Wordfence Intelligence CE Weekly Vulnerability Report (1-30-2023 to 2-5-2023)

In case you missed it, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme and, plugin vulnerabilities known as Wordfence Intelligence Community Edition.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Our mission with Wordfence Intelligence Community Edition is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence Community Edition user interface and vulnerability API are completely free to access and utilize both personally and commercially.

Last week, there were 69 vulnerabilities disclosed in WordPress based software that have been added to the Wordfence Intelligence Community Edition Vulnerability Database. You can find those vulnerabilities below.


EZP Coming Soon Page <= 1.0.7.3 – Authenticated (Admin+) Stored Cross Site Scripting

CVE ID: CVE-2023-24398
CVSS Score: 4.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/05614ee6-ce14-44fe-a819-8f116563dbdd

Metform Elementor Contact Form Builder <= 3.1.2 – Unauthenticated Stored Cross-Site Scripting

CVE ID: CVE-2023-0084
CVSS Score: 7.2 (High)
Researcher/s: Mohammed El Amin, Chemouri
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/05f7d9fe-e95f-4ddf-9bce-2aeac3c2e946

IP Vault – WP Firewall <= 1.1 – Authenticated (Admin+) Stored Cross-Site Scripting

CVE ID: CVE-2022-47171
CVSS Score: 4.4 (Medium)
Researcher/s: rezaduty
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/07b075a6-2339-4562-a096-0a46b58f1e9f

Gallery – Image and Video Gallery with Thumbnails <= 2.0.1 – Unauthenticated Stored Cross-Site Scripting

CVE ID: CVE-2022-47603
CVSS Score: 7.2 (High)
Researcher/s: minhtuanact
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/091d306d-cce4-426e-a18f-38bdaa802264

Magazine Edge <= 1.13 – Authenticated (Subscriber+) Arbitrary Plugin Activation

CVE ID: CVE-2023-25068
CVSS Score: 4.3 (Medium)
Researcher/s: Dave Jong
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0a2a29ea-3ff3-4b80-8a40-1a00491076ff

EmbedSocial – Social Media Feeds, Reviews and Galleries = 1.1.27 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

CVE ID: CVE-2023-0371
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0aeef472-0f09-458f-a0dc-b7de190b9b6d

Galleries by Angie Makes <= 1.67 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

CVE ID: CVE-2022-4795
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0bb7920b-2999-4bd3-bfef-3b9971f845e9

WP Dark Mode <= 3.0.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

CVE ID: CVE-2022-4714
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/108f3e7b-f4c1-445c-914c-97960b21b5fa

WP Private Message < 1.0.6 – Insecure Direct Object Reference

CVE ID: CVE-2023-0453
CVSS Score: 7.1 (High)
Researcher/s: Veshraj Ghimire
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/14026e96-7e21-45db-b258-13b014ec478c

Custom Add User <= 2.0.2 – Reflected Cross-Site Scripting

CVE ID: CVE-2023-0043
CVSS Score: 6.1 (Medium)
Researcher/s: Shreya Pohekar
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/15672f90-3192-452c-a4f2-be6db00b7888

Image Hover Effects Plugin – Caption Hover with Carousel <= 2.8 – Unauthenticated Stored Cross Site Scripting

CVE ID: CVE-2022-45831
CVSS Score: 7.2 (High)
Researcher/s: minhtuanact
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/19c2d455-ae47-49bd-9bb8-1f87b0c76c32

Interactive Geo Maps <= 1.5.8 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

CVE ID: CVE Unknown
CVSS Score: 6.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1d667556-4cab-4f92-aa43-75e7722b3af6

Flexible Elementor Panel <= 2.3.8 – Cross Site Request Forgery

CVE ID: CVE-2022-45076
CVSS Score: 4.3 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1e5381fe-940b-404e-b2f2-1fd1c4ee5d78

RankMath SEO <= 1.0.107.2 – Authenticated (Contributor+) Local File Inclusion

CVE ID: CVE Unknown
CVSS Score: 7.1 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1f8634d1-9201-4af5-9e06-c28ffcb51046

GS Books Showcase <= 1.3.0 – Authenticator (Contributor+) Stored Cross-Site Scripting via Shortcode

CVE ID: CVE-2023-0541
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/26a9bcc5-4057-4cd5-afde-68a2d467c5a9

WP Tabs <= 2.1.14 – Cross Site Request Forgery

CVE ID: CVE-2023-25065
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/28a8b3fe-6f15-4085-a370-a2e867f7018b

Marketing Performance <= 2.0.0 – Unauthenticated Stored Cross Site Scripting

CVE ID: CVE-2023-24404
CVSS Score: 6.1 (Medium)
Researcher/s: Nithissh S
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/29b53c80-68d5-4431-a49b-0d139c9403f2

Multi-column Tag Map <= 17.0.24 – Authenticated (Contributor+) Stored Cross Site Scripting

CVE ID: CVE-2023-23815
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/32652a9a-00ba-4e86-9947-c7c7ebd21494

WP htpasswd <= 1.7 – Authenticated (Admin+) Stored Cross Site Scripting

CVE ID: CVE-2023-25064
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/36fd8125-f876-49c2-a0bb-4c7ef95b462c

WP Email Capture <= 3.9.3 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE Unknown
CVSS Score: 4.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3924b6f4-75ba-4ee8-b02f-a23fbd24ed67

Album and Image Gallery plus Lightbox <= 1.6.2 – Missing Authorization

CVE ID: CVE-2023-25060
CVSS Score: 5.3 (Medium)
Researcher/s: Cat
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/467a9b16-b57c-417c-b4e1-9f3edc80b5df

WebinarIgnition <= 2.14.2 – Authenticated (Admin+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25023
CVSS Score: 4.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/49c65776-130d-4c22-b4f8-ababac8cf341

Namaste! LMS <= 2.5.9.3 – Authenticated (Admin+) Stored Cross-Site Scripting

CVE ID: CVE-2023-0548
CVSS Score: 4.4 (Medium)
Researcher/s: Felipe Restrepo Rodriguez
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5256a249-b355-480d-a532-5931e4dea481

WP Booking System <= 2.0.18 – Authenticated (Admin+) Stored Cross Site Scripting

CVE ID: CVE-2023-24402
CVSS Score: 4.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/540fef7f-8952-4525-9d07-fe3b3d777359

Beautiful Cookie Consent Banner <= 2.10.0 – Unauthenticated Stored Cross-Site Scripting

CVE ID: CVE Unknown
CVSS Score: 7.2 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/542a4079-b1a2-49bc-9ddd-ba7978c9992e

User Activity <= 1.0.1 – IP Address Spoofing

CVE ID: CVE-2022-4550
CVSS Score: 5.3 (Medium)
Researcher/s: rezaduty
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5a38a72a-7336-4aa5-8491-6879dfa4d0ea

Ocean Extra <= 2.1.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

CVE ID: CVE-2023-23891
CVSS Score: 6.4 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/617b2ef0-dc7b-4032-a145-5eaffb8194c3

1003 Mortgage Application <= 1.73 – Unauthenticated CSV Injection

CVE ID: CVE-2022-45357
CVSS Score: 6.5 (Medium)
Researcher/s: Rodrigo Escobar
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/63567094-9fb1-44b2-a3e6-99194389c4b6

Side Cart Woocommerce (Ajax) <= 2.1 – Cross-Site Request Forgery

CVE ID: CVE-2022-45376
CVSS Score: 8.8 (High)
Researcher/s: Muhammad Daffa
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/67d2364c-6c8b-4b30-8a0e-2f9ee94a3c26

Correos Oficial <= 1.3.0.0 – Unauthenticated Arbitrary File Download

CVE ID: CVE-2023-0331
CVSS Score: 7.5 (High)
Researcher/s: Andrea Iodice
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6eed2941-d9fe-4020-b1ab-fb0885f47d80

Cost Calculator <= 1.8 – Authenticated (Contributor+) Stored Cross-Site Scripting

CVE ID: CVE Unknown
CVSS Score: 6.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/750be90d-dc12-4974-8921-75259d56c7b3

WP Statistics <= 13.2.10 – Authenticated (Subscriber+) SQL Injection

CVE ID: CVE-2022-38074
CVSS Score: 8.8 (High)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7638fd24-d376-4b5b-98bb-4a40ada6a4da

Posts and Users Stats <= 1.1.3 – Authenticated (Subscriber+) CSV Injection

CVE ID: CVE-2022-44738
CVSS Score: 5.8 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/766c2aa5-e829-45b9-b6e3-0a522a0977d4

Wufoo Shortcode <= 1.51 – Authenticated (Contributor+) Cross-Site Scripting via Shortcodes

CVE ID: CVE-2022-4679
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/76ccc688-79c0-4b6e-aac9-cf18baf9af46

GS Insever Portfolio <= 1.4.4 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

CVE ID: CVE-2023-0539
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7770ab04-eb40-450e-ab8a-2a8e5d13d4a4

BackupBuddy <= 8.8.2 – Reflected Cross-Site Scripting

CVE ID: CVE-2022-4897
CVSS Score: 6.1 (Medium)
Researcher/s: WPScanTeam
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7cb428db-b56b-4c21-b119-ca7a1a95181e

Print Invoice & Delivery Notes for WooCommerce <= 4.7.1 – Reflected Cross-Site Scripting

CVE ID: CVE-2023-0479
CVSS Score: 6.1 (Medium)
Researcher/s: dc11
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7ddd27ba-ae65-4bb4-989d-0d677e15077a

Watu Quiz <= 3.3.8 – Authenticated (Admin+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25022
CVSS Score: 4.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/81936c52-feb7-4f10-940d-cfce5963f400

GeoDirectory <= 2.2.23 – Authenticated (Admin+) SQL Injection

CVE ID: CVE-2023-0278
CVSS Score: 7.2 (High)
Researcher/s: Daniel Krohmer, Kunal Sharma
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/81fa4987-d019-4d0c-a002-eceef956161e

Simple History <= 3.3.1 – Authenticated (Subscriber+) CSV Injection

CVE ID: CVE-2022-45350
CVSS Score: 6 (Medium)
Researcher/s: ed32.dll
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8f1e6f04-04d4-4484-86bd-28df6388a953

Real Media Library: Media Library Folder & File Manager <= 4.18.28 – Authenticated (Author+) Stored Cross-Site Scripting

CVE ID: CVE-2023-0253
CVSS Score: 6.4 (Medium)
Researcher/s: Bipul Jaiswal
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/950d71ae-29a1-4b71-b74a-b1a5c9f3326e

Usersnap <= 4.16 – Authenticated (Admin+) Stored Cross Site Scripting

CVE ID: CVE-2022-47607
CVSS Score: 4.4 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9ad00419-e9fa-4f78-b0d9-02cfb412a04d

EmbedStories <= 0.7.4 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

CVE ID: CVE-2023-0372
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a452cb6f-8381-4f23-b808-3473db159894

PHP Execution <= 1.0.0 – Cross Site Request Forgery

CVE ID: CVE-2023-23879
CVSS Score: 8.8 (High)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a4f2112f-d5dc-4045-ac58-3895d6ac7179

ShortPixel Adaptive Images <= 3.6.1 – Reflected Cross-Site Scripting

CVE ID: CVE-2023-0334
CVSS Score: 6.1 (Medium)
Researcher/s: dc11
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/acb8c11f-e175-4361-b016-e1ebc1713be0

Beautiful Cookie Consent Banner <= 2.10.0 – Missing Authorization to Settings Update

CVE ID: CVE Unknown
CVSS Score: 7.3 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/aee6fea2-dbf6-4155-ba3f-f85ea3520504

Real Media Library: Media Library Folder & File Manager <= 4.18.28 – Authenticated (Author+) Stored Cross-Site Scripting

CVE ID: CVE-2023-0285
CVSS Score: 6.4 (Medium)
Researcher/s: Bipul Jaiswal
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b62eb8a9-60a1-4b07-8b56-09a08543d370

Formidable Form Builder <= 5.5.6 – Cross-Site Request Forgery

CVE ID: CVE Unknown
CVSS Score: 7.1 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b647a6c5-3710-43ec-bf31-87b5a26d54b3

Robo Gallery Plugin <= 3.2.11 – Cross-Site Request Forgery

CVE ID: CVE-2023-24414
CVSS Score: 4.3 (Medium)
Researcher/s: thiennv
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ba5cca24-514b-4f8b-911f-8d138287fce2

VK All in One Expansion Unit <= 9.85.0.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

CVE ID: CVE-2023-0230
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c1f10e67-d301-46ba-b92e-432819cb9606

We’re Open! <= 1.45 – Cross-Site Request Forgery

CVE ID: CVE-2023-25067
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c2e0a227-670d-40d8-ba82-6602ab57bc4a

Opening Hours <= 2.3.0 – Authenticated (Admin+) Stored Cross-Site Scripting

CVE ID: CVE Unknown
CVSS Score: 5.5 (Medium)
Researcher/s: Unknown
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cfc59e3d-13c6-4051-8a1a-d109ea06b10b

Multi Rating <= 5.0.5 – Cross Site Request Forgery

CVE ID: CVE-2022-47443
CVSS Score: 5.4 (Medium)
Researcher/s: rezaduty
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d0dcf95e-1540-48ed-a4a2-f803d67ea141

Podlove Podcast Publisher <= 3.8.2 – Authenticated (Admin+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25046
CVSS Score: 4.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d353d8b7-76a5-45ce-aa7c-d571dedcbfd4

1003 Mortgage Application <= 1.73 – Authenticated (Subscriber+) Arbitrary File Download

CVE ID: CVE-2022-45368
CVSS Score: 7.1 (High)
Researcher/s: Rodrigo Escobar
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d5d77105-19a8-40eb-8a9c-aa519a757a8d

Donation Block For PayPal <= 2.0.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

CVE ID: CVE-2023-0535
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d5e60125-35e2-4d6d-8ea7-078df0b9e55f

Easy Digital Downloads <= 3.1.0.4 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

CVE ID: CVE-2023-0380
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/da94a7dc-f666-44fd-9f76-e610cbd2b610

PrivateContent <= 8.4.3 – Protection Mechanism Bypass

CVE ID: CVE-2023-0581
CVSS Score: 5.3 (Medium)
Researcher/s: Riccardo Granata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/de73304e-7a28-4304-b1ed-2f6dd7738236

0mk Shortener <= 0.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2022-45361
CVSS Score: 5.5 (Medium)
Researcher/s: Rodrigo Escobar
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/de9f3b83-4575-4566-9731-0af9107c7c30

Jobs for WordPress <= 2.5.10.2 – Authenticated (Author+) Cross Site Scripting

CVE ID: CVE-2022-44743
CVSS Score: 6.4 (Medium)
Researcher/s: thiennv
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e730114e-bbe1-4385-84cc-a5484acc9da7

Arigato Autoresponder and Newsletter <= 2.1.7.1 – Authenticated (Admin+) Stored Cross-Site Scripting

CVE ID: CVE-2023-0543
CVSS Score: 4.4 (Medium)
Researcher/s: Felipe Restrepo Rodriguez, Joaquin Pochat y Gabriel Calle
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f4dbab86-926d-4438-8310-19373c9bdd99

GS Filterable Portfolio <= 1.6.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

CVE ID: CVE-2023-0540
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f531489b-a87d-41e7-a988-8b29840047ec

GS Portfolio for Envato <= 1.3.8 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

CVE ID: CVE-2023-0559
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f6816cb4-0fad-417a-a980-d35a734bce13

Kraken.io Image Optimizer <= 2.6.8 – Missing Authorization to Authenticated (Subscriber+) Plugin Options Update

CVE ID: CVE-2023-0619
CVSS Score: 6.5 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f94eabc5-6e3b-46df-9e36-d7d0fad833de

CC Custom Taxonomy <= 1.0.1 – Authenticated (Administrator+) Cross Site Scripting

CVE ID: CVE-2023-25028
CVSS Score: 4.4 (Medium)
Researcher/s: Nithissh S
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/facfa21a-4136-4161-ac39-8b18948ec073

Commenter Emails <= 2.6.1 – Unauthenticated CSV Injection

CVE ID: CVE-2022-45360
CVSS Score: 6.5 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/faffd8e3-b110-4ba3-98c1-22aee7f19586

Similar Posts – Best Related Posts Plugin for WordPress <= 3.1.6 – Authenticated (Admin+) Stored Cross-Site Scripting

CVE ID: CVE-2022-41612
CVSS Score: 4.4 (Medium)
Researcher/s: din
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fb1cf9f1-7b87-4690-80db-0d4b3ccd98f9

GS Products Slider for WooCommerce <= 1.5.8 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

CVE ID: CVE-2023-0492
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ff129569-223d-4d38-9f3a-eb2596214d3a

Auto YouTube Importer <= 1.0.3 – Cross-Site Request Forgery

CVE ID: CVE Unknown
CVSS Score: 5.4 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ff7e7539-6a09-461a-a9a7-33630c396f1a

If you’d like to receive this weekly vulnerability report by email, along with Wordfence Intelligence CE product updates, sign up to the Wordfence Intelligence Community Edition Newsletter by filling out this form below.


Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence Community Edition leaderboard along with being mentioned in our weekly vulnerability report.

Did you enjoy this post? Share it!

Comments

No Comments