Wordfence Intelligence CE Weekly Vulnerability Report (Feb 6, 2023 to Feb 12, 2023)

In case you missed it, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence Community Edition.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Our mission with Wordfence Intelligence Community Edition is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence Community Edition user interface and vulnerability API are completely free to access and utilize both personally and commercially.

Last week, there were 71 vulnerabilities disclosed in WordPress based software that have been added to the Wordfence Intelligence Community Edition Vulnerability Database. You can find those vulnerabilities below.


ImageMagick Engine <= 1.7.5 – Cross-Site Request Forgery to PHAR Deserialization

CVE ID: CVE-2022-3568
CVSS Score: 8.8 (High)
Researcher/s: Rasoul Jahanshahi
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4a2ca2f0-1d4a-4614-86ba-a46e765f4a9f

Plugin for Google Reviews <= 2.2.3 – Authenticated (Subscriber+) SQL Injection

CVE ID: CVE-2022-44580
CVSS Score: 8.8 (High)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/75aa7541-d9d4-4526-9831-238327d0f3ae

GigPress <= 2.3.28 – Authenticated (Subscriber+) SQL Injection

CVE ID: CVE-2023-0381
CVSS Score: 8.8 (High)
Researcher/s: Erwan LR
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cb1dc7e4-a339-4760-9f63-aaa6590bd5e0

Auto Featured Image (Auto Post Thumbnail) <= 3.9.15 – Authenticated (Author+) Arbitrary File Upload

CVE ID: CVE-2023-0477
CVSS Score: 7.2 (High)
Researcher/s: dc11
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/18ff2556-9e20-42f6-a8fb-b81473c42576

My Sticky Elements <= 2.0.8 – Authenticated (Admin+) SQL Injection

CVE ID: CVE-2023-0487
CVSS Score: 7.2 (High)
Researcher/s: qerogram
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2b1933a5-48f3-4707-8e3d-824b60ce2635

Redirection for Contact Form 7 <= 2.7.0 – Authenticated(Editor+) Privilege Escalation

CVE ID: CVE-2023-23990
CVSS Score: 7.2 (High)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/527c344e-870e-4bd9-b111-86cc2821367d

Monolit <= 2.0.6 – Unauthenticated Stored Cross-Site Scripting

CVE ID: CVE-2023-25041
CVSS Score: 7.2 (High)
Researcher/s: FearZzZz
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/60a574c7-47de-4427-8d38-d510ea996f75

Gutenberg Forms <= 2.2.8.3 – Authenticated(Subscriber+) Sensitive Information Disclosure

CVE ID: CVE-2022-45803
CVSS Score: 6.5 (Medium)
Researcher/s: Nguyen Anh Tien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5964dd2a-e388-4454-89f6-aa71e1734d35

Shortcodes Ultimate <= 5.12.6 – Authenticated (Subscriber+) Arbitrary File Read via Shortcode

CVE ID: CVE-2023-25050
CVSS Score: 6.5 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5dad7348-39ba-4163-a5eb-939601645edb

Shortcodes Ultimate <= 5.12.6 – Authenticated (Subscriber+) Server-Side Request Forgery

CVE ID: CVE-2023-25050
CVSS Score: 6.5 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7bb6caf6-5676-49cd-8577-5a41b44b00c0

Cost of Goods for WooCommerce <= 2.8.6 – Missing Authorization in save_costs

CVE ID: CVE-2023-23868
CVSS Score: 6.5 (Medium)
Researcher/s: Cat
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/984ca0d3-26c3-40cf-8e77-2ec1e3b89ce2

Icegram Express <= 5.5.2 – Unauthenticated CSV Injection

CVE ID: CVE-2022-45810
CVSS Score: 6.5 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a8077d07-acaf-40f2-bc0f-e28a44ead94c

Quick Contact Form <= 8.0.3.1 – Cross-Site Request Forgery to Sensitive Information Disclosure

CVE ID: CVE-2023-25035
CVSS Score: 6.5 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b930ddd7-a2a3-4b83-a1a6-ea08bbcb07a3

WP-Optimize <= 3.2.11 – Cross-Site Request Forgery

CVE ID: CVE Unknown
CVSS Score: 6.5 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c3190f9f-8b2f-4251-8804-f386e2c5678f

Cost of Goods for WooCommerce <= 2.8.6 – Cross-Site Request Forgery in save_costs

CVE ID: CVE Unknown
CVSS Score: 6.5 (Medium)
Researcher/s: Cat
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ee50731f-696f-4e9f-a930-05b2b23752de

Scriptless Social Sharing <= 3.2.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Block Options

CVE ID: CVE-2023-0377
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/84c79b0e-01d2-4710-9a02-edceab8db22d

Quick Contact Form <= 8.0.3.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

CVE ID: CVE-2023-23885
CVSS Score: 6.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/90654fac-b9c7-422f-8472-2a7c7fd0de0d

Icegram Collect <= 1.3.8 – Authenticated(Contributor+) Cross-Site Scripting via Shortcode

CVE ID: CVE-2023-25024
CVSS Score: 6.4 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/93920201-fd53-45ad-983a-a2b04b96db77

Interactive Geo Maps <= 1.5.9 – Authenticated (Editor+) Stored Cross-Site Scripting

CVE ID: CVE-2023-0731
CVSS Score: 6.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/95ce515a-377c-49b4-8d1b-7ac22769c759

Quebely <= 1.8.4 – Authenticated (Contributor+) Stored Cross-Site Scripting via 'className' Block Option

CVE ID: CVE-2023-0376
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/991aefb4-2e6b-48e6-bd19-98b21a57f6db

Visualizer <= 3.9.1 – Authenticated(Contributor+) Stored Cross-Site Scripting

CVE ID: CVE-2022-46848
CVSS Score: 6.4 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d32ceb67-8ad1-4f59-b4a8-63c9c3e8b90c

Shortcodes Ultimate <= 5.12.6 – Authenticated (Contributor+) Stored Cross Site Scripting

CVE ID: CVE-2023-25040
CVSS Score: 6.4 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d449466d-e78a-48a3-8eff-90b56646dd6b

WordPress Comments Import & Export <= 2.3.1 – CSV Injection

CVE ID: CVE-2022-45370
CVSS Score: 6.1 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5196a9f2-177d-48e1-b0dc-72e0727132d6

Pie Register <= 3.8.2.2 – Open Redirect

CVE ID: CVE-2023-0552
CVSS Score: 6.1 (Medium)
Researcher/s: Omar Amin
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8bbcbefa-f38d-4752-acca-3545976cc59f

微信机器人高级版 <= 6.0.1 – Reflectedite Scripting

CVE ID: CVE-2022-45837
CVSS Score: 6.1 (Medium)
Researcher/s: minhtuanact
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9d2a238f-7192-49f0-be2e-3a35fca651d9

Link Juice Keeper <= 2.0.2 – Authenticated(Admin+) Stored Cross-Site Scripting

CVE ID: CVE Unknown
CVSS Score: 5.5 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/06511129-fb43-4ac1-9f5d-c637c9577293

Chained Quiz <= 1.3.2.5 – Authenticated(Admin+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25027
CVSS Score: 5.5 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/68ec28e8-345c-4017-ab0d-04ac4facd60c

Quick Paypal Payments <= 5.7.25 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE Unknown
CVSS Score: 5.5 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/99e61ed1-df56-4e95-b4f9-3027ee7b7793

Arigato Autoresponder and Newsletter <= 2.7.1 – Authenticated(Admin+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25031
CVSS Score: 5.5 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b1db421d-d935-4441-ae5e-cc01123e80e8

Wicked Folders <= 2.18.16 – Cross-Site Request Forgery via ajax_add_folder

CVE ID: CVE-2023-0724
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/08c0ea6c-7e2f-482f-b30c-0e3bcd992159

0mk Shortener <= 0.2 – Cross-Site Request Forgery to Stored Cross-Site Scripting

CVE ID: CVE-2022-2933
CVSS Score: 5.4 (Medium)
Researcher/s: Juampa Rodríguez
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3b798c64-3434-427d-b578-5abbdac8cd0e

Wicked Folders <= 2.18.16 – Missing Authorization on ajax_move_object

CVE ID: CVE-2023-0712
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0be428ae-40ae-4cc0-82ad-d121b6d2d27e

Wicked Folders <= 2.18.16 – Cross-Site Request Forgery via ajax_save_state

CVE ID: CVE-2023-0722
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/261a1bf0-a147-48c8-878e-f9b725ac74d8

Wicked Folders <= 2.18.16 – Missing Authorization on ajax_add_folder

CVE ID: CVE-2023-0713
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2764b360-228d-48c1-8a29-d3764e532799

Wicked Folders <= 2.18.16 – Missing Authorization via ajax_unassign_folders

CVE ID: CVE-2023-0684
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/29358ea9-21b7-4294-8fc9-0d38e689cf53

Wicked Folders <= 2.18.16 – Missing Authorization on ajax_save_folder

CVE ID: CVE-2023-0718
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2c26d6de-5653-4be8-9526-39b30cb61625

Wicked Folders <= 2.18.16 – Missing Authorization via ajax_delete_folder

CVE ID: CVE-2023-0717
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/35fb658f-6ffa-4df7-bfcd-25307d89fc26

Wicked Folders <= 2.18.16 – Missing Authorization on ajax_edit_folder

CVE ID: CVE-2023-0716
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3ad60a11-e307-4ec9-9099-091a87ff1d3b

Wicked Folders <= 2.18.16 – Cross-Site Request Forgery via ajax_save_folder_order

CVE ID: CVE-2023-0730
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4104f69f-b185-498a-aabf-2126ffb94ab3

Wicked Folders <= 2.18.16 – Cross-Site Request Forgery on ajax_save_folder

CVE ID: CVE-2023-0728
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/43b43802-f301-4748-98b9-eea78a249355

Wicked Folders <= 2.18.16 – Cross-Site Request Forgery via ajax_edit_folder

CVE ID: CVE-2023-0726
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/51b88442-3961-42e2-8ff4-7726819a7f0f

Wicked Folders <= 2.18.16 – Cross-Site Request Forgery via ajax_delete_folder

CVE ID: CVE-2023-0727
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/62b56928-7125-4211-b233-07b5b51881c1

Auto Affiliate Links <= 6.2.1.5 – Authenticated(Subscriber+) Plugin Settings Change

CVE ID: CVE-2022-45840
CVSS Score: 5.4 (Medium)
Researcher/s: Nguyen Anh Tien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7f787c75-7b27-4256-ac0c-abc2988ea7c8

Wicked Folders <= 2.18.16 – Cross-Site Request Forgery via ajax_clone_folder

CVE ID: CVE-2023-0725
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/80797183-c69f-4dce-a2e0-52a395ceffaa

Wicked Folders <= 2.18.16 – Missing Authorization on ajax_save_folder_order

CVE ID: CVE-2023-0720
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8d392d0b-f286-44da-aa32-a08d0279baed

Wicked Folders <= 2.18.16 – Missing Authorization on ajax_save_sort_order

CVE ID: CVE-2023-0719
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9b26604b-2423-4130-b0ef-8f63a392c760

Wicked Folders <= 2.18.16 – Cross-Site Request Forgery via ajax_save_sort_order

CVE ID: CVE-2023-0729
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ae8dbf54-ea62-4901-b34f-079b708ca0b5

Wicked Folders <= 2.18.16 – Missing Authorization on ajax_clone_folder

CVE ID: CVE-2023-0715
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c3728280-3487-4cb2-8e37-f33811bc0a22

WPCode <= 2.0.6 – Missing Authorization to Sensitive Key Disclosure/Update

CVE ID: CVE-2023-0328
CVSS Score: 5.4 (Medium)
Researcher/s: Sanjay Das
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c4b1cae3-dc08-43b1-9a20-62b7263efeba

Quiz And Survey Master <= 8.0.8 – Cross-Site Request Forgery to Arbitrary Media Deletion

CVE ID: CVE-2023-0292
CVSS Score: 5.4 (Medium)
Researcher/s: Julien Ahrens
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c75e6d27-7f6b-4bec-b653-c2024504f427

Wicked Folders <= 2.18.16 – Missing Authorization via ajax_save_state

CVE ID: CVE-2023-0711
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d1c43e93-69a3-407e-860e-ab25af5d7177

ShopLentor <= 2.5.1 – Cross-Site Request Forgery to Post Updates

CVE ID: CVE-2022-46798
CVSS Score: 5.4 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/db952443-2588-4da0-87d8-5bd2d3be039c

Wicked Folders <= 2.18.16 – Cross-Site Request Forgery on ajax_move_object

CVE ID: CVE-2023-0723
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dc01108f-e781-484b-997a-c1d4e218a3f4

Wicked Folders <= 2.18.16 – Cross-Site Request Forgery via ajax_unassign_folders

CVE ID: CVE-2023-0685
CVSS Score: 5.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e52b27fa-10e8-43d0-be29-774c2f5487ae

CURCY <= 2.1.25 – Missing Authorization to Currency Exchange Retrieval

CVE ID: CVE-2022-46796
CVSS Score: 5.3 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ca24aa2f-5d31-4128-af75-68bd24637ee7

Vulnerability: eCommerce Product Catalog plugin for WordPress <= 3.3.4 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25049
CVSS Score: 4.4 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/46db2d07-66a6-4d9e-b0fd-ddf6119ba5be

Under Construction <= 3.96 – Cross-Site Request Forgery via admin_action_ucp_dismiss_notice

CVE ID: CVE-2023-0831
CVSS Score: 4.3 (Medium)
Researcher/s: Ramuel Gall, Alex Thomas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/031a1203-6b0d-453b-be8a-12e7f55cb401

Booking Calendar Contact Form <= 1.2.34 – Missing Authorization to Authenticated (Subscriber+) Feedback Form Submission

CVE ID: CVE-2023-25037
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0563d2f0-fb29-4030-8d01-c257dda78241

Booking Calendar Contact Form <= 1.2.34 – Cross-Site Request Forgery via cpdexbccf_feedback

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/09932277-8af3-4790-96f0-fe5af0a0ed29

Podlove Podcast Publisher <= 3.8.3 – Cross-Site Request Forgery

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/17f2b07d-82de-4e25-9b17-ef4a1132e6c0

A2 Optimized WP <= 3.0.4 – Cross Site Request Forgery

CVE ID: CVE-2023-23711
CVSS Score: 4.3 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/463fdbde-1d98-4f52-b835-cba1ae567f4f

Under Construction <= 3.96 – Cross-Site Request Forgery via admin_action_install_weglot

CVE ID: CVE-2023-0832
CVSS Score: 4.3 (Medium)
Researcher/s: Ramuel Gall, Alex Thomas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4fa84388-3597-4a54-9ae8-d6e04afe9061

Void Contact Form 7 Widget For Elementor Page Builder <= 2.1.1 – Cross-Site Request Forgery in void_cf7_opt_in_user_data_track

CVE ID: CVE-2022-47166
CVSS Score: 4.3 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/56a2084c-5120-4115-a027-625900d23ebc

Ajax Search Lite <= 4.10.3 – Missing Authorization leading to Authenticated (Subscriber+) Sensitive Information Disclosure

CVE ID: CVE-2022-38456
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5f2c157b-cd5a-459d-8e26-859e686148dc

Google Maps CP <= 1.0.43 – Cross-Site Request Forgery via feedback_action

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a4aed6ba-23a2-46b6-b7e1-7b7e462b1f5b

All-in-one Google Analytics, Pixels and Product Feed Manager for WooCommerce <= 5.2.3 – Cross-Site Request Forgery

CVE ID: CVE-2022-46797
CVSS Score: 4.3 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/aae70da2-fcd8-4e33-8f38-5e19e0c14733

PayPal Brasil para WooCommerce <= 1.4.2 – Cross-Site Request Forgery

CVE ID: CVE-2023-25026
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b4a44a8a-740b-45dd-962c-945238f6ddee

Google Maps CP <= 1.0.43 – Missing Authorization to Authenticated (Subscriber+) Feedback Form Submission

CVE ID: CVE-2023-25039
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bc9a2639-cec8-408e-9ba2-ffb6c8c7da21

Mercado Pago payments for WooCommerce <= 6.3.1 – Cross-Site Request Forgery

CVE ID: CVE-2022-45068
CVSS Score: 4.3 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ce30649a-c1a0-42d5-b2e7-1ebe7989efa3

Album and Image Gallery plus Lightbox <= 1.6.2 – Cross-Site Request Forgery

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/df1a3425-b1d7-4914-ab19-c215d4e845ea

ColorWay <= 4.2.3 – Cross Site Request Forgery

CVE ID: CVE-2023-25447
CVSS Score: 4.3 (Medium)
Researcher/s: Dave Jong
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ecfa530c-a164-4215-b68a-7be81be3fd48

If you’d like to receive this weekly vulnerability report by email, along with Wordfence Intelligence CE product updates, sign up to the Wordfence Intelligence Community Edition Newsletter by filling out this form below.


Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence Community Edition leaderboard along with being mentioned in our weekly vulnerability report.

Did you enjoy this post? Share it!

Comments

No Comments