Wordfence Intelligence Weekly WordPress Vulnerability Report (Feb 27, 2023 to Mar 5, 2023)

Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface and vulnerability API are completely free to access and utilize both personally and commercially.

Last week, there were 117 vulnerabilities disclosed in WordPress based software that have been added to the Wordfence Intelligence Vulnerability Database, and there were 30 Vulnerability Researchers that contributed to WordPress Security last week. You can find those vulnerabilities below along with some data about the vulnerabilities that were added.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.


Total Unpatched & Patched Vulnerabilities Last Week

Patch Status Number of Vulnerabilities
Unpatched 44
Patched 73

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating Number of Vulnerabilities
Low Severity 1
Medium Severity 104
High Severity 10
Critical Severity 2

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE Number of Vulnerabilities
Cross-Site Request Forgery (CSRF) 53
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 34
Missing Authorization 16
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) 2
Information Exposure 2
Authorization Bypass Through User-Controlled Key 2
Server-Side Request Forgery (SSRF) 2
Incorrect Privilege Assignment 1
Unrestricted Upload of File with Dangerous Type 1
Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’) 1
Protection Mechanism Failure 1
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) 1
Improper Validation of Integrity Check Value 1

Researchers That Contributed to WordPress Security Last Week

Researcher Name Number of Vulnerabilities
Lana Codes 27
Rio Darmawan 20
Mika 13
Dave Jong 6
FearZzZz 4
Erwan LR 4
yuyudhn 4
WPScanTeam 3
Prasanna V Balaji 3
Marco Wotschka 3
Rafie Muhammad 3
TEAM WEBoB of BoB 11th 2
Abdi Pranata 2
Muhammad Daffa 2
Nguyen Xuan Chien 2
Marc-Alexandre Montpas 1
TaeEun Lee 1
Pounraj Chinnasamy 1
Jarko Piironen 1
dc11 1
rezaduty 1
Mohammed El Amin, Chemouri 1
Universe 1
Alex Sanford 1
Vaibhav Rajput 1
MyungJu Kim 1
Mahesh Nagabhairava 1
Leonidas Milosis 1
Shreya Pohekar 1
Nguyen Thuc Tuyen 1

 

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.


Vulnerability Details

Houzez <= 2.7.1 – Privilege Escalation

CVE ID: CVE-2023-26540
CVSS Score: 9.8 (Critical)
Researcher/s: Dave Jong
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0578f4d1-5953-4fbe-8bc3-0569bee57a1a

Debug Assistant <= 1.4 – Cross-Site Request Forgery via imlt_create_admin

CVE ID: CVE-2023-26516
CVSS Score: 8.8 (High)
Researcher/s: Prasanna V Balaji
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/429ce9e6-e51b-4f1e-8e26-f679b08d68d3

OceanWP <= 3.4.1 – Authenticated (Subscriber+) Local File Inclusion

CVE ID: CVE-2023-23700
CVSS Score: 8.8 (High)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7fa57b92-3a3e-418c-bfc2-7ed2602004e4

ProfileGrid <= 5.3.0 – Missing Authorization to Arbitrary Password Reset

CVE ID: CVE-2023-0940
CVSS Score: 8.8 (High)
Researcher/s: dc11
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/58cf6e80-63dd-42dc-9c4a-7b5c092bc4cb

CSSTidy – Server-Side Request Forgery

CVE ID: CVE-2022-40700
CVSS Score: 8.3 (High)
Researcher/s: Dave Jong
Patch Status: Unpatched/Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fb534d86-c477-4a9c-b048-2fbc002168b2

Gallery Blocks with Lightbox <= 3.0.7 – Missing Authorization in pgc_sgb_add_dashboard_widget

CVE ID: CVE Unknown
CVSS Score: 8.1 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7561bce2-bd70-4da3-bbf0-318e59cd1852

Paid Memberships Pro <= 2.9.11 – Authenticated (Subscriber+) SQL Injection via Shortcodes

CVE ID: CVE-2023-0631
CVSS Score: 7.7 (High)
Researcher/s: Marc-Alexandre Montpas
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/103a7e7b-74bb-4691-8670-c66ed2144596

Types <= 3.4.17 – Unauthenticated (Administrator+) Arbitrary File Upload

CVE ID: CVE-2023-27440
CVSS Score: 7.2 (High)
Researcher/s: Dave Jong
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/09ec4633-7639-4d46-8070-9fc6909bc610

Leyka <= 3.29.2 – Unauthenticated Stored Cross-Site Scripting

CVE ID: CVE-2023-27450
CVSS Score: 7.2 (High)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3afbfa7c-a87f-4810-9356-374923ff2314

Dokan <= 3.7.12 – Authenticated (Vendor+) SQL Injection

CVE ID: CVE-2023-26525
CVSS Score: 7.2 (High)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b4967c95-8eb6-4c9b-ae6e-082dbc6af7f5

LWS Tools <= 2.3.1 – Cross-Site Request Forgery

CVE ID: CVE-2023-27453
CVSS Score: 7.1 (High)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2dabb790-4f5e-447a-ad65-3f62ac7f6176

Manage Upload Limit <= 1.0.4 – Reflected Cross-Site Scripting via upload_limit

CVE ID: CVE-2023-27432
CVSS Score: 7.1 (High)
Researcher/s: Mahesh Nagabhairava
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9b90bf09-639c-497c-a58e-3972250db1e4

Woodmart <= 7.1.1 – Cross-Site Request Forgery to License Update

CVE ID: CVE Unknown
CVSS Score: 6.5 (Medium)
Researcher/s: FearZzZz
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/02fde6b1-d709-4329-ae9c-fea444c1aec8

Shortcodes Ultimate <= 5.12.7 – Authenticated (Subscriber+) Information Exposure

CVE ID: CVE-2023-0911
CVSS Score: 6.5 (Medium)
Researcher/s: Erwan LR
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/144895c9-5800-435e-9f75-a8de17ca2d93

WoodMart <= 7.1.1 – Missing Authorization to Shortcode Injection

CVE ID: CVE-2023-25790
CVSS Score: 6.5 (Medium)
Researcher/s: FearZzZz
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/73017e92-d95e-4b9c-a44a-779b498f58b7

Sales Report Email for WooCommerce <= 2.8 – Missing Authorization for Email Functionality

CVE ID: CVE-2022-38141
CVSS Score: 6.5 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f8befbf2-0d9d-4d0e-87de-0f1b26c0acd0

Smart Slider 3 <= 3.5.1.13 – Authenticated (Contributor+) Stored Cross-Site Scripting

CVE ID: CVE-2023-0660
CVSS Score: 6.4 (Medium)
Researcher/s: Erwan LR
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0191e5b0-b669-439b-8ad4-9f860e6ee637

Simple Vimeo Shortcode <= 2.9.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

CVE ID: CVE-2023-27443
CVSS Score: 6.4 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/66edd8e5-1d5e-425d-a4f4-5359683c1e36

Cost Calculator <= 1.8 – Authenticated (Contributor+) Stored Cross-Site Scripting

CVE ID: CVE-2023-1155
CVSS Score: 6.4 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/750be90d-dc12-4974-8921-75259d56c7b3

menu shortcode <= 1.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

CVE ID: CVE-2023-0395
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9150a7d9-d792-4bb6-9d33-5892f9cdfd1e

WordPress Infinite Scroll – Ajax Load More <= 5.6.0.2 – Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode

CVE ID: CVE-2022-4466
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9595fa45-6b00-4ee0-89aa-a236dbf82423

Cookie Notice & Compliance for GDPR / CCPA <= 2.4.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via shortcodes

CVE ID: CVE-2023-24400
CVSS Score: 6.4 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/95acec2a-ba1b-4b61-a4d6-3b0250a32835

Yoast SEO <= 20.2 – Authenticated (Contributor+) Cross-Site Scripting

CVE ID: CVE Unknown
CVSS Score: 6.4 (Medium)
Researcher/s: Leonidas Milosis
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c0e58807-bccc-469f-82c3-a4bbf088a626

NEX-Forms – Ultimate Form Builder <= 8.3 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

CVE ID: CVE-2023-0272
CVSS Score: 6.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/fd817fe9-b7be-4252-877a-e9843d62a0a9

Real Estate 7 <= 3.3.4 – Reflected Cross-Site Scripting via ct_additional_features

CVE ID: CVE Unknown
CVSS Score: 6.1 (Medium)
Researcher/s: FearZzZz
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/157b3095-b662-465e-a975-5b71b5d4ba2a

Watu Quiz <= 3.3.9 – Reflected Cross-Site Scripting

CVE ID: CVE-2023-0968
CVSS Score: 6.1 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6341bdcc-c99f-40c3-81c4-ad90ff19f802

Darcie <= 1.1.5 – Reflected Cross-Site Scripting via JS split

CVE ID: CVE-2023-25961
CVSS Score: 6.1 (Medium)
Researcher/s: MyungJu Kim
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/83d162f9-32a9-4d03-845e-6fc9b8574fb5

GN Publisher <= 1.5.5 – Reflected Cross-Site Scripting

CVE ID: CVE-2023-1080
CVSS Score: 6.1 (Medium)
Researcher/s: Marco Wotschka
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8a4ee97c-63cd-4a5e-a112-6d4c4c627a57

Easy Testimonial Slider and Form <= 1.0.15 – Unauthenticated Reflected Cross-Site Scripting via search_term

CVE ID: CVE-2022-46799
CVSS Score: 6.1 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a6b16ffe-1c65-49d3-9e30-407bc75d7d49

GTmetrix for WordPress <= 0.4.5 – Reflected Cross-Site Scripting via ‘url’

CVE ID: CVE-2023-23677
CVSS Score: 6.1 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dcdf22be-8af4-4596-b138-67ebfd04c06d

Cart Lift – Abandoned Cart Recovery for WooCommerce and EDD <= 3.1.5 – Reflected Cross-Site Scripting via cart_search

CVE ID: CVE-2022-47449
CVSS Score: 6.1 (Medium)
Researcher/s: TEAM WEBoB of BoB 11th
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/eebe1bf7-0366-4226-bcbc-027186136008

Real Estate 7 <= 3.3.4 – Cross-Site Request Forgery

CVE ID: CVE Unknown
CVSS Score: 5.4 (Medium)
Researcher/s: FearZzZz
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/007af51b-95b5-4b12-9f74-abf31f6de341

Instant Images <= 5.1.0.1 – Authenticated (Author+) Server-Side Request Forgery via instant_images_download

CVE ID: CVE-2023-27451
CVSS Score: 5.4 (Medium)
Researcher/s: Universe
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6a50e142-59f4-488b-8120-5bf505a9039d

Leyka <= 3.29.2 – Cross-Site Request Forgery

CVE ID: CVE-2023-27442
CVSS Score: 5.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a1ab02c0-e083-4f0e-b6d4-1a10ade2c688

Rife Elementor Extensions & Templates <= 1.1.10 – Missing Authorization via import_templates

CVE ID: CVE-2023-27454
CVSS Score: 5.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ee520664-0c1f-4af0-8cdf-a33c1dfaaca7

Sheets To WP Table Live Sync <= 2.12.15 – Cross-Site Request Forgery

CVE ID: CVE-2023-26535
CVSS Score: 5.4 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f70221e6-59a4-4151-9688-f06e194f51ac

Advanced Text Widget <= 2.1.2 – Missing Authorization via atw_dismiss_admin_notice

CVE ID: CVE-2023-26520
CVSS Score: 5.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3fe1313c-1368-4bcb-9d11-25b948da5547

WP SMS <= 6.0.4 – Information Disclosure via REST API

CVE ID: CVE-2023-27447
CVSS Score: 5.3 (Medium)
Researcher/s: Jarko Piironen
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/57377380-0435-4747-abba-50063978d8e1

Metform Elementor Contact Form Builder <= 3.2.1 – reCaptcha Protection Bypass

CVE ID: CVE-2023-0085
CVSS Score: 5.3 (Medium)
Researcher/s: Mohammed El Amin, Chemouri
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/69527d4b-49b6-47cd-93b6-39350f881ec9

Event Espresso 4 Decaf <= 4.10.44.decaf – Feature Bypass

CVE ID: CVE-2023-27437
CVSS Score: 5.3 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d55f10f3-5484-4b90-80da-3d91f409fe04

WP Repost <= 0.1 – Missing Authorization

CVE ID: CVE-2023-26522
CVSS Score: 5.3 (Medium)
Researcher/s: Prasanna V Balaji
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dbf0f614-e5e9-486c-a0dd-cd494708a2a8

Simple CSV/XLS Exporter <= 1.5.8 – CSV Injection

CVE ID: CVE-2022-42882
CVSS Score: 5.1 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/219614b7-2394-490c-baf4-14a12249c4b5

Advanced Text Widget <= 2.1.2 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-26539
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1f622e20-2f7e-44ed-8237-fbf25323d2ce

Jetpack CRM <= 5.4.4 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-27429
CVSS Score: 4.4 (Medium)
Researcher/s: TEAM WEBoB of BoB 11th
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/20b3cd2a-ee32-49e0-8281-16afb8e42448

We’re Open! <= 1.46 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25964
CVSS Score: 4.4 (Medium)
Researcher/s: TaeEun Lee
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2a5c6b05-6e28-40be-80cb-9f95241a4fc6

WP Repost <= 0.1 – Authenticated (Administrator+) Stored Cross-Site Scritping

CVE ID: CVE-2023-26534
CVSS Score: 4.4 (Medium)
Researcher/s: Pounraj Chinnasamy
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/438689aa-3b85-4dd7-ac3e-a37906efd79c

Button Generator – easily Button Builder <= 2.3.3 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-27452
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4ac9262a-96a6-439a-a2b0-a05f24654d06

Dashboard Widgets Suite <= 3.2.1 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-26517
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/503a44ed-25c2-4178-aeec-756c5b533e04

Publish to Schedule <= 4.5.4 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-26519
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7e2014bd-2809-4f79-913d-d7a35eda63ef

Namaste! LMS <= 2.5.9.9 – Authenticated (Administrator+) Stored Cross-Site Scripting via ‘accept_other_payment_methods’, ‘other_payment_methods’ Parameters

CVE ID: CVE-2023-0844
CVSS Score: 4.4 (Medium)
Researcher/s: Alex Sanford
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7ef23b03-8452-4730-860c-2c2ef1686202

FareHarbor for WordPress <= 3.6.6 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25021
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8b40165b-17e3-4b87-8d0d-90d60ba4bf81

CPO Content Types <= 1.1.0 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-25451
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9d0b1e05-0e28-4cf5-a278-ea91b6c9d253

WP No External Links <= 1.0.2 – Authenticated (Administrator+) Stored Cross-Site Scritping

CVE ID: CVE-2023-26537
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b8e3a111-6327-47a0-becd-d7e2d9166118

Simple File List <= 6.0.9 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-1025
CVSS Score: 4.4 (Medium)
Researcher/s: Shreya Pohekar
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c3f0032e-a6f4-47f5-b3eb-6f1c9bf9670c

New Adman <= 1.6.8 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-27439
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d862e8e6-ecf6-41f5-8f40-1225ecec7e1f

Simple Slug Translate <= 2.7.2 – Authenticated (Administrator+) Stored Cross-Site Scritping

CVE ID: CVE-2023-26515
CVSS Score: 4.4 (Medium)
Researcher/s: yuyudhn
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dc19313b-f9d0-4a92-8e33-d632d8a478df

JCH Optimize <= 3.2.2 – Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings

CVE ID: CVE-2023-25491
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f04c83b9-33a0-4f4b-afc4-929d40c2ef67

Debug Assistant <= 1.4 – Authenticated (Administrator+) Stored Cross-Site Scripting

CVE ID: CVE-2023-26527
CVSS Score: 4.4 (Medium)
Researcher/s: Prasanna V Balaji
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f4421782-8a7a-4bca-8c5a-7152dfafe902

Maspik – Spam blacklist <= 0.7.8 – Cross-Site Request Forgery

CVE ID: CVE-2023-24008
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0206aead-d146-453d-99ed-3870f7dfdae9

WpStream – Live Streaming, Video on Demand, Pay Per View <= 4.4.10 – Cross-Site Request Forgery via wpstream_settings

CVE ID: CVE-2023-27458
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0219851f-7fce-42e0-ba82-77af84b17d9f

WP Time Slots Booking Form <= 1.1.76 – Cross-Site Request Forgery to Feedback Submission

CVE ID: CVE-2022-41790
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/032f3363-83c0-4548-81f0-724a71931add

Download Read More Excerpt Link <= 1.6.0 – Cross-Site Request Forgery to Settings Update

CVE ID: CVE-2023-1068
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0359434b-9d88-4a40-8e9f-ec354c8de816

CP Contact Form with Paypal <= 1.3.34 – Authenticated Feedback Submission

CVE ID: CVE-2023-27460
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1ba56d68-e104-4a79-b5b4-627f9617043b

WP Google Tag Manager <= 1.1 – Cross-Site Request Forgery

CVE ID: CVE-2023-22693
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1cb265d8-eb18-42ee-9141-2fe81c0c4585

DeepL Pro API translation <= 2.1.4 – Cross-Site Request Forgery via saveSettings

CVE ID: CVE-2023-27446
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1fc58078-7520-4ee7-b5a1-d6a362ac1860

Search in Place <= 1.0.104 – Missing Authorization to Feedback Submission

CVE ID: CVE-2023-26521
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/28ca150a-443f-4b99-8c15-491bd9f1cee3

WP Meteor Page Speed Optimization Topping <= 3.1.4 -Missing Authorization to Notice Dismissal

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2b335807-f4d1-43b3-9e1b-2215eb00a3f8

Preview Link Generator <= 1.0.3 – Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-1086
CVSS Score: 4.3 (Medium)
Researcher/s: WPScanTeam
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2b6b4953-a264-4668-9cc3-1578109f6592

Blog Floating Button <= 1.4.12 – Cross-Site Request Forgery

CVE ID: CVE-2023-27445
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2ba56b4c-0573-4911-97a4-a51e867daa75

Free WooCommerce Theme 99fy Extension <= 1.2.7 – Cross-Site Request Forgery leading to Arbitrary Plugin Activation

CVE ID: CVE-2023-0503
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2e215a5c-7a01-4a1d-b051-3abf742bf573

Shortcodes Ultimate <= 5.12.7 – Authenticated (Subscriber+) Arbitrary Post Access via Shortcode

CVE ID: CVE-2023-0890
CVSS Score: 4.3 (Medium)
Researcher/s: Erwan LR
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2eddfe94-7232-4d3d-9f3a-f53fc476a012

WP Insurance – WordPress Insurance Service Plugin <= 2.1.3 – Cross-Site Request Forgery leading to Arbitrary Plugin Activation

CVE ID: CVE-2023-0501
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/37264b0f-b021-41f8-a72d-3ee0d06b19a8

WC Sales Notification <= 1.2.2 – Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-1087
CVSS Score: 4.3 (Medium)
Researcher/s: WPScanTeam
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/43fc71bb-87ba-4cf9-ae4d-1cba7bd84806

WP Meteor Page Speed Optimization Topping <= 3.1.4 – Cross-Site Request Forgery via processAjaxNoticeDismiss

CVE ID: CVE-2023-26543
CVSS Score: 4.3 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4d246a99-fd92-4132-9576-efa065a58f59

HT Portfolio <= 1.1.4 – Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-0497
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4ed63724-c21f-4b0e-b595-e824d3519b21

Add Expires Headers & Optimized Minify <= 2.7 – Cross-Site Request Forgery via [placeholder]

CVE ID: CVE-2023-27457
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/55e6a968-153e-4d4c-a7be-65650a0c9bc1

HT Politic <= 2.3.7 – Cross-Site Request Forgery leading to Arbitrary Plugin Activation

CVE ID: CVE-2023-0504
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5b127a47-d22f-47b5-92a8-440a5892a181

DecaLog <= 3.7.0 – Cross-Site Request Forgery via get_settings_page

CVE ID: CVE-2023-27444
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5de953ee-8a01-4372-a376-74a4cff674ce

WP Plugin Manager <= 1.1.7 – Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-1088
CVSS Score: 4.3 (Medium)
Researcher/s: WPScanTeam
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/623decc5-bdb7-42c9-8531-8004ddc16682

About Me 3000 widget <= 2.2.6 – Cross-Site Request Forgery to Plugin Settings Update

CVE ID: CVE-2023-25474
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/62c1b5ce-cd58-4805-9a40-1af529604406

ClickFunnels <= 3.1.1 – Cross-Site Request Forgery to Settings Update

CVE ID: CVE-2022-47152
CVSS Score: 4.3 (Medium)
Researcher/s: rezaduty
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/65581fa6-110f-4ae3-a903-dbf649b44417

Fontiran <= 2.1 – Cross-Site Request Forgery

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/701bf711-d692-4eb1-8459-befa62264b97

Ever Compare <= 1.2.3 – Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-0505
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/702aa972-7b74-4417-8d33-a26c3831934f

WP TFeed <= 1.6.9 – Cross-Site Request Forgery via aptf_delete_cache

CVE ID: CVE-2023-26518
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/73986641-b3a4-438d-90ae-6ff0f6f73f01

Resize at Upload Plus <= 1.3 – Cross-Site Request Forgery

CVE ID: CVE-2023-25467
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/76af3f0a-2e35-4059-960c-09769459bc01

WP Social Bookmarking Light <= 2.0.7 – Cross-Site Request Forgery

CVE ID: CVE-2023-25029
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7997ae20-88d2-4e12-87a0-a6e83808a495

Total Poll Lite <= 4.8.6 – Cross-Site Request Forgery

CVE ID: CVE-2023-27449
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/7e3ae5e7-1f41-48cd-8aea-698e3b00066c

HT Slider For Elementor <= 1.3.9 – Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-0495
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/81258fcc-18cc-4614-a644-5cfb004d019b

When Last Login <= 1.2.1 – Cross-Site Request Forgery via wll_hide_subscription_notice

CVE ID: CVE-2023-27461
CVSS Score: 4.3 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/81638472-b635-4100-8fb9-3daf35fa172e

HT Event <= 1.4.5 – Cross-Site Request Forgery leading to Arbitrary Plugin Activation

CVE ID: CVE-2023-0496
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8b14c07b-23bb-4a14-8018-fa2462383b35

WP Time Slots Booking Form <= 1.1.76 – Missing Authorization to Feedback Submission

CVE ID: CVE-2022-41790
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8c732b0e-9898-48f2-99b2-068f31532b17

WP Clean Up <= 1.2.3 – Cross-Site Request Forgery via wp_clean_up_optimize

CVE ID: CVE-2023-25034
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8f342fb7-8f52-43d9-a887-1cf1fffa6ec6

WP Shamsi <= 4.3.3 – Missing Authorization leading to Authenticated (Subscriber+) Attachment Deletion

CVE ID: CVE-2023-0335
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8fc88821-b2be-49a5-a2cf-53e87d0349a2

WP Education <= 1.2.6 – Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-0498
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/91062d2c-f2a6-4a92-b684-e133391afe60

Calculated Fields Form <= 1.1.120 – Missing Authorization to Feedback Submission

CVE ID: CVE-2023-26523
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9370f05a-9c69-45f4-9fd8-7017bfcf4d1e

Quiz And Survey Master <= 8.0.10 – Cross-Site Request Forgery to Quiz Restoration

CVE ID: CVE-2023-26524
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9af36edd-4520-4afc-8d3a-c9a96659ddf8

Smart YouTube PRO <= 4.3 – Cross-Site Request Forgery via handle_colorbox_options

CVE ID: CVE-2023-25475
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a184090c-0281-4d8d-bd4d-256b4ed826dc

Big Store <= 1.9.3 – Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-27431
CVSS Score: 4.3 (Medium)
Researcher/s: Dave Jong
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a1859dca-d771-470c-ae4a-48246977212c

WP Translitera <= p1.2.5 – Cross-Site Request Forgery

CVE ID: CVE-2023-27438
CVSS Score: 4.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ad427bea-1b0e-46bb-85fc-53c51fb40a17

WP Film Studio <= 1.3.4 – Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-0500
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ae5121bd-2f3f-4d87-a2fd-d11bb9f8dc2c

XML Sitemap Generator for Google <= 1.2.8 – Cross-Site Request Forgery to Plugin Settings Changes

CVE ID: CVE-2023-26514
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b03a9aaa-ce9a-47bf-8574-0eba92fcf0c5

New Adman <= 1.6.8 – Cross-Site Request Forgery via plugin_menu

CVE ID: CVE-2023-27441
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b140d228-cd74-4d78-8b9d-9a69e5a89bfb

QuickSwish <= 1.0.9 – Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-0499
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b594b771-4d0b-46e1-b4c6-751c994992af

OoohBoi Steroids for Elementor <= 2.1.3 – Missing Authorization leading to Authenticated (Subscriber+) Attachment Deletion

CVE ID: CVE-2023-0336
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c24c57e5-2b42-40db-816a-f1327d1ac09b

Fontiran <= 2.1 – Cross-Site Request Forgery

CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c35bffb2-f805-48d6-938a-cb5142eac3b1

Total Theme <= 2.1.19 – Authenticated(Subscriber+) Plugin Activation

CVE ID: CVE-2023-27456
CVSS Score: 4.3 (Medium)
Researcher/s: Dave Jong
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c4dfd5af-0af0-469c-81ed-52867609550c

Classic Editor and Classic Widgets <= 1.2.4 – Cross-Site Request Forgery via render_settings_page

CVE ID: CVE-2023-27434
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ce2bef2f-fe28-48ea-8b83-052eebd31622

Rus-To-Lat <= 0.3 – Cross-Site Request Forgery to Plugins Options Changes

CVE ID: CVE-2023-25470
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d07d8c3a-5e97-422a-ba20-e0bc206dda59

Elegant Custom Fonts <= 1.0 – Cross-Site Request Forgery

CVE ID: CVE-2023-27436
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dadb6bf5-dbbd-4afb-8783-f6880dec2cbf

OptinMonster <= 2.12.1 – Authenticated (Subscriber+) Sensitive Information Disclosure via Shortcode

CVE ID: CVE-2023-0772
CVSS Score: 4.3 (Medium)
Researcher/s: Erwan LR
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dfbdb5a7-e949-4d3a-8c8d-5dc6702f4675

Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks <= 1.1.5 – Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-0484
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/dfe6f49a-1dd1-46d9-8e15-a8a766917092

Calculated Fields Form <= 1.1.120 – Cross-Site Request Forgery

CVE ID: CVE-2023-26523
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/e4785012-d160-42cc-bd06-d9b8e65652a4

Search in Place <= 1.0.104 – Cross-Site Request Forgery to Feedback Submission

CVE ID: CVE-2023-26521
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f079037c-cea6-4ba6-843f-99c5e5fe59a5

WP News <= 1.1.9 – Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE ID: CVE-2023-0502
CVSS Score: 4.3 (Medium)
Researcher/s: Lana Codes
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f53e9354-248f-4d13-a1c0-8355b268fae2

OAuth Single Sign On – SSO (OAuth Client) <= 6.24.1 – Cross-Site Request Forgery via ‘delete’ in mooauth_client_applist_page

CVE ID: CVE-2023-1092
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Thuc Tuyen
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f6658edb-11dc-4594-8936-95d60d581f49

Wholesale Suite <= 2.1.5 – Missing Authorization to Plugin Settings Change

CVE ID: CVE-2022-34344
CVSS Score: 4.3 (Medium)
Researcher/s: Dave Jong
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f713f2f8-545a-4f54-a028-8422c0942a63

FluentSMTP <= 2.2.2 – Authenticated (Author+) Stored Cross-Site Scripting via Email Logs

CVE ID: CVE-2023-0219
CVSS Score: 3.8 (Low)
Researcher/s: Vaibhav Rajput
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/803c32e9-665c-40a0-b52d-f2c0b8fbe931

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

Did you enjoy this post? Share it!

Comments

No Comments