Wordfence Intelligence Weekly WordPress Vulnerability Report (Feb 20, 2023 to Feb 26, 2023)

Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence Community Edition.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Our mission with Wordfence Intelligence Community Edition is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence Community Edition user interface and vulnerability API are completely free to access and utilize both personally and commercially.

Last week, there were 136 vulnerabilities disclosed in WordPress based software that have been added to the Wordfence Intelligence Community Edition Vulnerability Database, and there were 33 Vulnerability Researchers that contributed to WordPress Security last week. You can find those vulnerabilities below along with some data about the vulnerabilities that were added.

Click here to sign-up for our mailing list and receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.


Total Unpatched & Patched Vulnerabilities Last Week

Patch Status Number of Vulnerabilities
Unpatched 41
Patched 95

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating Number of Vulnerabilities
Low Severity 1
Medium Severity 114
High Severity 17
Critical Severity 4

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE Number of Vulnerabilities
Cross-Site Request Forgery (CSRF) 50
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 40
Missing Authorization 29
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) 4
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) 2
Information Exposure 2
Improper Authorization 1
Improper Input Validation 1
Improper Privilege Management 1
Deserialization of Untrusted Data 1
Improper Control of Generation of Code (‘Code Injection’) 1
Unrestricted Upload of File with Dangerous Type 1
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) 1
Inefficient Regular Expression Complexity 1
Improper Neutralization of Formula Elements in a CSV File 1

Researchers That Contributed to WordPress Security Last Week

Researcher Name Number of Vulnerabilities
Rio Darmawan 16
Lana Codes 11
Mika 11
Marco Wotschka 9
yuyudhn 5
Rafshanzani Suhada 5
rezaduty 4
Abdi Pranata 4
Dave Jong 3
Mahesh Nagabhairava 3
Muhammad Daffa 3
Lokesh Dachepalli 2
Ivan Kuzymchak 2
Erwan LR 2
Rafie Muhammad 2
thiennv 2
MyungJu Kim 2
minhtuanact 1
Joshua Martinelle 1
Nguyen Anh Tien 1
Darius Sveikauskas 1
NeginNrb 1
Fariq Fadillah Gusti Insani 1
Aman Rawat 1
84EM 1
Nguyen Xuan Chien 1
FearZzZz 1
Numan Rajkotiya 1
Prasanna V Balaji 1
Justiice 1
Cat 1
deokhunKim 1
Marc-Alexandre Montpas 1

Vulnerability Details

Zendrop – Global Dropshipping <= 1.0.0 – SQL Injection in setMetaData

CVE ID: CVE-2023-25960
CVSS Score: 9.8 (Critical)
Researcher/s: Dave Jong
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/153e435b-9986-4242-a89b-12e8f1552803

Houzez Login Register <= 2.6.3 – Privilege Escalation

CVE ID: CVE-2023-26009
CVSS Score: 9.8 (Critical)
Researcher/s: Dave Jong
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2948d8f6-4b7b-49c3-a917-4306448416ff

Zendrop – Global Dropshipping <= 1.0.0 – Arbitrary File Upload

CVE ID: CVE-2023-25970
CVSS Score: 9.8 (Critical)
Researcher/s: Dave Jong
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6a0be61b-a1ee-499f-b991-58d5494bce18

Live Streaming – Broadcast Live Video <= 5.5.15 – Missing Authorization to Unauthenticated Remote Code Execution

CVE ID: CVE-2023-25699
CVSS Score: 9.1 (Critical)
Researcher/s: minhtuanact
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/27180d98-223a-4d86-b8ea-e47da1d61bbf

PayGreen – Ancienne version <= 4.10.2 – Cross-Site Request Forgery

CVE ID: CVE-2023-25986
CVSS Score: 8.8 (High)
Researcher/s: Lokesh Dachepalli
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1a8b22b4-151c-4f42-a0a0-966dc5eb7a9d

BuddyForms <= 2.7.7 – PHAR Deserialization

CVE ID: CVE-2023-26326
CVSS Score: 8.8 (High)
Researcher/s: Joshua Martinelle
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2f6669aa-e53c-45bb-88c4-2e1350993423

Paytm Payment Gateway <= 2.7.3 – Authenticated (Editor+) SQL Injection via 'post'

CVE ID: CVE-2022-45805
CVSS Score: 8.8 (High)
Researcher/s: Aman Rawat
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6fa560b2-6283-42ab-a482-1e02d08181f8

Drag and Drop Multiple File Upload for WooCommerce <= 1.0.8 – Cross-Site Request Forgery in upload and delete_file

CVE ID: CVE-2022-45377
CVSS Score: 8.8 (High)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7087221f-c092-4803-8725-687ffbbbd941

Booking Ultra Pro <= 1.1.4 – Cross-Site Request Forgery

CVE ID: CVE-2022-46816
CVSS Score: 8.8 (High)
Researcher/s: Nguyen Xuan Chien
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8cd1b975-ac38-4393-9928-109db507828c

WP Meta SEO <= 4.5.2 – Authenticated (Subscriber+) SQL Injection

CVE ID: CVE Unknown
CVSS Score: 8.8 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b2c83287-13ca-4fdc-95b6-97da150b0c09

Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.6.5 – Cross-Site Request Forgery in dnd_upload_cf7_upload and dnd_codedropz_upload_delete

CVE ID: CVE-2022-45364
CVSS Score: 8.8 (High)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c8b1015f-6825-4813-b5db-71f1c1e88310

Custom Content Shortcode <= 4.0.2 – Authenticated (Contributor+) Local File Inclusion via Shortcode

CVE ID: CVE-2023-0340
CVSS Score: 8.8 (High)
Researcher/s: Erwan LR
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d245dc6c-c579-4e28-a953-9227261911d4

Slimstat Analytics <= 4.9.3.2 – Authenticated (Subscriber+) SQL Injection via Shortcode

CVE ID: CVE-2023-0630
CVSS Score: 8.8 (High)
Researcher/s: Marc-Alexandre Montpas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fce15e1c-e2eb-4bd9-8b07-78d87a6ae1cc

simple-git < 3.16.0 – Remote Code Execution

CVE ID: CVE-2022-25860
CVSS Score: 8.1 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/46fdd494-8073-4a68-a4ab-1f5767011f67

GMAce <= 1.5.2 – Cross-Site Request Forgery via gmace_manager_client

CVE ID: CVE-2023-23861
CVSS Score: 8.1 (High)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c6e82b46-0b10-45fe-949e-dd94dd8656c0

Community by PeepSo <= 6.0.2.0 – Cross-Site Request Forgery leading to Plugin/Subscription Deletion

CVE ID: CVE-2023-25967
CVSS Score: 8.1 (High)
Researcher/s: Cat
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dcf59d89-43e9-4bb2-be4f-9308698d1bb3

Video Gallery – YouTube Gallery <= 1.7.6 – Missing Authorization

CVE ID: CVE-2023-25988
CVSS Score: 7.3 (High)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7fc8436b-f787-41dd-8404-9e85cca38cdf

Real Estate 7 Theme <= 3.3.1 – Stored Cross-Site Scripting

CVE ID: CVE-2022-47146
CVSS Score: 7.2 (High)
Researcher/s: FearZzZz
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/952aec28-a380-4c6d-8391-b21cddf90a5c

10Web Booster – Website speed optimization, Cache & Page Speed optimizer <= 2.13.44 – Missing Authorization in Settings Import to Stored Cross-Site Scripting

CVE ID: CVE Unknown
CVSS Score: 7.2 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9c8b0de4-e3ee-4711-8f27-097dee843dd8

ProfilePress <= 4.5.4 – Unauthenticated Stored Cross-Site Scripting

CVE ID: CVE-2023-23830
CVSS Score: 7.2 (High)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e4077fda-3f39-4e17-b7b8-3f1b6bf0a9e1

WP Meta SEO <= 4.5.2 – Missing Authorization in 'startProcess'

CVE ID: CVE Unknown
CVSS Score: 7.1 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/29c47391-5d37-4f49-8806-1f378a6306d0

All In One Favicon <= 4.7 – Authenticated(Admin+) Directory Traversal

CVE ID: CVE-2023-24416
CVSS Score: 6.5 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1a081788-007e-463b-b757-afefcf4c6e17

WP OAuth Server <= 4.2.3 – Cross-Site Request Forgery to Arbitrary Post Deletion (wo_ajax_remove_client)

CVE ID: CVE-2022-3894
CVSS Score: 6.5 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3bf68449-487d-4ef1-86be-c51dc7d79054

All in One SEO Pack <= 4.2.9 – Authenticated (Contributor+) Stored Cross-Site Scripting

CVE ID: CVE-2023-0586
CVSS Score: 6.4 (Medium)
Researcher/s: Ivan Kuzymchak
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1c13f00e-3048-44cf-8979-2b0b0c508f3a

Sp*tify Play Button for WordPress <= 2.05 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

CVE ID: CVE-2023-26536
CVSS Score: 6.4 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/28941027-a812-4d53-b3da-4e715202f88d

Simple YouTube Responsive <= 2.5 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

CVE ID: CVE-2023-25982
CVSS Score: 6.4 (Medium)
Researcher/s: yuyudhn, Darius Sveikauskas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4e4a605e-542b-4001-84d8-0a0aad044798

ProfilePress <= 4.5.4 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes

CVE ID: CVE-2023-23820
CVSS Score: 6.4 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5201963b-3b30-4e7a-9ad1-d9fa7bf629e5

JS Job Manager <= 2.0.0 – Authenticated (Subscriber+) Stored Cross-Site Scripting via title

CVE ID: CVE-2023-25963
CVSS Score: 6.4 (Medium)
Researcher/s: Fariq Fadillah Gusti Insani
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/62ea9e85-7752-4d0f-aafb-cbbc94294335

GoToWP <= 5.1.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

CVE ID: CVE-2023-0369
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8d07dcb9-ec8c-4f38-b5c2-2f4020a1c610

Hero Banner Ultimate <= 1.3.4 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes

CVE ID: CVE-2022-45818
CVSS Score: 6.4 (Medium)
Researcher/s: thiennv
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8defdd2e-e191-498e-826a-b73c6b4f2f57

wpDataTables <= 2.1.49 – Authenticated (Contributor+) Stored Cross Site Scripting

CVE ID: CVE-2023-23876
CVSS Score: 6.4 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8e42831f-844d-40dc-965e-80334aab333c

Custom Content Shortcode <= 4.0.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

CVE ID: CVE-2023-0273
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c26e2aea-835e-4462-b4e3-99d2caf3a014

Companion Sitemap Generator <= 4.5.1.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

CVE ID: CVE-2023-0066
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ccf0d482-b4a1-47a8-8741-0970531e9630

Strong Testimonials <= 3.0.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes

CVE ID: CVE-2023-26013
CVSS Score: 6.4 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e1c97b99-ca39-45de-8df9-312ba1573e8d

Ditty <= 3.0.32 – Authenticated (Contributor+) Stored Cross-Scripting via Shortcode

CVE ID: CVE-2023-23874
CVSS Score: 6.4 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ef8697a2-7c58-43be-aaa9-05273fc3114b

Gutenberge Blocks <= 2.1.8 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes

CVE ID: CVE-2023-22713
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f090e1f1-2713-4f3a-b908-9407c242fdf9

Multiple Page Generator Plugin <= 3.3.9 – Cross-Site Request Forgery

CVE ID: CVE-2022-47143
CVSS Score: 6.3 (Medium)
Researcher/s: rezaduty
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6aa2d172-73b6-487d-ae65-0920f915e750

CSS JS Manager <= 2.4.49 – Cross-Site Request Forgery

CVE ID: CVE-2022-47154
CVSS Score: 6.3 (Medium)
Researcher/s: rezaduty
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f167c3c5-df35-456c-a5f1-139cc3c02ffb

Easy Google Analytics for WordPress <= 1.6.0 – Cross-Site Request Forgery

CVE ID: CVE-2023-23887
CVSS Score: 6.1 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/37e707ef-fe66-4c21-9c37-7b65fb7690db

Japanized For WooCommerce <= 2.5.4 – Reflected Cross-Site Scripting

CVE ID: CVE-2023-0942
CVSS Score: 6.1 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bb606a30-2f7c-41e9-9ebc-9f1b0b84fff8

asMember <= 1.5.4 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-26541
CVSS Score: 5.9 (Medium)
Researcher/s: Prasanna V Balaji
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c70bb3d6-6acd-46b2-8e47-30be031f73e4

Social Login WP <= 5.0.0.0 – Cross-Site Request Forgery

CVE ID: CVE-2022-38063
CVSS Score: 5.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1518653c-e64d-4aba-b7f8-a928b8f2cbe3

Etsy Shop <= 3.0.3 – Cross-Site Request Forgery to Plugin Settings Update

CVE ID: CVE-2023-25975
CVSS Score: 5.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/474494ad-6713-4167-b40d-c29c533f169e

phpinfo() WP <= 3.0 – Cross-Site Request Forgery

CVE ID: CVE-2023-26542
CVSS Score: 5.4 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4e944a08-b6c1-456f-921a-501ab4b59f31

Admin Block Country <= 7.1.4 – Cross-Site Request Forgery via admin_block_country_initial_page

CVE ID: CVE-2023-24007
CVSS Score: 5.4 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5d3bcd2c-4cdd-4a11-83a5-b727a2b2b6a6

WP Meta SEO <= 4.5.3 – Missing Authorization in 'wpmsGGSaveInformation'

CVE ID: CVE-2023-1022
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/702f9d3b-5d33-4215-ac76-9aae3162d775

Feed Them Social <= 3.0.2 – Cross-Site Request Forgery

CVE ID: CVE-2023-25056
CVSS Score: 5.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/736d08ca-3f65-4232-96a9-303bafbf3471

WP Meta SEO <= 4.5.3 – Missing Authorization in 'saveSitemapSettings'

CVE ID: CVE-2023-1023
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9d1e498a-ddcb-4c67-bf0d-bb45b6fe0e9d

Publish to Schedule <= 4.4.2 – Cross-Site Request Forgery leading to Plugin Option Changes

CVE ID: CVE-2023-25994
CVSS Score: 5.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a438ec56-8ddc-4cea-8d93-c8f79b46f47e

Client Portal – Private user pages and login <= 1.1.8 – Cross-Site Request Forgery via cp_create_private_pages_for_all_users function

CVE ID: CVE-2023-25968
CVSS Score: 5.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b89185c1-f7f9-47fb-ae8b-ba4c9f4e1d3e

Apollo13 Framework Extensions <= 1.8.10 – Missing Authorization

CVE ID: CVE-2023-25959
CVSS Score: 5.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e122d75b-0bde-4886-a8e0-d07a535fc967

Community by PeepSo <= 6.0.2.0 – Cross Site Request Forgery

CVE ID: CVE-2022-41633
CVSS Score: 5.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e7346f1e-a101-4131-8950-dbb0af4505f2

WP Dynamic Keywords Injector <= 2.3.15 – Cross-Site Request Forgery

CVE ID: CVE-2022-47141
CVSS Score: 5.4 (Medium)
Researcher/s: rezaduty
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f5b00784-9120-403d-9788-3cd3c3c020aa

WP-RecentComments <= 2.2.7 – Unauthenticated Information Exposure

CVE ID: CVE-2023-23886
CVSS Score: 5.3 (Medium)
Researcher/s: Nguyen Anh Tien
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3becd450-b0de-466a-9721-b156a2ba1de3

Conditional Checkout Fields & Edit Checkout Fields for WooCommerce <= 1.2.1 – Missing Authorization

CVE ID: CVE-2022-45070
CVSS Score: 5.3 (Medium)
Researcher/s: 84EM
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7fb0cb21-6645-4a28-a78c-d5dbeaddbf21

Redirect Redirection <= 1.1.3 – Missing Authorization in 'loadRedirectSettings' function

CVE ID: CVE Unknown
CVSS Score: 5.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a7beb9b3-3e4e-4aa2-b174-ecd9307cb3d0

http-cache-semantics < 4.1.1 – Regular Expression Denial of Service (ReDoS)

CVE ID: CVE-2022-25881
CVSS Score: 5.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f6092987-5f60-42ac-9636-e1e0a2c85147

GMAce <= 1.5.2 – Authenticated(Admin+) Directory Traversal

CVE ID: CVE-2023-23872
CVSS Score: 4.9 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b3523535-6938-4922-8126-8386861ca512

VK All in One Expansion Unit <= 9.87.0.1 – Reflected Cross-Site Scripting via REQUEST_URI

CVE ID: CVE-2023-0937
CVSS Score: 4.7 (Medium)
Researcher/s: Erwan LR
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/390e9c30-e4c0-474d-9915-dd46f5464cea

WordPress Custom Settings <= 1.0 – Authenticated(Admin+) Stored Cross-Site Scripting

CVE ID: CVE-2023-23806
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/23f7f4ad-f9d5-44b7-8354-5145b003fd20

Jobs for WordPress <= 2.5.10.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-26017
CVSS Score: 4.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/30c34ea7-3df8-4ba8-bea8-4c785b23a4f4

WPMobile.App — Android and iOS Mobile Application <= 11.18 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-26010
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/355decb2-2667-4056-836c-9ac8897f340e

All in One SEO Pack <= 4.2.9 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-0585
CVSS Score: 4.4 (Medium)
Researcher/s: Marco Wotschka, Ivan Kuzymchak
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3db97180-9308-4891-9de9-acefe31d088f

Sitemap Index <= 1.2.3 – Authenticated(Admin+) Stored Cross-Site Scripting

CVE ID: CVE-2023-23816
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/40005aed-07aa-44da-a06e-0187931105ec

Accordions <= 2.3.0 – Authenticated (Administrator+) Stored Cross-Site Scripting via Several Parameters

CVE ID: CVE-2023-25962
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/401eeb23-bf43-49a8-9c39-4fcd0db57cd3

Custom Login Page <= 2.0 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-26012
CVSS Score: 4.4 (Medium)
Researcher/s: Mahesh Nagabhairava
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/44cde2d1-8cb4-4185-a7e6-58a2bec0dae9

Simple Portfolio Gallery <= 0.1 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-26016
CVSS Score: 4.4 (Medium)
Researcher/s: Mahesh Nagabhairava
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/46d65fed-cb21-46e1-bafe-eda11c25a467

Exquisite PayPal Donation <= v2.0.0 – Authenticated(Admin+) Stored Cross-Site Scripting

CVE ID: CVE-2023-23785
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/46f7dc18-fc07-400a-bb79-0d9821299023

Chat Bee <= 1.1.0 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-26538
CVSS Score: 4.4 (Medium)
Researcher/s: Lokesh Dachepalli
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5bf4ffaa-5192-4fb6-95d0-d19c4fe45b93

Stock market charts from finviz <= 1.0 – Authenticated(Admin+) Stored Cross-Site Scripting

CVE ID: CVE-2023-23809
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5d6b5a4c-1dc9-4d86-ac41-61880637fcbb

Clio Grow <= 1.0.0 – Authenticated (Admin+) Stored Cross Site Scripting

CVE ID: CVE-2023-22683
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/72835a3e-e842-4146-ae7d-4aea722de11f

TypeSquare Webfonts for ConoHa <= 2.0.3 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25458
CVSS Score: 4.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/80e9aa1f-166f-47df-bc50-c7dd55c6e7cc

Circles Gallery <= 1.0.10 – Authenticated (Admin+) Stored Cross-Site Scripting via Admin Settings

CVE ID: CVE-2023-23881
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/882caa58-b56f-455f-ab3e-1fd8fd4e10e2

Video Gallery – YouTube Gallery <= 1.7.6 – Authenticated (Admin+) Stored Cross Site Scripting

CVE ID: CVE-2023-25979
CVSS Score: 4.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/88f9f4db-b15b-43d4-918a-a4c83e5735d1

WP Table Builder – WordPress Table Plugin <= 1.4.6 – Authenticated (Admin+) Stored Cross-Site Scripting

CVE ID: CVE-2022-46852
CVSS Score: 4.4 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/91d5d052-d219-4c2f-9341-19f415ff90c4

CPT – Speakers <= 1.1 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25977
CVSS Score: 4.4 (Medium)
Researcher/s: Mahesh Nagabhairava
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ae7c41fd-6ad6-49da-a213-686157e029d4

Binge Site Verification using Meta Tag <= 1.0 – Authenticated (Admin+) Stored Cross-Site Scripting via Admin Settings

CVE ID: CVE-2023-23875
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b050fa45-05b7-49ff-bb24-179150f3f959

CM Answers <= 3.1.9 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25992
CVSS Score: 4.4 (Medium)
Researcher/s: MyungJu Kim
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b23d276c-69c5-47e0-99bd-f20ff1d45904

Calculated Fields Form <= 1.1.150 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-0389
CVSS Score: 4.4 (Medium)
Researcher/s: Numan Rajkotiya
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c2036c08-3aaf-4e41-bcd6-787f4b8fba9d

WP Custom Fields Search <= 1.2.34 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2022-47157
CVSS Score: 4.4 (Medium)
Researcher/s: Justiice
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ce106c3a-e99b-4182-84d8-8f896edbbefd

Sponsors Carousel <= 4.02 – Authenticated (Admin+) Stored Cross-Site Scripting in show

CVE ID: CVE-2023-23808
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d61ed3e3-5102-4293-a999-e324e721ab89

Top 10 – Popular posts plugin – <= 3.2.4 – Authenticated(Admin+) Stored Cross-Site Scripting

CVE ID: CVE-2023-26008
CVSS Score: 4.4 (Medium)
Researcher/s: deokhunKim
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f50f1e64-5015-4e40-912e-92a4f16e1398

KB Support <= 1.5.84 – Authenticated (Subscriber+) CSV Injection

CVE ID: CVE-2023-25983
CVSS Score: 4.4 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f7be9241-26b6-4dd0-bd26-fdff59da3b76

Redirect Redirection <= 1.1.3 – Missing Authorization in 'redirectionPageContent' function

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0bde3052-ae8e-4434-962a-88d3c8328a9c

Redirect Redirection <= 1.1.3 – Missing Authorization in 'addRedirect' function

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/140a6fd3-e446-44ea-94eb-9c8d12f7b7ed

Top 10 – Popular posts plugin for WordPress <= 3.2.3 – Missing Authorization on tptn_ajax_clearcache

CVE ID: CVE-2023-25993
CVSS Score: 4.3 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/14e832ec-7181-44d9-8d26-2f77e6111763

Redirect Redirection <= 1.1.3 – Missing Authorization in 'deleteRedirect' function

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1c22717f-494e-4f62-9691-ee5a3366a487

Accept Stripe Donation – AidWP <= 3.1.5 – Cross Site Request Forgery

CVE ID: CVE-2022-47422
CVSS Score: 4.3 (Medium)
Researcher/s: rezaduty
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/27161b4b-d11c-487b-b1ce-7e43bf7b2e57

Read More Excerpt Link <= 1.5 – Cross-Site Request Forgery

CVE ID: CVE-2023-26011
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/27c3d563-4ed5-47a1-ae2c-ff765fb56cb7

Redirect Redirection <= 1.1.3 – Cross-Site Request Forgery via 'SaveSettings' function

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/29333999-ffe3-4cd0-a537-be98168cb2ee

My YouTube Channel <= 3.23.3 – Cross-Site Request Forgery to Cache Deletion

CVE ID: CVE-2023-25987
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3670665c-0ae1-47d6-b463-581eb195666e

Contextual Related Posts <= 3.3.1 – Missing Authorization in crp_ajax_clearcache

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/37b5fcfd-654b-4151-9494-551799464c7c

WP Meta SEO <= 4.5.3 – Missing Authorization in 'regenerateSitemaps'

CVE ID: CVE-2023-1024
CVSS Score: 4.3 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4a3f835e-0aa9-4581-9150-fe5041e0f293

Redirect Redirection <= 1.1.3 – Missing Authorization in 'SaveSettings' function

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4c953a46-d2ae-41f7-a940-d23b011d9eca

WP Meta SEO <= 4.5.3 – Missing Authorization in 'checkAllCategoryInSitemap'

CVE ID: CVE-2023-1027
CVSS Score: 4.3 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4f589e21-7417-4b43-b580-4f1d3c2041f4

Educare – Students & Result Management System <= 1.4.1 – Cross-Site Request Forgery

CVE ID: CVE-2023-25971
CVSS Score: 4.3 (Medium)
Researcher/s: NeginNrb
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5292fcb2-4084-42e6-b78b-62e36123829a

Redirect Redirection <= 1.1.3 – Cross-Site Request Forgery via 'bulkDelete' function

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/53667fd6-0d12-400d-b3a1-7cee305a2bc2

Coupon Zen <= 1.0.5 – Cross-Site Request Forgery to Plugin Activation

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/53d39276-5d92-4a5b-848d-33aefb18a970

Starter Templates — Elementor, WordPress & Beaver Builder Templates <= 3.1.20 – Cross-Site Request Forgery in add_to_favorite

CVE ID: CVE-2022-46851
CVSS Score: 4.3 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/568545a4-7f73-4050-9724-d47279c340c9

For the visually impaired <= 0.58 – Cross-Site Request Forgery to Plugin Settings Changes

CVE ID: CVE-2023-25038
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/56976e5f-13e9-45e3-8cd1-7ac5f34f4248

Advanced Database Cleaner <= 3.1.1 – Cross-Site Request Forgery via aDBc_save_settings_callback

CVE ID: CVE-2022-46813
CVSS Score: 4.3 (Medium)
Researcher/s: thiennv
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5af799a4-0aee-4601-943e-82cbc860ede5

Top 10 – Popular posts plugin for WordPress <= 3.2.3 – Cross-Site Request Forgery via tptn_ajax_clearcache

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5c7edfad-b45b-4297-876d-a063e02af0bf

Redirect Redirection <= 1.1.3 – Cross-Site Request Forgery via 'statusBulkEdit' function

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5d1d012a-46cd-4c86-ac6f-993736a91acb

Auto Affiliate Links <= 6.3.0.2 – Cross-Site Request Forgery via aalChangeOptions function

CVE ID: CVE-2023-25973
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/611af50f-7f60-4c09-be64-3f2705e06206

WP Meta SEO <= 4.5.3 – Cross-Site Request Forgery via 'setIgnore'

CVE ID: CVE-2023-1028
CVSS Score: 4.3 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6b978749-7ea5-45f4-9f69-66a19c0e39ca

Redirect Redirection <= 1.1.3 – Missing Authorization in 'instantEditRedirect' function

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/71caa071-d279-4807-88ad-a71673b9d17d

多合一搜索自动推Baidu/Google/Bing/IndexNow/Yandex/头条 <= 4.2.1 – Cross-Site Request Forgery

CVE ID: CVE-2023-26531
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/72d18504-7b12-43f0-b2ea-40dbc25912c4

WP Meta SEO <= 4.5.3 – Cross-Site Request Forgery via 'regenerateSitemaps'

CVE ID: CVE-2023-1029
CVSS Score: 4.3 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/764aec73-f291-4372-9dde-812ffaf025ed

Theme Tweaker <= 5.20 – Cross-Site Request Forgery

CVE ID: CVE-2023-23713
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7dd67111-514f-4f7d-8cdd-7b10ea718530

Upload Resume <= 1.2.0 – Authenticated Sensitive Information Disclosure via resume_upload_form_list shortcode

CVE ID: CVE-2023-25965
CVSS Score: 4.3 (Medium)
Researcher/s: MyungJu Kim
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8246ea9f-3ccb-4448-bf32-135c8140b09b

Redirect Redirection <= 1.1.3 – Missing Authorization in 'LoadTab' function

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8250434a-2fad-4f44-9813-90e734d32d2e

Redirect Redirection <= 1.1.3 – Cross-Site Request Forgery via 'addRedirectRule' function

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/84d43356-274e-42d5-ac40-10a34effce8d

Redirect Redirection <= 1.1.3 – Cross-Site Request Forgery via 'saveRedirectSettings' function

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8b421330-dd3c-4af0-9f42-95430117eb9b

Integration for Contact Form 7 and Zoho CRM, Bigin <= 1.2.2 – Cross-Site Request Forgery via settings_page function

CVE ID: CVE-2023-25976
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8bb330be-f12c-475c-97b6-745a1e6edb58

WP Meta SEO <= 4.5.3 – Missing Authorization in 'listPostsCategory'

CVE ID: CVE-2023-1026
CVSS Score: 4.3 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/978d5715-7993-4f89-8d69-895467633bfb

Redirect Redirection <= 1.1.3 – Cross-Site Request Forgery via 'addRedirect' function

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9a70e291-1bc9-44ad-91a2-cf0624bb8d88

Redirect Redirection <= 1.1.3 – Missing Authorization in 'liveSearch' function

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a7ec331c-51ea-466a-ab7b-4234df47114a

Redirect Redirection <= 1.1.3 – Missing Authorization in 'loadSettings' function

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b2ec7d77-fe50-4bb2-a57b-6ee4246805f9

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid <= 5.0.4 – Cross-Site Request Forgery in rttpg_spare_me

CVE ID: CVE-2022-46853
CVSS Score: 4.3 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b352be87-ea61-4666-a4d0-cf93fef40e33

Redirect Redirection <= 1.1.3 – Missing Authorization in 'addRedirectRule' function

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b57dd8e3-e3e1-4d6b-b9dd-b5a24c4886b4

Client Portal <= 1.1.8 – Cross-Site Request Forgery via cp_create_private_pages_for_all_users

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c3319993-6f2c-425d-8cb2-ab26f7a52139

Contextual Related Posts <= 3.3.1 – Cross-Site Request Forgery in crpClearCache

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ca8f4f6b-756b-4511-9e48-e41a872a9dad

Top 10 – Popular posts plugin for WordPress <= 3.2.4 – Missing Authorization on tptn_chart_data

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cbff7ec1-535d-43bf-be61-83a1e7625c77

Redirect Redirection <= 1.1.3 – Missing Authorization in 'logFilter' function

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d0d6f467-6e62-45ff-bf9d-4db5b1ed1dd2

WordPress Books Gallery <= 4.4.8 – Cross-Site Request Forgery leading to Plugin Settings Changes

CVE ID: CVE-2023-23705
CVSS Score: 4.3 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d2e10791-7158-47ae-85c9-4a5a53b25d68

Redirect Redirection <= 1.1.3 – Cross-Site Request Forgery via 'deleteRedirect' function

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d433a5b3-4661-4246-ae60-8a99633372ad

Redirect Redirection <= 1.1.3 – Cross-Site Request Forgery via 'cronLogDeleteOption' function

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d4dacd15-85cc-41f5-830c-b02c85c798f9

Redirect Redirection <= 1.1.3 – Missing Authorization in 'logPageContent' function

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dceca4ee-6587-4eaa-974e-a21e7a10b6e8

Redirect Redirection <= 1.1.3 – Missing Authorization in 'selectAll' function

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/de69d597-b663-4c58-82e0-c90391fb8416

Redirect Redirection <= 1.1.3 – Missing Authorization in 'bulkDelete' function

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e29dac44-5c85-4f73-ae96-4bc0deca64f4

Redirect Redirection <= 1.1.3 – Missing Authorization in 'statusBulkEdit' function

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ef5f99ca-8a0d-4ec4-8b59-c0c4637dfbc3

Minify HTML <= 2.02 – Cross-Site Request Forgery in minify_html_menu_options

CVE ID: CVE-2023-26014
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ef7cf633-e907-4da1-bd96-0013e88defbb

Redirect Redirection <= 1.1.3 – Missing Authorization in 'saveRedirectSettings' function

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f347a629-523e-4ec4-ad56-6ae9357dd7f5

WordPress Tooltips <= 8.2.5 – Multiple Cross-Site Request Forgery

CVE ID: CVE-2023-25985
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f6b9e63f-0492-4d51-a8ae-0874ef57e852

Redirect Redirection <= 1.1.3 – Cross-Site Request Forgery via 'instantEditRedirect' function

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fdd57b3b-bd0a-4b07-831e-72f2329b2577

CP Multi View Event Calendar <= 1.4.13 – Insufficient Authorization

CVE ID: CVE-2023-23814
CVSS Score: 3.8 (Low)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/13d0eb8a-5b63-460e-b4ba-a3ed80c84fc2

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence Community Edition leaderboard along with being mentioned in our weekly vulnerability report.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (Feb 20, 2023 to Feb 26, 2023) appeared first on Wordfence.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Tap To Call