Multiple Reflected Cross-Site Scripting Vulnerabilities in Three WordPress Plugins Patched

The Wordfence Threat Intelligence Team recently disclosed several Reflected Cross-Site Scripting vulnerabilities that we discovered in three different plugins – Watu Quiz (installed on 5,000 sites), GN-Publisher (installed on 40,000 sites), and Japanized For WooCommerce (installed on 10,000 sites). As with all Reflected Cross-Site Scripting vulnerabilities, these could be leveraged for a complete site takeover as long as an unauthenticated attacker could successfully trick a site administrator into performing an action, such as clicking on a link or visiting a website under the attacker’s control.

All Wordfence customers, including Wordfence Premium, Wordfence Care, and Wordfence Response customers as well as those still using the free version of our plugin, are protected against any exploits targeting these vulnerabilities by the Wordfence firewall’s built-in Cross-Site Scripting protection.

Vulnerability Summaries

Description: Reflected Cross-Site Scripting
Affected Plugin: Watu Quiz
Plugin Slug: watu
Affected Versions: <= 3.3.9
CVE ID: CVE-2023-0968
CVSS Score: 6.1 (Medium)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Researcher/s: Marco Wotschka
Fully Patched Version: 3.3.9.1

Description: Reflected Cross-Site Scripting
Affected Plugin: GN Publisher: Google News Compatible RSS Feeds
Plugin Slug: gn-publisher
Affected Versions: <= 1.5.5
CVE ID: CVE-2023-1080
CVSS Score: 6.1 (Medium)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Researcher/s: Marco Wotschka
Fully Patched Version: 1.5.6

Description: Reflected Cross-Site Scripting
Affected Plugin: Japanized For WooCommerce
Plugin Slug: woocommerce-for-japan
Affected Versions: <= 2.5.4
CVE ID: CVE-2023-0942
CVSS Score: 6.1 (Medium)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Researcher/s: Marco Wotschka
Fully Patched Version: 2.5.5

Vulnerability Details

Watu Quiz is a plugin that offers site owners the ability to create exams, quizzes and surveys. It allows administrators to review quiz submissions and filter search results by username, email, date taken and quiz score. Unfortunately, the search terms – provided as URL parameters – were not properly sanitized before being echoed on the search form.

Visiting a URL containing a malicious payload sufficed to trigger the execution of malicious JavaScript code in the context of the visiting user’s session. Since the exploitable page was an administrative page, this code could be used to create new administrator users or to perform other similarly severe actions potentially resulting in site takeover.

A vulnerable line of code in the plugin used the user-provided parameter and output it directly:

<input name="dn" type="text" value="<?php echo @$_GET['dn']?>" />

The dn parameter can be used to close out the value attribute, add an onmouseover event (or an onfocus event combined with the autofocus attribute) and execute JavaScript in the context of the victim’s browser.

/wp-admin/admin.php?page=watu_takings&exam_id=1&dn="%2Fonmouseover%3Dalert(123)%2F%2F

Versions up to 3.3.9 of this plugin are vulnerable. The issue is fixed in version 3.3.9.1 as of March 3, 2023.


GN Publisher is a plugin that makes RSS feeds which comply with Google News RSS feed technical requirements – necessary for inclusion in the Google News Publisher Center. The plugin addresses some common RSS compatibility issues publishers typically experience.

On its main configuration page It offers a tabbed form where administrators can change plugin-specific settings. However, the plugin does not properly escape the tab name before outputting it.

The software features a button in the top right corner that offers an upgrade to the PRO version. The code for the button in the vulnerable version is shown below (slightly reformatted for legibility):

As can be seen, the button element contains a php echo statement that outputs the tab parameter as a button class attribute. An unauthenticated attacker can take advantage of this and inject attribute-based JavaScript that executes on an event of the attacker’s choosing such as onmouseover, or onfocus in combination with autofocus, assuming they can also successfully trick a site administrator into performing an action.

/wp-admin/options-general.php?page=gn-publisher-settings&tab=hans%22%2F+onmouseover%3Dalert%281%29%3B%2F%2F

Versions up to, and including, 1.5.5 are vulnerable. Version 1.5.6 addressed this issue and was released on February 24, 2023.


The plugin Japanized for WooCommerce adds additional features to WooCommerce that make it more user-friendly for a Japanese audience, such as honorific titles and custom payment options geared towards the Japanese market. Similarly to the other two plugins discussed above, Japanized for WooCommerce outputs unsanitized user input provided via URL parameter.

As long as a tab parameter is provided, it will be output as part of the provided JavaScript that follows. A malicious piece of code can be used to close the script tag, open a new one, and include code to be executed on behalf of the visiting user.

/wp-admin/admin.php?page=wc4jp-options&tab=hans%27%3C%2Fscript%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E

Just like the other two vulnerabilities discussed above, this vulnerability can be exploited by unauthenticated attackers as long as an administrator of a vulnerable site can be tricked into performing an action such as clicking on a link leading them to the vulnerable form.

This issue is patched as of version 2.5.6, which was released on February 28, 2023.

As a final reminder, as is typical for Reflected Cross-Site Scripting vulnerabilities, these attacks can be carried out by unauthenticated users. However, the interaction of a site user is a requirement. Furthermore, the malicious injection does not persist as it is not stored in the database.

Conclusion

In today’s post, we detailed flaws in three plugins that made it possible for attackers to inject malicious JavaScript into a vulnerable site. While the exploitation of these vulnerabilities requires some degree of social engineering, they all could be used for site takeover.

All Wordfence users, including those running Wordfence Premium, Wordfence Care, and Wordfence Response, as well as sites still running the free version of Wordfence, are fully protected against this vulnerability.

If you believe your site has been compromised as a result of these vulnerabilities or any other vulnerability, we offer Incident Response services via Wordfence Care. If you need your site cleaned immediately, Wordfence Response offers the same service with 24/7/365 availability and a 1-hour response time. Both these products include hands-on support in case you need further assistance.

If you have any friends or colleagues who are using one of these plugins, please share this announcement with them and encourage them to update to the latest version as soon as possible.

If you are a security researcher, you can responsibly disclose your finds to us and obtain a CVE ID and get your name on the Wordfence Intelligence leaderboard.

The post Multiple Reflected Cross-Site Scripting Vulnerabilities in Three WordPress Plugins Patched appeared first on Wordfence.

Wordfence Intelligence Weekly WordPress Vulnerability Report (Mar 6, 2023 to Mar 12, 2023)

Last week, there were 60 vulnerabilities disclosed in 40 WordPress Plugins and 1 WordPress theme that have been added to the Wordfence Intelligence Vulnerability Database, and there were 16 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface and vulnerability API are completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.


New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:

Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.


Total Unpatched & Patched Vulnerabilities Last Week

Patch Status Number of Vulnerabilities
Unpatched 3
Patched 57

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating Number of Vulnerabilities
Low Severity 0
Medium Severity 53
High Severity 6
Critical Severity 1

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE Number of Vulnerabilities
Cross-Site Request Forgery (CSRF) 24
Missing Authorization 17
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 9
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) 2
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) 1
Server-Side Request Forgery (SSRF) 1
Incorrect Privilege Assignment 1
Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’) 1
Reliance on Untrusted Inputs in a Security Decision 1
Improper Authorization 1
Deserialization of Untrusted Data 1
Information Exposure 1

Researchers That Contributed to WordPress Security Last Week

Researcher Name Number of Vulnerabilities
Marco Wotschka
(Wordfence Vulnerability Researcher)
15
Mika 5
Erwan LR 3
Rafshanzani Suhada 3
Rafie Muhammad 2
yuyudhn 2
Nguyen Xuan Chien 1
Nicholas Ferreira 1
Lana Codes 1
FearZzZz 1
Rio Darmawan 1
Omar Badran 1
thiennv 1
Daniel Ruf 1
Alex Sanford 1
Abdi Pranata 1

 

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.


Vulnerability Details

LeadSnap <= 1.23 – Unauthenticated PHP Object Injection via AJAX

CVE ID: CVE Unknown
CVSS Score: 9.8 (Critical)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/aefbebce-9433-455d-b27c-93088b0c8494

Multiple E-plugins (Various Versions) – Authenticated (Subscriber+) Privilege Escalation

CVE ID: CVE-2020-36666
CVSS Score: 8.8 (High)
Researcher/s: Omar Badran
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/629d4809-1dd2-4b67-8d8d-9c55f5240f94

WP Dark Mode <= 4.0.7 – Authenticated (Subscriber+) Local File Inclusion via ‘style’

CVE ID: CVE-2023-0467
CVSS Score: 8.8 (High)
Researcher/s: Alex Sanford
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d43234d0-5f44-4484-a8d6-16d43d1db51e

GiveWP <= 2.25.1 – Unauthenticated CSV Injection

CVE ID: CVE-2023-22719
CVSS Score: 8.3 (High)
Researcher/s: Rafshanzani Suhada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6368c397-0570-4304-a764-869bacc526c7

WP Statistics <= 13.2.16 – Authenticated (Admin+) SQL Injection

CVE ID: CVE-2023-0955
CVSS Score: 7.2 (High)
Researcher/s: Erwan LR
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0ffd60d2-ae8d-4738-a4f4-6df6e0ffa8c6

Paytium: Mollie payment forms & donations <= 4.3.7 – Missing Authorization in ‘create_mollie_account’

CVE ID: CVE Unknown
CVSS Score: 7.1 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d4491b89-2120-4edb-a396-e45ba09b3b99

Paytium: Mollie payment forms & donations <= 4.3.7 – Missing Authorization in ‘create_mollie_profile’

CVE ID: CVE Unknown
CVSS Score: 7.1 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fbbd3209-7ed6-4409-a24e-9f6225cf10f5

Complianz – GDPR/CCPA Cookie Consent <= 6.4.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

CVE ID: CVE-2023-1069
CVSS Score: 6.4 (Medium)
Researcher/s: Erwan LR
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7397898c-8d43-4399-9c2b-22f9287aa12d

Weaver Xtreme Theme Support <= 5.0.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

CVE ID: CVE Unknown
CVSS Score: 6.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7431ee0f-f485-48a4-9cdd-8fb2ac43e216

Cookie Notice & Compliance for GDPR / CCPA <= 2.4.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘cookies_revoke_shortcode’ Shortcode

CVE ID: CVE-2023-0823
CVSS Score: 6.4 (Medium)
Researcher/s: Erwan LR
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/914de8f3-e052-4256-af14-4a08eaa464b8

Daily Prayer Time <= 2023.03.08 – Authenticated (Contributor+) Stored Cross-Site Scripting

CVE ID: CVE-2023-27631
CVSS Score: 6.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/95691873-a16a-4e41-9456-41fa07efd6ce

GiveWP <= 2.25.1 – Authenticated (Author+) Stored Cross-Site Scripting

CVE ID: CVE-2022-40211
CVSS Score: 6.4 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b30261e0-1fa1-4794-98f6-851532b7615c

GiveWP <= 2.25.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via give_form_grid shortcode

CVE ID: CVE-2023-23668
CVSS Score: 6.4 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cc5f7a07-8117-4305-a72c-6afed80b6bcf

W4 Post List <= 2.4.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘w4pl[no_items_text]’

CVE ID: CVE-2023-27413
CVSS Score: 6.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/feb9af10-7df2-4eb1-8546-debaa925df42

GiveWP <= 2.25.1 – Cross-Site Request Forgery to Cross-Site Scripting via render_dropdown

CVE ID: CVE Unknown
CVSS Score: 6.1 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2a0381b1-9b63-41cb-8125-d22274b98867

Webmention <= 4.0.8 – Reflected Cross-Site Scripting via ‘replytocom’

CVE ID: CVE Unknown
CVSS Score: 6.1 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3d12d692-231b-4e15-a119-80fd74566af4

Real Estate 7 Theme <= 3.3.4 – Unauthenticated Arbitrary Email Sending

CVE ID: CVE Unknown
CVSS Score: 5.8 (Medium)
Researcher/s: FearZzZz
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5778ba3d-6670-47ad-ae65-50b6fb8e5db0

Popup box <= 3.4.4 – Reflected Cross-Site Scripting via ‘ays_pb_tab’ Parameter

CVE ID: CVE-2023-27414
CVSS Score: 5.4 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/01f60df7-0602-4a00-9905-a91348811dfe

Paytium: Mollie payment forms & donations <= 4.3.7 – Missing Authorization in ‘pt_cancel_subscription’

CVE ID: CVE Unknown
CVSS Score: 5.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/060f31ab-cfa4-4ca8-846a-de76848b28fb

Paytium: Mollie payment forms & donations <= 4.3.7 – Missing Authorization in ‘update_profile_preference’

CVE ID: CVE Unknown
CVSS Score: 5.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2e9bee86-f491-4f68-b10b-051e0fb1a67b

HT Easy GA4 ( Google Analytics 4 ) <= 1.0.6 – Cross-Site Request Forgery via plugin_activation

CVE ID: CVE-2023-23802
CVSS Score: 5.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2fa2fcda-69f4-4095-b23c-6e6f1613adb0

Updraft Plus <= 1.22.24 – Cross-Site Request Forgery via updraft_ajaxrestore

CVE ID: CVE Unknown
CVSS Score: 5.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/343cbdda-2ec5-437f-b563-96c61663314d

Daily Prayer Time <= 2023.03.08 – Cross-Site Request Forgery

CVE ID: CVE-2023-27632
CVSS Score: 5.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9060bb2a-b9d9-466d-bb8d-14173a51d145

Paytium: Mollie payment forms & donations <= 4.3.7 – Missing Authorization in ‘paytium_sw_save_api_keys’

CVE ID: CVE Unknown
CVSS Score: 5.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a92beff1-3bc6-459e-aeca-5cbdf2152388

GiveWP <= 2.25.1 – Cross-Site Request Forgery via process_bulk_action

CVE ID: CVE Unknown
CVSS Score: 5.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a9939ffe-a5d5-45cb-b673-665acf1ff09d

GiveWP <= 2.25.1 – Authenticated (Contributor+) Arbitrary Content Deletion

CVE ID: CVE-2023-23672
CVSS Score: 5.4 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a9af1429-32c5-4907-acf4-83efc6727bb8

Mass Delete Unused Tags <= 2.0.0 – Cross-Site Request Forgery via plugin_mass_delete_unused_tags_init

CVE ID: CVE-2023-27430
CVSS Score: 5.4 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/abf4cfb9-745a-4b4f-8862-54ef561904d6

Mass Delete Taxonomies <= 3.0.0 – Cross-Site Request Forgery via mp_plugin_mass_delete_tags_init

CVE ID: CVE Unknown
CVSS Score: 5.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ce060989-ce70-49ac-921c-a687bc944090

Auto Prune Posts <= 1.8.0 – Cross-Site Request Forgery via admin_menu

CVE ID: CVE-2023-27423
CVSS Score: 5.4 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f15af4eb-5752-4a85-babd-cee7e89c329d

Drag and Drop Multiple File Upload PRO <= 2.10.9 – Directory Traversal

CVE ID: CVE-2023-1112
CVSS Score: 5.3 (Medium)
Researcher/s: Nicholas Ferreira
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1add47ea-6a7b-443a-b31d-3bb6c0d5d72d

Formidable Forms <= 6.0.1 – IP Spoofing via HTTP header

CVE ID: CVE-2023-0816
CVSS Score: 5.3 (Medium)
Researcher/s: Daniel Ruf
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/909b5421-210d-427a-94a0-e1ea25880cec

CMP – Coming Soon & Maintenance Plugin by NiteoThemes <= 4.1.6 – Information Exposure

CVE ID: CVE-2023-1263
CVSS Score: 5.3 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e01b4259-ed8d-44a4-9771-470de45b14a8

RapidLoad Power-Up for Autoptimize <= 1.7.1 – Cross-Site Request Forgery via ‘attach_rule’

CVE ID: CVE-2023-1343
CVSS Score: 4.3 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/11f74b86-a050-4247-b310-045bf48fd4bd

RapidLoad Power-Up for Autoptimize <= 1.7.1 – Missing Authorization in ‘uucss_update_rule’

CVE ID: CVE-2023-1339
CVSS Score: 4.3 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/19f126f8-1d59-44b5-8e0e-c37f1fbedf5a

RapidLoad Power-Up for Autoptimize <= 1.7.1 – Missing Authorization in ‘attach_rule’

CVE ID: CVE-2023-1338
CVSS Score: 4.3 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1bb55b22-a0d0-424f-8e4f-57d3f239c149

301 Redirects – Easy Redirect Manager <= 2.72 – Cross-Site Request Forgery via dismiss_notice

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2253cb38-3688-4e4d-afd1-582c8743c89a

RapidLoad Power-Up for Autoptimize <= 1.7.1 – Cross-Site Request Forgery via ‘uucss_update_rule’

CVE ID: CVE-2023-1344
CVSS Score: 4.3 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/263153c9-61c5-4df4-803b-8d274e2a5e35

RapidLoad Power-Up for Autoptimize <= 1.7.1 – Missing Authorization in ‘clear_page_cache’

CVE ID: CVE-2023-1333
CVSS Score: 4.3 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2cba74f7-7183-4297-8f04-4818c01358ef

Clone <= 2.3.7 – Cross-Site Request Forgery via wp_ajax_tifm_save_decision

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/314d3e0c-ba29-4795-a646-40e0acfc3405

RapidLoad Power-Up for Autoptimize <= 1.7.1 – Cross-Site Request Forgery via ‘clear_uucss_logs’

CVE ID: CVE-2023-1340
CVSS Score: 4.3 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/488e26e2-d4d7-4036-a672-53c2d4c9d39b

Popup Maker <= 1.18.0 – Cross-Site Request Forgery via init

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/533f71d5-823d-45eb-8ecf-76afafd2a5d3

Affiliate Super Assistent <= 1.5.1 – Cross-Site Request Forgery to Settings Update and Cache Clearing

CVE ID: CVE-2023-27417
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/54dbd2f4-717c-4e01-afe4-c8cceca52650

cformsII <= 15.0.4 – Cross-Site Request Forgery leading to Settings Updates

CVE ID: CVE-2023-25449
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5798de72-b589-4474-82b2-df6ef26325a3

Side Menu Lite <= 4.0 – Cross-Site Request Forgery to Item Deletion

CVE ID: CVE-2023-27418
CVSS Score: 4.3 (Medium)
Researcher/s: thiennv
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/799b1f12-05f3-4b8b-9e1f-45c676e4f2a0

Clone <= 2.3.7 – Missing Authorization via wp_ajax_tifm_save_decision

CVE ID: CVE-2023-25486
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7b6db928-f8ff-4e78-bfc7-51f1d1ccd1fa

RapidLoad Power-Up for Autoptimize <= 1.7.1 – Cross-Site Request Forgery via ‘ucss_connect’

CVE ID: CVE-2023-1342
CVSS Score: 4.3 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7c66894a-8d0f-4946-ae4d-bffd35f3ffb7

RapidLoad Power-Up for Autoptimize <= 1.7.1 – Missing Authorization in ‘clear_uucss_logs’

CVE ID: CVE-2023-1337
CVSS Score: 4.3 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a52325f9-51b5-469c-865e-73a22002d46f

External Links <= 2.57 – Cross-Site Request Forgery via action_admin_action_wpel_dismiss_notice

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ae7d54a5-3952-4206-a5f4-be60aac27767

Paytium: Mollie payment forms & donations <= 4.3.7 – Missing Authorization in ‘check_for_verified_profiles’

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/af55c470-b94d-49ee-8b72-44652dcccd73

RapidLoad Power-Up for Autoptimize <= 1.7.1 – Cross-Site Request Forgery via ‘clear_page_cache’

CVE ID: CVE-2023-1346
CVSS Score: 4.3 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b228f8b1-dd68-41ee-bc49-6a62e5267233

RapidLoad Power-Up for Autoptimize <= 1.7.1 – Missing Authorization in ‘ajax_deactivate’

CVE ID: CVE-2023-1336
CVSS Score: 4.3 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b2296800-93d6-48fa-aa09-3d28fa6371d7

GiveWP <= 2.25.1 – Cross-Site Request Forgery via give_cache_flush

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c820003b-8f30-4557-a282-e3ad7e403062

GiveWP <= 2.25.1 – Cross-Site Request Forgery via save

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cb7ec7ad-797b-4a5c-9b1c-31284083faef

RapidLoad Power-Up for Autoptimize <= 1.7.1 – Cross-Site Request Forgery via ‘queue_posts’

CVE ID: CVE-2023-1345
CVSS Score: 4.3 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d16fa590-1409-4f04-b8b7-0cce17412a5f

RapidLoad Power-Up for Autoptimize <= 1.7.1 – Cross-Site Request Forgery via ‘ajax_deactivate’

CVE ID: CVE-2023-1341
CVSS Score: 4.3 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d95b01c3-5db4-40ac-8787-0db58a9cc3a6

Paytium: Mollie payment forms & donations <= 4.3.7 – Missing Authorization in ‘paytium_notice_dismiss’

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/eb6642c0-9011-419b-bef6-5aa594993c01

RapidLoad Power-Up for Autoptimize <= 1.7.1 – Missing Authorization in ‘ucss_connect’

CVE ID: CVE-2023-1335
CVSS Score: 4.3 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/eba48c51-87d9-4e7e-b4c1-0205cd96d033

Paytium: Mollie payment forms & donations <= 4.3.7 – Missing Authorization in ‘check_mollie_account_details’

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f065648a-436a-459c-8ab1-c948c78b43c9

RapidLoad Power-Up for Autoptimize <= 1.7.1 – Missing Authorization in ‘queue_posts’

CVE ID: CVE-2023-1334
CVSS Score: 4.3 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f3108ef4-f889-4ae1-b86f-cedf46dcea19

GiveWP <= 2.25.1 – Authenticated (Admin+) Server-Side Request Forgery via give_get_content_by_ajax_handler

CVE ID: CVE-2022-40312
CVSS Score: 4.1 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2379a029-cc0d-4fa2-9aeb-47a4abd6b51a

As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (Mar 6, 2023 to Mar 12, 2023) appeared first on Wordfence.

Vulnerability Patched in Cozmolabs Profile Builder Plugin – Information Disclosure Leads to Account Takeover

Hundreds, if not thousands of WordPress plugins are conceived with the idea of making site building and maintenance easier for site owners. They add features not available in WordPress Core that would otherwise require site owners to write their own code to extend functionality. However, these well-intentioned plugins may sometimes contain seemingly innocuous bugs that can lead to catastrophic consequences.

On Tuesday, February 7th, 2023, prominent WordPress vulnerability researcher István Márton, also known as Lana Codes, reached out to the Wordfence Threat Intelligence team to responsibly disclose an information disclosure vulnerability in Cozmolabs Profile Builder, a WordPress plugin designed to enhance the user profile and registration experience with a reported 60,000+ active installations. If exploited, this vulnerability allows threat actors to gain elevated privileges by taking over arbitrary accounts.

Wordfence researchers quickly assessed the vulnerability and deployed a firewall rule to protect customers from exploitation. Premium, Care, and Response customers received that protection on February 13, 2023 as well as an additional firewall rule for extended protection on February 14, 2023. Sites still running the free version of Wordfence will receive the same protection 30 days later on March 14 and March 15, 2023, respectively.

In coordination with Márton, Cozmolabs quickly released a fix in Profile Builder version 3.9.1 on February 13, 2023, only 6 days after the vulnerability’s discovery.

Vulnerability Summary

Description: Profile Builder – User Profile & User Registration Forms <= 3.9.0 – Sensitive Information Disclosure via Shortcode
Affected Plugin: Profile Builder – User Profile & User Registration Forms
Plugin Slug: profile-builder
Affected Versions: <= 3.9.0
CVE ID: CVE-2023-0814
CVSS Score: 6.4 (Medium)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Researcher/s: Lana Codes
Fully Patched Version: 3.9.1

Vulnerability Analysis

The vulnerability, assigned CVE-2023-0814, exists due to missing authorization within the wppb_toolbox_usermeta_handler() function. The affected function is defined as a callback function to the ‘user_meta’ shortcode, which is registered via the WordPress add_shortcode() function in usermeta.php.

As with all shortcode callback functions, wppb_toolbox_usermeta_handler() takes an array of attributes. In particular, the ‘user_id’ attribute is used to create a new user object. Then, the ‘key’ attribute is used in a call to ‘$user->get()’. Finally, the function returns the value of the retrieved ‘key’ for the given ‘user_id’. During this process, capability checks are not properly implemented to ensure that the user executing the function is authorized to retrieve the given ‘key’ value.

The wppb_toolbox_usermeta_handler() function creates a user object and performs a $user->get() with threat actor-supplied values.

Prerequisites

Vulnerable instances of Profile Builder need the ‘Enable Usermeta shortcode’ setting enabled within the ‘Shortcodes’ section of the ‘Advanced Settings’ tab of the plugin’s ‘Settings’ page.

‘Enable Usermeta shortcode’ setting activated

Exploitation

Information Disclosure

Any authenticated user, with subscriber-level permissions or greater, can send a specially-crafted HTTP POST request to the ‘wp-admin/admin-ajax.php’ endpoint with the ‘action’ parameter set to ‘parse-media-shortcode’ and the ‘shortcode’ parameter containing the ‘user_meta’ shortcode with the ‘user_id’ and ‘key’ attributes set.

POST to admin-ajax.php to retrieve the username of the user with a user ID of 1

As explained earlier, the value of the ‘key’ attribute is passed to a $user->get() call. Since the get() method of the WP_User class is designed to retrieve user information, any column of the ‘wp_users’ table can be passed via this attribute, including:

  • ID
  • user_login
  • user_pass
  • user_nicename
  • user_email
  • user_url
  • user_registered
  • user_activation_key
  • user_status
  • display_name

Password Reset to Privilege Escalation

The Profile Builder plugin provides the shortcode ‘[wppb-recover-password]’ to embed a password recovery form into a page on a WordPress site. The form allows users to submit their username or email address to receive an email with a password reset link containing a user activation key. When generated, this key is stored in the ‘user_activation_key’ column in the ‘wp_users’ table of the WordPress database. Using CVE-2023-0814, this key can be retrieved for any user.

First, the threat actor must generate the user activation key by entering the username or email address of the targeted user in the password recovery form and clicking the ‘Get New Password’ button.

Profile Builder password recovery form

Next, the threat actor will make a similar POST request to our previous user enumeration proof-of-concept, but this time ensuring the ‘user_id’ is set to the user ID of the username or email address entered into the password recovery form and setting the ‘key’ attribute to ‘user_activation_key’.

POST to admin-ajax.php to retrieve the user activation key for the admin account

Once the threat actor has retrieved the user activation key, they can navigate back to the password recovery form page, but this time with the ‘key’ query parameter set to the retrieved user activation key.

Password Recovery page with ‘key’ query parameter set to retrieved value

At this point, the threat actor simply needs to enter a new password and click the ‘Reset Password’ button. The threat actor will then be able to login using the targeted username and new password.

Timeline

February 7th, 2023 – Lana Codes responsibly discloses the vulnerability to the plugin vendor and our Vulnerability Disclosure program.
February 13th, 2023 – The vendor releases a patch in version 3.9.1 and Wordfence releases a firewall rule to address the vulnerability. Wordfence Premium, Care, and Response users receive this rule.
February 14th, 2023 – Wordfence releases an additional firewall rule to provide extended protection against exploitation. Wordfence Premium, Care, and Response users receive this rule.
March 14th, 2023 – Wordfence free users receive the first firewall rule.
March 15th, 2023 – Wordfence free users receive the second firewall rule.

Conclusion

In today’s post, we covered an Information Disclosure vulnerability that could lead to the takeover of an administrative account in Cozmolabs Profile Builder, a plugin used by over 60,000 WordPress installations. The Wordfence Threat Intelligence team issued a firewall rule providing protection against the vulnerability on February 13th and 14th, 2023. This rule has been protecting our Wordfence Premium, Wordfence Care, and Wordfence Response users since that date, while those still using our free version will receive this rule on March 14 and March 15, 2023.

If you believe your site has been compromised as a result of this vulnerability or any other vulnerability, we offer Incident Response services via Wordfence Care. If you need your site cleaned immediately, Wordfence Response offers the same service with 24/7/365 availability and a 1-hour response time. Both of these products include hands-on support in case you need further assistance. If you have any friends or colleagues who are using this plugin, please share this announcement with them and encourage them to update to the latest patched version of Profile Builder as soon as possible.

If you are a security researcher, you can responsibly disclose your finds to us and obtain a CVE ID and get your name on the Wordfence Intelligence leaderboard.

The post Vulnerability Patched in Cozmolabs Profile Builder Plugin – Information Disclosure Leads to Account Takeover appeared first on Wordfence.

Wordfence Intelligence Weekly WordPress Vulnerability Report (Feb 27, 2023 to Mar 5, 2023)

Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface and vulnerability API are completely free to access and utilize both personally and commercially.

Last week, there were 117 vulnerabilities disclosed in WordPress based software that have been added to the Wordfence Intelligence Vulnerability Database, and there were 30 Vulnerability Researchers that contributed to WordPress Security last week. You can find those vulnerabilities below along with some data about the vulnerabilities that were added.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.


Total Unpatched & Patched Vulnerabilities Last Week

Patch Status Number of Vulnerabilities
Unpatched 44
Patched 73

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating Number of Vulnerabilities
Low Severity 1
Medium Severity 104
High Severity 10
Critical Severity 2

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE Number of Vulnerabilities
Cross-Site Request Forgery (CSRF) 53
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 34
Missing Authorization 16
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) 2
Information Exposure 2
Authorization Bypass Through User-Controlled Key 2
Server-Side Request Forgery (SSRF) 2
Incorrect Privilege Assignment 1
Unrestricted Upload of File with Dangerous Type 1
Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’) 1
Protection Mechanism Failure 1
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) 1
Improper Validation of Integrity Check Value 1

Researchers That Contributed to WordPress Security Last Week

Researcher Name Number of Vulnerabilities
Lana Codes 27
Rio Darmawan 20
Mika 13
Dave Jong 6
FearZzZz 4
Erwan LR 4
yuyudhn 4
WPScanTeam 3
Prasanna V Balaji 3
Marco Wotschka 3
Rafie Muhammad 3
TEAM WEBoB of BoB 11th 2
Abdi Pranata 2
Muhammad Daffa 2
Nguyen Xuan Chien 2
Marc-Alexandre Montpas 1
TaeEun Lee 1
Pounraj Chinnasamy 1
Jarko Piironen 1
dc11 1
rezaduty 1
Mohammed El Amin, Chemouri 1
Universe 1
Alex Sanford 1
Vaibhav Rajput 1
MyungJu Kim 1
Mahesh Nagabhairava 1
Leonidas Milosis 1
Shreya Pohekar 1
Nguyen Thuc Tuyen 1

 

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.


Vulnerability Details

Houzez <= 2.7.1 – Privilege Escalation

CVE ID: CVE-2023-26540
CVSS Score: 9.8 (Critical)
Researcher/s: Dave Jong
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0578f4d1-5953-4fbe-8bc3-0569bee57a1a

Debug Assistant <= 1.4 – Cross-Site Request Forgery via imlt_create_admin

CVE ID: CVE-2023-26516
CVSS Score: 8.8 (High)
Researcher/s: Prasanna V Balaji
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/429ce9e6-e51b-4f1e-8e26-f679b08d68d3

OceanWP <= 3.4.1 – Authenticated (Subscriber+) Local File Inclusion

CVE ID: CVE-2023-23700
CVSS Score: 8.8 (High)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7fa57b92-3a3e-418c-bfc2-7ed2602004e4

ProfileGrid <= 5.3.0 – Missing Authorization to Arbitrary Password Reset

CVE ID: CVE-2023-0940
CVSS Score: 8.8 (High)
Researcher/s: dc11
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/58cf6e80-63dd-42dc-9c4a-7b5c092bc4cb

CSSTidy – Server-Side Request Forgery

CVE ID: CVE-2022-40700
CVSS Score: 8.3 (High)
Researcher/s: Dave Jong
Patch Status: Unpatched/Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fb534d86-c477-4a9c-b048-2fbc002168b2

Gallery Blocks with Lightbox <= 3.0.7 – Missing Authorization in pgc_sgb_add_dashboard_widget

CVE ID: CVE Unknown
CVSS Score: 8.1 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7561bce2-bd70-4da3-bbf0-318e59cd1852

Paid Memberships Pro <= 2.9.11 – Authenticated (Subscriber+) SQL Injection via Shortcodes

CVE ID: CVE-2023-0631
CVSS Score: 7.7 (High)
Researcher/s: Marc-Alexandre Montpas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/103a7e7b-74bb-4691-8670-c66ed2144596

Types <= 3.4.17 – Unauthenticated (Administrator+) Arbitrary File Upload

CVE ID: CVE-2023-27440
CVSS Score: 7.2 (High)
Researcher/s: Dave Jong
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/09ec4633-7639-4d46-8070-9fc6909bc610

Leyka <= 3.29.2 – Unauthenticated Stored Cross-Site Scripting

CVE ID: CVE-2023-27450
CVSS Score: 7.2 (High)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3afbfa7c-a87f-4810-9356-374923ff2314

Dokan <= 3.7.12 – Authenticated (Vendor+) SQL Injection

CVE ID: CVE-2023-26525
CVSS Score: 7.2 (High)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b4967c95-8eb6-4c9b-ae6e-082dbc6af7f5

LWS Tools <= 2.3.1 – Cross-Site Request Forgery

CVE ID: CVE-2023-27453
CVSS Score: 7.1 (High)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2dabb790-4f5e-447a-ad65-3f62ac7f6176

Manage Upload Limit <= 1.0.4 – Reflected Cross-Site Scripting via upload_limit

CVE ID: CVE-2023-27432
CVSS Score: 7.1 (High)
Researcher/s: Mahesh Nagabhairava
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9b90bf09-639c-497c-a58e-3972250db1e4

Woodmart <= 7.1.1 – Cross-Site Request Forgery to License Update

CVE ID: CVE Unknown
CVSS Score: 6.5 (Medium)
Researcher/s: FearZzZz
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/02fde6b1-d709-4329-ae9c-fea444c1aec8

Shortcodes Ultimate <= 5.12.7 – Authenticated (Subscriber+) Information Exposure

CVE ID: CVE-2023-0911
CVSS Score: 6.5 (Medium)
Researcher/s: Erwan LR
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/144895c9-5800-435e-9f75-a8de17ca2d93

WoodMart <= 7.1.1 – Missing Authorization to Shortcode Injection

CVE ID: CVE-2023-25790
CVSS Score: 6.5 (Medium)
Researcher/s: FearZzZz
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/73017e92-d95e-4b9c-a44a-779b498f58b7

Sales Report Email for WooCommerce <= 2.8 – Missing Authorization for Email Functionality

CVE ID: CVE-2022-38141
CVSS Score: 6.5 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f8befbf2-0d9d-4d0e-87de-0f1b26c0acd0

Smart Slider 3 <= 3.5.1.13 – Authenticated (Contributor+) Stored Cross-Site Scripting

CVE ID: CVE-2023-0660
CVSS Score: 6.4 (Medium)
Researcher/s: Erwan LR
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0191e5b0-b669-439b-8ad4-9f860e6ee637

Simple Vimeo Shortcode <= 2.9.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

CVE ID: CVE-2023-27443
CVSS Score: 6.4 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/66edd8e5-1d5e-425d-a4f4-5359683c1e36

Cost Calculator <= 1.8 – Authenticated (Contributor+) Stored Cross-Site Scripting

CVE ID: CVE-2023-1155
CVSS Score: 6.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/750be90d-dc12-4974-8921-75259d56c7b3

menu shortcode <= 1.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

CVE ID: CVE-2023-0395
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9150a7d9-d792-4bb6-9d33-5892f9cdfd1e

WordPress Infinite Scroll – Ajax Load More <= 5.6.0.2 – Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode

CVE ID: CVE-2022-4466
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9595fa45-6b00-4ee0-89aa-a236dbf82423

Cookie Notice & Compliance for GDPR / CCPA <= 2.4.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via shortcodes

CVE ID: CVE-2023-24400
CVSS Score: 6.4 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/95acec2a-ba1b-4b61-a4d6-3b0250a32835

Yoast SEO <= 20.2 – Authenticated (Contributor+) Cross-Site Scripting

CVE ID: CVE Unknown
CVSS Score: 6.4 (Medium)
Researcher/s: Leonidas Milosis
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c0e58807-bccc-469f-82c3-a4bbf088a626

NEX-Forms – Ultimate Form Builder <= 8.3 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

CVE ID: CVE-2023-0272
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fd817fe9-b7be-4252-877a-e9843d62a0a9

Real Estate 7 <= 3.3.4 – Reflected Cross-Site Scripting via ct_additional_features

CVE ID: CVE Unknown
CVSS Score: 6.1 (Medium)
Researcher/s: FearZzZz
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/157b3095-b662-465e-a975-5b71b5d4ba2a

Watu Quiz <= 3.3.9 – Reflected Cross-Site Scripting

CVE ID: CVE-2023-0968
CVSS Score: 6.1 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6341bdcc-c99f-40c3-81c4-ad90ff19f802

Darcie <= 1.1.5 – Reflected Cross-Site Scripting via JS split

CVE ID: CVE-2023-25961
CVSS Score: 6.1 (Medium)
Researcher/s: MyungJu Kim
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/83d162f9-32a9-4d03-845e-6fc9b8574fb5

GN Publisher <= 1.5.5 – Reflected Cross-Site Scripting

CVE ID: CVE-2023-1080
CVSS Score: 6.1 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8a4ee97c-63cd-4a5e-a112-6d4c4c627a57

Easy Testimonial Slider and Form <= 1.0.15 – Unauthenticated Reflected Cross-Site Scripting via search_term

CVE ID: CVE-2022-46799
CVSS Score: 6.1 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a6b16ffe-1c65-49d3-9e30-407bc75d7d49

GTmetrix for WordPress <= 0.4.5 – Reflected Cross-Site Scripting via ‘url’

CVE ID: CVE-2023-23677
CVSS Score: 6.1 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dcdf22be-8af4-4596-b138-67ebfd04c06d

Cart Lift – Abandoned Cart Recovery for WooCommerce and EDD <= 3.1.5 – Reflected Cross-Site Scripting via cart_search

CVE ID: CVE-2022-47449
CVSS Score: 6.1 (Medium)
Researcher/s: TEAM WEBoB of BoB 11th
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/eebe1bf7-0366-4226-bcbc-027186136008

Real Estate 7 <= 3.3.4 – Cross-Site Request Forgery

CVE ID: CVE Unknown
CVSS Score: 5.4 (Medium)
Researcher/s: FearZzZz
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/007af51b-95b5-4b12-9f74-abf31f6de341

Instant Images <= 5.1.0.1 – Authenticated (Author+) Server-Side Request Forgery via instant_images_download

CVE ID: CVE-2023-27451
CVSS Score: 5.4 (Medium)
Researcher/s: Universe
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6a50e142-59f4-488b-8120-5bf505a9039d

Leyka <= 3.29.2 – Cross-Site Request Forgery

CVE ID: CVE-2023-27442
CVSS Score: 5.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a1ab02c0-e083-4f0e-b6d4-1a10ade2c688

Rife Elementor Extensions & Templates <= 1.1.10 – Missing Authorization via import_templates

CVE ID: CVE-2023-27454
CVSS Score: 5.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ee520664-0c1f-4af0-8cdf-a33c1dfaaca7

Sheets To WP Table Live Sync <= 2.12.15 – Cross-Site Request Forgery

CVE ID: CVE-2023-26535
CVSS Score: 5.4 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f70221e6-59a4-4151-9688-f06e194f51ac

Advanced Text Widget <= 2.1.2 – Missing Authorization via atw_dismiss_admin_notice

CVE ID: CVE-2023-26520
CVSS Score: 5.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3fe1313c-1368-4bcb-9d11-25b948da5547

WP SMS <= 6.0.4 – Information Disclosure via REST API

CVE ID: CVE-2023-27447
CVSS Score: 5.3 (Medium)
Researcher/s: Jarko Piironen
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/57377380-0435-4747-abba-50063978d8e1

Metform Elementor Contact Form Builder <= 3.2.1 – reCaptcha Protection Bypass

CVE ID: CVE-2023-0085
CVSS Score: 5.3 (Medium)
Researcher/s: Mohammed El Amin, Chemouri
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/69527d4b-49b6-47cd-93b6-39350f881ec9

Event Espresso 4 Decaf <= 4.10.44.decaf – Feature Bypass

CVE ID: CVE-2023-27437
CVSS Score: 5.3 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d55f10f3-5484-4b90-80da-3d91f409fe04

WP Repost <= 0.1 – Missing Authorization

CVE ID: CVE-2023-26522
CVSS Score: 5.3 (Medium)
Researcher/s: Prasanna V Balaji
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dbf0f614-e5e9-486c-a0dd-cd494708a2a8

Simple CSV/XLS Exporter <= 1.5.8 – CSV Injection

CVE ID: CVE-2022-42882
CVSS Score: 5.1 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/219614b7-2394-490c-baf4-14a12249c4b5

Advanced Text Widget <= 2.1.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-26539
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1f622e20-2f7e-44ed-8237-fbf25323d2ce

Jetpack CRM <= 5.4.4 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-27429
CVSS Score: 4.4 (Medium)
Researcher/s: TEAM WEBoB of BoB 11th
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/20b3cd2a-ee32-49e0-8281-16afb8e42448

We’re Open! <= 1.46 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25964
CVSS Score: 4.4 (Medium)
Researcher/s: TaeEun Lee
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2a5c6b05-6e28-40be-80cb-9f95241a4fc6

WP Repost <= 0.1 – Authenticated (Administrator+) Stored Cross-Site Scritping

CVE ID: CVE-2023-26534
CVSS Score: 4.4 (Medium)
Researcher/s: Pounraj Chinnasamy
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/438689aa-3b85-4dd7-ac3e-a37906efd79c

Button Generator – easily Button Builder <= 2.3.3 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-27452
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4ac9262a-96a6-439a-a2b0-a05f24654d06

Dashboard Widgets Suite <= 3.2.1 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-26517
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/503a44ed-25c2-4178-aeec-756c5b533e04

Publish to Schedule <= 4.5.4 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-26519
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7e2014bd-2809-4f79-913d-d7a35eda63ef

Namaste! LMS <= 2.5.9.9 – Authenticated (Administrator+) Stored Cross-Site Scripting via ‘accept_other_payment_methods’, ‘other_payment_methods’ Parameters

CVE ID: CVE-2023-0844
CVSS Score: 4.4 (Medium)
Researcher/s: Alex Sanford
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7ef23b03-8452-4730-860c-2c2ef1686202

FareHarbor for WordPress <= 3.6.6 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25021
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8b40165b-17e3-4b87-8d0d-90d60ba4bf81

CPO Content Types <= 1.1.0 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25451
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9d0b1e05-0e28-4cf5-a278-ea91b6c9d253

WP No External Links <= 1.0.2 – Authenticated (Administrator+) Stored Cross-Site Scritping

CVE ID: CVE-2023-26537
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b8e3a111-6327-47a0-becd-d7e2d9166118

Simple File List <= 6.0.9 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-1025
CVSS Score: 4.4 (Medium)
Researcher/s: Shreya Pohekar
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c3f0032e-a6f4-47f5-b3eb-6f1c9bf9670c

New Adman <= 1.6.8 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-27439
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d862e8e6-ecf6-41f5-8f40-1225ecec7e1f

Simple Slug Translate <= 2.7.2 – Authenticated (Administrator+) Stored Cross-Site Scritping

CVE ID: CVE-2023-26515
CVSS Score: 4.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dc19313b-f9d0-4a92-8e33-d632d8a478df

JCH Optimize <= 3.2.2 – Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings

CVE ID: CVE-2023-25491
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f04c83b9-33a0-4f4b-afc4-929d40c2ef67

Debug Assistant <= 1.4 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-26527
CVSS Score: 4.4 (Medium)
Researcher/s: Prasanna V Balaji
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f4421782-8a7a-4bca-8c5a-7152dfafe902

Maspik – Spam blacklist <= 0.7.8 – Cross-Site Request Forgery

CVE ID: CVE-2023-24008
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0206aead-d146-453d-99ed-3870f7dfdae9

WpStream – Live Streaming, Video on Demand, Pay Per View <= 4.4.10 – Cross-Site Request Forgery via wpstream_settings

CVE ID: CVE-2023-27458
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0219851f-7fce-42e0-ba82-77af84b17d9f

WP Time Slots Booking Form <= 1.1.76 – Cross-Site Request Forgery to Feedback Submission

CVE ID: CVE-2022-41790
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/032f3363-83c0-4548-81f0-724a71931add

Download Read More Excerpt Link <= 1.6.0 – Cross-Site Request Forgery to Settings Update

CVE ID: CVE-2023-1068
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0359434b-9d88-4a40-8e9f-ec354c8de816

CP Contact Form with Paypal <= 1.3.34 – Authenticated Feedback Submission

CVE ID: CVE-2023-27460
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1ba56d68-e104-4a79-b5b4-627f9617043b

WP Google Tag Manager <= 1.1 – Cross-Site Request Forgery

CVE ID: CVE-2023-22693
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1cb265d8-eb18-42ee-9141-2fe81c0c4585

DeepL Pro API translation <= 2.1.4 – Cross-Site Request Forgery via saveSettings

CVE ID: CVE-2023-27446
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1fc58078-7520-4ee7-b5a1-d6a362ac1860

Search in Place <= 1.0.104 – Missing Authorization to Feedback Submission

CVE ID: CVE-2023-26521
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/28ca150a-443f-4b99-8c15-491bd9f1cee3

WP Meteor Page Speed Optimization Topping <= 3.1.4 -Missing Authorization to Notice Dismissal

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2b335807-f4d1-43b3-9e1b-2215eb00a3f8

Preview Link Generator <= 1.0.3 – Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-1086
CVSS Score: 4.3 (Medium)
Researcher/s: WPScanTeam
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2b6b4953-a264-4668-9cc3-1578109f6592

Blog Floating Button <= 1.4.12 – Cross-Site Request Forgery

CVE ID: CVE-2023-27445
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2ba56b4c-0573-4911-97a4-a51e867daa75

Free WooCommerce Theme 99fy Extension <= 1.2.7 – Cross-Site Request Forgery leading to Arbitrary Plugin Activation

CVE ID: CVE-2023-0503
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2e215a5c-7a01-4a1d-b051-3abf742bf573

Shortcodes Ultimate <= 5.12.7 – Authenticated (Subscriber+) Arbitrary Post Access via Shortcode

CVE ID: CVE-2023-0890
CVSS Score: 4.3 (Medium)
Researcher/s: Erwan LR
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2eddfe94-7232-4d3d-9f3a-f53fc476a012

WP Insurance – WordPress Insurance Service Plugin <= 2.1.3 – Cross-Site Request Forgery leading to Arbitrary Plugin Activation

CVE ID: CVE-2023-0501
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/37264b0f-b021-41f8-a72d-3ee0d06b19a8

WC Sales Notification <= 1.2.2 – Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-1087
CVSS Score: 4.3 (Medium)
Researcher/s: WPScanTeam
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/43fc71bb-87ba-4cf9-ae4d-1cba7bd84806

WP Meteor Page Speed Optimization Topping <= 3.1.4 – Cross-Site Request Forgery via processAjaxNoticeDismiss

CVE ID: CVE-2023-26543
CVSS Score: 4.3 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4d246a99-fd92-4132-9576-efa065a58f59

HT Portfolio <= 1.1.4 – Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-0497
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4ed63724-c21f-4b0e-b595-e824d3519b21

Add Expires Headers & Optimized Minify <= 2.7 – Cross-Site Request Forgery via [placeholder]

CVE ID: CVE-2023-27457
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/55e6a968-153e-4d4c-a7be-65650a0c9bc1

HT Politic <= 2.3.7 – Cross-Site Request Forgery leading to Arbitrary Plugin Activation

CVE ID: CVE-2023-0504
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5b127a47-d22f-47b5-92a8-440a5892a181

DecaLog <= 3.7.0 – Cross-Site Request Forgery via get_settings_page

CVE ID: CVE-2023-27444
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5de953ee-8a01-4372-a376-74a4cff674ce

WP Plugin Manager <= 1.1.7 – Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-1088
CVSS Score: 4.3 (Medium)
Researcher/s: WPScanTeam
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/623decc5-bdb7-42c9-8531-8004ddc16682

About Me 3000 widget <= 2.2.6 – Cross-Site Request Forgery to Plugin Settings Update

CVE ID: CVE-2023-25474
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/62c1b5ce-cd58-4805-9a40-1af529604406

ClickFunnels <= 3.1.1 – Cross-Site Request Forgery to Settings Update

CVE ID: CVE-2022-47152
CVSS Score: 4.3 (Medium)
Researcher/s: rezaduty
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/65581fa6-110f-4ae3-a903-dbf649b44417

Fontiran <= 2.1 – Cross-Site Request Forgery

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/701bf711-d692-4eb1-8459-befa62264b97

Ever Compare <= 1.2.3 – Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-0505
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/702aa972-7b74-4417-8d33-a26c3831934f

WP TFeed <= 1.6.9 – Cross-Site Request Forgery via aptf_delete_cache

CVE ID: CVE-2023-26518
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/73986641-b3a4-438d-90ae-6ff0f6f73f01

Resize at Upload Plus <= 1.3 – Cross-Site Request Forgery

CVE ID: CVE-2023-25467
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/76af3f0a-2e35-4059-960c-09769459bc01

WP Social Bookmarking Light <= 2.0.7 – Cross-Site Request Forgery

CVE ID: CVE-2023-25029
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7997ae20-88d2-4e12-87a0-a6e83808a495

Total Poll Lite <= 4.8.6 – Cross-Site Request Forgery

CVE ID: CVE-2023-27449
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7e3ae5e7-1f41-48cd-8aea-698e3b00066c

HT Slider For Elementor <= 1.3.9 – Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-0495
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/81258fcc-18cc-4614-a644-5cfb004d019b

When Last Login <= 1.2.1 – Cross-Site Request Forgery via wll_hide_subscription_notice

CVE ID: CVE-2023-27461
CVSS Score: 4.3 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/81638472-b635-4100-8fb9-3daf35fa172e

HT Event <= 1.4.5 – Cross-Site Request Forgery leading to Arbitrary Plugin Activation

CVE ID: CVE-2023-0496
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8b14c07b-23bb-4a14-8018-fa2462383b35

WP Time Slots Booking Form <= 1.1.76 – Missing Authorization to Feedback Submission

CVE ID: CVE-2022-41790
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8c732b0e-9898-48f2-99b2-068f31532b17

WP Clean Up <= 1.2.3 – Cross-Site Request Forgery via wp_clean_up_optimize

CVE ID: CVE-2023-25034
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8f342fb7-8f52-43d9-a887-1cf1fffa6ec6

WP Shamsi <= 4.3.3 – Missing Authorization leading to Authenticated (Subscriber+) Attachment Deletion

CVE ID: CVE-2023-0335
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8fc88821-b2be-49a5-a2cf-53e87d0349a2

WP Education <= 1.2.6 – Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-0498
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/91062d2c-f2a6-4a92-b684-e133391afe60

Calculated Fields Form <= 1.1.120 – Missing Authorization to Feedback Submission

CVE ID: CVE-2023-26523
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9370f05a-9c69-45f4-9fd8-7017bfcf4d1e

Quiz And Survey Master <= 8.0.10 – Cross-Site Request Forgery to Quiz Restoration

CVE ID: CVE-2023-26524
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9af36edd-4520-4afc-8d3a-c9a96659ddf8

Smart YouTube PRO <= 4.3 – Cross-Site Request Forgery via handle_colorbox_options

CVE ID: CVE-2023-25475
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a184090c-0281-4d8d-bd4d-256b4ed826dc

Big Store <= 1.9.3 – Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-27431
CVSS Score: 4.3 (Medium)
Researcher/s: Dave Jong
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a1859dca-d771-470c-ae4a-48246977212c

WP Translitera <= p1.2.5 – Cross-Site Request Forgery

CVE ID: CVE-2023-27438
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ad427bea-1b0e-46bb-85fc-53c51fb40a17

WP Film Studio <= 1.3.4 – Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-0500
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ae5121bd-2f3f-4d87-a2fd-d11bb9f8dc2c

XML Sitemap Generator for Google <= 1.2.8 – Cross-Site Request Forgery to Plugin Settings Changes

CVE ID: CVE-2023-26514
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b03a9aaa-ce9a-47bf-8574-0eba92fcf0c5

New Adman <= 1.6.8 – Cross-Site Request Forgery via plugin_menu

CVE ID: CVE-2023-27441
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b140d228-cd74-4d78-8b9d-9a69e5a89bfb

QuickSwish <= 1.0.9 – Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-0499
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b594b771-4d0b-46e1-b4c6-751c994992af

OoohBoi Steroids for Elementor <= 2.1.3 – Missing Authorization leading to Authenticated (Subscriber+) Attachment Deletion

CVE ID: CVE-2023-0336
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c24c57e5-2b42-40db-816a-f1327d1ac09b

Fontiran <= 2.1 – Cross-Site Request Forgery

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c35bffb2-f805-48d6-938a-cb5142eac3b1

Total Theme <= 2.1.19 – Authenticated(Subscriber+) Plugin Activation

CVE ID: CVE-2023-27456
CVSS Score: 4.3 (Medium)
Researcher/s: Dave Jong
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c4dfd5af-0af0-469c-81ed-52867609550c

Classic Editor and Classic Widgets <= 1.2.4 – Cross-Site Request Forgery via render_settings_page

CVE ID: CVE-2023-27434
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ce2bef2f-fe28-48ea-8b83-052eebd31622

Rus-To-Lat <= 0.3 – Cross-Site Request Forgery to Plugins Options Changes

CVE ID: CVE-2023-25470
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d07d8c3a-5e97-422a-ba20-e0bc206dda59

Elegant Custom Fonts <= 1.0 – Cross-Site Request Forgery

CVE ID: CVE-2023-27436
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dadb6bf5-dbbd-4afb-8783-f6880dec2cbf

OptinMonster <= 2.12.1 – Authenticated (Subscriber+) Sensitive Information Disclosure via Shortcode

CVE ID: CVE-2023-0772
CVSS Score: 4.3 (Medium)
Researcher/s: Erwan LR
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dfbdb5a7-e949-4d3a-8c8d-5dc6702f4675

Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks <= 1.1.5 – Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-0484
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dfe6f49a-1dd1-46d9-8e15-a8a766917092

Calculated Fields Form <= 1.1.120 – Cross-Site Request Forgery

CVE ID: CVE-2023-26523
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e4785012-d160-42cc-bd06-d9b8e65652a4

Search in Place <= 1.0.104 – Cross-Site Request Forgery to Feedback Submission

CVE ID: CVE-2023-26521
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f079037c-cea6-4ba6-843f-99c5e5fe59a5

WP News <= 1.1.9 – Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-0502
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f53e9354-248f-4d13-a1c0-8355b268fae2

OAuth Single Sign On – SSO (OAuth Client) <= 6.24.1 – Cross-Site Request Forgery via ‘delete’ in mooauth_client_applist_page

CVE ID: CVE-2023-1092
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Thuc Tuyen
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f6658edb-11dc-4594-8936-95d60d581f49

Wholesale Suite <= 2.1.5 – Missing Authorization to Plugin Settings Change

CVE ID: CVE-2022-34344
CVSS Score: 4.3 (Medium)
Researcher/s: Dave Jong
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f713f2f8-545a-4f54-a028-8422c0942a63

FluentSMTP <= 2.2.2 – Authenticated (Author+) Stored Cross-Site Scripting via Email Logs

CVE ID: CVE-2023-0219
CVSS Score: 3.8 (Low)
Researcher/s: Vaibhav Rajput
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/803c32e9-665c-40a0-b52d-f2c0b8fbe931

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (Feb 27, 2023 to Mar 5, 2023) appeared first on Wordfence.

PSA: Intentionally Leaving Backdoors in Your Code Can Lead to Fines and Jail Time

In the cybersecurity field, we talk a lot about threat actors and vulnerable code, but what doesn’t get discussed enough is intentional vulnerabilities and becoming your own threat actor. Even when making decisions with the best of intentions, it is possible to work against your own best interests. One area we see this in comes from website developers trying to safeguard their work. It can be tempting to incorporate code that gives the developer access to the site files, also known as a backdoor, in the event that the client chooses not to pay, so that the developer can remove their code or otherwise damage the site.

While implementing a backdoor may seem like a viable solution to protect your resource investment, it comes with potential ethical and legal problems, in addition to the added security risks of a backdoor hardcoded into the website. There are always better options available, even if they are less convenient for the client and developer. When developing a website, the developer should keep in mind that their needs are just as important as the client’s. Keeping this in mind will help to prevent the situations that may lead to the implementation of a backdoor on the website.

One of the biggest reasons a web developer may be tempted to include a hardcoded backdoor is to ensure their work is not used without payment. A common practice among website developers is to require 50% of the development fee up front, with the remaining sum paid upon delivery of the completed project. Especially among freelance developers, it is not uncommon to begin development even before the initial fees are paid, and even provide the final code before the final payment is received. The fear of a client not making a payment may cause a developer to believe that it is a good idea to hard code a backdoor into the project, so that the developer can remove their code or take down the site entirely as a form of retaliation.

What should be obvious is that intentionally damaging a website is a violation of laws in many countries, and could lead to fines or even jail time. In the United States, the Computer Fraud and Abuse Act of 1986 (CFAA) clearly defines illegal use of computer systems. According to 18 U.S.C. § 1030 (e)(8), simply accessing computer systems in a way that uses higher privileges or access levels than permitted is a violation of the law. Further, intentionally damaging the system or data is also a crime. The penalty for violating the CFAA can include sentences 10 years or more in prison, in addition to large financial penalties.

Let’s say a developer uses a backdoor on a website they worked on simply to access the files in an unapproved manner. Even if they do not cause any damage to the system or files, the developer could face fines of $5,000 and up to five years in prison. Use of the backdoor to take the site down or otherwise damage the files or system, might lead to even more jail time and even larger fines. It could be argued that these penalties are excessive, but it’s also important to remember that they are intended as deterrents since most threat actors are never caught.

As it stands, however, freelance developers trying to protect their work are much more likely to be caught and prosecuted than scammers in countries without an extradition arrangement. An unscrupulous client who is familiar with the law could also use the threat of prosecution to extort further unpaid labor from a freelance developer who backdoored their site.

Even beyond potential legal ramifications, these practices can lead to negative word-of-mouth, which can damage the reputation of the developer. Even if the developer is able to avoid legal issues from these actions, being perceived as unethical can negatively impact future profits, and even cause a business to fail.

Another consideration is the fact that a backdoor adds a potential vulnerability to the client’s website. If the developer is able to access the site through illegitimate means, then a potential attacker may be able to use the same method to access the site’s files. Security should always be a consideration when developing a website or one of its features. Implementing insecure code can lead to similar consequences as intentionally damaging a website.

Rather than adding a backdoor into a client’s website, it is better to set clear expectations with a client regarding deliverables, and how they will be impacted by late or missing payments. It is crucial to use written contracts to specify these expectations. If possible, start with a standard written contract that all clients are required to sign and have an attorney review it for potential issues.

If there is an agreement in place that outlines the fact that no code will be provided without full payment, then the developer is under no obligation to implement the code on the production server until they have been fully paid. A development server under the developer’s control should always be used, and once agreements have been met, the code can be moved from the development server to the client’s production server.

Note: This is not intended as legal advice and we recommend familiarizing yourself with all applicable laws and consulting with a licensed legal professional in your area.

The post PSA: Intentionally Leaving Backdoors in Your Code Can Lead to Fines and Jail Time appeared first on Wordfence.

Wordfence Intelligence: Because Community Created Vulnerabilities Are Community Property

Last August, at Black Hat 2022 in Las Vegas, we launched Wordfence Intelligence, a product designed to provide large enterprise customers with rich IP threat data, malware signatures, malware hashes, and vulnerability data to help keep enterprise customers and networks secure.

Our mission at Wordfence is to secure the WordPress community, and to that end we launched a product called “Wordfence Intelligence Community Edition” shortly after the Black Hat launch, in December of last year. This launch expressed a point of view: We believe that vulnerability data is community property because it is created by the security community. While our researchers contribute a significant amount of research, we didn’t feel right about claiming vulnerability data as our own intellectual property and selling it. That is why we included the entire enterprise vulnerability database in this free product, and made API access to the data completely free.

Our goal going forward is to invest in the Wordfence Intelligence WordPress vulnerability database and the distribution of vulnerabilities to the community, and we think that the phrase “community edition” makes the product sound like a lesser version of what might be available to paying customers. That is entirely inaccurate. There is no “paid version” of our vulnerability database – the free edition is the best available and our goal is to make the Wordfence Intelligence WordPress vulnerability database the best and most current source for WordPress vulnerability data in the world.

That is why we have decided to rebrand “Wordfence Intelligence Community Edition” simply to “Wordfence Intelligence”.



From now on, we will use the phrase “Wordfence Intelligence Enterprise” to describe paid-only products designed for use by large organizations defending networks and large customer bases, and “Wordfence Intelligence” will be the suite of products available at no cost to defenders and to the research community.

During 2023 you will see several exciting new features added to Wordfence Intelligence designed to secure the WordPress community, to make data freely available to threat researchers, and to incentivize the research community to help secure WordPress. As a team we are incredibly excited about the free resources that Wordfence Intelligence makes available to the global security community and how that will improve WordPress security as a whole. You can find Wordfence Intelligence (and its free community resources) on this page.

In addition, you can learn how to access the Wordfence Intelligence vulnerability data via an API on this page – the data is available to download in its entirety, at no cost, as often as you’d like!

If you are an enterprise customer, you can learn more about our enterprise products on the product page for Wordfence Intelligence Enterprise.

Thanks for choosing Wordfence, and we look forward to keeping your WordPress sites secure and to securing the global WordPress community.

– Mark Maunder – Wordfence Founder & CEO and Chloe Chamberland, Head of Product for Wordfence Intelligence

The post Wordfence Intelligence: Because Community Created Vulnerabilities Are Community Property appeared first on Wordfence.

Pin It on Pinterest