Wordfence Intelligence Weekly WordPress Vulnerability Report (October 9, 2023 to October 15, 2023)
Last week, there were 103 vulnerabilities disclosed in 85 WordPress Plugins and no WordPress themes, with 7 of those being in WordPress Core, that have been added to the Wordfence Intelligence Vulnerability Database, and there were 46 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API and webhook integration are completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Individuals and Enterprises can use the vulnerability Database API to receive a complete dump of our database of over 12,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
New Firewall Rules Deployed Last Week
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
- WordPress Core < 6.3.2 – Authenticated (Subscriber+) Arbitrary Shortcode Execution
- WordPress Core 6.3 – 6.3.1 – Authenticated(Contributor+) Cross-Site Scripting via Footnotes Block
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
| Unpatched | 52 |
| Patched | 51 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
| Low Severity | 0 |
| Medium Severity | 91 |
| High Severity | 5 |
| Critical Severity | 7 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
| Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 46 |
| Cross-Site Request Forgery (CSRF) | 26 |
| Missing Authorization | 9 |
| Information Exposure | 6 |
| Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) | 4 |
| Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) | 3 |
| Unrestricted Upload of File with Dangerous Type | 2 |
| Improper Control of Generation of Code (‘Code Injection’) | 1 |
| Improper Input Validation | 1 |
| Guessable CAPTCHA | 1 |
| URL Redirection to Untrusted Site (‘Open Redirect’) | 1 |
| Improper Preservation of Consistency Between Independent Representations of Shared State | 1 |
| External Control of File Name or Path | 1 |
| Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’) | 1 |
Researchers That Contributed to WordPress Security Last Week
| Researcher Name | Number of Vulnerabilities |
| Mika | 11 |
| Rio Darmawan | 8 |
| thiennv | 8 |
| Marco Wotschka (Wordfence Vulnerability Researcher) |
7 |
| Abdi Pranata | 6 |
| Rafie Muhammad | 5 |
| Lana Codes (Wordfence Vulnerability Researcher) |
5 |
| minhtuanact | 4 |
| LEE SE HYOUNG | 3 |
| Satoo Nakano | 2 |
| DoYeon Park | 2 |
| Skalucy | 2 |
| yuyudhn | 2 |
| Phd | 2 |
| Lokesh Dachepalli | 2 |
| Prasanna V Balaji | 2 |
| Le Ngoc Anh | 2 |
| Elliot | 2 |
| Ala Arfaoui | 1 |
| Nguyen Xuan Chien | 1 |
| James Golovich | 1 |
| WhiteCyberSec | 1 |
| Karolis Narvilas | 1 |
| Marc-Alexandre Montpas | 1 |
| Francesco Marano | 1 |
| qilin_99 | 1 |
| Nano | 1 |
| Vladislav Pokrovsky | 1 |
| Chloe Chamberland (Wordfence Vulnerability Researcher) |
1 |
| Edourard L | 1 |
| Revan Arifio | 1 |
| Jb Audras | 1 |
| Jonas Höbenreich | 1 |
| SeungYongLee | 1 |
| Enrico Marcolini | 1 |
| Claudio Marchesini | 1 |
| mascara7784 | 1 |
| Fioravante Souza | 1 |
| Jorge Costa | 1 |
| s5s | 1 |
| raouf_maklouf | 1 |
| Bob Matyas | 1 |
| Rafshanzani Suhada | 1 |
| Bae Song Hyun | 1 |
| Nguyen Anh Tien | 1 |
| Emili Castells | 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
| AGP Font Awesome Collection | agp-font-awesome-collection |
| AI ChatBot | chatbot |
| AMP WP – Google AMP For WordPress | amp-wp |
| Accessibility Suite by Online ADA | online-accessibility |
| Add to Calendar Button | add-to-calendar-button |
| Amministrazione Trasparente | amministrazione-trasparente |
| ApplyOnline – Application Form Builder and Manager | apply-online |
| BuddyPress Global Search | buddypress-global-search |
| CITS Support svg, webp Media and TTF,OTF File Upload | cits-support-svg-webp-media-upload |
| CPT Shortcode Generator | cpt-shortcode |
| Campaign Monitor Forms by Optin Cat | campaign-monitor-wp |
| Caret Country Access Limit | caret-country-access-limit |
| Comments Ratings | comments-ratings |
| Comments – wpDiscuz | wpdiscuz |
| Constant Contact Forms by MailMunch | constant-contact-forms-by-mailmunch |
| Contact Form Generator : Creative form builder for WordPress | contact-form-generator |
| Contact Form With Captcha | contact-form-with-captcha |
| Copy or Move Comments | copy-or-move-comments |
| Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress | charitable |
| Easy Testimonial Slider and Form | easy-testimonial-rotator |
| Ebook Store | ebook-store |
| Embed Calendly | embed-calendly-scheduling |
| Etsy Shop | etsy-shop |
| Eupago Gateway For Woocommerce | eupago-gateway-for-woocommerce |
| EventPrime – Events Calendar, Bookings and Tickets | eventprime-event-calendar-management |
| Fast WP Speed | fast-wp-speed |
| Fattura24 | fattura24 |
| Feed Statistics | wordpress-feed-statistics |
| Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder | form-maker |
| GEO my WordPress | geo-my-wp |
| Gallery – Image and Video Gallery with Thumbnails | gallery-album |
| Get Custom Field Values | get-custom-field-values |
| Gutenberg | gutenberg |
| HTML5 Maps | html5-maps |
| History Log by click5 | history-log-by-click5 |
| IMPress Listings | wp-listings |
| Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce | email-subscribers |
| Image Regenerate & Select Crop | image-regenerate-select-crop |
| Lazy Load for Videos | lazy-load-for-videos |
| LeadSquared Suite | leadsquared-suite |
| Libsyn Publisher Hub | libsyn-podcasting |
| Login Screen Manager | login-screen-manager |
| MailChimp Forms by MailMunch | mailchimp-forms-by-mailmunch |
| Master Addons for Elementor | master-addons |
| Migration, Backup, Staging – WPvivid | wpvivid-backuprestore |
| Newsletter & Bulk Email Sender – Email Newsletter Plugin for WordPress | newsletter-bulk-email |
| Next Page | next-page |
| Nexter Extension | nexter-extension |
| PDF Block | pdf-block |
| Peter’s Custom Anti-Spam | peters-custom-anti-spam-image |
| PixFields | pixfields |
| Poll Maker – Best WordPress Poll Plugin | poll-maker |
| Post Gallery | simple-post-gallery |
| Print, PDF, Email by PrintFriendly | printfriendly |
| Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WPLegalPages | wplegalpages |
| Proofreading | proofreading |
| QR Twitter Widget | qr-twitter-widget |
| Remote Content Shortcode | remote-content-shortcode |
| Responsive Column Widgets | responsive-column-widgets |
| Responsive Tabs | responsive-tabs |
| Royal Elementor Addons and Templates | royal-elementor-addons |
| RumbleTalk Live Group Chat – HTML5 | rumbletalk-chat-a-chat-with-themes |
| Scroll post excerpt | scroll-post-excerpt |
| Sendle Shipping Plugin | official-sendle-shipping-method |
| Simple File List | simple-file-list |
| Simple Tweet | simple-tweet |
| Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management | simple-urls |
| Slick Contact Forms | slick-contact-forms |
| Snap Pixel | snap-pixel |
| Sort SearchResult By Title | sort-searchresult-by-title |
| SpiderVPlayer | player |
| Taggbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics | taggbox-widget |
| Thumbnail Slider With Lightbox | wp-responsive-slider-with-lightbox |
| Tweeple | tweeple |
| Ultimate Taxonomy Manager | ultimate-taxonomy-manager |
| User Submitted Posts – Enable Users to Submit Posts from the Front End | user-submitted-posts |
| Video Playlist For YouTube | video-playlist-for-youtube |
| WP Attachments | wp-attachments |
| WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting | erp |
| WP GoToWebinar | wp-gotowebinar |
| WP Lightbox 2 | wp-lightbox-2 |
| WP Open Street Map | wp-open-street-map |
| WP ULike – Most Advanced WordPress Marketing Toolkit | wp-ulike |
| WordPress Backup & Migration | wp-migration-duplicator |
| which template file | which-template-file |
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
Accessibility Suite by Online ADA <= 4.11 – Authenticated (Subscriber+) SQL Injection
Affected Software: Accessibility Suite by Online ADA
CVE ID: CVE-2023-45830
CVSS Score: 9.8 (Critical)
Researcher/s: minhtuanact
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/10590944-e08e-4980-846d-7a88880b2dcd
CVE ID: CVE-2023-45830
CVSS Score: 9.8 (Critical)
Researcher/s: minhtuanact
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/10590944-e08e-4980-846d-7a88880b2dcd
AI ChatBot <= 4.8.9 – Unauthenticated SQL Injection via qc_wpbo_search_response
Affected Software: AI ChatBot
CVE ID: CVE-2023-5204
CVSS Score: 9.8 (Critical)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5ad12146-200b-48e5-82de-7572541edcc4
CVE ID: CVE-2023-5204
CVSS Score: 9.8 (Critical)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5ad12146-200b-48e5-82de-7572541edcc4
Royal Elementor Addons and Templates <= 1.3.78 – Unauthenticated Arbitrary File Upload
Affected Software: Royal Elementor Addons and Templates
CVE ID: CVE-2023-5360
CVSS Score: 9.8 (Critical)
Researcher/s: Fioravante Souza
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a9d95af5-96da-4259-98c6-e2c4c574a896
CVE ID: CVE-2023-5360
CVSS Score: 9.8 (Critical)
Researcher/s: Fioravante Souza
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a9d95af5-96da-4259-98c6-e2c4c574a896
User Submitted Posts <= 20230902 – Unauthenticated Arbitrary File Upload
Affected Software: User Submitted Posts – Enable Users to Submit Posts from the Front End
CVE ID: CVE-2023-45603
CVSS Score: 9.8 (Critical)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/babbe506-3abd-462a-b5b8-5979696eb6e6
CVE ID: CVE-2023-45603
CVSS Score: 9.8 (Critical)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/babbe506-3abd-462a-b5b8-5979696eb6e6
AI ChatBot <= 4.8.9 – Authenticated (Subscriber+) Directory Traversal to Arbitrary File Write via qcld_openai_upload_pagetraining_file
Affected Software: AI ChatBot
CVE ID: CVE-2023-5241
CVSS Score: 9.6 (Critical)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/25199281-5286-4d75-8d27-26ce215e0993
CVE ID: CVE-2023-5241
CVSS Score: 9.6 (Critical)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/25199281-5286-4d75-8d27-26ce215e0993
AI ChatBot <= 4.8.9 – Authenticated (Subscriber+) Arbitrary File Deletion via qcld_openai_delete_training_file
Affected Software: AI ChatBot
CVE ID: CVE-2023-5212
CVSS Score: 9.6 (Critical)
Researcher/s: Marco Wotschka, Chloe Chamberland
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5b3f4ccb-fcc6-42ec-8e9e-03d69ae7acf2
CVE ID: CVE-2023-5212
CVSS Score: 9.6 (Critical)
Researcher/s: Marco Wotschka, Chloe Chamberland
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5b3f4ccb-fcc6-42ec-8e9e-03d69ae7acf2
Icegram Express <= 5.6.23 – Authenticated (Administrator+) Directory Traversal to Arbitrary File Read
Affected Software: Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce
CVE ID: CVE-2023-5414
CVSS Score: 9.1 (Critical)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/417186ba-36ef-4d06-bbcd-e85eb9219689
CVE ID: CVE-2023-5414
CVSS Score: 9.1 (Critical)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/417186ba-36ef-4d06-bbcd-e85eb9219689
Contact Form Generator <= 2.6.0 – Authenticated (Contributor+) SQL Injection
Affected Software: Contact Form Generator : Creative form builder for WordPress
CVE ID: CVE-2023-35911
CVSS Score: 8.8 (High)
Researcher/s: Emili Castells
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fa586468-d6ff-46a3-97f3-e2e1d365e5b1
CVE ID: CVE-2023-35911
CVSS Score: 8.8 (High)
Researcher/s: Emili Castells
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fa586468-d6ff-46a3-97f3-e2e1d365e5b1
Migration, Backup, Staging – WPvivid <= 0.9.91 – Google Drive Client Secret Exposure
Affected Software: Migration, Backup, Staging – WPvivid
CVE ID: CVE-2023-5576
CVSS Score: 8 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4658109d-295c-4a1b-b219-ca1f4664ff1d
CVE ID: CVE-2023-5576
CVSS Score: 8 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4658109d-295c-4a1b-b219-ca1f4664ff1d
RumbleTalk Live Group Chat <= 6.1.9 – Missing Authorization via handleRequest
Affected Software: RumbleTalk Live Group Chat – HTML5
CVE ID: CVE-2023-45828
CVSS Score: 7.6 (High)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d9d6e168-a768-4062-9ef1-0be9d6c65c51
CVE ID: CVE-2023-45828
CVSS Score: 7.6 (High)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d9d6e168-a768-4062-9ef1-0be9d6c65c51
Nexter Extension <= 2.0.3 – Authenticated(Editor+) Remote Code Execution via metabox
Affected Software: Nexter Extension
CVE ID: CVE-2023-45751
CVSS Score: 7.2 (High)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/188c4417-962a-4b28-b215-1c567b39ba7a
CVE ID: CVE-2023-45751
CVSS Score: 7.2 (High)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/188c4417-962a-4b28-b215-1c567b39ba7a
Campaign Monitor Forms <= 2.5.5 – Missing Authorization to Authenticated(Subscriber+) Options Update via ajax_dismiss_notice
Affected Software: Campaign Monitor Forms by Optin Cat
CVE ID: CVE-2023-5098
CVSS Score: 7.1 (High)
Researcher/s: Francesco Marano
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3f11416c-c981-4c85-822c-497ecfaa842d
CVE ID: CVE-2023-5098
CVSS Score: 7.1 (High)
Researcher/s: Francesco Marano
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3f11416c-c981-4c85-822c-497ecfaa842d
History Log by click5 <= 1.0.12 – Authenticated(Administrator+) Time-Based Blind SQL Injection
Affected Software: History Log by click5
CVE ID: CVE-2023-5082
CVSS Score: 6.6 (Medium)
Researcher/s: Karolis Narvilas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2881e144-a109-4034-afe8-2f72efd70360
CVE ID: CVE-2023-5082
CVSS Score: 6.6 (Medium)
Researcher/s: Karolis Narvilas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2881e144-a109-4034-afe8-2f72efd70360
IMPress Listings <= 2.6.2 – Missing Authorization
Affected Software: IMPress Listings
CVE ID: CVE-2023-45633
CVSS Score: 6.5 (Medium)
Researcher/s: Nguyen Anh Tien
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f426c32e-a376-4447-b83f-409a8eb0c499
CVE ID: CVE-2023-45633
CVSS Score: 6.5 (Medium)
Researcher/s: Nguyen Anh Tien
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f426c32e-a376-4447-b83f-409a8eb0c499
Slick Contact Forms <= 1.3.7 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: Slick Contact Forms
CVE ID: CVE-2023-5468
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/22c63226-2bc6-40be-a5d1-1bd169fc78b8
CVE ID: CVE-2023-5468
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/22c63226-2bc6-40be-a5d1-1bd169fc78b8
PDF Block <= 1.1.0 – Authenticated (Contributor+) Stored Cross-Site Scripting
Affected Software: PDF Block
CVE ID: CVE-2023-45646
CVSS Score: 6.4 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3a1d8adf-c49c-4d88-83c7-4515b0ab1f35
CVE ID: CVE-2023-45646
CVSS Score: 6.4 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3a1d8adf-c49c-4d88-83c7-4515b0ab1f35
QR Twitter Widget <= 0.2.3 – Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
Affected Software: QR Twitter Widget
CVE ID: CVE-2023-45628
CVSS Score: 6.4 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5b16df88-7d9f-4ee2-90ab-6da50c69148e
CVE ID: CVE-2023-45628
CVSS Score: 6.4 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5b16df88-7d9f-4ee2-90ab-6da50c69148e
Add to Calendar Button <= 1.5.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: Add to Calendar Button
CVE ID: CVE Unknown
CVSS Score: 6.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/60ba7f68-1fe1-4349-a3eb-11a63ae11e38
CVE ID: CVE Unknown
CVSS Score: 6.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/60ba7f68-1fe1-4349-a3eb-11a63ae11e38
WordPress Core 5.9-6.3.1 – Authenticated(Contributor+) Stored Cross-Site Scripting via Navigation Attributes
Affected Software/s: WordPress, Gutenberg
CVE ID: CVE-2023-38000
CVSS Score: 6.4 (Medium)
Researcher/s: Rafie Muhammad, Edourard L
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/66b1f597-f357-4525-8c67-e0be3a07bcfa
CVE ID: CVE-2023-38000
CVSS Score: 6.4 (Medium)
Researcher/s: Rafie Muhammad, Edourard L
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/66b1f597-f357-4525-8c67-e0be3a07bcfa
Get Custom Field Values <= 4.0.1 – Authenticated(Contributor+) Stored Cross-Site Scripting via Custom Meta Widget
Affected Software: Get Custom Field Values
CVE ID: CVE Unknown
CVSS Score: 6.4 (Medium)
Researcher/s: Satoo Nakano
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/66e55302-f889-4054-817f-aadbdd3c88de
CVE ID: CVE Unknown
CVSS Score: 6.4 (Medium)
Researcher/s: Satoo Nakano
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/66e55302-f889-4054-817f-aadbdd3c88de
Newsletter & Bulk Email Sender <= 2.0.1 – Authenticated (Contributor+) Stored Cross-Site Scripting
Affected Software: Newsletter & Bulk Email Sender – Email Newsletter Plugin for WordPress
CVE ID: CVE-2023-45829
CVSS Score: 6.4 (Medium)
Researcher/s: thiennv
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a7c19095-3c21-440f-aa28-0117aea29d97
CVE ID: CVE-2023-45829
CVSS Score: 6.4 (Medium)
Researcher/s: thiennv
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a7c19095-3c21-440f-aa28-0117aea29d97
GEO my WordPress <= 4.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: GEO my WordPress
CVE ID: CVE-2023-5467
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a96ac71f-3dae-40eb-9268-d56688a5aa64
CVE ID: CVE-2023-5467
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a96ac71f-3dae-40eb-9268-d56688a5aa64
Master Addons for Elementor <= 2.0.3 – Authenticated(Contributor+) Stored Cross-Site Scripting
Affected Software: Master Addons for Elementor
CVE ID: CVE Unknown
CVSS Score: 6.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/abb7def7-df32-4901-b8ea-068ff1af664b
CVE ID: CVE Unknown
CVSS Score: 6.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/abb7def7-df32-4901-b8ea-068ff1af664b
WordPress Core 6.3 – 6.3.1 – Authenticated(Contributor+) Cross-Site Scripting via Footnotes Block
Affected Software: WordPress
CVE ID: CVE Unknown
CVSS Score: 6.4 (Medium)
Researcher/s: Jorge Costa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/af77d642-d383-48f2-a59a-3a9c738cd47f
CVE ID: CVE Unknown
CVSS Score: 6.4 (Medium)
Researcher/s: Jorge Costa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/af77d642-d383-48f2-a59a-3a9c738cd47f
CITS Support svg, webp Media and TTF,OTF File Upload <= 2.1.0 – Authenticated(Author+) Stored Cross-Site Scripting via SVG Upload
Affected Software: CITS Support svg, webp Media and TTF,OTF File Upload
CVE ID: CVE-2023-5458
CVSS Score: 6.4 (Medium)
Researcher/s: Bob Matyas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c7d3edf5-245f-42f2-9add-e87de6839ed1
CVE ID: CVE-2023-5458
CVSS Score: 6.4 (Medium)
Researcher/s: Bob Matyas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c7d3edf5-245f-42f2-9add-e87de6839ed1
Embed Calendly <= 3.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: Embed Calendly
CVE ID: CVE-2023-4995
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d1bf83df-7a1f-4572-9c8d-1013750d51d7
CVE ID: CVE-2023-4995
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d1bf83df-7a1f-4572-9c8d-1013750d51d7
WP ULike <= 4.6.8 – Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
Affected Software: WP ULike – Most Advanced WordPress Marketing Toolkit
CVE ID: CVE-2023-45640
CVSS Score: 6.4 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d2f777b6-5872-4196-81fb-82a9b6aaef2e
CVE ID: CVE-2023-45640
CVSS Score: 6.4 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d2f777b6-5872-4196-81fb-82a9b6aaef2e
Charitable <= 1.7.0.13 – Authenticated(Contributor+) Stored Cross-Site Scripting
Affected Software: Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress
CVE ID: CVE Unknown
CVSS Score: 6.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dbaedb36-6710-48ab-8bb5-e6065fa8df51
CVE ID: CVE Unknown
CVSS Score: 6.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dbaedb36-6710-48ab-8bb5-e6065fa8df51
Etsy Shop <= 3.0.4 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Software: Etsy Shop
CVE ID: CVE-2023-5470
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e4696f7a-8b87-4376-b4c9-596eca30b38c
CVE ID: CVE-2023-5470
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e4696f7a-8b87-4376-b4c9-596eca30b38c
Remote Content Shortcode <= 1.5 – Authenticated(Contributor+) Local File Inclusion via shortcode
Affected Software: Remote Content Shortcode
CVE ID: CVE-2023-45652
CVSS Score: 6.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d1568e8d-9ea5-4673-a657-03e89cfb6000
CVE ID: CVE-2023-45652
CVSS Score: 6.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d1568e8d-9ea5-4673-a657-03e89cfb6000
Ultimate Taxonomy Manager <= 2.0 – Unauthenticated Cross-Site Scripting
Affected Software: Ultimate Taxonomy Manager
CVE ID: CVE-2023-45837
CVSS Score: 6.1 (Medium)
Researcher/s: thiennv
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/06f56834-e1e9-4a02-988a-df4c563182c4
CVE ID: CVE-2023-45837
CVSS Score: 6.1 (Medium)
Researcher/s: thiennv
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/06f56834-e1e9-4a02-988a-df4c563182c4
EventPrime <= 3.1.5 – Reflected Cross-Site Scripting via ‘event_id’
Affected Software: EventPrime – Events Calendar, Bookings and Tickets
CVE ID: CVE-2023-45637
CVSS Score: 6.1 (Medium)
Researcher/s: Phd
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/399848fd-e9f6-40e4-bfeb-08f53eb511c6
CVE ID: CVE-2023-45637
CVSS Score: 6.1 (Medium)
Researcher/s: Phd
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/399848fd-e9f6-40e4-bfeb-08f53eb511c6
Libsyn Publisher Hub <= 1.4.4 – Unauthenticated Cross-Site Scripting
Affected Software: Libsyn Publisher Hub
CVE ID: CVE-2023-45835
CVSS Score: 6.1 (Medium)
Researcher/s: minhtuanact
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/56b3d629-014c-47b3-9726-4086e544011b
CVE ID: CVE-2023-45835
CVSS Score: 6.1 (Medium)
Researcher/s: minhtuanact
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/56b3d629-014c-47b3-9726-4086e544011b
ApplyOnline – Application Form Builder and Manager <= 2.5.2 – Reflected Cross-Site Scripting
Affected Software: ApplyOnline – Application Form Builder and Manager
CVE ID: CVE-2023-45756
CVSS Score: 6.1 (Medium)
Researcher/s: Le Ngoc Anh
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6c704356-e5f7-4b91-a162-647717cbbb7b
CVE ID: CVE-2023-45756
CVSS Score: 6.1 (Medium)
Researcher/s: Le Ngoc Anh
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6c704356-e5f7-4b91-a162-647717cbbb7b
Copy Or Move Comments <= 5.0.4 – Reflected Cross-Site Scripting
Affected Software: Copy or Move Comments
CVE ID: CVE-2023-45634
CVSS Score: 6.1 (Medium)
Researcher/s: minhtuanact
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8a7bf74b-1dc7-4159-a874-29694fe5895e
CVE ID: CVE-2023-45634
CVSS Score: 6.1 (Medium)
Researcher/s: minhtuanact
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8a7bf74b-1dc7-4159-a874-29694fe5895e
Peter’s Custom Anti-Spam <= 3.2.2 – Reflected Cross-Site Scripting
Affected Software: Peter’s Custom Anti-Spam
CVE ID: CVE-2023-45759
CVSS Score: 6.1 (Medium)
Researcher/s: SeungYongLee
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8cea7f17-743a-4dce-bd86-5713ff6d8520
CVE ID: CVE-2023-45759
CVSS Score: 6.1 (Medium)
Researcher/s: SeungYongLee
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8cea7f17-743a-4dce-bd86-5713ff6d8520
Sendle Shipping <= 5.13 – Reflected Cross-Site Scripting
Affected Software: Sendle Shipping Plugin
CVE ID: CVE-2023-45761
CVSS Score: 6.1 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8e227e25-3dd9-47fd-bba8-e076f7f92d56
CVE ID: CVE-2023-45761
CVSS Score: 6.1 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8e227e25-3dd9-47fd-bba8-e076f7f92d56
Nexter Extension <= 2.0.3 – Reflected Cross-Site Scripting via post and post_id
Affected Software: Nexter Extension
CVE ID: CVE-2023-45750
CVSS Score: 6.1 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8f4dc917-028c-451a-9b32-26ef2c488850
CVE ID: CVE-2023-45750
CVSS Score: 6.1 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8f4dc917-028c-451a-9b32-26ef2c488850
Video Player <= 1.5.22 – Reflected Cross-Site Scripting
Affected Software: SpiderVPlayer
CVE ID: CVE-2023-45632
CVSS Score: 6.1 (Medium)
Researcher/s: Elliot
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/93d78063-238d-40c0-92c9-6870d85d29f7
CVE ID: CVE-2023-45632
CVSS Score: 6.1 (Medium)
Researcher/s: Elliot
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/93d78063-238d-40c0-92c9-6870d85d29f7
Fattura24 <= 6.2.7 – Reflected Cross-Site Scripting via ‘id’
Affected Software: Fattura24
CVE ID: CVE-2023-5211
CVSS Score: 6.1 (Medium)
Researcher/s: Enrico Marcolini, Claudio Marchesini
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a19bff99-b680-40a6-8a5c-7a0233b293ac
CVE ID: CVE-2023-5211
CVSS Score: 6.1 (Medium)
Researcher/s: Enrico Marcolini, Claudio Marchesini
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a19bff99-b680-40a6-8a5c-7a0233b293ac
WordPress Core 5.6 – 6.3.1 – Reflected Cross-Site Scripting via Application Password Requests
Affected Software: WordPress
CVE ID: CVE Unknown
CVSS Score: 6.1 (Medium)
Researcher/s: mascara7784
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a5368894-3277-47d0-8fad-adfb8df4fa93
CVE ID: CVE Unknown
CVSS Score: 6.1 (Medium)
Researcher/s: mascara7784
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a5368894-3277-47d0-8fad-adfb8df4fa93
Fast WP Speed <= 1.0.0 – Reflected Cross-Site Scripting
Affected Software: Fast WP Speed
CVE ID: CVE-2023-45770
CVSS Score: 6.1 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cd5a3d4b-6e8b-4abe-9f38-58accada2f57
CVE ID: CVE-2023-45770
CVSS Score: 6.1 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cd5a3d4b-6e8b-4abe-9f38-58accada2f57
Ebook Store <= 5.785 – Reflected Cross-Site Scripting
Affected Software: Ebook Store
CVE ID: CVE-2023-45602
CVSS Score: 6.1 (Medium)
Researcher/s: Le Ngoc Anh
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e36eed5b-f76d-451e-a0f8-fd4b91bcf9f1
CVE ID: CVE-2023-45602
CVSS Score: 6.1 (Medium)
Researcher/s: Le Ngoc Anh
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e36eed5b-f76d-451e-a0f8-fd4b91bcf9f1
Proofreading <= 1.0.11 – Reflected Cross-Site Scripting
Affected Software: Proofreading
CVE ID: CVE-2023-45772
CVSS Score: 6.1 (Medium)
Researcher/s: thiennv
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e76e4c4c-3f84-46b0-b305-2513714a8525
CVE ID: CVE-2023-45772
CVSS Score: 6.1 (Medium)
Researcher/s: thiennv
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e76e4c4c-3f84-46b0-b305-2513714a8525
Tweeple <= 0.9.5 – Reflected Cross-Site Scripting via id
Affected Software: Tweeple
CVE ID: CVE-2023-30781
CVSS Score: 6.1 (Medium)
Researcher/s: Elliot
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f9b1c96c-ab87-43a8-a3ac-17fea337b690
CVE ID: CVE-2023-30781
CVSS Score: 6.1 (Medium)
Researcher/s: Elliot
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f9b1c96c-ab87-43a8-a3ac-17fea337b690
Responsive Image Gallery, Gallery Album <= 2.0.3 – Unauthenticated Cross-Site Scripting
Affected Software: Gallery – Image and Video Gallery with Thumbnails
CVE ID: CVE-2023-45630
CVSS Score: 6.1 (Medium)
Researcher/s: thiennv
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fa9e4635-43f8-4f3c-b62c-628e74028f7e
CVE ID: CVE-2023-45630
CVSS Score: 6.1 (Medium)
Researcher/s: thiennv
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fa9e4635-43f8-4f3c-b62c-628e74028f7e
Get Custom Field Values <= 4.0.1 – Authenticated (Administrator+) Stored Cross-Site Scripting via plugin widget
Affected Software: Get Custom Field Values
CVE ID: CVE-2023-45604
CVSS Score: 5.5 (Medium)
Researcher/s: Satoo Nakano
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1e0fd85a-2164-4b83-822e-845662591a78
CVE ID: CVE-2023-45604
CVSS Score: 5.5 (Medium)
Researcher/s: Satoo Nakano
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1e0fd85a-2164-4b83-822e-845662591a78
WP Lightbox 2 <= 3.0.6.5 – Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
Affected Software: WP Lightbox 2
CVE ID: CVE-2023-45747
CVSS Score: 5.5 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5ef104ae-b67c-4669-adeb-e5397561c0ae
CVE ID: CVE-2023-45747
CVSS Score: 5.5 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5ef104ae-b67c-4669-adeb-e5397561c0ae
WPLegalPages <= 2.9.2 – Authenticated (Author+) Stored Cross-Site Scripting via Shortcode
Affected Software: Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WPLegalPages
CVE ID: CVE-2023-4968
CVSS Score: 5.5 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/68d7b5d0-c777-4ff9-bdef-a7762cfbdf1a
CVE ID: CVE-2023-4968
CVSS Score: 5.5 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/68d7b5d0-c777-4ff9-bdef-a7762cfbdf1a
Simple Tweet <= 1.4.0.2 – Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
Affected Software: Simple Tweet
CVE ID: CVE-2023-45767
CVSS Score: 5.5 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/de568a71-f51d-4948-839c-48e51d165a64
CVE ID: CVE-2023-45767
CVSS Score: 5.5 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/de568a71-f51d-4948-839c-48e51d165a64
WordPress Core < 6.3.2 – Authenticated (Subscriber+) Arbitrary Shortcode Execution via parse-media-shortcode
Affected Software: WordPress
CVE ID: CVE Unknown
CVSS Score: 5.4 (Medium)
Researcher/s: James Golovich, WhiteCyberSec
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1fc3f65e-5fbe-403b-b7cd-dde16a7e5778
CVE ID: CVE Unknown
CVSS Score: 5.4 (Medium)
Researcher/s: James Golovich, WhiteCyberSec
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1fc3f65e-5fbe-403b-b7cd-dde16a7e5778
Simple URLs <= 120 – Cross-Site Request Forgery via Multiple AJAX Actions
Affected Software: Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management
CVE ID: CVE-2023-45606
CVSS Score: 5.4 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/41d03524-7a53-40cd-a3d5-dafea4fc9a33
CVE ID: CVE-2023-45606
CVSS Score: 5.4 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/41d03524-7a53-40cd-a3d5-dafea4fc9a33
wpDiscuz <= 7.6.3 – Missing Authorization via AJAX actions
Affected Software: Comments – wpDiscuz
CVE ID: CVE-2023-45760
CVSS Score: 5.4 (Medium)
Researcher/s: Vladislav Pokrovsky
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4e8ad3c1-549b-4401-8cf4-a8b7f81fbc11
CVE ID: CVE-2023-45760
CVSS Score: 5.4 (Medium)
Researcher/s: Vladislav Pokrovsky
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4e8ad3c1-549b-4401-8cf4-a8b7f81fbc11
Responsive Image Gallery, Gallery Album <= 2.0.3 – Cross-Site Request Forgery
Affected Software: Gallery – Image and Video Gallery with Thumbnails
CVE ID: CVE-2023-45629
CVSS Score: 5.4 (Medium)
Researcher/s: thiennv
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/66efc65e-48d3-4ef9-a369-51448e47686a
CVE ID: CVE-2023-45629
CVSS Score: 5.4 (Medium)
Researcher/s: thiennv
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/66efc65e-48d3-4ef9-a369-51448e47686a
WordPress Backup & Migration <= 1.4.1 – Missing Authorization to Settings and Schedule Modification
Affected Software: WordPress Backup & Migration
CVE ID: CVE-2023-45636
CVSS Score: 5.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/adfc5084-ed33-4600-bd34-d3516f1a1b96
CVE ID: CVE-2023-45636
CVSS Score: 5.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/adfc5084-ed33-4600-bd34-d3516f1a1b96
Responsive Image Gallery, Gallery Album <= 2.0.3 – Missing Authorization via Multiple AJAX Actions
Affected Software: Gallery – Image and Video Gallery with Thumbnails
CVE ID: CVE-2023-45631
CVSS Score: 5.4 (Medium)
Researcher/s: thiennv
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cb08cf02-4766-4093-9306-3b4581f54f77
CVE ID: CVE-2023-45631
CVSS Score: 5.4 (Medium)
Researcher/s: thiennv
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cb08cf02-4766-4093-9306-3b4581f54f77
MailChimp Forms by MailMunch <= 3.1.4 – Cross-Site Request Forgery via multiple AJAX actions
Affected Software: MailChimp Forms by MailMunch
CVE ID: CVE-2023-45748
CVSS Score: 5.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f4f96877-406b-4ec0-ac6b-ee1ffdb436e5
CVE ID: CVE-2023-45748
CVSS Score: 5.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f4f96877-406b-4ec0-ac6b-ee1ffdb436e5
Contact Form With Captcha <= 1.6.8 – Cross-Site Request Forgery
Affected Software: Contact Form With Captcha
CVE ID: CVE-2023-45771
CVSS Score: 5.4 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f618a350-e089-40f7-b731-7ffb9ece30b3
CVE ID: CVE-2023-45771
CVSS Score: 5.4 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f618a350-e089-40f7-b731-7ffb9ece30b3
Image Regenerate & Select Crop 7.2.5 – Sensitive Information Exposure
Affected Software: Image Regenerate & Select Crop
CVE ID: CVE Unknown
CVSS Score: 5.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/307bfd18-840a-4cb4-86e6-33dc28e5514e
CVE ID: CVE Unknown
CVSS Score: 5.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/307bfd18-840a-4cb4-86e6-33dc28e5514e
WordPress Core 4.7.0 – 6.3.1 – Sensitive Information Exposure via User Search REST Endpoint
Affected Software: WordPress
CVE ID: CVE-2023-5561
CVSS Score: 5.3 (Medium)
Researcher/s: Marc-Alexandre Montpas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/38b63167-e1a6-4279-97cf-900df0651f20
CVE ID: CVE-2023-5561
CVSS Score: 5.3 (Medium)
Researcher/s: Marc-Alexandre Montpas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/38b63167-e1a6-4279-97cf-900df0651f20
Form Maker <= 1.15.20 – Captcha Bypass
Affected Software: Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
CVE ID: CVE Unknown
CVSS Score: 5.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/46525a06-f3a4-4c78-ba32-4b937e1dbac6
CVE ID: CVE Unknown
CVSS Score: 5.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/46525a06-f3a4-4c78-ba32-4b937e1dbac6
Poll Maker <= 4.7.1 – Missing Authorization
Affected Software: Poll Maker – Best WordPress Poll Plugin
CVE ID: CVE-2023-45766
CVSS Score: 5.3 (Medium)
Researcher/s: Revan Arifio
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6a27fcc6-b1ac-4649-892b-7e0dee3f0d08
CVE ID: CVE-2023-45766
CVSS Score: 5.3 (Medium)
Researcher/s: Revan Arifio
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6a27fcc6-b1ac-4649-892b-7e0dee3f0d08
Libsyn Publisher Hub <= 1.4.4 – Sensitive Information Exposure
Affected Software: Libsyn Publisher Hub
CVE ID: CVE-2023-45834
CVSS Score: 5.3 (Medium)
Researcher/s: minhtuanact
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8bccefbe-2d20-40a7-b24f-d867d80250e3
CVE ID: CVE-2023-45834
CVSS Score: 5.3 (Medium)
Researcher/s: minhtuanact
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8bccefbe-2d20-40a7-b24f-d867d80250e3
AI ChatBot <= 4.8.9 – Missing Authorization on AJAX actions
Affected Software: AI ChatBot
CVE ID: CVE-2023-5533
CVSS Score: 5.3 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a9db002f-ff41-493a-87b1-5f0b4b07cfc2
CVE ID: CVE-2023-5533
CVSS Score: 5.3 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a9db002f-ff41-493a-87b1-5f0b4b07cfc2
WordPress Core 4.7.0-6.3.1 – Denial of Service via Cache Poisoning
Affected Software: WordPress
CVE ID: CVE Unknown
CVSS Score: 5.3 (Medium)
Researcher/s: s5s, raouf_maklouf
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bdc84664-2a04-4cc6-ac3f-48bfd432691f
CVE ID: CVE Unknown
CVSS Score: 5.3 (Medium)
Researcher/s: s5s, raouf_maklouf
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bdc84664-2a04-4cc6-ac3f-48bfd432691f
AI ChatBot <= 4.8.9 – Unauthenticated Sensitive Information Exposure via qcld_wb_chatbot_check_user
Affected Software: AI ChatBot
CVE ID: CVE-2023-5254
CVSS Score: 5.3 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d897daf8-5320-4546-9a63-1d34a15b2a58
CVE ID: CVE-2023-5254
CVSS Score: 5.3 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d897daf8-5320-4546-9a63-1d34a15b2a58
Responsive Column Widgets <= 1.2.7 – Open Redirect via responsive_column_widgets_link
Affected Software: Responsive Column Widgets
CVE ID: CVE-2023-45762
CVSS Score: 4.7 (Medium)
Researcher/s: Phd
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a092266b-bd7f-424d-b8c4-d79e4811e6c9
CVE ID: CVE-2023-45762
CVSS Score: 4.7 (Medium)
Researcher/s: Phd
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a092266b-bd7f-424d-b8c4-d79e4811e6c9
Easy Testimonial Slider and Form <= 1.0.18 – Authenticated (Administrator+) Stored Cross-Site Scripting via settings
Affected Software: Easy Testimonial Slider and Form
CVE ID: CVE-2023-45754
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/01da1829-e3f4-4246-ae3d-72377c4b232e
CVE ID: CVE-2023-45754
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/01da1829-e3f4-4246-ae3d-72377c4b232e
Amministrazione Trasparente <= 8.0.2 – Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Amministrazione Trasparente
CVE ID: CVE-2023-45758
CVSS Score: 4.4 (Medium)
Researcher/s: DoYeon Park
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1ef02ecc-6a7b-4782-a891-a1d66d770c81
CVE ID: CVE-2023-45758
CVSS Score: 4.4 (Medium)
Researcher/s: DoYeon Park
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1ef02ecc-6a7b-4782-a891-a1d66d770c81
CPT Shortcode Generator <= 1.0 – Authenticated (Administrator+) Stored Cross-Site Scripting via settings
Affected Software: CPT Shortcode Generator
CVE ID: CVE-2023-45644
CVSS Score: 4.4 (Medium)
Researcher/s: Lokesh Dachepalli
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4782d4ea-3d79-40d2-850d-1a7583267616
CVE ID: CVE-2023-45644
CVSS Score: 4.4 (Medium)
Researcher/s: Lokesh Dachepalli
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4782d4ea-3d79-40d2-850d-1a7583267616
Login Screen Manager <= 3.5.2 – Authenticated(Admin+) Stored Cross-Site Scripting
Affected Software: Login Screen Manager
CVE ID: CVE-2023-5243
CVSS Score: 4.4 (Medium)
Researcher/s: Nano
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4d6c37ec-4a17-41b8-a29e-2a9adb382cea
CVE ID: CVE-2023-5243
CVSS Score: 4.4 (Medium)
Researcher/s: Nano
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4d6c37ec-4a17-41b8-a29e-2a9adb382cea
Scroll post excerpt <= 8.0 – Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: Scroll post excerpt
CVE ID: CVE-2023-45764
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6da00adc-8fc0-4d8f-9ff3-8c21223199f4
CVE ID: CVE-2023-45764
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6da00adc-8fc0-4d8f-9ff3-8c21223199f4
Next Page <= 1.5.2 – Authenticated (Administrator+) Stored Cross-Site Scripting via settings
Affected Software: Next Page
CVE ID: CVE-2023-45768
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c592887c-718c-46d7-8dc3-d337711471ee
CVE ID: CVE-2023-45768
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c592887c-718c-46d7-8dc3-d337711471ee
Print, PDF, Email by PrintFriendly <= 5.5.1 – Authenticated (Administrator+) Stored Cross-Site Scripting via settings
Affected Software: Print, PDF, Email by PrintFriendly
CVE ID: CVE-2023-25032
CVSS Score: 4.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e0403a76-86ce-4772-bc0b-22b183f0f684
CVE ID: CVE-2023-25032
CVSS Score: 4.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e0403a76-86ce-4772-bc0b-22b183f0f684
WP GoToWebinar <= 14.45 – Authenticated (Administrator+) Stored Cross-Site Scripting via settings
Affected Software: WP GoToWebinar
CVE ID: CVE-2023-45832
CVSS Score: 4.4 (Medium)
Researcher/s: DoYeon Park
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e40f07b5-9e6e-430b-86fc-3bb863a51b01
CVE ID: CVE-2023-45832
CVSS Score: 4.4 (Medium)
Researcher/s: DoYeon Park
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e40f07b5-9e6e-430b-86fc-3bb863a51b01
Simple File List <= 6.1.9 – Authenticated (Administrator+) Stored Cross-Site Scripting via settings
Affected Software: Simple File List
CVE ID: CVE-2023-39924
CVSS Score: 4.4 (Medium)
Researcher/s: Bae Song Hyun
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e61b6e54-b330-41a5-b13f-ba11c10d8bfe
CVE ID: CVE-2023-39924
CVSS Score: 4.4 (Medium)
Researcher/s: Bae Song Hyun
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e61b6e54-b330-41a5-b13f-ba11c10d8bfe
LeadSquared Suite <= 0.7.4 – Authenticated (Administrator+) Stored Cross-Site Scripting via settings
Affected Software: LeadSquared Suite
CVE ID: CVE-2023-45833
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ef1aafc2-e47b-49da-8a4e-9111209308c2
CVE ID: CVE-2023-45833
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ef1aafc2-e47b-49da-8a4e-9111209308c2
BuddyPress Global Search <= 1.2.1 – Authenticated (Administrator+) Stored Cross-Site Scripting
Affected Software: BuddyPress Global Search
CVE ID: CVE-2023-45755
CVSS Score: 4.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f78cc71a-db22-4f5f-9231-52c66561df02
CVE ID: CVE-2023-45755
CVSS Score: 4.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f78cc71a-db22-4f5f-9231-52c66561df02
WP ERP <= 1.12.6 – Missing Authorization via admin notice dismissal
Affected Software: WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting
CVE ID: CVE-2023-45765
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/048277c4-f313-484d-a330-420e0682eee2
CVE ID: CVE-2023-45765
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/048277c4-f313-484d-a330-420e0682eee2
Thumbnail Slider With Lightbox <= 1.0 – Cross-Site Request Forgery
Affected Software: Thumbnail Slider With Lightbox
CVE ID: CVE-2023-5531
CVSS Score: 4.3 (Medium)
Researcher/s: Ala Arfaoui
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/055b7ed5-268a-485e-ac7d-8082dc9fb2ad
CVE ID: CVE-2023-5531
CVSS Score: 4.3 (Medium)
Researcher/s: Ala Arfaoui
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/055b7ed5-268a-485e-ac7d-8082dc9fb2ad
Post Gallery <= 2.3.12 – Cross-Site Request Forgery
Affected Software: Post Gallery
CVE ID: CVE-2023-45752
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0ac31c39-abbc-427f-aba3-d9ec3b51c4d2
CVE ID: CVE-2023-45752
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0ac31c39-abbc-427f-aba3-d9ec3b51c4d2
WP Open Street Map <= 1.25 – Cross-Site Request Forgery via wp_openstreetmaps
Affected Software: WP Open Street Map
CVE ID: CVE-2023-45645
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1aa0fd9d-6c9f-4110-92a0-064fa4b9b589
CVE ID: CVE-2023-45645
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1aa0fd9d-6c9f-4110-92a0-064fa4b9b589
Eupago Gateway For Woocommerce <= 3.1.9 – Cross-Site Request Forgery via eupago_page_content
Affected Software: Eupago Gateway For Woocommerce
CVE ID: CVE-2023-45638
CVSS Score: 4.3 (Medium)
Researcher/s: Skalucy
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1f1dcec6-1fcf-40e8-a15b-647b7161b6b5
CVE ID: CVE-2023-45638
CVSS Score: 4.3 (Medium)
Researcher/s: Skalucy
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1f1dcec6-1fcf-40e8-a15b-647b7161b6b5
which template file <= 4.8.0 – Cross-Site Request Forgery
Affected Software: which template file
CVE ID: CVE-2023-45753
CVSS Score: 4.3 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/279314a4-2d70-4036-ae9a-27bb694b03db
CVE ID: CVE-2023-45753
CVSS Score: 4.3 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/279314a4-2d70-4036-ae9a-27bb694b03db
Constant Contact Forms by MailMunch <= 2.0.10 – Cross-Site Request Forgery
Affected Software: Constant Contact Forms by MailMunch
CVE ID: CVE-2023-45647
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2f8dcbd2-af51-4cc9-9962-53fe644985e1
CVE ID: CVE-2023-45647
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2f8dcbd2-af51-4cc9-9962-53fe644985e1
Sort SearchResult By Title <= 10.0 – Cross-Site Request Forgery via settings_page
Affected Software: Sort SearchResult By Title
CVE ID: CVE-2023-45639
CVSS Score: 4.3 (Medium)
Researcher/s: Skalucy
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4147e973-5a17-41d8-b8d9-5e43a23c9bc9
CVE ID: CVE-2023-45639
CVSS Score: 4.3 (Medium)
Researcher/s: Skalucy
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4147e973-5a17-41d8-b8d9-5e43a23c9bc9
AMP WP <= 1.5.15 – Cross-Site Request Forgery via multiple settings pages
Affected Software: AMP WP – Google AMP For WordPress
CVE ID: CVE-2023-45831
CVSS Score: 4.3 (Medium)
Researcher/s: qilin_99
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/44dd7b3f-5892-43e1-acf1-61f66db0b4a3
CVE ID: CVE-2023-45831
CVSS Score: 4.3 (Medium)
Researcher/s: qilin_99
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/44dd7b3f-5892-43e1-acf1-61f66db0b4a3
XYDAC Ultimate Taxonomy Manager <= 2.0 – Cross-Site Request Forgery
Affected Software: Ultimate Taxonomy Manager
CVE ID: CVE-2023-45836
CVSS Score: 4.3 (Medium)
Researcher/s: thiennv
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4baf39fd-4191-47eb-9b37-cdf290d6345b
CVE ID: CVE-2023-45836
CVSS Score: 4.3 (Medium)
Researcher/s: thiennv
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4baf39fd-4191-47eb-9b37-cdf290d6345b
HTML5 Maps <= 1.7.1.4 – Cross-Site Request Forgery
Affected Software: HTML5 Maps
CVE ID: CVE-2023-45650
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/502bc68d-778a-47df-a5c2-6bd0b4f130cc
CVE ID: CVE-2023-45650
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/502bc68d-778a-47df-a5c2-6bd0b4f130cc
CPT Shortcode Generator <= 1.0 – Cross-Site Request Forgery
Affected Software: CPT Shortcode Generator
CVE ID: CVE-2023-45643
CVSS Score: 4.3 (Medium)
Researcher/s: Lokesh Dachepalli
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6125a8e6-4c87-4136-ba39-c3a089948733
CVE ID: CVE-2023-45643
CVSS Score: 4.3 (Medium)
Researcher/s: Lokesh Dachepalli
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6125a8e6-4c87-4136-ba39-c3a089948733
Snap Pixel <= 1.5.7 – Cross-Site Request Forgery
Affected Software: Snap Pixel
CVE ID: CVE-2023-45642
CVSS Score: 4.3 (Medium)
Researcher/s: Prasanna V Balaji
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6150fd60-069f-4ba6-8f0c-773039eaaec6
CVE ID: CVE-2023-45642
CVSS Score: 4.3 (Medium)
Researcher/s: Prasanna V Balaji
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6150fd60-069f-4ba6-8f0c-773039eaaec6
WordPress Core <= 6.3.1 – Authenticated(Contributor+) Sensitive Information Exposure via Comments on Protected Posts
Affected Software: WordPress
CVE ID: CVE-2023-39999
CVSS Score: 4.3 (Medium)
Researcher/s: Rafie Muhammad, Jb Audras
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6bea6a77-79e8-4d3a-bd3e-2bb3d20b6fe9
CVE ID: CVE-2023-39999
CVSS Score: 4.3 (Medium)
Researcher/s: Rafie Muhammad, Jb Audras
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6bea6a77-79e8-4d3a-bd3e-2bb3d20b6fe9
Comments Ratings <= 1.1.7 – Cross-Site Request Forgery
Affected Software: Comments Ratings
CVE ID: CVE-2023-45654
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8035484b-dc2f-4d54-802b-b09bd88a8bf6
CVE ID: CVE-2023-45654
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8035484b-dc2f-4d54-802b-b09bd88a8bf6
AI ChatBot <= 4.8.9 – Cross-Site Request Forgery on AJAX actions
Affected Software: AI ChatBot
CVE ID: CVE-2023-5534
CVSS Score: 4.3 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/846bd929-45cd-4e91-b232-ae16dd2b12a0
CVE ID: CVE-2023-5534
CVSS Score: 4.3 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/846bd929-45cd-4e91-b232-ae16dd2b12a0
Taggbox <= 2.9 – Cross-Site Request Forgery
Affected Software: Taggbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics
CVE ID: CVE-2023-33214
CVSS Score: 4.3 (Medium)
Researcher/s: Jonas Höbenreich
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8a27253d-bfc1-40b5-9da4-d16cc403ad41
CVE ID: CVE-2023-33214
CVSS Score: 4.3 (Medium)
Researcher/s: Jonas Höbenreich
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8a27253d-bfc1-40b5-9da4-d16cc403ad41
Caret Country Access Limit <= 1.0.2 – Cross-Site Request Forgery
Affected Software: Caret Country Access Limit
CVE ID: CVE-2023-45641
CVSS Score: 4.3 (Medium)
Researcher/s: Prasanna V Balaji
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9f8c5853-6e21-4a70-a547-e3f0f4b1d7d0
CVE ID: CVE-2023-45641
CVSS Score: 4.3 (Medium)
Researcher/s: Prasanna V Balaji
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9f8c5853-6e21-4a70-a547-e3f0f4b1d7d0
Lazy Load for Videos <= 2.18.2 – Cross-Site Request Forgery
Affected Software: Lazy Load for Videos
CVE ID: CVE-2023-45656
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a467ad30-8271-421c-8af4-8165fd60c03e
CVE ID: CVE-2023-45656
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a467ad30-8271-421c-8af4-8165fd60c03e
AGP Font Awesome Collection <= 3.2.4 – Cross-Site Request Forgery
Affected Software: AGP Font Awesome Collection
CVE ID: CVE-2023-45749
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/abcb2e9f-a6f1-40c3-b419-e2f65ec5dd41
CVE ID: CVE-2023-45749
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/abcb2e9f-a6f1-40c3-b419-e2f65ec5dd41
PixFields <= 0.7.0 – Cross-Site Request Forgery
Affected Software: PixFields
CVE ID: CVE-2023-45655
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d3c6fb8b-9df8-4cf5-b9e6-702852bb1977
CVE ID: CVE-2023-45655
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d3c6fb8b-9df8-4cf5-b9e6-702852bb1977
Video Playlist For YouTube <= 6.0 – Cross-Site Request Forgery
Affected Software: Video Playlist For YouTube
CVE ID: CVE-2023-45653
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d72c8140-90f1-49f5-bc42-925e29ecc0b1
CVE ID: CVE-2023-45653
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d72c8140-90f1-49f5-bc42-925e29ecc0b1
Responsive Tabs < 4.0.6 – Authenticated (Contributor+) Content Injection
Affected Software: Responsive Tabs
CVE ID: CVE-2023-45635
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d9af12ac-68ef-4c65-aecb-82ce7b927340
CVE ID: CVE-2023-45635
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d9af12ac-68ef-4c65-aecb-82ce7b927340
WP Attachments <= 5.0.6 – Cross-Site Request Forgery
Affected Software: WP Attachments
CVE ID: CVE-2023-45651
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f23b144e-4380-4099-89b5-816c8c2f710f
CVE ID: CVE-2023-45651
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f23b144e-4380-4099-89b5-816c8c2f710f
Feed Statistics <= 4.1 – Cross-Site Request Forgery via init
Affected Software: Feed Statistics
CVE ID: CVE-2023-45605
CVSS Score: 4.3 (Medium)
Researcher/s: thiennv
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f5740c07-28b3-40ce-997e-e4ec76348cf4
CVE ID: CVE-2023-45605
CVSS Score: 4.3 (Medium)
Researcher/s: thiennv
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f5740c07-28b3-40ce-997e-e4ec76348cf4
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (October 9, 2023 to October 15, 2023) appeared first on Wordfence.