Wordfence Intelligence Weekly WordPress Vulnerability Report (September 4, 2023 to September 10, 2023)

Last week, there were 107 vulnerabilities disclosed in 89 WordPress Plugins and 5 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 36 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API and webhook notifications are completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.


New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:

Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.


Total Unpatched & Patched Vulnerabilities Last Week

Patch Status Number of Vulnerabilities
Unpatched 44
Patched 63

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating Number of Vulnerabilities
Low Severity 2
Medium Severity 89
High Severity 11
Critical Severity 5

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 35
Cross-Site Request Forgery (CSRF) 31
Missing Authorization 24
Unrestricted Upload of File with Dangerous Type 3
Authorization Bypass Through User-Controlled Key 2
Deserialization of Untrusted Data 2
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) 2
External Control of File Name or Path 1
Improper Input Validation 1
Server-Side Request Forgery (SSRF) 1
Improper Privilege Management 1
Improper Neutralization of Formula Elements in a CSV File 1
Improper Encoding or Escaping of Output 1
Information Exposure 1
Improper Authorization 1

Researchers That Contributed to WordPress Security Last Week

Researcher Name Number of Vulnerabilities
Rio Darmawan 11
Mika 10
Abdi Pranata 10
Rafshanzani Suhada 7
thiennv 5
yuyudhn 4
Rafie Muhammad 4
LEE SE HYOUNG 3
Le Ngoc Anh 3
NGÔ THIÊN AN 3
Nguyen Xuan Chien 3
Marco Wotschka
(Wordfence Vulnerability Researcher)
2
Revan Arifio 2
Lana Codes
(Wordfence Vulnerability Researcher)
2
Skalucy 2
Elliot 2
FearZzZz 2
qilin_99 2
Pepitoh 1
Shuning Xu 1
deokhunKim 1
DoYeon Park 1
spacecroupier 1
Nguyen Anh Tien 1
Debangshu Kundu 1
Arpeet Rathi 1
Ravi Dharmawan 1
Theodoros Malachias 1
Alexander Concha 1
Pedro José Navas Pérez 1
Alex Sanford 1
emad 1
Emili Castells 1
Pavitra Tiwari 1
Alex Concha 1
László Radnai 1

 

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.


WordPress Plugins with Reported Vulnerabilities Last Week

Software Name Software Slug
AcyMailing – Newsletter & mailing automation for WordPress acymailing
All in One B2B for WooCommerce all-in-one-b2b-for-woocommerce
Analytify – Google Analytics Dashboard For WordPress (GA4 made easy) wp-analytify
Auto Amazon Links – Amazon Associates Affiliate Plugin amazon-auto-links
Automatic YouTube Gallery automatic-youtube-gallery
Back To The Top Button back-to-the-top-button
BackupBliss – Backup Migration Staging backup-backup
BitPay Checkout for WooCommerce bitpay-checkout-for-woocommerce
Bulk NoIndex & NoFollow Toolkit bulk-noindex-nofollow-toolkit-by-mad-fish
CP Blocks cp-blocks
Carousel Slider carousel-slider
Click To Tweet click-to-tweet
Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms fluentform
Cookie Notice & Consent cookie-notice-consent
Customizable WordPress Gallery Plugin – Modula Image Gallery modula-best-grid-gallery
Directorist – WordPress Business Directory Plugin with Classified Ads Listings directorist
Duplicate Post Page Menu & Custom Post Type duplicate-post-page-menu-custom-post-type
EWWW Image Optimizer ewww-image-optimizer
Easy Form by AYS easy-form
Easy WP Cleaner easy-wp-cleaner
Email posts to subscribers email-posts-to-subscribers
EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor embedpress
Export Import Menus export-import-menus
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder form-maker
Goods Catalog goods-catalog
Hide admin notices – Admin Notification Center wp-admin-notification-center
Insert Estimated Reading Time insert-estimated-reading-time
Laposta Signup Basic laposta-signup-basic
Laposta Signup Embed laposta-signup-embed
Leadster leadster-marketing-conversacional
Live News live-news-lite
Locations locations
MailMunch – Grow your Email List mailmunch
Media Library Assistant media-library-assistant
My Account Page Editor my-account-page-editor
MyCryptoCheckout – Bitcoin, Ethereum, and 100+ altcoins for WooCommerce mycryptocheckout
Notice Bar notice-bar
Order Delivery Date for WP e-Commerce order-delivery-date
Outbound Link Manager outbound-link-manager
POEditor poeditor
Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress wp-user-avatar
PeproDev CF7 Database pepro-cf7-database
Poll Maker – Best WordPress Poll Plugin poll-maker
Premium Starter Templates astra-pro-sites
RSVPMaker rsvpmaker
Realbig For WordPress realbig-media
Regpack regpack
Rescue Shortcodes rescue-shortcodes
Restrict – membership, site, content and user access restrictions for WordPress restricted-content
SAML Single Sign On – SSO Login Standard miniorange-saml-20-single-sign-on
SIS Handball sis-handball
SendPress Newsletters sendpress
Simple Download Counter simple-download-counter
Simple Membership simple-membership
Slider Pro sliderpro
Social Share, Social Login and Social Comments Plugin – Super Socializer super-socializer
Staff / Employee Business Directory for Active Directory ldap-ad-staff-employee-directory-search
StagTools stagtools
Starter Templates — Elementor, WordPress & Beaver Builder Templates astra-sites
Stock Quotes List stock-quotes-list
Sunshine Photo Cart sunshine-photo-cart
Swifty Bar, sticky bar by WPGens swifty-bar
TelSender – Сontact form 7, Events, Wpforms and wooccommerce to telegram bot telsender
Tilda Publishing tilda-publishing
Travel Map travelmap-blog
UniConsent CMP for GDPR CPRA GPP TCF uniconsent-cmp
Use Memcached use-memcached
User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds userfeedback-lite
User Submitted Posts – Enable Users to Submit Posts from the Front End user-submitted-posts
VS Contact Form very-simple-contact-form
WP Accessibility Helper (WAH) wp-accessibility-helper
WP Crowdfunding wp-crowdfunding
WP Custom Post Template wp-custom-post-template
WP Directory Kit wpdirectorykit
WP Gallery Metabox wp-gallery-metabox
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts wedevs-project-manager
WP iCal Availability wp-ical-availability
WP-dTree wp-dtree-30
WRC Pricing Tables – WordPress Responsive CSS3 Pricing Tables wrc-pricing-tables
WiserNotify Social Proof & FOMO Notification, WooCommerce Sales Popup, Review Popups, Notification Bars & Urgency Widgets wiser-notify
WooCommerce PensoPay woo-pensopay
Woocommerce Support System wc-support-system
WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds another-wordpress-classifieds-plugin
WordPress File Sharing Plugin user-private-files
WordPress Social Login wordpress-social-login
iFolders – Ultimate Folder Manager for Media, Pages, Posts & etc ifolders
rtMedia for WordPress, BuddyPress and bbPress buddypress-media
wordpress publish post email notification publish-post-email-notification
wpCentral wp-central

WordPress Themes with Reported Vulnerabilities Last Week

Software Name Software Slug
Attorney attorney
Flatsome flatsome
Raise Mag raise-mag
Wishful Blog wishful-blog
Woodmart woodmart

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities.

Media Library Assistant <= 3.09 – Unauthenticated Local/Remote File Inclusion & Remote Code Execution

Affected Software: Media Library Assistant
CVE ID: CVE-2023-4634
CVSS Score: 9.8 (Critical)
Researcher/s: Pepitoh
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/05c68377-feb6-442d-a3a0-1fbc246c7cbf

RSVPMaker <= 10.6.6 – Unauthenticated PHP Object Injection

Affected Software: RSVPMaker
CVE ID: CVE-2023-25054
CVSS Score: 9.8 (Critical)
Researcher/s: Ravi Dharmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/647cc71d-4d3a-4722-b498-baaee2450809

All in One B2B for WooCommerce <= 1.0.3 – Unauthenticated Privilege Escalation

Affected Software: All in One B2B for WooCommerce
CVE ID: CVE-2023-4703
CVSS Score: 9.8 (Critical)
Researcher/s: Alexander Concha
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/aab3016d-5834-4b4a-a206-0b626884b335

Flatsome <= 3.17.5 – Unauthenticated PHP Object Injection

Affected Software: Flatsome
CVE ID: CVE-2023-40555
CVSS Score: 9.8 (Critical)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bfc4863a-1b8c-4b13-9df1-18f221b40b26

Form Maker by 10Web <= 1.15.19 – Unauthenticated Arbitrary File Upload

Affected Software: Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
CVE ID: CVE Unknown
CVSS Score: 9.8 (Critical)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c691d129-35db-4de8-a28e-5e77347e2280

WP Project Manager <= 2.6.0 – Authenticated (Subscriber+) SQL Injection


Export Import Menus <= 1.8.0 – Authenticated (Contributor+) Arbitrary File Upload

Affected Software: Export Import Menus
CVE ID: CVE-2023-34385
CVSS Score: 8.8 (High)
Researcher/s: Emili Castells
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d74efb03-4a1c-4163-bd79-ef17975a609e

My Account Page Editor <= 1.3.1 – Authenticated (Subscriber+) Arbitrary File Upload

Affected Software: My Account Page Editor
CVE ID: CVE-2023-4536
CVSS Score: 8.8 (High)
Researcher/s: Alex Concha
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f87b6987-8896-4edf-9b14-8582426adeb0

ProfilePress <= 4.13.2 – Limited Privilege Escalation via ‘acceptable_defined_roles’


Woocommerce Support System <= 1.2.0 – Missing Authorization

Affected Software: Woocommerce Support System
CVE ID: CVE-2023-41686
CVSS Score: 7.3 (High)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8004a306-4c8f-40e9-accc-a12d65b5f2f9

Woocommerce Support System <= 1.2.0 – Authenticated (Administrator+) SQL Injection via ‘orderby’

Affected Software: Woocommerce Support System
CVE ID: CVE-2023-41685
CVSS Score: 7.2 (High)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/efab7ec7-7143-4556-8d68-4a7e34f46e9e

Travel Map <= 1.0.1 – Unauthenticated Cross-Site Scripting

Affected Software: Travel Map
CVE ID: CVE-2023-41860
CVSS Score: 7.2 (High)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3f04a742-56be-42e9-9080-2131c6e98325

Click To Tweet <= 2.0.14 – Unauthenticated Cross-Site Scripting

Affected Software: Click To Tweet
CVE ID: CVE-2023-41856
CVSS Score: 7.2 (High)
Researcher/s: thiennv
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b5031140-9a48-43da-b946-00ce9c70258b

PeproDev CF7 Database <= 1.7.0 – Unauthenticated Stored Cross-Site Scripting via form submission

Affected Software: PeproDev CF7 Database
CVE ID: CVE-2023-41863
CVSS Score: 7.2 (High)
Researcher/s: FearZzZz
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c7a7df90-a542-48cf-a58e-bcbddc978df2

Simple Membership <= 4.3.5 – Reflected Cross-Site Scripting

Affected Software: Simple Membership
CVE ID: CVE-2023-4719
CVSS Score: 7.2 (High)
Researcher/s: FearZzZz
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e4b10172-7e54-4ff8-9fbb-41d160ce49e4

User Feedback <= 1.0.7 – Unauthenticated Stored Cross-Site Scripting

Affected Software: User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds
CVE ID: CVE-2023-39308
CVSS Score: 7.2 (High)
Researcher/s: Revan Arifio
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f9e45bc2-6db6-49cd-8a4a-58489a8ddac2

All in One B2B for WooCommerce <= 1.0.3 – Cross-Site Request Forgery

Affected Software: All in One B2B for WooCommerce
CVE ID: CVE-2023-3547
CVSS Score: 6.5 (Medium)
Researcher/s: Alex Sanford
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bd53bc57-b10e-47a7-8c10-96bf1f1e82a5

Auto Amazon Links <= 5.3.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via style

Affected Software: Auto Amazon Links – Amazon Associates Affiliate Plugin
CVE ID: CVE-2023-4482
CVSS Score: 6.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/11ffb8a1-55d2-44c5-bcd2-ba866b94e8bc

Goods Catalog <= 2.4.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

Affected Software: Goods Catalog
CVE ID: CVE-2023-41687
CVSS Score: 6.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/21542a9e-efa2-4655-b076-d282e3678fdf

Rescue Shortcodes <= 2.5 – Authenticated (Contributor+) Stored Cross-Site Scripting

Affected Software: Rescue Shortcodes
CVE ID: CVE-2023-41728
CVSS Score: 6.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6a11e7c9-f565-4a8c-895f-425c6654b5a9

Starter Templates <= 3.2.4 – Authenticated (Contributor+) Server-Side Request Forgery

Affected Software/s: Starter Templates — Elementor, WordPress & Beaver Builder Templates, Premium Starter Templates
CVE ID: CVE-2023-41804
CVSS Score: 6.4 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6e0bdbba-2b67-42b9-8c26-115d472aed0e

Simple Download Counter <= 1.6 – Authenticated (Contributor+) Stored Cross-Site Scripting

Affected Software: Simple Download Counter
CVE ID: CVE-2023-4838
CVSS Score: 6.4 (Medium)
Researcher/s: NGÔ THIÊN AN
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/aa5f7f2a-c7b7-4339-a608-51fd684c18bf

User Submitted Posts <= 20230901 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Affected Software: User Submitted Posts – Enable Users to Submit Posts from the Front End
CVE ID: CVE-2023-41696
CVSS Score: 6.4 (Medium)
Researcher/s: NGÔ THIÊN AN
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b7fca965-86f8-4ee4-a9d6-cb18fe5f098e

WordPress Social Login <= 3.0.4 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Affected Software: WordPress Social Login
CVE ID: CVE-2023-4773
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b987822d-2b1b-4f79-988b-4bd731864b63

User Submitted Posts – Enable Users to Submit Posts from the Front End <= 20230811 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Affected Software: User Submitted Posts – Enable Users to Submit Posts from the Front End
CVE ID: CVE-2023-4779
CVSS Score: 6.4 (Medium)
Researcher/s: NGÔ THIÊN AN
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d21ca709-183f-4dd1-849c-f1b2a4f7ec43

Notice Bar <= 3.1.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

Affected Software: Notice Bar
CVE ID: CVE-2023-41847
CVSS Score: 6.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/defc5b5a-243d-4564-a9f8-3ecf3538129b

Locations <= 4.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

Affected Software: Locations
CVE ID: CVE-2023-41797
CVSS Score: 6.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fe10acf6-2649-4e85-abd1-b6840169eb41

Attorney <= 3 – Reflected Cross-Site Scripting

Affected Software: Attorney
CVE ID: CVE-2023-41692
CVSS Score: 6.1 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/026443b6-4ab5-4f31-8a8d-2019097bde4c

Restrict <= 2.2.4 – Reflected Cross-Site Scripting

Affected Software: Restrict – membership, site, content and user access restrictions for WordPress
CVE ID: CVE-2023-41861
CVSS Score: 6.1 (Medium)
Researcher/s: thiennv
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/62029ce5-ab97-4594-93e6-469ef5692320

WooCommerce PensoPay <= 6.3.1 – Reflected Cross-Site Scripting via ‘pensopay_action’

Affected Software: WooCommerce PensoPay
CVE ID: CVE-2023-41691
CVSS Score: 6.1 (Medium)
Researcher/s: Le Ngoc Anh
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6845b506-3d38-47f6-9348-d7931e65707a

WoodMart <= 7.2.4 – Reflected Cross-Site Scripting

Affected Software: Woodmart
CVE ID: CVE-2023-41872
CVSS Score: 6.1 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6fc92b8f-6794-461a-b6b6-598de21f5e2d

AcyMailing SMTP Newsletter <= 8.6.2 – Reflected Cross-Site Scripting

Affected Software: AcyMailing – Newsletter & mailing automation for WordPress
CVE ID: CVE-2023-41867
CVSS Score: 6.1 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9f82ec7c-72a0-4c3b-8041-c6ad080a48f1

Stagtools <= 2.3.7 – Reflected Cross-Site Scripting

Affected Software: StagTools
CVE ID: CVE-2023-41868
CVSS Score: 6.1 (Medium)
Researcher/s: Le Ngoc Anh
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ca09ce0d-3989-420d-9457-f0acd709cc6b

Poll Maker <= 4.7.0 – Reflected Cross-Site Scripting

Affected Software: Poll Maker – Best WordPress Poll Plugin
CVE ID: CVE-2023-41871
CVSS Score: 6.1 (Medium)
Researcher/s: Le Ngoc Anh
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/faad9cf7-5d83-4ade-b121-c38fb0de78a5

Wishful Blog <= 2.0.1 & Raise Mag <= 1.0.7 – Unauthenticated Cross-Site Scripting

Affected Software/s: Raise Mag, Wishful Blog
CVE ID: CVE-2023-28621
CVSS Score: 6.1 (Medium)
Researcher/s: László Radnai
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fb33f779-d045-48dd-babe-8b1fab903124

Stock Quotes List <= 2.9.9 – Authenticated (Contributor+) Stored Cross-Site Scripting

Affected Software: Stock Quotes List
CVE ID: CVE-2023-41666
CVSS Score: 5.4 (Medium)
Researcher/s: deokhunKim
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1dffbb2d-69d1-495c-8c96-64c5fd878fcd

Tilda Publishing <= 0.3.21 – Missing Authorization

Affected Software: Tilda Publishing
CVE ID: CVE-2023-31234
CVSS Score: 5.4 (Medium)
Researcher/s: spacecroupier
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4a992bb2-67b9-48db-a536-c3af79e93af4

Staff / Employee Business Directory for Active Directory <= 1.2.1 – Insufficient Escaping of Stored LDAP Values

Affected Software: Staff / Employee Business Directory for Active Directory
CVE ID: CVE-2023-4757
CVSS Score: 5.4 (Medium)
Researcher/s: Pedro José Navas Pérez
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b1355e9f-fa3a-439a-a13f-49b10dd4473a

Easy WP Cleaner <= 1.9 – Cross-Site Request Forgery

Affected Software: Easy WP Cleaner
CVE ID: CVE-2023-41697
CVSS Score: 5.4 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c4c2689d-be51-4907-b624-c85da39f545d

Contact Form for Plugin by Fluent Forms <= 5.0.8 – Insecure Direct Object Reference

Affected Software: Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms
CVE ID: CVE-2023-41952
CVSS Score: 5.3 (Medium)
Researcher/s: Revan Arifio
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/20f31e48-0dbb-498a-a400-681cacea7c9c

Sunshine Photo Cart <= 3.0.5 – Insecure Direct Object Reference to Order Manipulation

Affected Software: Sunshine Photo Cart
CVE ID: CVE-2023-41796
CVSS Score: 5.3 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2eae7c33-2347-4b34-8b5f-7f4a6ee3e9c1

TelSender <= 1.14.7 – Missing Authorization

Affected Software: TelSender – Сontact form 7, Events, Wpforms and wooccommerce to telegram bot
CVE ID: CVE-2023-41683
CVSS Score: 5.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/39193ebd-005a-4497-9939-99947323a1a0

WP Directory Kit <= 1.2.6 – Missing Authorization

Affected Software: WP Directory Kit
CVE ID: CVE-2023-41875
CVSS Score: 5.3 (Medium)
Researcher/s: Debangshu Kundu, Arpeet Rathi
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/60083262-198d-4a7d-bb0a-717a744e20f9

Email posts to subscribers <= 6.2 – Missing Authorization to Sensitive Information Exposure

Affected Software: Email posts to subscribers
CVE ID: CVE-2023-41735
CVSS Score: 5.3 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7730d670-d270-4755-bc9a-550498a28edb

WRC Pricing Tables <= 2.3.7 – Missing Authorization

Affected Software: WRC Pricing Tables – WordPress Responsive CSS3 Pricing Tables
CVE ID: CVE-2023-32293
CVSS Score: 5.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/823dc422-12f4-4f7d-a305-2e4db18bafdf

WiserNotify Social Proof <= 2.5 – Missing Authorization


EWWW Image Optimizer <= 7.2.0 – Sensitive Information Exposure

Affected Software: EWWW Image Optimizer
CVE ID: CVE Unknown
CVSS Score: 5.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d7d08bfd-9861-4e21-a696-25b00233ad94

VS Contact Form <= 13.9 – Missing Authorization

Affected Software: VS Contact Form
CVE ID: CVE-2023-41862
CVSS Score: 5.3 (Medium)
Researcher/s: qilin_99
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e3f665b8-fbd5-4100-baf6-3fa99332a5dc

BitPay Checkout for WooCommerce <= 4.1.0 – Missing Authorization

Affected Software: BitPay Checkout for WooCommerce
CVE ID: CVE-2023-41803
CVSS Score: 5.3 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ea489c69-d4d9-4e05-8cac-25fd17d48506

UniConsent Cookie Consent CMP for GDPR / CCPA <= 1.4.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: UniConsent CMP for GDPR CPRA GPP TCF
CVE ID: CVE-2023-41800
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/19c9cf3e-553b-4cbd-9f2c-803e188a2581

WordPress File Sharing Plugin <= 2.0.3 – Authenticated (Admin+) Stored Cross-Site Scripting

Affected Software: WordPress File Sharing Plugin
CVE ID: CVE-2023-4636
CVSS Score: 4.4 (Medium)
Researcher/s: Shuning Xu
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1df04293-87e9-4ab4-975d-54d36a993ab0

Insert Estimated Reading Time <= 1.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Insert Estimated Reading Time
CVE ID: CVE-2023-41734
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/45426cdd-2721-4959-8f0b-13025f775d62

Cookie Notice & Consent 1.6.0 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Cookie Notice & Consent
CVE ID: CVE-2023-41948
CVSS Score: 4.4 (Medium)
Researcher/s: DoYeon Park
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/489dc156-b8cb-4e08-a847-73a891398d5c

SendPress Newsletters <= 1.22.3.31 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: SendPress Newsletters
CVE ID: CVE-2023-41729
CVSS Score: 4.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5d173077-06c4-4a23-a664-0be8516053ec

Swifty Bar, sticky bar by WPGens <= 1.2.10 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Swifty Bar, sticky bar by WPGens
CVE ID: CVE-2023-41737
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/66c90387-af23-48fc-94da-708b9c223fe3

wordpress publish post email notification <= 1.0.2.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: wordpress publish post email notification
CVE ID: CVE-2023-41731
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/705d11b1-0924-46ae-a6e6-8fab16a4df00

iFolders <= 1.5.0 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: iFolders – Ultimate Folder Manager for Media, Pages, Posts & etc
CVE ID: CVE-2023-41949
CVSS Score: 4.4 (Medium)
Researcher/s: emad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d1f957ce-7bb0-4701-8b2a-522211c408d8

Order Delivery Date for WP e-Commerce <= 1.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Order Delivery Date for WP e-Commerce
CVE ID: CVE-2023-41859
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d74f5813-cf7a-4ffb-9306-56f29b3a7d04

Email posts to subscribers <= 6.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Email posts to subscribers
CVE ID: CVE-2023-41736
CVSS Score: 4.4 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e818a5db-acb7-4b16-80b1-939904e93791

Back To The Top Button <= 2.1.5 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Back To The Top Button
CVE ID: CVE-2023-41733
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ed8cd92a-c791-4781-a7bc-9b2a4d559d7d

Regpack <= 0.1 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Regpack
CVE ID: CVE-2023-41855
CVSS Score: 4.4 (Medium)
Researcher/s: Pavitra Tiwari
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f3cdc0ba-d28f-488c-a703-f9d880f0582e

Backup Migration <= 1.2.9 – Cross-Site Request Forgery

Affected Software: BackupBliss – Backup Migration Staging
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/00274313-9079-4877-b72e-310e312aa814

Automatic YouTube Gallery <= 2.3.3 – Missing Authorization via AJAX actions

Affected Software: Automatic YouTube Gallery
CVE ID: CVE-2023-41866
CVSS Score: 4.3 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0a58d45b-c91b-4141-992e-336650d7252b

rtMedia for WordPress, BuddyPress and bbPress <= 4.6.14 – Missing Authorization via export_settings

Affected Software: rtMedia for WordPress, BuddyPress and bbPress
CVE ID: CVE-2023-41951
CVSS Score: 4.3 (Medium)
Researcher/s: thiennv
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0cb5df54-a6a7-4c2e-8df0-5d050218622e

Super Socializer <= 7.13.54 – Missing Authorization

Affected Software: Social Share, Social Login and Social Comments Plugin – Super Socializer
CVE ID: CVE-2023-41802
CVSS Score: 4.3 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/101dd211-c3eb-4d27-9194-841bc2a968e6

Laposta Signup Embed <= 1.1.0 – Missing Authorization

Affected Software: Laposta Signup Embed
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/12b81441-d22c-4211-a8da-811182de622d

CP Blocks <= 1.0.20 – Cross-Site Request Forgery to Settings Update

Affected Software: CP Blocks
CVE ID: CVE-2023-41732
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/35cd1788-1756-4d03-8f6f-e5e4153e3f4f

Leadster <= 1.1.2 – Cross-Site Request Forgery

Affected Software: Leadster
CVE ID: CVE-2023-41668
CVSS Score: 4.3 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/361216af-b939-4ac1-ae06-97552d283670

EmbedPress <= 3.8.3 – Cross-Site Request Forgery


Live News <= 1.06 – Cross-Site Request Forgery

Affected Software: Live News
CVE ID: CVE-2023-41669
CVSS Score: 4.3 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3ee59570-85c3-4394-bebb-c3f49c08be67

WP Gallery Metabox <= 1.0.0 – Cross-Site Request Forgery

Affected Software: WP Gallery Metabox
CVE ID: CVE-2023-41876
CVSS Score: 4.3 (Medium)
Researcher/s: Skalucy
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/46c4b7f7-e3e6-46b8-b959-07775db8bb6c

wpCentral <= 1.5.7 – Cross-Site Request Forgery

Affected Software: wpCentral
CVE ID: CVE-2023-41854
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/49d03254-7399-4a5d-9ce9-7d4736b8b2ee

Laposta Signup Embed <= 1.1.0 – Cross-Site Request Forgery

Affected Software: Laposta Signup Embed
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4c0cbf44-f6b4-408d-9a96-98f45d890822

POEditor <= 0.9.4 – Cross-Site Request Forgery

Affected Software: POEditor
CVE ID: CVE-2023-32091
CVSS Score: 4.3 (Medium)
Researcher/s: Elliot
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4e81e947-4892-4028-8a09-6a048bf6a572

Carousel Slider <= 2.2.2 – Missing Authorization

Affected Software: Carousel Slider
CVE ID: CVE-2023-41848
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Anh Tien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5465eaab-03c0-438a-8553-c1f8b06b82bc

SIS Handball <= 1.0.45 – Cross-Site Request Forgery

Affected Software: SIS Handball
CVE ID: CVE-2023-41684
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5973afaa-5a64-4db1-8e32-3b39d1367eb8

Bulk NoIndex & NoFollow Toolkit <= 1.5 – Missing Authorization

Affected Software: Bulk NoIndex & NoFollow Toolkit
CVE ID: CVE-2023-41688
CVSS Score: 4.3 (Medium)
Researcher/s: Skalucy
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5cb79fbc-705a-4fb4-b441-7fe7ab6dea10

rtMedia for WordPress, BuddyPress and bbPress <= 4.6.14 – Missing Authorization to Settings Update

Affected Software: rtMedia for WordPress, BuddyPress and bbPress
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5dfc145e-d2d4-4137-a5c6-dec2ebb41876

WP-dTree <= 4.4.5 – Cross-Site Request Forgery

Affected Software: WP-dTree
CVE ID: CVE-2023-41667
CVSS Score: 4.3 (Medium)
Researcher/s: LEE SE HYOUNG
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/61808624-b2c7-4e86-b5a1-56f32fca9eaa

Realbig <= 1.0.2 – Cross-Site Request Forgery

Affected Software: Realbig For WordPress
CVE ID: CVE-2023-41694
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/70ae0f3e-75a8-41c7-91c0-52d672809835

Order Delivery Date for WP e-Commerce <= 1.2 – Cross-Site Request Forgery

Affected Software: Order Delivery Date for WP e-Commerce
CVE ID: CVE-2023-41858
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/74a74817-30ff-42ec-9bd4-7d0638d6643c

Click To Tweet <= 2.0.14 – Missing Authorization

Affected Software: Click To Tweet
CVE ID: CVE-2023-41857
CVSS Score: 4.3 (Medium)
Researcher/s: thiennv
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7f765327-3872-46cc-a4f9-40219bf0dd99

Outbound Link Manager <= 1.2 – Cross-Site Request Forgery

Affected Software: Outbound Link Manager
CVE ID: CVE-2023-41850
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8dfc0d5e-bdc4-4f71-8aa3-0a4fbd7ef37d

Analytify Dashboard <= 5.1.0 – Missing Authorization to Opt-In

Affected Software: Analytify – Google Analytics Dashboard For WordPress (GA4 made easy)
CVE ID: CVE-2023-41695
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/970b3a0f-c1cc-4d85-8271-a523ccdbcc39

AWP Classifieds <= 4.3 – Cross-Site Request Forgery

Affected Software: WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds
CVE ID: CVE-2023-41801
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b06a1b66-9057-4f16-878c-4fa66489f0ff

Use Memcached <= 1.0.5 – Cross-Site Request Forgery

Affected Software: Use Memcached
CVE ID: CVE-2023-41670
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b63f4de2-32e1-4c5e-a64d-fb66d2e2b3a8

WP Custom Post Template <= 1.0 – Cross-Site Request Forgery

Affected Software: WP Custom Post Template
CVE ID: CVE-2023-41851
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b796b514-b6ca-4a22-9340-df02fec97075

Laposta Signup Basic <= 1.4.1 – Missing Authorization

Affected Software: Laposta Signup Basic
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b7e417c2-bf9c-4c88-be2b-9c2324897b07

WP Accessibility Helper (WAH) <= 0.6.2.4 – Missing Authorization via AJAX action

Affected Software: WP Accessibility Helper (WAH)
CVE ID: CVE-2023-41869
CVSS Score: 4.3 (Medium)
Researcher/s: thiennv
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b97b84a8-cf4e-4648-8d58-b81a71b7988c

Hide admin notices – Admin Notification Center <= 2.3.2 – Cross-Site Request Forgery

Affected Software: Hide admin notices – Admin Notification Center
CVE ID: CVE-2023-41672
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b98c5623-15fe-4937-9a0e-770aa0ab06f3

WP iCal Availability <= 1.0.3 – Cross-Site Request Forgery

Affected Software: WP iCal Availability
CVE ID: CVE-2023-41853
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bc3f1d4e-84f7-4878-8b06-10444caa7dcf

Super Socializer <= 7.13.54 – Cross-Site Request Forgery

Affected Software: Social Share, Social Login and Social Comments Plugin – Super Socializer
CVE ID: CVE-2023-41802
CVSS Score: 4.3 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bc6cfad1-d23a-4a96-9d6c-841b6d795a01

rtMedia for WordPress, BuddyPress and bbPress <= 4.6.14 – Missing Authorization to Sensitive Information Exposure

Affected Software: rtMedia for WordPress, BuddyPress and bbPress
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/be837a77-9b25-43af-aaba-94a8aa59e7e3

SAML SP Single Sign On <= 5.0.4 – Missing Authorization to notice dismissal

Affected Software: SAML Single Sign On – SSO Login Standard
CVE ID: CVE-2023-41873
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c3114906-fac1-42b9-9ba1-0a5d44c2fb3a

WP Crowdfunding <= 2.1.4 – Missing Authorization via settings_reset

Affected Software: WP Crowdfunding
CVE ID: CVE-2023-41870
CVSS Score: 4.3 (Medium)
Researcher/s: Elliot
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cddf4aa1-5c7d-4aa1-9384-1c352f0c6da9

Laposta Signup Basic <= 1.4.1 – Cross-Site Request Forgery

Affected Software: Laposta Signup Basic
CVE ID: CVE-2023-41950
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d1ba4b18-ff46-45ef-b7d4-0a314cf2d74c

Duplicate Post Page Menu & Custom Post Type <= 2.3.1 – Missing Authorization to Post Duplication

Affected Software: Duplicate Post Page Menu & Custom Post Type
CVE ID: CVE-2023-4792
CVSS Score: 4.3 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d6bb08e8-9ef5-41db-a111-c377a5dfae77

ProfilePress <= 4.13.1 Cross-Site Request Forgery via ‘admin_notice’


WP Crowdfunding <= 2.1.5 – Cross-Site Request Forgery

Affected Software: WP Crowdfunding
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e4dc8f18-d990-4e41-8bf8-dfa9de4c0f6e

MyCryptoCheckout <= 2.125 – Cross-Site Request Forgery

Affected Software: MyCryptoCheckout – Bitcoin, Ethereum, and 100+ altcoins for WooCommerce
CVE ID: CVE-2023-41693
CVSS Score: 4.3 (Medium)
Researcher/s: qilin_99
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e5575725-99ba-4499-93e5-f7648c82ac52

Starter Templates <= 3.2.5 – Incorrect Authorization

Affected Software/s: Starter Templates — Elementor, WordPress & Beaver Builder Templates, Premium Starter Templates
CVE ID: CVE-2023-41805
CVSS Score: 4.3 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ebd78e52-f20d-42be-8f68-3d09d5abf837

Easy Form by AYS <= 1.3.8 – Cross-Site Request Forgery

Affected Software: Easy Form by AYS
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ee595f48-b72f-4569-a248-7dbd0b9152ae

MailMunch – Grow your Email List <= 3.1.2 – Cross-Site Request Forgery

Affected Software: MailMunch – Grow your Email List
CVE ID: CVE-2023-41852
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f6409626-c8cb-412c-aff3-cbb2da212e5d

Slider Pro <= 4.8.6 – Missing Authorization via AJAX actions

Affected Software: Slider Pro
CVE ID: CVE-2023-41865
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f813cb1a-5922-48a5-a026-66ec9aaac294

SendPress Newsletters <= 1.22.3.31 – Cross-Site Request Forgery

Affected Software: SendPress Newsletters
CVE ID: CVE-2023-41730
CVSS Score: 4.3 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fb70339c-0f1a-4acc-af7a-8a0320fdfe71

Directorist <= 7.7.1 – CSV Injection

Affected Software: Directorist – WordPress Business Directory Plugin with Classified Ads Listings
CVE ID: CVE-2023-41798
CVSS Score: 3.8 (Low)
Researcher/s: Rafshanzani Suhada
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ab233ceb-270c-4694-9cf9-2de8ddfcbbfd

Modula <= 2.7.4 – Incomplete Authorization via ‘save_image’ and ‘save_images’

Affected Software: Customizable WordPress Gallery Plugin – Modula Image Gallery
CVE ID: CVE Unknown
CVSS Score: 2.2 (Low)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f029bd86-d979-45d1-97fe-75c43fb71148

As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (September 4, 2023 to September 10, 2023) appeared first on Wordfence.

Malware Scanning: An Essential Layer of Website Security

Wordfence recently launched Wordfence CLI, a high performance command line malware scanner, which makes use of our extensive set of malware detection signatures to rapidly scan file systems for infections.

In recent years, the WordPress community has seen a shift in emphasis towards prevention, rather than detection, of security incidents. This reflects the increased adoption of best practices such as Multi-Factor authentication, vulnerability management, and configuration hardening.

While we agree that prevention is always better than detection or remediation, one important concept in Cybersecurity is defense-in-depth, so it’s important to have a well thought-out incident response plan and adequate security monitoring in place. No security solution provides perfect protection against zero-day vulnerabilities, and even a fully locked-down site can be compromised if it shares resources with other sites that remain vulnerable. In today’s article, we’ll discuss our philosophy for securing websites, including several key cybersecurity challenges and concepts and how they relate to the case for malware scanners.


Security Should Serve Users, Not the Other Way Around

There’s an old saying that the best camera is the one you have on you, and likewise, the best security solution is the solution you’ll actually use. Users add to the complexity of securing systems, and it is easy to secure a system that nobody wants to use because it’s locked down. Security that’s easy to use and difficult to bypass is far better than security that’s difficult to use and impossible to bypass, and one guiding philosophy to cybersecurity is that nothing is truly impossible to bypass.

That’s why Wordfence prioritizes the user experience and strives to incorporate as many layers of security as possible into a package that’s easy to use for the vast majority of WordPress site owners. Traditionally this has meant plugin-based offerings. Despite the limitations of running security as a plugin, our many features, including our Web Application Firewall, Two Factor Authentication, Real-Time IP Blocklist, and Malware and Vulnerability scanner help secure over 4 million sites, detect millions of malicious files, and block billions of attacks each year.

In our 2022 Wordfence State of WordPress Security Report, we reported that our firewall blocked more than 159 Billion credential stuffing attacks, 23 Billion configuration scans, and about 12 billion attacks against vulnerabilities. You can also get a real-time view of the volume of attacks we are blocking on the Wordfence Intelligence Dashboard.


Assume Breach Mindset

While it might seem pessimistic, “assume breach” is a critical mindset in cybersecurity that involves planning mitigations in case a site is compromised. For many sites, even the most locked down ones, compromise is a matter of when, not if, and rapid detection is key to minimizing the damage. If your site has been compromised, it is important to find out as soon as possible to prevent the attacker from gaining ground and elevating privileges throughout the system. A well thought-out incident response plan is useless if you’re unaware that an incident is occurring.

The Solarwinds breach, for instance, remained undetected for more than a year, allowing threat actors to infect thousands of critical systems via a supply-chain attack. With adequate security monitoring and detection in place, this year-long infection could have been detected much sooner and impacted far fewer systems if detected earlier. This also highlights how even those striving to put forth the best security may still have gaps in coverage where an attacker can breach defenses.


Layered Security

No single solution will ever be perfect, and it is not possible to completely eliminate risk, only manage it. One of the most effective ways to manage risk is to layer defenses so that bypassing any one layer does not allow an attacker to take complete control. This is why, for instance, it is important to use both strong passwords and multifactor authentication, and why backups are important but not a replacement for intrusion detection.

Another example of this is the contrast between Cloud-based solutions versus our Web Application Firewall – a Cloud solution would be well-suited to providing DDOS protection and blocking some generic attacks, while our WAF benefits from running with the plugin because it can block attacks specifically targeted against WordPress vulnerabilities without unnecessarily blocking legitimate administrative traffic.

Our team has deployed hundreds of firewall rules that take advantage of our Web Application Firewall’s unique capabilities. Many of the privilege escalation and authentication bypass vulnerabilities we see have parameters and values that require specialized experience and techniques to adequately block. For instance, many privilege escalation vulnerabilities, such as the one we found in the JupiterX Theme, make use of administrative functionality that has been accidentally exposed to low-level users, often via an AJAX action.

With a generic ruleset from ModSecurity, attacks of this type couldn’t be blocked without entirely breaking most site functionality. Even the most advanced cloud firewalls able to scan POST parameters by terminating TLS at the edge would still prevent administrative users from performing necessary tasks. Thanks to our custom firewall rules, the Wordfence firewall is able to easily block malicious traffic without impacting site functionality, and thanks to our in-house vulnerability research we’re often the first to release firewall rules for new critical vulnerabilities.


Trusting Trust

An often overlooked concept in cybersecurity is the problem of “trusting trust.” On any given system, an attacker that can run code can tamper with any other code running at the same privilege level. This is often used as an argument against plugin-based malware scanners and admittedly does present a challenge since any attacker able to compromise a site to the point where they can execute code can run that code at the same level as a plugin.

Many of our users install Wordfence after they have become aware of a breach and successfully use our scanner for remediation. Most malware is still not sophisticated enough to evade detection in this way, and even malware that is designed to do so often fails to fully hide its tracks from detection. Additionally, based on research our team has done on WordPress threat actors, many are unwilling or unable to develop their own evasion payloads or pay the premium for off-the-shelf solutions.

Nonetheless, such tampering is becoming more common, and no plugin-based scanner is immune to it, but our plugin-based scanner still reliably detects an enormous amount of malware and we have the telemetry to prove it – roughly 1 million sites successfully used Wordfence to clean malware in 2022, based on the total number of sites we saw infections on compared the number of sites that remained infected at the end of the year.

Fortunately, even the most cleverly designed file-based malware can’t successfully hide from a scanner it can’t tamper with, and Wordfence CLI is an effective solution for sites that need this extra layer of detection.


Responsible Remediation

When it comes to remediation, a one-size-fits-all approach simply doesn’t work. Many sites have unique needs, custom code, or technical debt. Replacing core WordPress files and plugins with known clean versions can fix many issues, and our scanner offers the option to do this, but many infections will simply reoccur if the root cause is not addressed. Tools to automate remediation can be incredibly useful, but fully automated remediation can cause more problems than it solves while providing a false sense of security – there should always be a human making final remediation decisions. This is why our Wordfence Care and Wordfence Response offerings use skilled analysts to clean your website and get it back into working order, and we highly recommend these services to less experienced site owners, or site owners who simply want to trust the experts to handle remediation.


Continuous Improvement

Our malware signatures are designed to detect not only active infections but also artifacts generated by malware and other indicators of compromise. Our team of specialists constantly monitors new malware variants and we release dozens of new signatures every month to keep up with attackers. Since our signatures use carefully crafted regular expressions, each signature can detect thousands and oftentimes even millions of unique malicious files.

In the spirit of continuous improvement, we’ve launched an additional, user-friendly layer of security with our Wordfence CLI scanner. While it is designed for power users and administrators, it unlocks new possibilities for detection that were not available with our plugin scanner.


More Flexibility with Wordfence CLI

One of the most frequent requests we’ve received over the years was the ability to run scans programmatically via the command line rather than via the plugin. Not only does this mitigate tampering concerns and result in a massive performance boost, but it also allows for extended use cases – you can use it to scan backups outside of the webroot to ensure their integrity before restoring them, or to more thoroughly scan for database infections by running it against database exports, since scanning live databases tends to be extremely resource-intensive. You can use it to quickly scan just files that were recently modified by piping the results from the Linux find command to the Wordfence cli scanner, or exclude signatures from the scan in the rare cases where your custom code is detected by one of our signatures.

Wordfence CLI is open-source and can be fully customized or forked, and while our basic Free signature set may not be used for commercial purposes, it is designed to detect the most widespread indicators of compromise found on more than 90% of all infected sites. Bear in mind that most infections involve multiple malicious components, so for more comprehensive scanning and remediation, we recommend our Commercial signature set which detects more than 18 million unique malware variants in the wild.

Conclusion

In today’s article, we discussed some key components of our strategy for securing websites, including user experience, layered security, the assumption of breach, the problem of trusting trust, responsible remediation, and our drive for continuous improvement. Our goal is to provide the best security possible for your website, and that means providing security you’ll actually use.

While no single solution offers perfect protection, Wordfence offers prevention, detection, and remediation packages that will significantly improve your security posture while remaining compatible with other solutions. With the launch of Wordfence CLI, it is now possible to scan hundreds or even thousands of sites with a single, competitively priced license, all while conserving server resources.

The post Malware Scanning: An Essential Layer of Website Security appeared first on Wordfence.

Decoding Magecart: Credit Card Skimmers Concealed Through Pixels & Images

MageCart infections most often come in the form of complex, obfuscated JavaScript injected into Magento database tables such as core_config_data, or as malicious plugins or core file injections installed into WordPress / WooCommerce environments (which are increasingly common, and may be due to antivirus programs increasing their detection rate on compromised checkout pages).

However, a little less frequently we find skimmers hidden in plain sight.  During a recent website cleanup of a compromised Magento ecommerce website we caught something that was quite interesting: Credit card theft malware that was concealed through a single, invisible pixel.

Continue reading Decoding Magecart: Credit Card Skimmers Concealed Through Pixels & Images at Sucuri Blog.

Over 100,000 WordPress Websites Affected by XSS and SQLi Vulnerabilities in Slimstat Analytics Plugin

On August 24, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting (XSS) and a Blind SQL Injection vulnerability in the Slimstat Analytics plugin, which is actively installed on more than 100,000 WordPress websites. The vulnerability enables threat actors with contributor-level permissions or higher to inject malicious web scripts into pages or execute SQL queries by appending them to an existing SQL query using the plugin’s shortcode.

All Wordfence PremiumWordfence Care, and Wordfence Response customers, as well as those still using the free version of our plugin, are protected against any exploits targeting this vulnerability by the Wordfence firewall’s built-in Cross-Site Scripting and SQL Injection protection.

We contacted VeronaLabs on August 24, 2023, and we received a response on the same day. After providing full disclosure details, the developer released a patch on August 28, 2023. We would like to commend VeronaLabs for their prompt response and timely patch.

We urge users to update their sites with the latest patched version of Slimstat Analytics, version 5.0.10 at the time of this writing, as soon as possible.

Vulnerability Summary from Wordfence Intelligence

Description: Slimstat Analytics <= 5.0.9 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Affected Plugin: Slimstat Analytics
Plugin Slug: wp-slimstat
Affected Versions: <= 5.0.9
CVE ID: CVE-2023-4597
CVSS Score: 6.4 (Medium)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Researcher/s: Lana Codes
Fully Patched Version: 5.0.10

The Slimstat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slimstat’ shortcode in versions up to, and including, 5.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Description: Slimstat Analytics <= 5.0.9 – Authenticated (Contributor+) Blind SQL Injection via Shortcode
Affected Plugin: Slimstat Analytics
Plugin Slug: wp-slimstat
Affected Versions: <= 5.0.9
CVE ID: CVE-2023-4598
CVSS Score: 8.8 (High)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Researcher/s: Lana Codes, Chloe Chamberland
Fully Patched Version: 5.0.10

The Slimstat Analytics plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 5.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Technical Analysis

Slimstat Analytics is a WordPress website traffic analytics plugin that offers several features for analyzing and monitoring traffic. It provides a shortcode ([slimstat]) that displays various types of statistics when added to a WordPress page or post.

Unfortunately, insecure implementation of the plugin’s shortcode functionality allows for the injection of arbitrary web scripts into these pages. Examining the code reveals that the shortcode has several types based on the ‘f’ parameter. In vulnerable versions, the ‘top-all’ type does not adequately sanitize the user-supplied ‘w’ attribute, and then fails to escape the ‘class’ output derived from the ‘w’ parameter when it displays the statistics. This makes it possible to inject attribute-based Cross-Site Scripting payloads via the ‘w’ attribute.

public static function slimstat_shortcode($_attributes = '', $_content = '')
{
	shortcode_atts(array(
		'f' => '',    // recent, popular, count, widget
		'w' => '',    // column to use (for recent, popular and count) or widget to use
		's' => ' ',    // separator
		'o' => 0    // offset for counters
	), $_attributes);
line 724

$output = '<ul class="slimstat-shortcode ' . $f . implode('-', $w) . '">' . implode('', $output) . '</ul>';

The slimstat_shortcode method snippet in the wp_slimstat class

This makes it possible for threat actors with contributor-level access to a site to carry out stored XSS attacks. Once a script is injected into a page or post, it will execute each time a user accesses the affected page. While this vulnerability does require that a trusted contributor account is compromised, or that a user be able to register as a contributor, successful threat actors could steal sensitive information, manipulate site content, inject administrative users, edit files, or redirect users to malicious websites which are all severe consequences.

Further examining the code, we also found a SQL Injection vulnerability within the same shortcode. Although the ‘w’ parameter will be converted into an array, it is not properly sanitized. This parameter is used for the column in the database query, and although the prepare function is used, the column is not specified as a placeholder, which makes it possible for an attacker to perform SQL injection attacks.

$w = self::string_to_array($w);

The slimstat_shortcode method snippet in the wp_slimstat class

public static function get_top($_column = 'id', $_where = '', $_having = '', $_use_date_filters = true, $_as_column = '')
{
	// This function can be passed individual arguments, or an array of arguments
	if (is_array($_column)) {
		$_where            = !empty($_column['where']) ? $_column['where'] : '';
		$_having           = !empty($_column['having']) ? $_column['having'] : '';
		$_use_date_filters = !empty($_column['use_date_filters']) ? $_column['use_date_filters'] : true;
		$_as_column        = !empty($_column['as_column']) ? $_column['as_column'] : '';
		$_column           = $_column['columns'];
	}

	$group_by_column = $_column;

	if (!empty($_as_column)) {
		$_column = "$_column AS $_as_column";
	} else {
		$_as_column = $_column;
	}

	$_where = self::get_combined_where($_where, $_as_column, $_use_date_filters);

	// prepare the query
	$sql = $GLOBALS['wpdb']->prepare("
		SELECT $_column, COUNT(*) counthits
		FROM {$GLOBALS['wpdb']->prefix}slim_stats
		WHERE $_where
		GROUP BY $group_by_column $_having
		ORDER BY counthits DESC
		LIMIT 0, %d", self::$filters_normalized['misc']['limit_results']);
	return self::get_results($sql, ((!empty($_as_column) && $_as_column != $_column) ? $_as_column : $_column),
		'counthits DESC', ((!empty($_as_column) && $_as_column != $_column) ? $_as_column : $_column),
		'SUM(counthits) AS counthits');
}

The get_top method in the wp_slimstat_db class

Since no data from the SQL query was returned in the response, an attacker would need to use a Time-Based blind approach to extract information from the database. This means that they would need to use SQL CASE statements along with the SLEEP() command while observing the response time of each request to steal information from the database. This is an intricate, yet frequently successful method to obtain information from a database when exploiting SQL Injection vulnerabilities.

Disclosure Timeline

August 24, 2023 – Wordfence Threat Intelligence team discovers the stored XSS and SQL Injection vulnerabilities in Slimstat Analytics.
August 24, 2023 – We initiate contact with the plugin vendor asking that they confirm the inbox for handling the discussion.
August 26, 2023 – The vendor confirms the inbox for handling the discussion.
August 26, 2023 – We send over the full disclosure details for the XSS vulnerability.
August 27, 2023 – We send over the full disclosure details for the SQL injection vulnerability.
August 27, 2023 – The vendor acknowledges the report and begins working on a fix.
August 28, 2023 – The fully patched version, 5.0.10, is released.

Conclusion

In this blog post, we have detailed stored XSS and SQL Injection vulnerabilities within the Slimstat Analytics plugin affecting versions 5.0.9 and earlier. This vulnerability allows authenticated threat actors with contributor-level permissions or higher to inject malicious web scripts into pages that execute when a user accesses an affected page, and extract sensitive information from a database. These vulnerabilities have been fully addressed in version 5.0.10 of the plugin.

We encourage WordPress users to verify that their sites are updated to the latest patched version of Slimstat Analytics.

All Wordfence users, including those running Wordfence PremiumWordfence Care, and Wordfence Response, as well as sites still running the free version of Wordfence, are fully protected against this vulnerability.

If you know someone who uses this plugin on their site, we recommend sharing this advisory with them to ensure their site remains secure, as this vulnerability poses a significant risk.

For security researchers looking to disclose vulnerabilities responsibly and obtain a CVE ID, you can submit your findings to Wordfence Intelligence and potentially earn a spot on our leaderboard.

The post Over 100,000 WordPress Websites Affected by XSS and SQLi Vulnerabilities in Slimstat Analytics Plugin appeared first on Wordfence.

How to Fix “Not Secure” Warnings and SSL Issues in WordPress (8 Steps)

If you own a WordPress website and ever encountered the “Not Secure” warning, you might have worried that visitors would perceive your site as spam or fraudulent. Not only does this warning impact user trust, but it can also affect your site’s SEO because search engines like Google flag sites without an HTTPS (HyperText Transfer Protocol Secure) and SSL certificate (Secure Socket Layer) as insecure.

Understanding the Connection Not Secure warning

When users visit your website, data is transferred between their browsers and your servers.

Continue reading How to Fix “Not Secure” Warnings and SSL Issues in WordPress (8 Steps) at Sucuri Blog.

Pin It on Pinterest