8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
36.4%
Wordfence just launched its bug bounty program. Over the next 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now!
Please note there was a minor error in the heading of the email, and this report only runs from November 6th to November 12th._
_
Last week, there were 135 vulnerabilities disclosed in 119 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 40 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Enterprises, Hosting Providers, and even Indivudals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 12,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
_Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published. _
Patch Status | Number of Vulnerabilities |
---|---|
Unpatched | 99 |
Patched | 36 |
Severity Rating | Number of Vulnerabilities |
---|---|
Low Severity | 1 |
Medium Severity | 124 |
High Severity | 9 |
Critical Severity | 1 |
Vulnerability Type by CWE | Number of Vulnerabilities |
---|---|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 70 |
Cross-Site Request Forgery (CSRF) | 29 |
Missing Authorization | 21 |
Information Exposure | 5 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 4 |
Improper Authorization | 2 |
Deserialization of Untrusted Data | 1 |
URL Redirection to Untrusted Site ('Open Redirect') | 1 |
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') | 1 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 1 |
Researcher Name | Number of Vulnerabilities |
---|---|
István Márton | |
(Wordfence Vulnerability Researcher) | 20 |
LEE SE HYOUNG (hackintoanetwork) | 11 |
Abdi Pranata | 10 |
Emili Castells | 9 |
Le Ngoc Anh | 8 |
Rafie Muhammad | 7 |
Mika | 7 |
thiennv | 7 |
Nguyen Xuan Chien | 4 |
yuyudhn | 4 |
Skalucy | 3 |
minhtuanact | 3 |
Elliot | 3 |
Krzysztof Zając | 3 |
Dmitrii Ignatyev | 3 |
Ala Arfaoui | 2 |
Enrico Marcolini | 2 |
Claudio Marchesini (Dottormarc) | 2 |
Joshua Chan | 2 |
Huynh Tien Si | 1 |
Robert DeVore | 1 |
Jeongwoo-Lee | 1 |
BuShiYue | 1 |
Nithissh S | 1 |
lttn | 1 |
Robin Wood | 1 |
Fariq Fadillah Gusti Insani | 1 |
Abu Hurayra (HurayraIIT) | 1 |
Vaishnav Rajeevan | 1 |
Luqman Hakim Y | 1 |
DoYeon Park (p6rkdoye0n) | 1 |
Brandon Roldan | 1 |
qilin_99 | 1 |
Erwan LR | 1 |
SeungYongLee | 1 |
Taihei Shimamine | 1 |
Nguyen Anh Tien | 1 |
Nicolas Decayeux | 1 |
Rafshanzani Suhada | 1 |
Alex Thomas | |
(Wordfence Vulnerability Researcher) | 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
Software Name | Software Slug |
---|---|
ANAC XML Bandi di Gara | avcp |
ANAC XML Viewer | anac-xml-viewer |
ARI Stream Quiz – WordPress Quizzes Builder | ari-stream-quiz |
Actueel Financieel Nieuws – Denk Internet Solutions | denk-internet-solutions |
Add Local Avatar | add-local-avatar |
Additional Order Filters for WooCommerce | additional-order-filters-for-woocommerce |
Advanced iFrame | advanced-iframe |
Amazonify | amazonify |
Animator – Scroll Triggered Animations | scroll-triggered-animations |
Arigato Autoresponder and Newsletter | bft-autoresponder |
Auto Affiliate Links | wp-auto-affiliate-links |
Auto Tag Creator | auto-tag-creator |
BZScore – Live Score | bzscore-live-score |
BadgeOS | badgeos |
Best Restaurant Menu by PriceListo | best-restaurant-menu-by-pricelisto |
Bitly's WordPress Plugin | wp-bitly |
Brizy – Page Builder | brizy |
CBX Map for Google Map & OpenStreetMap | cbxgooglemap |
Category Post List Widget | category-post-list-widget |
Checkout Field Manager (Checkout Manager) for WooCommerce | woocommerce-checkout-manager |
Cloud Templates & Patterns collection | templates-patterns-collection |
CoCart – Decoupling WooCommerce Made Easy | cart-rest-api-for-woocommerce |
Code Snippets | code-snippets |
CodeBard's Patron Button and Widgets for Patreon | patron-button-and-widgets-by-codebard |
Contact Form – Custom Builder, Payment Form, and More | powr-pack |
Countdown and CountUp, WooCommerce Sales Timer | countdown-wpdevart-extended |
Custom post types, Custom Fields & more | custom-post-types |
Direct Checkout – Quick View – Buy Now For WooCommerce | quick-view-and-buy-now-for-woocommerce |
Donations Made Easy – Smart Donations | smart-donations |
Dragfy Addons for Elementor | dragfy-addons-for-elementor |
Droit Dark Mode | droit-dark-mode |
Easy Social Icons | easy-social-icons |
EasyRotator for WordPress – Slider Plugin | easyrotator-for-wordpress |
EazyDocs – Most Powerful Knowledge base, wiki, Documentation Builder Plugin (easy docs, knowledgebase) | eazydocs |
Ecwid Ecommerce Shopping Cart | ecwid-shopping-cart |
Edit WooCommerce Templates | woo-edit-templates |
Elementor Website Builder – More than Just a Page Builder | elementor |
Email Marketing for WooCommerce by Omnisend | omnisend-connect |
Essential Grid Portfolio – Photo Gallery | essential-grid |
Extra Product Options for WooCommerce | extra-product-options-for-woocommerce |
Featured Image Caption | featured-image-caption |
Flo Forms – Easy Drag & Drop Form Builder | flo-forms |
Forms for Mailchimp by Optin Cat – Grow Your MailChimp List | mailchimp-wp |
Foyer – Digital Signage for WordPress | foyer |
Front End PM | front-end-pm |
Garden Gnome Package | garden-gnome-package |
Image Hover Effects – WordPress Plugin | image-hover-effects |
ImageMapper | imagemapper |
Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site | integrate-google-drive |
Japanized For WooCommerce | woocommerce-for-japan |
Job Manager & Career – Manage job board listings, and recruitments | job-manager-career |
Korea SNS | korea-sns |
Lava Directory Manager | lava-directory-manager |
LearnPress – WordPress LMS Plugin | learnpress |
Live Gold Price & Silver Price Charts Widgets | gold-price-chart-widget |
Martins Free & Easy SEO BackLink Link Building Network – Improve Rankings & Traffic | martins-link-network |
Membership Plugin – Restrict Content | restrict-content |
Mmm Simple File List | mmm-file-list |
NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images | nitropack |
OneClick Chat to Order | oneclick-whatsapp-order |
Patreon WordPress | patreon-connect |
Photo Feed | photo-feed |
Pinyin Slugs | so-pinyin-slugs |
Plainview Protect Passwords | plainview-protect-passwords |
Plugin Name: Device Theme Switcher | device-theme-switcher |
Podlove Web Player | podlove-web-player |
Post Pay Counter | post-pay-counter |
Preloader Matrix | matrix-pre-loader |
Product Catalog Simple | post-type-x |
Product Enquiry for WooCommerce | gm-woocommerce-quote-popup |
Product Visibility by Country for WooCommerce | product-visibility-by-country-for-woocommerce |
Products, Order & Customers Export for WooCommerce | export-woocommerce |
ProfileGrid – User Profiles, Memberships, Groups and Communities | profilegrid-user-profiles-groups-and-communities |
Q2W3 Post Order | q2w3-post-order |
QR Code Tag | qr-code-tag |
Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress | quiz-master-next |
Recently viewed and most viewed products | recently-viewed-and-most-viewed-products |
Redirect 404 Error Page to Homepage or Custom Page with Logs | redirect-404-error-page-to-homepage-or-custom-page |
Rename Media Files | rename-media-files |
Responsive Column Widgets | responsive-column-widgets |
Responsive Pricing Table | dk-pricr-responsive-pricing-table |
Restrict Categories | restrict-categories |
SEO by 10Web | seo-by-10web |
Seers | GDPR & CCPA Cookie Consent & Compliance |
SendPress Newsletters | sendpress |
Simple Like Page Plugin | simple-facebook-plugin |
Social Feed | All social media in one place |
Social Sharing Plugin – Social Warfare | social-warfare |
Solid Central – Site Management, Backups, Security, and Reporting | ithemes-sync |
Sponsors | wp-sponsors |
Star CloudPRNT for WooCommerce | star-cloudprnt-for-woocommerce |
TWB Woocommerce Reviews | twb-woocommerce-reviews |
Team Members Showcase | dazzlersoft-teams |
Telephone Number Linker | telephone-number-linker |
Ultimate Addons for Contact Form 7 | ultimate-addons-for-contact-form-7 |
Under Construction / Maintenance Mode from Acurax | coming-soon-maintenance-mode-from-acurax |
UpdraftPlus: WordPress Backup & Migration Plugin | updraftplus |
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor | profile-builder |
UserHeat Plugin | userheat |
Visitor Traffic Real Time Statistics | visitors-traffic-real-time-statistics |
Visual Website Collaboration, Feedback & Project Management – Atarim | atarim-visual-collaboration |
WD WidgetTwitter | widget-twitter |
WP Crowdfunding | wp-crowdfunding |
WP Discord Invite | wp-discord-invite |
WP Edit Username | wp-edit-username |
WP Full Stripe Free | wp-full-stripe-free |
WP Links Page | wp-links-page |
WP MapIt | wp-mapit |
WPDBSpringClean | wpdbspringclean |
Web Push Notifications – Webpushr | webpushr-web-push-notifications |
Who Hit The Page – Hit Counter | who-hit-the-page-hit-counter |
Woo Custom and Sequential Order Number | woo-custom-and-sequential-order-number |
WooCommerce Product Enquiry | woo-product-enquiry |
WooCommerce Product Table Lite | wc-product-table-lite |
WordPress Backup & Migration | wp-migration-duplicator |
Youtube SpeedLoad | youtube-speedload |
Ziteboard Online Whiteboard | ziteboard-online-whiteboard |
masterslider | masterslider |
코드엠샵 마이사이트 – MSHOP MY SITE | mshop-mysite |
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you'd like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
Affected Software: masterslider CVE ID: CVE-2023-47507 CVSS Score: 9.8 (Critical) Researcher/s: Rafie Muhammad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/66749606-e76f-41fb-bcf1-c06681de2ee3>
Affected Software: WD WidgetTwitter CVE ID: CVE-2023-5709 CVSS Score: 8.8 (High) Researcher/s: István Márton Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/86cdbfec-b1af-48ec-ae70-f97768694e44>
Affected Software: Rename Media Files CVE ID: CVE-2023-32095 CVSS Score: 8.8 (High) Researcher/s: Taihei Shimamine Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c22c2c17-c9c5-46eb-877a-a49ccf1a74ef>
Affected Software: Mmm Simple File List CVE ID: CVE-2023-4297 CVSS Score: 8.8 (High) Researcher/s: Dmitrii Ignatyev Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f33a13dc-ebff-4033-9b8d-10076b1c2d0d>
Affected Software: Brizy – Page Builder CVE ID: CVE Unknown CVSS Score: 7.2 (High) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/546cd218-3f6d-4e8f-83d5-e9aceb6f33ed>
Affected Software: Who Hit The Page – Hit Counter CVE ID: CVE-2023-47558 CVSS Score: 7.2 (High) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/54c94de4-59b4-4f0b-85db-2074a41d04f8>
Affected Software: Redirect 404 Error Page to Homepage or Custom Page with Logs CVE ID: CVE-2023-47530 CVSS Score: 7.2 (High) Researcher/s: Fariq Fadillah Gusti Insani Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/59ec4bbd-5192-45f8-8cfc-d43858b46901>
Affected Software: Web Push Notifications – Webpushr CVE ID: CVE-2023-5620 CVSS Score: 7.2 (High) Researcher/s: Krzysztof Zając Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7e092d67-ab81-4366-824c-cfb240ba3042>
Affected Software: masterslider CVE ID: CVE-2023-47506 CVSS Score: 7.2 (High) Researcher/s: Rafie Muhammad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a69a5249-f9ab-4489-a032-33dd482fdc96>
Affected Software: User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor CVE ID: CVE-2023-47669 CVSS Score: 7.1 (High) Researcher/s: Brandon Roldan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b0b2bdb3-713c-47c6-8907-ac0f86038dc2>
Affected Software: EazyDocs – Most Powerful Knowledge base, wiki, Documentation Builder Plugin (easy docs, knowledgebase) CVE ID: CVE-2023-47648 CVSS Score: 6.5 (Medium) Researcher/s: Skalucy Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0ec64507-b77e-4685-978f-7408fe8db5ee>
Affected Software: Japanized For WooCommerce CVE ID: CVE-2023-47698 CVSS Score: 6.5 (Medium) Researcher/s: Mika Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0fc675e8-8ba1-40b0-829e-7a48d5eb586d>
Affected Software: Podlove Web Player CVE ID: CVE-2023-47691 CVSS Score: 6.5 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7fd8a952-d723-45a2-9027-12e3d99f715b>
Affected Software: Elementor Website Builder – More than Just a Page Builder CVE ID: CVE-2023-47504 CVSS Score: 6.5 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c873c76a-144e-4945-8fa2-c9ffe0e3c061>
Affected Software: Checkout Field Manager (Checkout Manager) for WooCommerce CVE ID: CVE-2023-47681 CVSS Score: 6.5 (Medium) Researcher/s: Rafie Muhammad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fffd7d50-6563-4652-8fae-3fe698125c59>
Affected Software: Telephone Number Linker CVE ID: CVE-2023-5743 CVSS Score: 6.4 (Medium) Researcher/s: István Márton Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/06424d9f-0064-4101-b819-688489a18eee>
Affected Software: Featured Image Caption CVE ID: CVE-2023-5669 CVSS Score: 6.4 (Medium) Researcher/s: István Márton Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0c43a88c-6374-414f-97ae-26ba15d75cdc>
Affected Software: ANAC XML Bandi di Gara CVE ID: CVE-2023-47242 CVSS Score: 6.4 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/101945f6-d709-4c99-8c80-def9dd2fa636>
Affected Software: EasyRotator for WordPress – Slider Plugin CVE ID: CVE-2023-5742 CVSS Score: 6.4 (Medium) Researcher/s: István Márton Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/3041e28e-d965-4672-ab10-8b1f3d874f19>
Affected Software: Bitly's WordPress Plugin CVE ID: CVE-2023-5577 CVSS Score: 6.4 (Medium) Researcher/s: István Márton Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/31522e54-f260-46d0-8d57-2d46af7d3450>
Affected Software: BZScore – Live Score CVE ID: CVE-2023-47654 CVSS Score: 6.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/438a94c4-a7f2-4c08-960b-e18c19196169>
Affected Software: Sponsors CVE ID: CVE-2023-5662 CVSS Score: 6.4 (Medium) Researcher/s: István Márton Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4af04219-26c5-401d-94ef-11d2321f98bf>
Affected Software: WP MapIt CVE ID: CVE-2023-5658 CVSS Score: 6.4 (Medium) Researcher/s: István Márton Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7ef6f598-e1a7-4036-9485-1aad0416349a>
Affected Software: Social Feed | All social media in one place CVE ID: CVE-2023-5661 CVSS Score: 6.4 (Medium) Researcher/s: István Márton Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8b145772-624e-4af0-9156-03c483bf8381>
Affected Software: Garden Gnome Package CVE ID: CVE-2023-5664 CVSS Score: 6.4 (Medium) Researcher/s: István Márton Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8c7385c7-47de-4511-b474-7415c3977aa8>
Affected Software: Social Sharing Plugin – Social Warfare CVE ID: CVE-2023-4842 CVSS Score: 6.4 (Medium) Researcher/s: István Márton Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8f5b9aff-0833-4887-ae59-df5bc88c7f91>
Affected Software: Donations Made Easy – Smart Donations CVE ID: CVE-2023-47550 CVSS Score: 6.4 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/92aae1f6-e624-4619-8195-ee3c443a31fc>
Affected Software: WordPress Backup & Migration CVE ID: CVE-2023-5738 CVSS Score: 6.4 (Medium) Researcher/s: Krzysztof Zając Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/93de1604-2494-4c51-a93d-b01bf7ed4c07>
Affected Software: ImageMapper CVE ID: CVE-2023-5507 CVSS Score: 6.4 (Medium) Researcher/s: István Márton Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a6e687e9-6ffe-4457-8d57-3c03f657eb74>
Affected Software: CBX Map for Google Map & OpenStreetMap CVE ID: CVE-2023-47240 CVSS Score: 6.4 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/aa5505b7-2d9e-4a03-9655-75d004f53259>
Affected Software: Elementor Website Builder – More than Just a Page Builder CVE ID: CVE-2023-47505 CVSS Score: 6.4 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b44ef21f-464e-487a-ba5a-fe889e4c488c>
Affected Software: QR Code Tag CVE ID: CVE-2023-5567 CVSS Score: 6.4 (Medium) Researcher/s: István Márton Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/be004002-a3ac-46e9-b0c1-258f05f97b2a>
Affected Software: Mmm Simple File List CVE ID: CVE-2023-4514 CVSS Score: 6.4 (Medium) Researcher/s: Erwan LR Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c064227f-6332-40c8-9e96-337c608da832>
Affected Software: Contact Form – Custom Builder, Payment Form, and More CVE ID: CVE-2023-5741 CVSS Score: 6.4 (Medium) Researcher/s: István Márton Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c2967eae-82bb-4556-a21a-c5bb6b905c62>
Affected Software: SendPress Newsletters CVE ID: CVE-2023-5660 CVSS Score: 6.4 (Medium) Researcher/s: István Márton Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cbce42a0-29a7-40df-973c-1fe7338f6c94>
Affected Software: Lava Directory Manager CVE ID: CVE-2023-47659 CVSS Score: 6.4 (Medium) Researcher/s: Emili Castells Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e3d21ebb-52de-4b25-b9e9-5d6f3284cf94>
Affected Software: Advanced iFrame CVE ID: CVE-2023-4775 CVSS Score: 6.4 (Medium) Researcher/s: István Márton Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e9944443-2e71-45c4-8a19-d76863cf66df>
Affected Software: Ziteboard Online Whiteboard CVE ID: CVE-2023-5076 CVSS Score: 6.4 (Medium) Researcher/s: István Márton, Alex Thomas Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f5608f50-e17a-471f-b644-dceb64d82f0c>
Affected Software: Simple Like Page Plugin CVE ID: CVE-2023-4888 CVSS Score: 6.4 (Medium) Researcher/s: István Márton Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f81df26f-4390-4626-8539-367a52f8a027>
Affected Software: NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images CVE ID: CVE Unknown CVSS Score: 6.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fb6f4b0b-25b8-4dcd-b002-293ce8ab307e>
Affected Software: Category Post List Widget CVE ID: CVE-2023-47516 CVSS Score: 6.1 (Medium) Researcher/s: LEE SE HYOUNG (hackintoanetwork) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/0182ca6c-23f8-4212-bfd8-cb898e98b37b>
Affected Software: Essential Grid Portfolio – Photo Gallery CVE ID: CVE-2023-47684 CVSS Score: 6.1 (Medium) Researcher/s: Rafie Muhammad Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/02eadae8-7aa6-42f5-b807-9ed82332fa72>
Affected Software: Category Post List Widget CVE ID: CVE-2023-47516 CVSS Score: 6.1 (Medium) Researcher/s: LEE SE HYOUNG (hackintoanetwork) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/04ffc248-2b5c-4c64-8bfd-361a8ff6a8af>
Affected Software: SendPress Newsletters CVE ID: CVE-2023-47517 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/2cd6e69b-f927-4cea-a838-5c73f52233a2>
Affected Software: Edit WooCommerce Templates CVE ID: CVE-2023-47509 CVSS Score: 6.1 (Medium) Researcher/s: LEE SE HYOUNG (hackintoanetwork) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/34f7ab72-a4e3-4264-b6d3-530dd255dc87>
Affected Software: Under Construction / Maintenance Mode from Acurax CVE ID: CVE-2023-39926 CVSS Score: 6.1 (Medium) Researcher/s: Robert DeVore Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/359b8977-6d0d-4856-8d72-17091a420f67>
Affected Software: EazyDocs – Most Powerful Knowledge base, wiki, Documentation Builder Plugin (easy docs, knowledgebase) CVE ID: CVE-2023-47549 CVSS Score: 6.1 (Medium) Researcher/s: minhtuanact Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/38145ad1-f441-40a4-9e92-6837cfeba656>
Affected Software: Restrict Categories CVE ID: CVE-2023-47518 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/45671cab-f719-4ee6-af81-7c19b37b8d91>
Affected Software: Post Pay Counter CVE ID: CVE-2023-47673 CVSS Score: 6.1 (Medium) Researcher/s: LEE SE HYOUNG (hackintoanetwork) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4a9fce6d-d5c2-4ab7-87ea-8dd6e4d92e07>
Affected Software: Visual Website Collaboration, Feedback & Project Management – Atarim CVE ID: CVE-2023-47544 CVSS Score: 6.1 (Medium) Researcher/s: lttn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4f5919eb-ac74-4926-9ede-e651bb4463b2>
Affected Software: Product Enquiry for WooCommerce CVE ID: CVE-2023-47512 CVSS Score: 6.1 (Medium) Researcher/s: LEE SE HYOUNG (hackintoanetwork) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6840add4-62db-4b99-b48b-0b51aa2451b8>
Affected Software: Martins Free & Easy SEO BackLink Link Building Network – Improve Rankings & Traffic CVE ID: CVE-2023-5641 CVSS Score: 6.1 (Medium) Researcher/s: Enrico Marcolini, Claudio Marchesini (Dottormarc) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/773b5a79-017a-4e16-b563-3aa2939fa179>
Affected Software: WP Crowdfunding CVE ID: CVE-2023-47532 CVSS Score: 6.1 (Medium) Researcher/s: Abu Hurayra (HurayraIIT) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7f13a432-e37d-4183-85ff-e2a04b40cda8>
Affected Software: LearnPress – WordPress LMS Plugin CVE ID: CVE Unknown CVSS Score: 6.1 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/81fd3ac1-91af-4cfa-ac4e-712beb4236c0>
Affected Software: Photo Feed CVE ID: CVE-2023-47522 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8a36b98b-7197-434e-88ac-6fcfa34d6abb>
Affected Software: Auto Affiliate Links CVE ID: CVE-2023-47652 CVSS Score: 6.1 (Medium) Researcher/s: LEE SE HYOUNG (hackintoanetwork) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8c84ffd3-e000-4d67-9789-e439e7c128e8>
Affected Software: CodeBard's Patron Button and Widgets for Patreon CVE ID: CVE-2023-47524 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/96649aa6-f3ba-4e9e-9fa5-a5fbd52c3836>
Affected Software: masterslider CVE ID: CVE-2023-47508 CVSS Score: 6.1 (Medium) Researcher/s: Rafie Muhammad Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9f77755a-9b28-4e31-8a01-42e96b5698bf>
Affected Software: Star CloudPRNT for WooCommerce CVE ID: CVE-2023-47514 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9f850644-4923-46c1-90f6-d29088c9cb1a>
Affected Software: WPDBSpringClean CVE ID: CVE-2023-47510 CVSS Score: 6.1 (Medium) Researcher/s: LEE SE HYOUNG (hackintoanetwork) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a6627f96-63d6-4f22-9eb7-fb42e748ae38>
Affected Software: Q2W3 Post Order CVE ID: CVE-2023-47521 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/affc9dff-75a1-4cb3-8465-55254db6441b>
Affected Software: SEO by 10Web CVE ID: CVE-2023-34375 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b4533554-52e4-44b4-9230-b6e3feb2e4a1>
Affected Software: Plainview Protect Passwords CVE ID: CVE-2023-47665 CVSS Score: 6.1 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/b63d8238-267f-4a40-9af0-37ae8b9ba26b>
Affected Software: Additional Order Filters for WooCommerce CVE ID: CVE-2023-47690 CVSS Score: 6.1 (Medium) Researcher/s: qilin_99 Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/baa8b5ce-7ef8-4ca8-9957-2c3469f55dda>
Affected Software: ImageMapper CVE ID: CVE-2023-5532 CVSS Score: 6.1 (Medium) Researcher/s: István Márton Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bbb67f02-87e8-4ca3-8a9d-6663a700ab5b>
Affected Software: Responsive Column Widgets CVE ID: CVE-2023-47520 CVSS Score: 6.1 (Medium) Researcher/s: Le Ngoc Anh Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d749c24c-0ed9-423b-872a-4771e9d8a2eb>
Affected Software: Products, Order & Customers Export for WooCommerce CVE ID: CVE-2023-47547 CVSS Score: 6.1 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/eac8685b-8ed9-432d-8912-b66bd62c950f>
Affected Software: Extra Product Options for WooCommerce CVE ID: CVE-2023-47658 CVSS Score: 5.5 (Medium) Researcher/s: Emili Castells Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/393a856e-dc13-4fb6-8ff3-5880631953c4>
Affected Software: Actueel Financieel Nieuws – Denk Internet Solutions CVE ID: CVE-2023-6107 CVSS Score: 5.5 (Medium) Researcher/s: Nithissh S Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4e0ad29a-b7a0-407e-8fb0-0917b8671afb>
Affected Software: Direct Checkout – Quick View – Buy Now For WooCommerce CVE ID: CVE-2023-47657 CVSS Score: 5.5 (Medium) Researcher/s: Emili Castells Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/514aa001-24c8-4624-8e25-f17b8454354c>
Affected Software: Recently viewed and most viewed products CVE ID: CVE-2023-47646 CVSS Score: 5.5 (Medium) Researcher/s: Emili Castells Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/61ec0e78-b367-438f-929d-94e055c83477>
Affected Software: Responsive Pricing Table CVE ID: CVE-2023-4810 CVSS Score: 5.5 (Medium) Researcher/s: Vaishnav Rajeevan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7fb7dd8f-6258-46e1-9cc5-87ec73d5736c>
Affected Software: Forms for Mailchimp by Optin Cat – Grow Your MailChimp List CVE ID: CVE-2023-47545 CVSS Score: 5.5 (Medium) Researcher/s: DoYeon Park (p6rkdoye0n) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a7d5edee-04fb-41e0-be5e-ca3681956d2d>
Affected Software: Countdown and CountUp, WooCommerce Sales Timer CVE ID: CVE-2023-47533 CVSS Score: 5.5 (Medium) Researcher/s: SeungYongLee Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c1ec113c-d11f-4b0b-8d4a-46d37687b3b2>
Affected Software: Live Gold Price & Silver Price Charts Widgets CVE ID: CVE-2023-47662 CVSS Score: 5.5 (Medium) Researcher/s: Emili Castells Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c53ebf2f-44ab-4d0f-ac3d-c08806c07343>
Affected Software: ANAC XML Bandi di Gara CVE ID: CVE-2023-47656 CVSS Score: 5.5 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cb610baa-093d-4a41-8e28-c65fdb0e32aa>
Affected Software: Add Local Avatar CVE ID: CVE-2023-47650 CVSS Score: 5.4 (Medium) Researcher/s: LEE SE HYOUNG (hackintoanetwork) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/241da621-b892-4263-8409-a40ac5a1ade3>
Affected Software: Code Snippets CVE ID: CVE-2023-47666 CVSS Score: 5.4 (Medium) Researcher/s: Huynh Tien Si Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/28aae3d4-c4c4-4cda-9f4b-7f2ea58629aa>
Affected Software: ImageMapper CVE ID: CVE-2023-5506 CVSS Score: 5.4 (Medium) Researcher/s: István Márton Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/31dff395-c3ce-4ebe-8d38-5243fc4510d6>
Affected Software: Solid Central – Site Management, Backups, Security, and Reporting CVE ID: CVE Unknown CVSS Score: 5.4 (Medium) Researcher/s: Robin Wood Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/55234307-9d51-4fe8-bc22-78d32a5fed11>
Affected Software: Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress CVE ID: CVE Unknown CVSS Score: 5.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/91c5a83a-679c-405b-973d-a2255d2bced2>
Affected Software: WP Discord Invite CVE ID: CVE-2023-5006 CVSS Score: 5.4 (Medium) Researcher/s: Enrico Marcolini, Claudio Marchesini (Dottormarc) Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d92bfa61-7ae2-427a-8f3a-82709471735b>
Affected Software: UpdraftPlus: WordPress Backup & Migration Plugin CVE ID: CVE-2023-5982 CVSS Score: 5.4 (Medium) Researcher/s: Nicolas Decayeux Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e1be11c5-0a44-4816-b6bf-d330cb51dbf3>
Affected Software: Ecwid Ecommerce Shopping Cart CVE ID: CVE Unknown CVSS Score: 5.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f3d5bc99-2b55-4e19-8304-e56f3d4a2f1a>
Affected Software: Ultimate Addons for Contact Form 7 CVE ID: CVE-2023-47693 CVSS Score: 5.3 (Medium) Researcher/s: minhtuanact Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/73720e67-79e5-4b4c-8720-e28ad718b2b3>
Affected Software: Front End PM CVE ID: CVE-2023-4930 CVSS Score: 5.3 (Medium) Researcher/s: Dmitrii Ignatyev Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/8250c277-200a-4808-98ae-ede169aad3fd>
Affected Software: CoCart – Decoupling WooCommerce Made Easy CVE ID: CVE-2023-47241 CVSS Score: 5.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/98e8e09c-f2fe-40ab-b1ce-62a1627b6b65>
Affected Software: Membership Plugin – Restrict Content CVE ID: CVE-2023-47668 CVSS Score: 5.3 (Medium) Researcher/s: Joshua Chan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ad2d5070-ddc6-4478-abe5-776e197a4507>
Affected Software: Cloud Templates & Patterns collection CVE ID: CVE-2023-47529 CVSS Score: 5.3 (Medium) Researcher/s: Joshua Chan Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c59baad8-b888-4475-8371-645811a6b569>
Affected Software: Email Marketing for WooCommerce by Omnisend CVE ID: CVE-2023-47244 CVSS Score: 5.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/cc2cd74d-b828-4524-b33d-c806bfd970b9>
Affected Software: Seers | GDPR & CCPA Cookie Consent & Compliance CVE ID: CVE-2023-47515 CVSS Score: 5.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d300288e-f100-4c02-ba65-d728e3b1522e>
Affected Software: Animator – Scroll Triggered Animations CVE ID: CVE-2023-47689 CVSS Score: 5.3 (Medium) Researcher/s: Elliot Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f8457aeb-867b-4185-8271-a5452b7c5365>
Affected Software: WooCommerce Product Enquiry CVE ID: CVE-2023-32796 CVSS Score: 4.7 (Medium) Researcher/s: Emili Castells Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/97c68df7-69fd-4817-9473-3d3e1fd6d348>
Affected Software: Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site CVE ID: CVE-2023-47548 CVSS Score: 4.7 (Medium) Researcher/s: minhtuanact Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bccceb2d-2087-4ee6-8118-eb3fb53654dc>
Affected Software: Amazonify CVE ID: CVE-2023-5819 CVSS Score: 4.4 (Medium) Researcher/s: Ala Arfaoui Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/41adfb58-d79f-40a3-8a7e-f3f08f64659f>
Affected Software: WP Edit Username CVE ID: CVE-2023-47528 CVSS Score: 4.4 (Medium) Researcher/s: Jeongwoo-Lee Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/47461b7b-e986-4048-88aa-175242305795>
Affected Software: Pinyin Slugs CVE ID: CVE-2023-47511 CVSS Score: 4.4 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/65e76681-80e0-40aa-a68b-87cb0c42b4f8>
Affected Software: OneClick Chat to Order CVE ID: CVE-2023-47546 CVSS Score: 4.4 (Medium) Researcher/s: Luqman Hakim Y Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/94f338c2-95c9-4ce8-8579-0b2b66547aa0>
Affected Software: ANAC XML Viewer CVE ID: CVE-2023-47245 CVSS Score: 4.4 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9af963ed-8bc5-4b5e-bacd-30a2ef429ce8>
Affected Software: Team Members Showcase CVE ID: CVE-2023-32957 CVSS Score: 4.4 (Medium) Researcher/s: Emili Castells Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/ad88c661-601c-411f-9495-2c3b8a568c6b>
Affected Software: Product Visibility by Country for WooCommerce CVE ID: CVE-2023-47660 CVSS Score: 4.4 (Medium) Researcher/s: Emili Castells Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e56b11a1-dd40-461b-9624-b60367c0c727>
Affected Software: Custom post types, Custom Fields & more CVE ID: CVE Unknown CVSS Score: 4.4 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/eb94520e-a99d-4e34-b174-e01898de0978>
Affected Software: TWB Woocommerce Reviews CVE ID: CVE-2023-47653 CVSS Score: 4.4 (Medium) Researcher/s: Emili Castells Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f85df8f1-9283-48d0-8f19-88a4a839d501>
Affected Software: Flo Forms – Easy Drag & Drop Form Builder CVE ID: CVE-2023-47692 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/04401d7e-996d-4b46-b391-bfb0b065900b>
Affected Software: Arigato Autoresponder and Newsletter CVE ID: CVE-2023-47686 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1bf798b5-2a5c-42d9-a4b3-d3ed056e1fdb>
Affected Software: Best Restaurant Menu by PriceListo CVE ID: CVE-2023-47649 CVSS Score: 4.3 (Medium) Researcher/s: Skalucy Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/1c24f881-52bc-4210-9037-bcdd1e4aa895>
Affected Software: Amazonify CVE ID: CVE-2023-5818 CVSS Score: 4.3 (Medium) Researcher/s: Ala Arfaoui Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/33f3c466-bdeb-402f-bf34-bc703f35e1e2>
Affected Software: ANAC XML Bandi di Gara CVE ID: CVE-2023-47655 CVSS Score: 4.3 (Medium) Researcher/s: yuyudhn Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/36cf102b-bff1-4516-9a76-030ddc98c207>
Affected Software: WooCommerce Product Table Lite CVE ID: CVE-2023-47519 CVSS Score: 4.3 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4528f805-bbf3-4a0f-a06f-879c6e607bfa>
Affected Software: Patreon WordPress CVE ID: CVE-2023-41129 CVSS Score: 4.3 (Medium) Researcher/s: BuShiYue Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/481121b2-4ea9-489e-b582-ec8bbf87c902>
Affected Software: Product Catalog Simple CVE ID: CVE Unknown CVSS Score: 4.3 (Medium) Researcher/s: Unknown Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/4a134509-8dc0-41ac-9b5c-5b173a1e3c68>
Affected Software: BadgeOS CVE ID: CVE-2023-47647 CVSS Score: 4.3 (Medium) Researcher/s: Elliot Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/515e62ba-c3b8-42d0-95e3-be347b8851a5>
Affected Software: Korea SNS CVE ID: CVE-2023-47670 CVSS Score: 4.3 (Medium) Researcher/s: LEE SE HYOUNG (hackintoanetwork) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/51d07d2a-74e6-499e-8d66-90893faedeaf>
Affected Software: Woo Custom and Sequential Order Number CVE ID: CVE-2023-47687 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/67279c70-c416-4d18-9951-470773b9221a>
Affected Software: WP Links Page CVE ID: CVE-2023-47651 CVSS Score: 4.3 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/6fa70ddc-9a5c-4001-967a-5aad789c862c>
Affected Software: Dragfy Addons for Elementor CVE ID: CVE-2023-47661 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7caaaaef-075b-44f6-8809-a02d5f034f26>
Affected Software: WordPress Backup & Migration CVE ID: CVE-2023-5737 CVSS Score: 4.3 (Medium) Researcher/s: Krzysztof Zając Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7de132d5-51c9-464c-b687-8e367dd8d846>
Affected Software: Donations Made Easy – Smart Donations CVE ID: CVE-2023-47551 CVSS Score: 4.3 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/7f5d3973-5bbb-4c85-9790-e12f3fc14f30>
Affected Software: Foyer – Digital Signage for WordPress CVE ID: CVE-2023-47663 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/97344674-15df-45e6-9906-f21a9920a6e1>
Affected Software: Preloader Matrix CVE ID: CVE-2023-47685 CVSS Score: 4.3 (Medium) Researcher/s: Skalucy Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/97548879-f015-4adc-8a84-535d210ae0de>
Affected Software: Youtube SpeedLoad CVE ID: CVE-2023-47688 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9d11c022-9938-4a9e-be16-db986fdfa1c8>
Affected Software: Plugin Name: Device Theme Switcher CVE ID: CVE-2023-47556 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Xuan Chien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/9d64d711-f2d9-4447-9ac1-80c5ea51c23e>
Affected Software: ImageMapper CVE ID: CVE-2023-5975 CVSS Score: 4.3 (Medium) Researcher/s: István Márton Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a128018b-f19b-4b18-a53c-cf1310d3d0e7>
Affected Software: WP Full Stripe Free CVE ID: CVE-2023-47667 CVSS Score: 4.3 (Medium) Researcher/s: LEE SE HYOUNG (hackintoanetwork) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/a4f7211b-0ff0-406e-9a0a-2dd7b1314d6d>
Affected Software: 코드엠샵 마이사이트 – MSHOP MY SITE CVE ID: CVE-2023-47243 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bc2cbf43-3e8a-4364-9355-6d6587204c1c>
Affected Software: Plainview Protect Passwords CVE ID: CVE-2023-47664 CVSS Score: 4.3 (Medium) Researcher/s: Mika Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/bc59b997-a8e2-4c75-aa5f-36cc5a66326e>
Affected Software: UserHeat Plugin CVE ID: CVE-2023-47553 CVSS Score: 4.3 (Medium) Researcher/s: LEE SE HYOUNG (hackintoanetwork) Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c03b5670-9f7e-4001-ba90-197559b794a1>
Affected Software: Easy Social Icons CVE ID: CVE-2023-33998 CVSS Score: 4.3 (Medium) Researcher/s: Nguyen Anh Tien Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c3bdc0c4-34fb-43cc-ba2b-340347bca146>
Affected Software: Auto Tag Creator CVE ID: CVE-2023-47523 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/d4b6d2c6-d157-4c4c-b6e1-557b8353c742>
Affected Software: Droit Dark Mode CVE ID: CVE-2023-47531 CVSS Score: 4.3 (Medium) Researcher/s: Elliot Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/e3afaa85-9eb5-4cc4-883a-11d42504a8e1>
Affected Software: Visitor Traffic Real Time Statistics CVE ID: CVE-2023-47557 CVSS Score: 4.3 (Medium) Researcher/s: Rafshanzani Suhada Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f4aac424-abf3-4d6c-a0a4-a95e2cf89864>
Affected Software: ProfileGrid – User Profiles, Memberships, Groups and Communities CVE ID: CVE-2023-47644 CVSS Score: 4.3 (Medium) Researcher/s: thiennv Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/f58efd6c-58f2-464b-8aaf-f4f5c4c52f09>
Affected Software: ARI Stream Quiz – WordPress Quizzes Builder CVE ID: CVE-2023-47513 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fa6fc22e-0d30-4c4b-8c8d-13f04ed1aa7c>
Affected Software: Image Hover Effects – WordPress Plugin CVE ID: CVE-2023-47552 CVSS Score: 4.3 (Medium) Researcher/s: Abdi Pranata Patch Status: Unpatched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/fb947f1f-8cce-448d-9c86-1d3c01a4637d>
Affected Software: Job Manager & Career – Manage job board listings, and recruitments CVE ID: CVE-2023-5906 CVSS Score: 3.7 (Low) Researcher/s: Dmitrii Ignatyev Patch Status: Patched Vulnerability Details: <https://wordfence.com/threat-intel/vulnerabilities/id/c66bc0b1-c157-4c05-ae9d-0927863c6b95>
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (November 6, 2023 to November 12, 2023) appeared first on Wordfence.
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
36.4%