Vulnerability Patched in Cozmolabs Profile Builder Plugin – Information Disclosure Leads to Account Takeover

Hundreds, if not thousands of WordPress plugins are conceived with the idea of making site building and maintenance easier for site owners. They add features not available in WordPress Core that would otherwise require site owners to write their own code to extend functionality. However, these well-intentioned plugins may sometimes contain seemingly innocuous bugs that can lead to catastrophic consequences.

On Tuesday, February 7th, 2023, prominent WordPress vulnerability researcher István Márton, also known as Lana Codes, reached out to the Wordfence Threat Intelligence team to responsibly disclose an information disclosure vulnerability in Cozmolabs Profile Builder, a WordPress plugin designed to enhance the user profile and registration experience with a reported 60,000+ active installations. If exploited, this vulnerability allows threat actors to gain elevated privileges by taking over arbitrary accounts.

Wordfence researchers quickly assessed the vulnerability and deployed a firewall rule to protect customers from exploitation. Premium, Care, and Response customers received that protection on February 13, 2023 as well as an additional firewall rule for extended protection on February 14, 2023. Sites still running the free version of Wordfence will receive the same protection 30 days later on March 14 and March 15, 2023, respectively.

In coordination with Márton, Cozmolabs quickly released a fix in Profile Builder version 3.9.1 on February 13, 2023, only 6 days after the vulnerability’s discovery.

Vulnerability Summary

Description: Profile Builder – User Profile & User Registration Forms <= 3.9.0 – Sensitive Information Disclosure via Shortcode
Affected Plugin: Profile Builder – User Profile & User Registration Forms
Plugin Slug: profile-builder
Affected Versions: <= 3.9.0
CVE ID: CVE-2023-0814
CVSS Score: 6.4 (Medium)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Researcher/s: Lana Codes
Fully Patched Version: 3.9.1

Vulnerability Analysis

The vulnerability, assigned CVE-2023-0814, exists due to missing authorization within the wppb_toolbox_usermeta_handler() function. The affected function is defined as a callback function to the ‘user_meta’ shortcode, which is registered via the WordPress add_shortcode() function in usermeta.php.

As with all shortcode callback functions, wppb_toolbox_usermeta_handler() takes an array of attributes. In particular, the ‘user_id’ attribute is used to create a new user object. Then, the ‘key’ attribute is used in a call to ‘$user->get()’. Finally, the function returns the value of the retrieved ‘key’ for the given ‘user_id’. During this process, capability checks are not properly implemented to ensure that the user executing the function is authorized to retrieve the given ‘key’ value.

The wppb_toolbox_usermeta_handler() function creates a user object and performs a $user->get() with threat actor-supplied values.

Prerequisites

Vulnerable instances of Profile Builder need the ‘Enable Usermeta shortcode’ setting enabled within the ‘Shortcodes’ section of the ‘Advanced Settings’ tab of the plugin’s ‘Settings’ page.

‘Enable Usermeta shortcode’ setting activated

Exploitation

Information Disclosure

Any authenticated user, with subscriber-level permissions or greater, can send a specially-crafted HTTP POST request to the ‘wp-admin/admin-ajax.php’ endpoint with the ‘action’ parameter set to ‘parse-media-shortcode’ and the ‘shortcode’ parameter containing the ‘user_meta’ shortcode with the ‘user_id’ and ‘key’ attributes set.

POST to admin-ajax.php to retrieve the username of the user with a user ID of 1

As explained earlier, the value of the ‘key’ attribute is passed to a $user->get() call. Since the get() method of the WP_User class is designed to retrieve user information, any column of the ‘wp_users’ table can be passed via this attribute, including:

  • ID
  • user_login
  • user_pass
  • user_nicename
  • user_email
  • user_url
  • user_registered
  • user_activation_key
  • user_status
  • display_name

Password Reset to Privilege Escalation

The Profile Builder plugin provides the shortcode ‘[wppb-recover-password]’ to embed a password recovery form into a page on a WordPress site. The form allows users to submit their username or email address to receive an email with a password reset link containing a user activation key. When generated, this key is stored in the ‘user_activation_key’ column in the ‘wp_users’ table of the WordPress database. Using CVE-2023-0814, this key can be retrieved for any user.

First, the threat actor must generate the user activation key by entering the username or email address of the targeted user in the password recovery form and clicking the ‘Get New Password’ button.

Profile Builder password recovery form

Next, the threat actor will make a similar POST request to our previous user enumeration proof-of-concept, but this time ensuring the ‘user_id’ is set to the user ID of the username or email address entered into the password recovery form and setting the ‘key’ attribute to ‘user_activation_key’.

POST to admin-ajax.php to retrieve the user activation key for the admin account

Once the threat actor has retrieved the user activation key, they can navigate back to the password recovery form page, but this time with the ‘key’ query parameter set to the retrieved user activation key.

Password Recovery page with ‘key’ query parameter set to retrieved value

At this point, the threat actor simply needs to enter a new password and click the ‘Reset Password’ button. The threat actor will then be able to login using the targeted username and new password.

Timeline

February 7th, 2023 – Lana Codes responsibly discloses the vulnerability to the plugin vendor and our Vulnerability Disclosure program.
February 13th, 2023 – The vendor releases a patch in version 3.9.1 and Wordfence releases a firewall rule to address the vulnerability. Wordfence Premium, Care, and Response users receive this rule.
February 14th, 2023 – Wordfence releases an additional firewall rule to provide extended protection against exploitation. Wordfence Premium, Care, and Response users receive this rule.
March 14th, 2023 – Wordfence free users receive the first firewall rule.
March 15th, 2023 – Wordfence free users receive the second firewall rule.

Conclusion

In today’s post, we covered an Information Disclosure vulnerability that could lead to the takeover of an administrative account in Cozmolabs Profile Builder, a plugin used by over 60,000 WordPress installations. The Wordfence Threat Intelligence team issued a firewall rule providing protection against the vulnerability on February 13th and 14th, 2023. This rule has been protecting our Wordfence Premium, Wordfence Care, and Wordfence Response users since that date, while those still using our free version will receive this rule on March 14 and March 15, 2023.

If you believe your site has been compromised as a result of this vulnerability or any other vulnerability, we offer Incident Response services via Wordfence Care. If you need your site cleaned immediately, Wordfence Response offers the same service with 24/7/365 availability and a 1-hour response time. Both of these products include hands-on support in case you need further assistance. If you have any friends or colleagues who are using this plugin, please share this announcement with them and encourage them to update to the latest patched version of Profile Builder as soon as possible.

If you are a security researcher, you can responsibly disclose your finds to us and obtain a CVE ID and get your name on the Wordfence Intelligence leaderboard.

The post Vulnerability Patched in Cozmolabs Profile Builder Plugin – Information Disclosure Leads to Account Takeover appeared first on Wordfence.

How to Know If You’re Under DDoS Attack

Nowadays, the term DDoS raises the heart rate of most webmasters. Though many don’t know exactly what a DDoS attack is, they might be familiar with the effects of getting DDoSed: an extremely sluggish, shut down, or dysfunctional website.

In this article, we’ll focus on how to know if you’ve been DDoSed, how to spot denial-of-service, and how to protect your website from future DDoS attacks.

Contents:

  • What is a DDoS attack?

Continue reading How to Know If You’re Under DDoS Attack at Sucuri Blog.

Wordfence Intelligence Weekly WordPress Vulnerability Report (Feb 27, 2023 to Mar 5, 2023)

Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface and vulnerability API are completely free to access and utilize both personally and commercially.

Last week, there were 117 vulnerabilities disclosed in WordPress based software that have been added to the Wordfence Intelligence Vulnerability Database, and there were 30 Vulnerability Researchers that contributed to WordPress Security last week. You can find those vulnerabilities below along with some data about the vulnerabilities that were added.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.


Total Unpatched & Patched Vulnerabilities Last Week

Patch Status Number of Vulnerabilities
Unpatched 44
Patched 73

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating Number of Vulnerabilities
Low Severity 1
Medium Severity 104
High Severity 10
Critical Severity 2

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE Number of Vulnerabilities
Cross-Site Request Forgery (CSRF) 53
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 34
Missing Authorization 16
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) 2
Information Exposure 2
Authorization Bypass Through User-Controlled Key 2
Server-Side Request Forgery (SSRF) 2
Incorrect Privilege Assignment 1
Unrestricted Upload of File with Dangerous Type 1
Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’) 1
Protection Mechanism Failure 1
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) 1
Improper Validation of Integrity Check Value 1

Researchers That Contributed to WordPress Security Last Week

Researcher Name Number of Vulnerabilities
Lana Codes 27
Rio Darmawan 20
Mika 13
Dave Jong 6
FearZzZz 4
Erwan LR 4
yuyudhn 4
WPScanTeam 3
Prasanna V Balaji 3
Marco Wotschka 3
Rafie Muhammad 3
TEAM WEBoB of BoB 11th 2
Abdi Pranata 2
Muhammad Daffa 2
Nguyen Xuan Chien 2
Marc-Alexandre Montpas 1
TaeEun Lee 1
Pounraj Chinnasamy 1
Jarko Piironen 1
dc11 1
rezaduty 1
Mohammed El Amin, Chemouri 1
Universe 1
Alex Sanford 1
Vaibhav Rajput 1
MyungJu Kim 1
Mahesh Nagabhairava 1
Leonidas Milosis 1
Shreya Pohekar 1
Nguyen Thuc Tuyen 1

 

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.


Vulnerability Details

Houzez <= 2.7.1 – Privilege Escalation

CVE ID: CVE-2023-26540
CVSS Score: 9.8 (Critical)
Researcher/s: Dave Jong
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0578f4d1-5953-4fbe-8bc3-0569bee57a1a

Debug Assistant <= 1.4 – Cross-Site Request Forgery via imlt_create_admin

CVE ID: CVE-2023-26516
CVSS Score: 8.8 (High)
Researcher/s: Prasanna V Balaji
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/429ce9e6-e51b-4f1e-8e26-f679b08d68d3

OceanWP <= 3.4.1 – Authenticated (Subscriber+) Local File Inclusion

CVE ID: CVE-2023-23700
CVSS Score: 8.8 (High)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7fa57b92-3a3e-418c-bfc2-7ed2602004e4

ProfileGrid <= 5.3.0 – Missing Authorization to Arbitrary Password Reset

CVE ID: CVE-2023-0940
CVSS Score: 8.8 (High)
Researcher/s: dc11
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/58cf6e80-63dd-42dc-9c4a-7b5c092bc4cb

CSSTidy – Server-Side Request Forgery

CVE ID: CVE-2022-40700
CVSS Score: 8.3 (High)
Researcher/s: Dave Jong
Patch Status: Unpatched/Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fb534d86-c477-4a9c-b048-2fbc002168b2

Gallery Blocks with Lightbox <= 3.0.7 – Missing Authorization in pgc_sgb_add_dashboard_widget

CVE ID: CVE Unknown
CVSS Score: 8.1 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7561bce2-bd70-4da3-bbf0-318e59cd1852

Paid Memberships Pro <= 2.9.11 – Authenticated (Subscriber+) SQL Injection via Shortcodes

CVE ID: CVE-2023-0631
CVSS Score: 7.7 (High)
Researcher/s: Marc-Alexandre Montpas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/103a7e7b-74bb-4691-8670-c66ed2144596

Types <= 3.4.17 – Unauthenticated (Administrator+) Arbitrary File Upload

CVE ID: CVE-2023-27440
CVSS Score: 7.2 (High)
Researcher/s: Dave Jong
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/09ec4633-7639-4d46-8070-9fc6909bc610

Leyka <= 3.29.2 – Unauthenticated Stored Cross-Site Scripting

CVE ID: CVE-2023-27450
CVSS Score: 7.2 (High)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3afbfa7c-a87f-4810-9356-374923ff2314

Dokan <= 3.7.12 – Authenticated (Vendor+) SQL Injection

CVE ID: CVE-2023-26525
CVSS Score: 7.2 (High)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b4967c95-8eb6-4c9b-ae6e-082dbc6af7f5

LWS Tools <= 2.3.1 – Cross-Site Request Forgery

CVE ID: CVE-2023-27453
CVSS Score: 7.1 (High)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2dabb790-4f5e-447a-ad65-3f62ac7f6176

Manage Upload Limit <= 1.0.4 – Reflected Cross-Site Scripting via upload_limit

CVE ID: CVE-2023-27432
CVSS Score: 7.1 (High)
Researcher/s: Mahesh Nagabhairava
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9b90bf09-639c-497c-a58e-3972250db1e4

Woodmart <= 7.1.1 – Cross-Site Request Forgery to License Update

CVE ID: CVE Unknown
CVSS Score: 6.5 (Medium)
Researcher/s: FearZzZz
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/02fde6b1-d709-4329-ae9c-fea444c1aec8

Shortcodes Ultimate <= 5.12.7 – Authenticated (Subscriber+) Information Exposure

CVE ID: CVE-2023-0911
CVSS Score: 6.5 (Medium)
Researcher/s: Erwan LR
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/144895c9-5800-435e-9f75-a8de17ca2d93

WoodMart <= 7.1.1 – Missing Authorization to Shortcode Injection

CVE ID: CVE-2023-25790
CVSS Score: 6.5 (Medium)
Researcher/s: FearZzZz
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/73017e92-d95e-4b9c-a44a-779b498f58b7

Sales Report Email for WooCommerce <= 2.8 – Missing Authorization for Email Functionality

CVE ID: CVE-2022-38141
CVSS Score: 6.5 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f8befbf2-0d9d-4d0e-87de-0f1b26c0acd0

Smart Slider 3 <= 3.5.1.13 – Authenticated (Contributor+) Stored Cross-Site Scripting

CVE ID: CVE-2023-0660
CVSS Score: 6.4 (Medium)
Researcher/s: Erwan LR
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0191e5b0-b669-439b-8ad4-9f860e6ee637

Simple Vimeo Shortcode <= 2.9.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

CVE ID: CVE-2023-27443
CVSS Score: 6.4 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/66edd8e5-1d5e-425d-a4f4-5359683c1e36

Cost Calculator <= 1.8 – Authenticated (Contributor+) Stored Cross-Site Scripting

CVE ID: CVE-2023-1155
CVSS Score: 6.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/750be90d-dc12-4974-8921-75259d56c7b3

menu shortcode <= 1.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

CVE ID: CVE-2023-0395
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9150a7d9-d792-4bb6-9d33-5892f9cdfd1e

WordPress Infinite Scroll – Ajax Load More <= 5.6.0.2 – Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode

CVE ID: CVE-2022-4466
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9595fa45-6b00-4ee0-89aa-a236dbf82423

Cookie Notice & Compliance for GDPR / CCPA <= 2.4.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via shortcodes

CVE ID: CVE-2023-24400
CVSS Score: 6.4 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/95acec2a-ba1b-4b61-a4d6-3b0250a32835

Yoast SEO <= 20.2 – Authenticated (Contributor+) Cross-Site Scripting

CVE ID: CVE Unknown
CVSS Score: 6.4 (Medium)
Researcher/s: Leonidas Milosis
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c0e58807-bccc-469f-82c3-a4bbf088a626

NEX-Forms – Ultimate Form Builder <= 8.3 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

CVE ID: CVE-2023-0272
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fd817fe9-b7be-4252-877a-e9843d62a0a9

Real Estate 7 <= 3.3.4 – Reflected Cross-Site Scripting via ct_additional_features

CVE ID: CVE Unknown
CVSS Score: 6.1 (Medium)
Researcher/s: FearZzZz
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/157b3095-b662-465e-a975-5b71b5d4ba2a

Watu Quiz <= 3.3.9 – Reflected Cross-Site Scripting

CVE ID: CVE-2023-0968
CVSS Score: 6.1 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6341bdcc-c99f-40c3-81c4-ad90ff19f802

Darcie <= 1.1.5 – Reflected Cross-Site Scripting via JS split

CVE ID: CVE-2023-25961
CVSS Score: 6.1 (Medium)
Researcher/s: MyungJu Kim
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/83d162f9-32a9-4d03-845e-6fc9b8574fb5

GN Publisher <= 1.5.5 – Reflected Cross-Site Scripting

CVE ID: CVE-2023-1080
CVSS Score: 6.1 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8a4ee97c-63cd-4a5e-a112-6d4c4c627a57

Easy Testimonial Slider and Form <= 1.0.15 – Unauthenticated Reflected Cross-Site Scripting via search_term

CVE ID: CVE-2022-46799
CVSS Score: 6.1 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a6b16ffe-1c65-49d3-9e30-407bc75d7d49

GTmetrix for WordPress <= 0.4.5 – Reflected Cross-Site Scripting via ‘url’

CVE ID: CVE-2023-23677
CVSS Score: 6.1 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dcdf22be-8af4-4596-b138-67ebfd04c06d

Cart Lift – Abandoned Cart Recovery for WooCommerce and EDD <= 3.1.5 – Reflected Cross-Site Scripting via cart_search

CVE ID: CVE-2022-47449
CVSS Score: 6.1 (Medium)
Researcher/s: TEAM WEBoB of BoB 11th
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/eebe1bf7-0366-4226-bcbc-027186136008

Real Estate 7 <= 3.3.4 – Cross-Site Request Forgery

CVE ID: CVE Unknown
CVSS Score: 5.4 (Medium)
Researcher/s: FearZzZz
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/007af51b-95b5-4b12-9f74-abf31f6de341

Instant Images <= 5.1.0.1 – Authenticated (Author+) Server-Side Request Forgery via instant_images_download

CVE ID: CVE-2023-27451
CVSS Score: 5.4 (Medium)
Researcher/s: Universe
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6a50e142-59f4-488b-8120-5bf505a9039d

Leyka <= 3.29.2 – Cross-Site Request Forgery

CVE ID: CVE-2023-27442
CVSS Score: 5.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a1ab02c0-e083-4f0e-b6d4-1a10ade2c688

Rife Elementor Extensions & Templates <= 1.1.10 – Missing Authorization via import_templates

CVE ID: CVE-2023-27454
CVSS Score: 5.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ee520664-0c1f-4af0-8cdf-a33c1dfaaca7

Sheets To WP Table Live Sync <= 2.12.15 – Cross-Site Request Forgery

CVE ID: CVE-2023-26535
CVSS Score: 5.4 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f70221e6-59a4-4151-9688-f06e194f51ac

Advanced Text Widget <= 2.1.2 – Missing Authorization via atw_dismiss_admin_notice

CVE ID: CVE-2023-26520
CVSS Score: 5.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3fe1313c-1368-4bcb-9d11-25b948da5547

WP SMS <= 6.0.4 – Information Disclosure via REST API

CVE ID: CVE-2023-27447
CVSS Score: 5.3 (Medium)
Researcher/s: Jarko Piironen
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/57377380-0435-4747-abba-50063978d8e1

Metform Elementor Contact Form Builder <= 3.2.1 – reCaptcha Protection Bypass

CVE ID: CVE-2023-0085
CVSS Score: 5.3 (Medium)
Researcher/s: Mohammed El Amin, Chemouri
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/69527d4b-49b6-47cd-93b6-39350f881ec9

Event Espresso 4 Decaf <= 4.10.44.decaf – Feature Bypass

CVE ID: CVE-2023-27437
CVSS Score: 5.3 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d55f10f3-5484-4b90-80da-3d91f409fe04

WP Repost <= 0.1 – Missing Authorization

CVE ID: CVE-2023-26522
CVSS Score: 5.3 (Medium)
Researcher/s: Prasanna V Balaji
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dbf0f614-e5e9-486c-a0dd-cd494708a2a8

Simple CSV/XLS Exporter <= 1.5.8 – CSV Injection

CVE ID: CVE-2022-42882
CVSS Score: 5.1 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/219614b7-2394-490c-baf4-14a12249c4b5

Advanced Text Widget <= 2.1.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-26539
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1f622e20-2f7e-44ed-8237-fbf25323d2ce

Jetpack CRM <= 5.4.4 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-27429
CVSS Score: 4.4 (Medium)
Researcher/s: TEAM WEBoB of BoB 11th
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/20b3cd2a-ee32-49e0-8281-16afb8e42448

We’re Open! <= 1.46 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25964
CVSS Score: 4.4 (Medium)
Researcher/s: TaeEun Lee
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2a5c6b05-6e28-40be-80cb-9f95241a4fc6

WP Repost <= 0.1 – Authenticated (Administrator+) Stored Cross-Site Scritping

CVE ID: CVE-2023-26534
CVSS Score: 4.4 (Medium)
Researcher/s: Pounraj Chinnasamy
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/438689aa-3b85-4dd7-ac3e-a37906efd79c

Button Generator – easily Button Builder <= 2.3.3 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-27452
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4ac9262a-96a6-439a-a2b0-a05f24654d06

Dashboard Widgets Suite <= 3.2.1 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-26517
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/503a44ed-25c2-4178-aeec-756c5b533e04

Publish to Schedule <= 4.5.4 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-26519
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7e2014bd-2809-4f79-913d-d7a35eda63ef

Namaste! LMS <= 2.5.9.9 – Authenticated (Administrator+) Stored Cross-Site Scripting via ‘accept_other_payment_methods’, ‘other_payment_methods’ Parameters

CVE ID: CVE-2023-0844
CVSS Score: 4.4 (Medium)
Researcher/s: Alex Sanford
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7ef23b03-8452-4730-860c-2c2ef1686202

FareHarbor for WordPress <= 3.6.6 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25021
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8b40165b-17e3-4b87-8d0d-90d60ba4bf81

CPO Content Types <= 1.1.0 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25451
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9d0b1e05-0e28-4cf5-a278-ea91b6c9d253

WP No External Links <= 1.0.2 – Authenticated (Administrator+) Stored Cross-Site Scritping

CVE ID: CVE-2023-26537
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b8e3a111-6327-47a0-becd-d7e2d9166118

Simple File List <= 6.0.9 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-1025
CVSS Score: 4.4 (Medium)
Researcher/s: Shreya Pohekar
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c3f0032e-a6f4-47f5-b3eb-6f1c9bf9670c

New Adman <= 1.6.8 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-27439
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d862e8e6-ecf6-41f5-8f40-1225ecec7e1f

Simple Slug Translate <= 2.7.2 – Authenticated (Administrator+) Stored Cross-Site Scritping

CVE ID: CVE-2023-26515
CVSS Score: 4.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dc19313b-f9d0-4a92-8e33-d632d8a478df

JCH Optimize <= 3.2.2 – Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings

CVE ID: CVE-2023-25491
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f04c83b9-33a0-4f4b-afc4-929d40c2ef67

Debug Assistant <= 1.4 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-26527
CVSS Score: 4.4 (Medium)
Researcher/s: Prasanna V Balaji
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f4421782-8a7a-4bca-8c5a-7152dfafe902

Maspik – Spam blacklist <= 0.7.8 – Cross-Site Request Forgery

CVE ID: CVE-2023-24008
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0206aead-d146-453d-99ed-3870f7dfdae9

WpStream – Live Streaming, Video on Demand, Pay Per View <= 4.4.10 – Cross-Site Request Forgery via wpstream_settings

CVE ID: CVE-2023-27458
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0219851f-7fce-42e0-ba82-77af84b17d9f

WP Time Slots Booking Form <= 1.1.76 – Cross-Site Request Forgery to Feedback Submission

CVE ID: CVE-2022-41790
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/032f3363-83c0-4548-81f0-724a71931add

Download Read More Excerpt Link <= 1.6.0 – Cross-Site Request Forgery to Settings Update

CVE ID: CVE-2023-1068
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0359434b-9d88-4a40-8e9f-ec354c8de816

CP Contact Form with Paypal <= 1.3.34 – Authenticated Feedback Submission

CVE ID: CVE-2023-27460
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1ba56d68-e104-4a79-b5b4-627f9617043b

WP Google Tag Manager <= 1.1 – Cross-Site Request Forgery

CVE ID: CVE-2023-22693
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1cb265d8-eb18-42ee-9141-2fe81c0c4585

DeepL Pro API translation <= 2.1.4 – Cross-Site Request Forgery via saveSettings

CVE ID: CVE-2023-27446
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1fc58078-7520-4ee7-b5a1-d6a362ac1860

Search in Place <= 1.0.104 – Missing Authorization to Feedback Submission

CVE ID: CVE-2023-26521
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/28ca150a-443f-4b99-8c15-491bd9f1cee3

WP Meteor Page Speed Optimization Topping <= 3.1.4 -Missing Authorization to Notice Dismissal

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2b335807-f4d1-43b3-9e1b-2215eb00a3f8

Preview Link Generator <= 1.0.3 – Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-1086
CVSS Score: 4.3 (Medium)
Researcher/s: WPScanTeam
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2b6b4953-a264-4668-9cc3-1578109f6592

Blog Floating Button <= 1.4.12 – Cross-Site Request Forgery

CVE ID: CVE-2023-27445
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2ba56b4c-0573-4911-97a4-a51e867daa75

Free WooCommerce Theme 99fy Extension <= 1.2.7 – Cross-Site Request Forgery leading to Arbitrary Plugin Activation

CVE ID: CVE-2023-0503
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2e215a5c-7a01-4a1d-b051-3abf742bf573

Shortcodes Ultimate <= 5.12.7 – Authenticated (Subscriber+) Arbitrary Post Access via Shortcode

CVE ID: CVE-2023-0890
CVSS Score: 4.3 (Medium)
Researcher/s: Erwan LR
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2eddfe94-7232-4d3d-9f3a-f53fc476a012

WP Insurance – WordPress Insurance Service Plugin <= 2.1.3 – Cross-Site Request Forgery leading to Arbitrary Plugin Activation

CVE ID: CVE-2023-0501
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/37264b0f-b021-41f8-a72d-3ee0d06b19a8

WC Sales Notification <= 1.2.2 – Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-1087
CVSS Score: 4.3 (Medium)
Researcher/s: WPScanTeam
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/43fc71bb-87ba-4cf9-ae4d-1cba7bd84806

WP Meteor Page Speed Optimization Topping <= 3.1.4 – Cross-Site Request Forgery via processAjaxNoticeDismiss

CVE ID: CVE-2023-26543
CVSS Score: 4.3 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4d246a99-fd92-4132-9576-efa065a58f59

HT Portfolio <= 1.1.4 – Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-0497
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4ed63724-c21f-4b0e-b595-e824d3519b21

Add Expires Headers & Optimized Minify <= 2.7 – Cross-Site Request Forgery via [placeholder]

CVE ID: CVE-2023-27457
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/55e6a968-153e-4d4c-a7be-65650a0c9bc1

HT Politic <= 2.3.7 – Cross-Site Request Forgery leading to Arbitrary Plugin Activation

CVE ID: CVE-2023-0504
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5b127a47-d22f-47b5-92a8-440a5892a181

DecaLog <= 3.7.0 – Cross-Site Request Forgery via get_settings_page

CVE ID: CVE-2023-27444
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5de953ee-8a01-4372-a376-74a4cff674ce

WP Plugin Manager <= 1.1.7 – Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-1088
CVSS Score: 4.3 (Medium)
Researcher/s: WPScanTeam
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/623decc5-bdb7-42c9-8531-8004ddc16682

About Me 3000 widget <= 2.2.6 – Cross-Site Request Forgery to Plugin Settings Update

CVE ID: CVE-2023-25474
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/62c1b5ce-cd58-4805-9a40-1af529604406

ClickFunnels <= 3.1.1 – Cross-Site Request Forgery to Settings Update

CVE ID: CVE-2022-47152
CVSS Score: 4.3 (Medium)
Researcher/s: rezaduty
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/65581fa6-110f-4ae3-a903-dbf649b44417

Fontiran <= 2.1 – Cross-Site Request Forgery

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/701bf711-d692-4eb1-8459-befa62264b97

Ever Compare <= 1.2.3 – Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-0505
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/702aa972-7b74-4417-8d33-a26c3831934f

WP TFeed <= 1.6.9 – Cross-Site Request Forgery via aptf_delete_cache

CVE ID: CVE-2023-26518
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/73986641-b3a4-438d-90ae-6ff0f6f73f01

Resize at Upload Plus <= 1.3 – Cross-Site Request Forgery

CVE ID: CVE-2023-25467
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/76af3f0a-2e35-4059-960c-09769459bc01

WP Social Bookmarking Light <= 2.0.7 – Cross-Site Request Forgery

CVE ID: CVE-2023-25029
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7997ae20-88d2-4e12-87a0-a6e83808a495

Total Poll Lite <= 4.8.6 – Cross-Site Request Forgery

CVE ID: CVE-2023-27449
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7e3ae5e7-1f41-48cd-8aea-698e3b00066c

HT Slider For Elementor <= 1.3.9 – Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-0495
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/81258fcc-18cc-4614-a644-5cfb004d019b

When Last Login <= 1.2.1 – Cross-Site Request Forgery via wll_hide_subscription_notice

CVE ID: CVE-2023-27461
CVSS Score: 4.3 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/81638472-b635-4100-8fb9-3daf35fa172e

HT Event <= 1.4.5 – Cross-Site Request Forgery leading to Arbitrary Plugin Activation

CVE ID: CVE-2023-0496
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8b14c07b-23bb-4a14-8018-fa2462383b35

WP Time Slots Booking Form <= 1.1.76 – Missing Authorization to Feedback Submission

CVE ID: CVE-2022-41790
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8c732b0e-9898-48f2-99b2-068f31532b17

WP Clean Up <= 1.2.3 – Cross-Site Request Forgery via wp_clean_up_optimize

CVE ID: CVE-2023-25034
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8f342fb7-8f52-43d9-a887-1cf1fffa6ec6

WP Shamsi <= 4.3.3 – Missing Authorization leading to Authenticated (Subscriber+) Attachment Deletion

CVE ID: CVE-2023-0335
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8fc88821-b2be-49a5-a2cf-53e87d0349a2

WP Education <= 1.2.6 – Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-0498
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/91062d2c-f2a6-4a92-b684-e133391afe60

Calculated Fields Form <= 1.1.120 – Missing Authorization to Feedback Submission

CVE ID: CVE-2023-26523
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9370f05a-9c69-45f4-9fd8-7017bfcf4d1e

Quiz And Survey Master <= 8.0.10 – Cross-Site Request Forgery to Quiz Restoration

CVE ID: CVE-2023-26524
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9af36edd-4520-4afc-8d3a-c9a96659ddf8

Smart YouTube PRO <= 4.3 – Cross-Site Request Forgery via handle_colorbox_options

CVE ID: CVE-2023-25475
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a184090c-0281-4d8d-bd4d-256b4ed826dc

Big Store <= 1.9.3 – Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-27431
CVSS Score: 4.3 (Medium)
Researcher/s: Dave Jong
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a1859dca-d771-470c-ae4a-48246977212c

WP Translitera <= p1.2.5 – Cross-Site Request Forgery

CVE ID: CVE-2023-27438
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ad427bea-1b0e-46bb-85fc-53c51fb40a17

WP Film Studio <= 1.3.4 – Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-0500
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ae5121bd-2f3f-4d87-a2fd-d11bb9f8dc2c

XML Sitemap Generator for Google <= 1.2.8 – Cross-Site Request Forgery to Plugin Settings Changes

CVE ID: CVE-2023-26514
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b03a9aaa-ce9a-47bf-8574-0eba92fcf0c5

New Adman <= 1.6.8 – Cross-Site Request Forgery via plugin_menu

CVE ID: CVE-2023-27441
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b140d228-cd74-4d78-8b9d-9a69e5a89bfb

QuickSwish <= 1.0.9 – Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-0499
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b594b771-4d0b-46e1-b4c6-751c994992af

OoohBoi Steroids for Elementor <= 2.1.3 – Missing Authorization leading to Authenticated (Subscriber+) Attachment Deletion

CVE ID: CVE-2023-0336
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c24c57e5-2b42-40db-816a-f1327d1ac09b

Fontiran <= 2.1 – Cross-Site Request Forgery

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c35bffb2-f805-48d6-938a-cb5142eac3b1

Total Theme <= 2.1.19 – Authenticated(Subscriber+) Plugin Activation

CVE ID: CVE-2023-27456
CVSS Score: 4.3 (Medium)
Researcher/s: Dave Jong
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c4dfd5af-0af0-469c-81ed-52867609550c

Classic Editor and Classic Widgets <= 1.2.4 – Cross-Site Request Forgery via render_settings_page

CVE ID: CVE-2023-27434
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ce2bef2f-fe28-48ea-8b83-052eebd31622

Rus-To-Lat <= 0.3 – Cross-Site Request Forgery to Plugins Options Changes

CVE ID: CVE-2023-25470
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d07d8c3a-5e97-422a-ba20-e0bc206dda59

Elegant Custom Fonts <= 1.0 – Cross-Site Request Forgery

CVE ID: CVE-2023-27436
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dadb6bf5-dbbd-4afb-8783-f6880dec2cbf

OptinMonster <= 2.12.1 – Authenticated (Subscriber+) Sensitive Information Disclosure via Shortcode

CVE ID: CVE-2023-0772
CVSS Score: 4.3 (Medium)
Researcher/s: Erwan LR
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dfbdb5a7-e949-4d3a-8c8d-5dc6702f4675

Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks <= 1.1.5 – Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-0484
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dfe6f49a-1dd1-46d9-8e15-a8a766917092

Calculated Fields Form <= 1.1.120 – Cross-Site Request Forgery

CVE ID: CVE-2023-26523
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e4785012-d160-42cc-bd06-d9b8e65652a4

Search in Place <= 1.0.104 – Cross-Site Request Forgery to Feedback Submission

CVE ID: CVE-2023-26521
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f079037c-cea6-4ba6-843f-99c5e5fe59a5

WP News <= 1.1.9 – Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-0502
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f53e9354-248f-4d13-a1c0-8355b268fae2

OAuth Single Sign On – SSO (OAuth Client) <= 6.24.1 – Cross-Site Request Forgery via ‘delete’ in mooauth_client_applist_page

CVE ID: CVE-2023-1092
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Thuc Tuyen
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f6658edb-11dc-4594-8936-95d60d581f49

Wholesale Suite <= 2.1.5 – Missing Authorization to Plugin Settings Change

CVE ID: CVE-2022-34344
CVSS Score: 4.3 (Medium)
Researcher/s: Dave Jong
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f713f2f8-545a-4f54-a028-8422c0942a63

FluentSMTP <= 2.2.2 – Authenticated (Author+) Stored Cross-Site Scripting via Email Logs

CVE ID: CVE-2023-0219
CVSS Score: 3.8 (Low)
Researcher/s: Vaibhav Rajput
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/803c32e9-665c-40a0-b52d-f2c0b8fbe931

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (Feb 27, 2023 to Mar 5, 2023) appeared first on Wordfence.

PSA: Intentionally Leaving Backdoors in Your Code Can Lead to Fines and Jail Time

In the cybersecurity field, we talk a lot about threat actors and vulnerable code, but what doesn’t get discussed enough is intentional vulnerabilities and becoming your own threat actor. Even when making decisions with the best of intentions, it is possible to work against your own best interests. One area we see this in comes from website developers trying to safeguard their work. It can be tempting to incorporate code that gives the developer access to the site files, also known as a backdoor, in the event that the client chooses not to pay, so that the developer can remove their code or otherwise damage the site.

While implementing a backdoor may seem like a viable solution to protect your resource investment, it comes with potential ethical and legal problems, in addition to the added security risks of a backdoor hardcoded into the website. There are always better options available, even if they are less convenient for the client and developer. When developing a website, the developer should keep in mind that their needs are just as important as the client’s. Keeping this in mind will help to prevent the situations that may lead to the implementation of a backdoor on the website.

One of the biggest reasons a web developer may be tempted to include a hardcoded backdoor is to ensure their work is not used without payment. A common practice among website developers is to require 50% of the development fee up front, with the remaining sum paid upon delivery of the completed project. Especially among freelance developers, it is not uncommon to begin development even before the initial fees are paid, and even provide the final code before the final payment is received. The fear of a client not making a payment may cause a developer to believe that it is a good idea to hard code a backdoor into the project, so that the developer can remove their code or take down the site entirely as a form of retaliation.

What should be obvious is that intentionally damaging a website is a violation of laws in many countries, and could lead to fines or even jail time. In the United States, the Computer Fraud and Abuse Act of 1986 (CFAA) clearly defines illegal use of computer systems. According to 18 U.S.C. § 1030 (e)(8), simply accessing computer systems in a way that uses higher privileges or access levels than permitted is a violation of the law. Further, intentionally damaging the system or data is also a crime. The penalty for violating the CFAA can include sentences 10 years or more in prison, in addition to large financial penalties.

Let’s say a developer uses a backdoor on a website they worked on simply to access the files in an unapproved manner. Even if they do not cause any damage to the system or files, the developer could face fines of $5,000 and up to five years in prison. Use of the backdoor to take the site down or otherwise damage the files or system, might lead to even more jail time and even larger fines. It could be argued that these penalties are excessive, but it’s also important to remember that they are intended as deterrents since most threat actors are never caught.

As it stands, however, freelance developers trying to protect their work are much more likely to be caught and prosecuted than scammers in countries without an extradition arrangement. An unscrupulous client who is familiar with the law could also use the threat of prosecution to extort further unpaid labor from a freelance developer who backdoored their site.

Even beyond potential legal ramifications, these practices can lead to negative word-of-mouth, which can damage the reputation of the developer. Even if the developer is able to avoid legal issues from these actions, being perceived as unethical can negatively impact future profits, and even cause a business to fail.

Another consideration is the fact that a backdoor adds a potential vulnerability to the client’s website. If the developer is able to access the site through illegitimate means, then a potential attacker may be able to use the same method to access the site’s files. Security should always be a consideration when developing a website or one of its features. Implementing insecure code can lead to similar consequences as intentionally damaging a website.

Rather than adding a backdoor into a client’s website, it is better to set clear expectations with a client regarding deliverables, and how they will be impacted by late or missing payments. It is crucial to use written contracts to specify these expectations. If possible, start with a standard written contract that all clients are required to sign and have an attorney review it for potential issues.

If there is an agreement in place that outlines the fact that no code will be provided without full payment, then the developer is under no obligation to implement the code on the production server until they have been fully paid. A development server under the developer’s control should always be used, and once agreements have been met, the code can be moved from the development server to the client’s production server.

Note: This is not intended as legal advice and we recommend familiarizing yourself with all applicable laws and consulting with a licensed legal professional in your area.

The post PSA: Intentionally Leaving Backdoors in Your Code Can Lead to Fines and Jail Time appeared first on Wordfence.

What is a Website Defacement?

Defacement is easily one the most obvious signs of a hacked website. In these attacks, bad actors gain unauthorized access to an environment and leave their mark through digital vandalism, altering its visual appearance or content in the process.

In many cases, website defacements display social or political messages that are completely unrelated to the site’s original content — with the ultimate goal of blackmailing or embarrassing the website owner, enacting revenge, or promoting alternative viewpoints.

Continue reading What is a Website Defacement? at Sucuri Blog.

Pin It on Pinterest