Wordfence Intelligence Weekly WordPress Vulnerability Report (Feb 20, 2023 to Feb 26, 2023)
Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence Community Edition.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Our mission with Wordfence Intelligence Community Edition is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence Community Edition user interface and vulnerability API are completely free to access and utilize both personally and commercially.
Last week, there were 136 vulnerabilities disclosed in WordPress based software that have been added to the Wordfence Intelligence Community Edition Vulnerability Database, and there were 33 Vulnerability Researchers that contributed to WordPress Security last week. You can find those vulnerabilities below along with some data about the vulnerabilities that were added.
Click here to sign-up for our mailing list and receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
Total Unpatched & Patched Vulnerabilities Last Week
Patch Status | Number of Vulnerabilities |
Unpatched | 41 |
Patched | 95 |
Total Vulnerabilities by CVSS Severity Last Week
Severity Rating | Number of Vulnerabilities |
Low Severity | 1 |
Medium Severity | 114 |
High Severity | 17 |
Critical Severity | 4 |
Total Vulnerabilities by CWE Type Last Week
Vulnerability Type by CWE | Number of Vulnerabilities |
Cross-Site Request Forgery (CSRF) | 50 |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 40 |
Missing Authorization | 29 |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) | 4 |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) | 2 |
Information Exposure | 2 |
Improper Authorization | 1 |
Improper Input Validation | 1 |
Improper Privilege Management | 1 |
Deserialization of Untrusted Data | 1 |
Improper Control of Generation of Code (‘Code Injection’) | 1 |
Unrestricted Upload of File with Dangerous Type | 1 |
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) | 1 |
Inefficient Regular Expression Complexity | 1 |
Improper Neutralization of Formula Elements in a CSV File | 1 |
Researchers That Contributed to WordPress Security Last Week
Researcher Name | Number of Vulnerabilities |
Rio Darmawan | 16 |
Lana Codes | 11 |
Mika | 11 |
Marco Wotschka | 9 |
yuyudhn | 5 |
Rafshanzani Suhada | 5 |
rezaduty | 4 |
Abdi Pranata | 4 |
Dave Jong | 3 |
Mahesh Nagabhairava | 3 |
Muhammad Daffa | 3 |
Lokesh Dachepalli | 2 |
Ivan Kuzymchak | 2 |
Erwan LR | 2 |
Rafie Muhammad | 2 |
thiennv | 2 |
MyungJu Kim | 2 |
minhtuanact | 1 |
Joshua Martinelle | 1 |
Nguyen Anh Tien | 1 |
Darius Sveikauskas | 1 |
NeginNrb | 1 |
Fariq Fadillah Gusti Insani | 1 |
Aman Rawat | 1 |
84EM | 1 |
Nguyen Xuan Chien | 1 |
FearZzZz | 1 |
Numan Rajkotiya | 1 |
Prasanna V Balaji | 1 |
Justiice | 1 |
Cat | 1 |
deokhunKim | 1 |
Marc-Alexandre Montpas | 1 |
Vulnerability Details
Zendrop – Global Dropshipping <= 1.0.0 – SQL Injection in setMetaData
CVSS Score: 9.8 (Critical)
Researcher/s: Dave Jong
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/153e435b-9986-4242-a89b-12e8f1552803
Houzez Login Register <= 2.6.3 – Privilege Escalation
CVSS Score: 9.8 (Critical)
Researcher/s: Dave Jong
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2948d8f6-4b7b-49c3-a917-4306448416ff
Zendrop – Global Dropshipping <= 1.0.0 – Arbitrary File Upload
CVSS Score: 9.8 (Critical)
Researcher/s: Dave Jong
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6a0be61b-a1ee-499f-b991-58d5494bce18
Live Streaming – Broadcast Live Video <= 5.5.15 – Missing Authorization to Unauthenticated Remote Code Execution
CVSS Score: 9.1 (Critical)
Researcher/s: minhtuanact
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/27180d98-223a-4d86-b8ea-e47da1d61bbf
PayGreen – Ancienne version <= 4.10.2 – Cross-Site Request Forgery
CVSS Score: 8.8 (High)
Researcher/s: Lokesh Dachepalli
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1a8b22b4-151c-4f42-a0a0-966dc5eb7a9d
BuddyForms <= 2.7.7 – PHAR Deserialization
CVSS Score: 8.8 (High)
Researcher/s: Joshua Martinelle
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2f6669aa-e53c-45bb-88c4-2e1350993423
Paytm Payment Gateway <= 2.7.3 – Authenticated (Editor+) SQL Injection via 'post'
CVSS Score: 8.8 (High)
Researcher/s: Aman Rawat
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6fa560b2-6283-42ab-a482-1e02d08181f8
Drag and Drop Multiple File Upload for WooCommerce <= 1.0.8 – Cross-Site Request Forgery in upload and delete_file
CVSS Score: 8.8 (High)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7087221f-c092-4803-8725-687ffbbbd941
Booking Ultra Pro <= 1.1.4 – Cross-Site Request Forgery
CVSS Score: 8.8 (High)
Researcher/s: Nguyen Xuan Chien
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8cd1b975-ac38-4393-9928-109db507828c
WP Meta SEO <= 4.5.2 – Authenticated (Subscriber+) SQL Injection
CVSS Score: 8.8 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b2c83287-13ca-4fdc-95b6-97da150b0c09
Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.6.5 – Cross-Site Request Forgery in dnd_upload_cf7_upload and dnd_codedropz_upload_delete
CVSS Score: 8.8 (High)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c8b1015f-6825-4813-b5db-71f1c1e88310
Custom Content Shortcode <= 4.0.2 – Authenticated (Contributor+) Local File Inclusion via Shortcode
CVSS Score: 8.8 (High)
Researcher/s: Erwan LR
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d245dc6c-c579-4e28-a953-9227261911d4
Slimstat Analytics <= 4.9.3.2 – Authenticated (Subscriber+) SQL Injection via Shortcode
CVSS Score: 8.8 (High)
Researcher/s: Marc-Alexandre Montpas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fce15e1c-e2eb-4bd9-8b07-78d87a6ae1cc
simple-git < 3.16.0 – Remote Code Execution
CVSS Score: 8.1 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/46fdd494-8073-4a68-a4ab-1f5767011f67
GMAce <= 1.5.2 – Cross-Site Request Forgery via gmace_manager_client
CVSS Score: 8.1 (High)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c6e82b46-0b10-45fe-949e-dd94dd8656c0
Community by PeepSo <= 6.0.2.0 – Cross-Site Request Forgery leading to Plugin/Subscription Deletion
CVSS Score: 8.1 (High)
Researcher/s: Cat
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dcf59d89-43e9-4bb2-be4f-9308698d1bb3
Video Gallery – YouTube Gallery <= 1.7.6 – Missing Authorization
CVSS Score: 7.3 (High)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7fc8436b-f787-41dd-8404-9e85cca38cdf
Real Estate 7 Theme <= 3.3.1 – Stored Cross-Site Scripting
CVSS Score: 7.2 (High)
Researcher/s: FearZzZz
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/952aec28-a380-4c6d-8391-b21cddf90a5c
10Web Booster – Website speed optimization, Cache & Page Speed optimizer <= 2.13.44 – Missing Authorization in Settings Import to Stored Cross-Site Scripting
CVSS Score: 7.2 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9c8b0de4-e3ee-4711-8f27-097dee843dd8
ProfilePress <= 4.5.4 – Unauthenticated Stored Cross-Site Scripting
CVSS Score: 7.2 (High)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e4077fda-3f39-4e17-b7b8-3f1b6bf0a9e1
WP Meta SEO <= 4.5.2 – Missing Authorization in 'startProcess'
CVSS Score: 7.1 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/29c47391-5d37-4f49-8806-1f378a6306d0
All In One Favicon <= 4.7 – Authenticated(Admin+) Directory Traversal
CVSS Score: 6.5 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1a081788-007e-463b-b757-afefcf4c6e17
WP OAuth Server <= 4.2.3 – Cross-Site Request Forgery to Arbitrary Post Deletion (wo_ajax_remove_client)
CVSS Score: 6.5 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3bf68449-487d-4ef1-86be-c51dc7d79054
All in One SEO Pack <= 4.2.9 – Authenticated (Contributor+) Stored Cross-Site Scripting
CVSS Score: 6.4 (Medium)
Researcher/s: Ivan Kuzymchak
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1c13f00e-3048-44cf-8979-2b0b0c508f3a
Sp*tify Play Button for WordPress <= 2.05 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVSS Score: 6.4 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/28941027-a812-4d53-b3da-4e715202f88d
Simple YouTube Responsive <= 2.5 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVSS Score: 6.4 (Medium)
Researcher/s: yuyudhn, Darius Sveikauskas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4e4a605e-542b-4001-84d8-0a0aad044798
ProfilePress <= 4.5.4 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes
CVSS Score: 6.4 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5201963b-3b30-4e7a-9ad1-d9fa7bf629e5
JS Job Manager <= 2.0.0 – Authenticated (Subscriber+) Stored Cross-Site Scripting via title
CVSS Score: 6.4 (Medium)
Researcher/s: Fariq Fadillah Gusti Insani
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/62ea9e85-7752-4d0f-aafb-cbbc94294335
GoToWP <= 5.1.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8d07dcb9-ec8c-4f38-b5c2-2f4020a1c610
Hero Banner Ultimate <= 1.3.4 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes
CVSS Score: 6.4 (Medium)
Researcher/s: thiennv
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8defdd2e-e191-498e-826a-b73c6b4f2f57
wpDataTables <= 2.1.49 – Authenticated (Contributor+) Stored Cross Site Scripting
CVSS Score: 6.4 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8e42831f-844d-40dc-965e-80334aab333c
Custom Content Shortcode <= 4.0.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c26e2aea-835e-4462-b4e3-99d2caf3a014
Companion Sitemap Generator <= 4.5.1.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ccf0d482-b4a1-47a8-8741-0970531e9630
Strong Testimonials <= 3.0.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes
CVSS Score: 6.4 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e1c97b99-ca39-45de-8df9-312ba1573e8d
Ditty <= 3.0.32 – Authenticated (Contributor+) Stored Cross-Scripting via Shortcode
CVSS Score: 6.4 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ef8697a2-7c58-43be-aaa9-05273fc3114b
Gutenberge Blocks <= 2.1.8 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f090e1f1-2713-4f3a-b908-9407c242fdf9
Multiple Page Generator Plugin <= 3.3.9 – Cross-Site Request Forgery
CVSS Score: 6.3 (Medium)
Researcher/s: rezaduty
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6aa2d172-73b6-487d-ae65-0920f915e750
CSS JS Manager <= 2.4.49 – Cross-Site Request Forgery
CVSS Score: 6.3 (Medium)
Researcher/s: rezaduty
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f167c3c5-df35-456c-a5f1-139cc3c02ffb
Easy Google Analytics for WordPress <= 1.6.0 – Cross-Site Request Forgery
CVSS Score: 6.1 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/37e707ef-fe66-4c21-9c37-7b65fb7690db
Japanized For WooCommerce <= 2.5.4 – Reflected Cross-Site Scripting
CVSS Score: 6.1 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bb606a30-2f7c-41e9-9ebc-9f1b0b84fff8
asMember <= 1.5.4 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVSS Score: 5.9 (Medium)
Researcher/s: Prasanna V Balaji
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c70bb3d6-6acd-46b2-8e47-30be031f73e4
Social Login WP <= 5.0.0.0 – Cross-Site Request Forgery
CVSS Score: 5.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1518653c-e64d-4aba-b7f8-a928b8f2cbe3
Etsy Shop <= 3.0.3 – Cross-Site Request Forgery to Plugin Settings Update
CVSS Score: 5.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/474494ad-6713-4167-b40d-c29c533f169e
phpinfo() WP <= 3.0 – Cross-Site Request Forgery
CVSS Score: 5.4 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4e944a08-b6c1-456f-921a-501ab4b59f31
Admin Block Country <= 7.1.4 – Cross-Site Request Forgery via admin_block_country_initial_page
CVSS Score: 5.4 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5d3bcd2c-4cdd-4a11-83a5-b727a2b2b6a6
WP Meta SEO <= 4.5.3 – Missing Authorization in 'wpmsGGSaveInformation'
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/702f9d3b-5d33-4215-ac76-9aae3162d775
Feed Them Social <= 3.0.2 – Cross-Site Request Forgery
CVSS Score: 5.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/736d08ca-3f65-4232-96a9-303bafbf3471
WP Meta SEO <= 4.5.3 – Missing Authorization in 'saveSitemapSettings'
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9d1e498a-ddcb-4c67-bf0d-bb45b6fe0e9d
Publish to Schedule <= 4.4.2 – Cross-Site Request Forgery leading to Plugin Option Changes
CVSS Score: 5.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a438ec56-8ddc-4cea-8d93-c8f79b46f47e
Client Portal – Private user pages and login <= 1.1.8 – Cross-Site Request Forgery via cp_create_private_pages_for_all_users function
CVSS Score: 5.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b89185c1-f7f9-47fb-ae8b-ba4c9f4e1d3e
Apollo13 Framework Extensions <= 1.8.10 – Missing Authorization
CVSS Score: 5.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e122d75b-0bde-4886-a8e0-d07a535fc967
Community by PeepSo <= 6.0.2.0 – Cross Site Request Forgery
CVSS Score: 5.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e7346f1e-a101-4131-8950-dbb0af4505f2
WP Dynamic Keywords Injector <= 2.3.15 – Cross-Site Request Forgery
CVSS Score: 5.4 (Medium)
Researcher/s: rezaduty
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f5b00784-9120-403d-9788-3cd3c3c020aa
WP-RecentComments <= 2.2.7 – Unauthenticated Information Exposure
CVSS Score: 5.3 (Medium)
Researcher/s: Nguyen Anh Tien
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3becd450-b0de-466a-9721-b156a2ba1de3
Conditional Checkout Fields & Edit Checkout Fields for WooCommerce <= 1.2.1 – Missing Authorization
CVSS Score: 5.3 (Medium)
Researcher/s: 84EM
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7fb0cb21-6645-4a28-a78c-d5dbeaddbf21
Redirect Redirection <= 1.1.3 – Missing Authorization in 'loadRedirectSettings' function
CVSS Score: 5.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a7beb9b3-3e4e-4aa2-b174-ecd9307cb3d0
http-cache-semantics < 4.1.1 – Regular Expression Denial of Service (ReDoS)
CVSS Score: 5.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f6092987-5f60-42ac-9636-e1e0a2c85147
GMAce <= 1.5.2 – Authenticated(Admin+) Directory Traversal
CVSS Score: 4.9 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b3523535-6938-4922-8126-8386861ca512
VK All in One Expansion Unit <= 9.87.0.1 – Reflected Cross-Site Scripting via REQUEST_URI
CVSS Score: 4.7 (Medium)
Researcher/s: Erwan LR
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/390e9c30-e4c0-474d-9915-dd46f5464cea
WordPress Custom Settings <= 1.0 – Authenticated(Admin+) Stored Cross-Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/23f7f4ad-f9d5-44b7-8354-5145b003fd20
Jobs for WordPress <= 2.5.10.2 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/30c34ea7-3df8-4ba8-bea8-4c785b23a4f4
WPMobile.App — Android and iOS Mobile Application <= 11.18 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/355decb2-2667-4056-836c-9ac8897f340e
All in One SEO Pack <= 4.2.9 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: Marco Wotschka, Ivan Kuzymchak
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3db97180-9308-4891-9de9-acefe31d088f
Sitemap Index <= 1.2.3 – Authenticated(Admin+) Stored Cross-Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/40005aed-07aa-44da-a06e-0187931105ec
Accordions <= 2.3.0 – Authenticated (Administrator+) Stored Cross-Site Scripting via Several Parameters
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/401eeb23-bf43-49a8-9c39-4fcd0db57cd3
Custom Login Page <= 2.0 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: Mahesh Nagabhairava
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/44cde2d1-8cb4-4185-a7e6-58a2bec0dae9
Simple Portfolio Gallery <= 0.1 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: Mahesh Nagabhairava
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/46d65fed-cb21-46e1-bafe-eda11c25a467
Exquisite PayPal Donation <= v2.0.0 – Authenticated(Admin+) Stored Cross-Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/46f7dc18-fc07-400a-bb79-0d9821299023
Chat Bee <= 1.1.0 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: Lokesh Dachepalli
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5bf4ffaa-5192-4fb6-95d0-d19c4fe45b93
Stock market charts from finviz <= 1.0 – Authenticated(Admin+) Stored Cross-Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5d6b5a4c-1dc9-4d86-ac41-61880637fcbb
Clio Grow <= 1.0.0 – Authenticated (Admin+) Stored Cross Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/72835a3e-e842-4146-ae7d-4aea722de11f
TypeSquare Webfonts for ConoHa <= 2.0.3 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/80e9aa1f-166f-47df-bc50-c7dd55c6e7cc
Circles Gallery <= 1.0.10 – Authenticated (Admin+) Stored Cross-Site Scripting via Admin Settings
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/882caa58-b56f-455f-ab3e-1fd8fd4e10e2
Video Gallery – YouTube Gallery <= 1.7.6 – Authenticated (Admin+) Stored Cross Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/88f9f4db-b15b-43d4-918a-a4c83e5735d1
WP Table Builder – WordPress Table Plugin <= 1.4.6 – Authenticated (Admin+) Stored Cross-Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/91d5d052-d219-4c2f-9341-19f415ff90c4
CPT – Speakers <= 1.1 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: Mahesh Nagabhairava
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ae7c41fd-6ad6-49da-a213-686157e029d4
Binge Site Verification using Meta Tag <= 1.0 – Authenticated (Admin+) Stored Cross-Site Scripting via Admin Settings
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b050fa45-05b7-49ff-bb24-179150f3f959
CM Answers <= 3.1.9 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: MyungJu Kim
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b23d276c-69c5-47e0-99bd-f20ff1d45904
Calculated Fields Form <= 1.1.150 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: Numan Rajkotiya
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c2036c08-3aaf-4e41-bcd6-787f4b8fba9d
WP Custom Fields Search <= 1.2.34 – Authenticated (Administrator+) Stored Cross-Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: Justiice
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ce106c3a-e99b-4182-84d8-8f896edbbefd
Sponsors Carousel <= 4.02 – Authenticated (Admin+) Stored Cross-Site Scripting in show
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d61ed3e3-5102-4293-a999-e324e721ab89
Top 10 – Popular posts plugin – <= 3.2.4 – Authenticated(Admin+) Stored Cross-Site Scripting
CVSS Score: 4.4 (Medium)
Researcher/s: deokhunKim
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f50f1e64-5015-4e40-912e-92a4f16e1398
KB Support <= 1.5.84 – Authenticated (Subscriber+) CSV Injection
CVSS Score: 4.4 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f7be9241-26b6-4dd0-bd26-fdff59da3b76
Redirect Redirection <= 1.1.3 – Missing Authorization in 'redirectionPageContent' function
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0bde3052-ae8e-4434-962a-88d3c8328a9c
Redirect Redirection <= 1.1.3 – Missing Authorization in 'addRedirect' function
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/140a6fd3-e446-44ea-94eb-9c8d12f7b7ed
Top 10 – Popular posts plugin for WordPress <= 3.2.3 – Missing Authorization on tptn_ajax_clearcache
CVSS Score: 4.3 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/14e832ec-7181-44d9-8d26-2f77e6111763
Redirect Redirection <= 1.1.3 – Missing Authorization in 'deleteRedirect' function
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1c22717f-494e-4f62-9691-ee5a3366a487
Accept Stripe Donation – AidWP <= 3.1.5 – Cross Site Request Forgery
CVSS Score: 4.3 (Medium)
Researcher/s: rezaduty
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/27161b4b-d11c-487b-b1ce-7e43bf7b2e57
Read More Excerpt Link <= 1.5 – Cross-Site Request Forgery
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/27c3d563-4ed5-47a1-ae2c-ff765fb56cb7
Redirect Redirection <= 1.1.3 – Cross-Site Request Forgery via 'SaveSettings' function
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/29333999-ffe3-4cd0-a537-be98168cb2ee
My YouTube Channel <= 3.23.3 – Cross-Site Request Forgery to Cache Deletion
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3670665c-0ae1-47d6-b463-581eb195666e
Contextual Related Posts <= 3.3.1 – Missing Authorization in crp_ajax_clearcache
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/37b5fcfd-654b-4151-9494-551799464c7c
WP Meta SEO <= 4.5.3 – Missing Authorization in 'regenerateSitemaps'
CVSS Score: 4.3 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4a3f835e-0aa9-4581-9150-fe5041e0f293
Redirect Redirection <= 1.1.3 – Missing Authorization in 'SaveSettings' function
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4c953a46-d2ae-41f7-a940-d23b011d9eca
WP Meta SEO <= 4.5.3 – Missing Authorization in 'checkAllCategoryInSitemap'
CVSS Score: 4.3 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4f589e21-7417-4b43-b580-4f1d3c2041f4
Educare – Students & Result Management System <= 1.4.1 – Cross-Site Request Forgery
CVSS Score: 4.3 (Medium)
Researcher/s: NeginNrb
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5292fcb2-4084-42e6-b78b-62e36123829a
Redirect Redirection <= 1.1.3 – Cross-Site Request Forgery via 'bulkDelete' function
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/53667fd6-0d12-400d-b3a1-7cee305a2bc2
Coupon Zen <= 1.0.5 – Cross-Site Request Forgery to Plugin Activation
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/53d39276-5d92-4a5b-848d-33aefb18a970
Starter Templates — Elementor, WordPress & Beaver Builder Templates <= 3.1.20 – Cross-Site Request Forgery in add_to_favorite
CVSS Score: 4.3 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/568545a4-7f73-4050-9724-d47279c340c9
For the visually impaired <= 0.58 – Cross-Site Request Forgery to Plugin Settings Changes
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/56976e5f-13e9-45e3-8cd1-7ac5f34f4248
Advanced Database Cleaner <= 3.1.1 – Cross-Site Request Forgery via aDBc_save_settings_callback
CVSS Score: 4.3 (Medium)
Researcher/s: thiennv
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5af799a4-0aee-4601-943e-82cbc860ede5
Top 10 – Popular posts plugin for WordPress <= 3.2.3 – Cross-Site Request Forgery via tptn_ajax_clearcache
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5c7edfad-b45b-4297-876d-a063e02af0bf
Redirect Redirection <= 1.1.3 – Cross-Site Request Forgery via 'statusBulkEdit' function
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5d1d012a-46cd-4c86-ac6f-993736a91acb
Auto Affiliate Links <= 6.3.0.2 – Cross-Site Request Forgery via aalChangeOptions function
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/611af50f-7f60-4c09-be64-3f2705e06206
WP Meta SEO <= 4.5.3 – Cross-Site Request Forgery via 'setIgnore'
CVSS Score: 4.3 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6b978749-7ea5-45f4-9f69-66a19c0e39ca
Redirect Redirection <= 1.1.3 – Missing Authorization in 'instantEditRedirect' function
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/71caa071-d279-4807-88ad-a71673b9d17d
多合一搜索自动推Baidu/Google/Bing/IndexNow/Yandex/头条 <= 4.2.1 – Cross-Site Request Forgery
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/72d18504-7b12-43f0-b2ea-40dbc25912c4
WP Meta SEO <= 4.5.3 – Cross-Site Request Forgery via 'regenerateSitemaps'
CVSS Score: 4.3 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/764aec73-f291-4372-9dde-812ffaf025ed
Theme Tweaker <= 5.20 – Cross-Site Request Forgery
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7dd67111-514f-4f7d-8cdd-7b10ea718530
Upload Resume <= 1.2.0 – Authenticated Sensitive Information Disclosure via resume_upload_form_list shortcode
CVSS Score: 4.3 (Medium)
Researcher/s: MyungJu Kim
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8246ea9f-3ccb-4448-bf32-135c8140b09b
Redirect Redirection <= 1.1.3 – Missing Authorization in 'LoadTab' function
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8250434a-2fad-4f44-9813-90e734d32d2e
Redirect Redirection <= 1.1.3 – Cross-Site Request Forgery via 'addRedirectRule' function
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/84d43356-274e-42d5-ac40-10a34effce8d
Redirect Redirection <= 1.1.3 – Cross-Site Request Forgery via 'saveRedirectSettings' function
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8b421330-dd3c-4af0-9f42-95430117eb9b
Integration for Contact Form 7 and Zoho CRM, Bigin <= 1.2.2 – Cross-Site Request Forgery via settings_page function
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8bb330be-f12c-475c-97b6-745a1e6edb58
WP Meta SEO <= 4.5.3 – Missing Authorization in 'listPostsCategory'
CVSS Score: 4.3 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/978d5715-7993-4f89-8d69-895467633bfb
Redirect Redirection <= 1.1.3 – Cross-Site Request Forgery via 'addRedirect' function
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9a70e291-1bc9-44ad-91a2-cf0624bb8d88
Redirect Redirection <= 1.1.3 – Missing Authorization in 'liveSearch' function
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a7ec331c-51ea-466a-ab7b-4234df47114a
Redirect Redirection <= 1.1.3 – Missing Authorization in 'loadSettings' function
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b2ec7d77-fe50-4bb2-a57b-6ee4246805f9
The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid <= 5.0.4 – Cross-Site Request Forgery in rttpg_spare_me
CVSS Score: 4.3 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b352be87-ea61-4666-a4d0-cf93fef40e33
Redirect Redirection <= 1.1.3 – Missing Authorization in 'addRedirectRule' function
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b57dd8e3-e3e1-4d6b-b9dd-b5a24c4886b4
Client Portal <= 1.1.8 – Cross-Site Request Forgery via cp_create_private_pages_for_all_users
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c3319993-6f2c-425d-8cb2-ab26f7a52139
Contextual Related Posts <= 3.3.1 – Cross-Site Request Forgery in crpClearCache
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ca8f4f6b-756b-4511-9e48-e41a872a9dad
Top 10 – Popular posts plugin for WordPress <= 3.2.4 – Missing Authorization on tptn_chart_data
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cbff7ec1-535d-43bf-be61-83a1e7625c77
Redirect Redirection <= 1.1.3 – Missing Authorization in 'logFilter' function
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d0d6f467-6e62-45ff-bf9d-4db5b1ed1dd2
WordPress Books Gallery <= 4.4.8 – Cross-Site Request Forgery leading to Plugin Settings Changes
CVSS Score: 4.3 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d2e10791-7158-47ae-85c9-4a5a53b25d68
Redirect Redirection <= 1.1.3 – Cross-Site Request Forgery via 'deleteRedirect' function
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d433a5b3-4661-4246-ae60-8a99633372ad
Redirect Redirection <= 1.1.3 – Cross-Site Request Forgery via 'cronLogDeleteOption' function
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d4dacd15-85cc-41f5-830c-b02c85c798f9
Redirect Redirection <= 1.1.3 – Missing Authorization in 'logPageContent' function
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dceca4ee-6587-4eaa-974e-a21e7a10b6e8
Redirect Redirection <= 1.1.3 – Missing Authorization in 'selectAll' function
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/de69d597-b663-4c58-82e0-c90391fb8416
Redirect Redirection <= 1.1.3 – Missing Authorization in 'bulkDelete' function
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e29dac44-5c85-4f73-ae96-4bc0deca64f4
Redirect Redirection <= 1.1.3 – Missing Authorization in 'statusBulkEdit' function
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ef5f99ca-8a0d-4ec4-8b59-c0c4637dfbc3
Minify HTML <= 2.02 – Cross-Site Request Forgery in minify_html_menu_options
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ef7cf633-e907-4da1-bd96-0013e88defbb
Redirect Redirection <= 1.1.3 – Missing Authorization in 'saveRedirectSettings' function
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f347a629-523e-4ec4-ad56-6ae9357dd7f5
WordPress Tooltips <= 8.2.5 – Multiple Cross-Site Request Forgery
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f6b9e63f-0492-4d51-a8ae-0874ef57e852
Redirect Redirection <= 1.1.3 – Cross-Site Request Forgery via 'instantEditRedirect' function
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fdd57b3b-bd0a-4b07-831e-72f2329b2577
CP Multi View Event Calendar <= 1.4.13 – Insufficient Authorization
CVSS Score: 3.8 (Low)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/13d0eb8a-5b63-460e-b4ba-a3ed80c84fc2
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence Community Edition leaderboard along with being mentioned in our weekly vulnerability report.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (Feb 20, 2023 to Feb 26, 2023) appeared first on Wordfence.