.6 – Missing Authorization via AJAX actions
CVE ID: CVE-2023-41865
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f813cb1a-5922-48a5-a026-66ec9aaac294
SendPress Newsletters <= 1.22.3.31 – Cross-Site Request Forgery
CVE ID: CVE-2023-41730
CVSS Score: 4.3 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fb70339c-0f1a-4acc-af7a-8a0320fdfe71
Directorist <= 7.7.1 – CSV Injection
CVE ID: CVE-2023-41798
CVSS Score: 3.8 (Low)
Researcher/s: Rafshanzani Suhada
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ab233ceb-270c-4694-9cf9-2de8ddfcbbfd
Modula <= 2.7.4 – Incomplete Authorization via ‘save_image’ and ‘save_images’
CVE ID: CVE Unknown
CVSS Score: 2.2 (Low)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f029bd86-d979-45d1-97fe-75c43fb71148
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (September 4, 2023 to September 10, 2023) appeared first on Wordfence.