Wordfence Intelligence Weekly WordPress Vulnerability Report (August 21, 2023 to August 27, 2023)

Last week, there were 43 vulnerabilities disclosed in 38 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 23 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API and webhook notifications are completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.


New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:

Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.


Total Unpatched & Patched Vulnerabilities Last Week

Patch Status Number of Vulnerabilities
Unpatched 17
Patched 26

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating Number of Vulnerabilities
Low Severity 0
Medium Severity 35
High Severity 6
Critical Severity 2

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 16
Missing Authorization 13
Cross-Site Request Forgery (CSRF) 8
Unrestricted Upload of File with Dangerous Type 2
Reliance on Untrusted Inputs in a Security Decision 1
Authentication Bypass Using an Alternate Path or Channel 1
Use of Less Trusted Source 1
Improper Privilege Management 1

Researchers That Contributed to WordPress Security Last Week

Researcher Name Number of Vulnerabilities
Rafshanzani Suhada 6
Abdi Pranata 3
Rio Darmawan 3
Rafie Muhammad 3
Mahesh Nagabhairava 2
Nguyen Xuan Chien 2
yuyuddn 1
Bob Matyas 1
Carlos David Garrido León 1
Skalucy 1
Nithissh S 1
Animesh Gaurav 1
Muhammad Daffa 1
konagash 1
Dipak Panchal 1
Bartłomiej Marek 1
Tomasz Swiadek 1
An Dang 1
Erwan LR 1
Mika 1
Lana Codes
(Wordfence Vulnerability Researcher)
1
Dmitrii Ignatyev 1
Revan Arifio 1

 

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.


WordPress Plugins with Reported Vulnerabilities Last Week

Software Name Software Slug
Category Slider for WooCommerce woo-category-slider-grid
Collapse-O-Matic jquery-collapse-o-matic
Cookies by JM cookies-by-jm
DX-auto-save-images dx-auto-save-images
DoLogin Security dologin
ElementsKit Elementor addons elementskit-lite
FTP Access ftp-access
FV Flowplayer Video Player fv-wordpress-flowplayer
Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager folders
Herd Effects – fake notifications and social proof plugin mwp-herd-effect
Hide My WP Ghost – Security Plugin hide-my-wp
Jupiter X Core jupiterx-core
Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages page-builder-add
Leyka leyka
Lock User Account lock-user-account
Master Addons for Elementor master-addons
MasterStudy LMS WordPress Plugin – for Online Courses and Education masterstudy-lms-learning-management-system
Min Max Control – Min Max Quantity & Step Control for WooCommerce woo-min-max-quantity-step-control-single
Post and Page Builder by BoldGrid – Visual Drag and Drop Editor post-and-page-builder
Posts Like Dislike posts-like-dislike
Premmerce User Roles premmerce-user-roles
Push Notification for Post and BuddyPress push-notification-for-post-and-buddypress
ReviewX – Multi-criteria Rating & Reviews for WooCommerce reviewx
Royal Elementor Addons and Templates royal-elementor-addons
Save as Image plugin by Pdfcrowd save-as-image-by-pdfcrowd
Save as PDF plugin by Pdfcrowd save-as-pdf-by-pdfcrowd
Secure Admin IP secure-admin-ip
Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management simple-urls
Slimstat Analytics wp-slimstat
Sticky Social Media Icons sticky-social-media-icons
Translate WordPress with GTranslate gtranslate
URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress url-shortify
Vertical marquee plugin vertical-marquee-plugin
Void Elementor Post Grid Addon for Elementor Page builder void-elementor-post-grid-addon-for-elementor-page-builder
WP Adminify – WordPress Dashboard Customization | Custom Login | Admin Columns | Dashboard Widget | Media Library Folders adminify
WP VK-付费内容插件(付费阅读/资料/工具软件资源管理) wp-vk
gAppointments – Appointment booking addon for Gravity Forms gAppointments
iThemes Sync ithemes-sync

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities.

JupiterX Core <= 3.3.5 – Unauthenticated Arbitrary File Upload

Affected Software: Jupiter X Core
CVE ID: CVE-2023-38388
CVSS Score: 9.8 (Critical)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/980a9237-7dea-4058-a850-b849457b4fef

JupiterX Core <= 3.3.8 – Unauthenticated Privilege Escalation

Affected Software: Jupiter X Core
CVE ID: CVE-2023-38389
CVSS Score: 9.8 (Critical)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/b894473b-b2ed-475b-892e-603db609f88a

Folders <= 2.9.2 – Authenticated (Author+) Arbitrary File Upload

Affected Software: Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager
CVE ID: CVE Unknown
CVSS Score: 8.8 (High)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/35afef52-350c-4b61-b9c0-3ae2572f81fb

Premmerce User Roles <= 1.0.12 – Missing Authorization via role management functions

Affected Software: Premmerce User Roles
CVE ID: CVE-2023-41130
CVSS Score: 8.3 (High)
Researcher/s: Nguyen Xuan Chien
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f53cd4a3-a6db-42c2-b4d8-218071c4bcd4

Master Addons for Elementor <= 2.0.3 – Missing Authorization

Affected Software: Master Addons for Elementor
CVE ID: CVE-2023-40679
CVSS Score: 7.3 (High)
Researcher/s: Rafshanzani Suhada
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/6150c355-1046-483e-aa8b-463c3752021d

MasterStudy LMS <= 3.0.17 – Privilege Escalation

Affected Software: MasterStudy LMS WordPress Plugin – for Online Courses and Education
CVE ID: CVE-2023-4278
CVSS Score: 7.3 (High)
Researcher/s: Revan Arifio
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/df00c8bc-8acd-4197-86fe-b88cb47d52c3

Simple URLs <= 117 – Unauthenticated Cross-Site Scripting

Affected Software: Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management
CVE ID: CVE-2023-40667
CVSS Score: 7.2 (High)
Researcher/s: Rafshanzani Suhada
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/54c38be0-ffe7-4fa4-b5c9-cb717c11aed5

URL Shortify <= 1.7.5 – Unauthenticated Stored Cross-Site Scripting via Referrer Header


Collapse-O-Matic <= 1.8.4 – Authenticated (Contributor+) Stored Cross-Site Scripting

Affected Software: Collapse-O-Matic
CVE ID: CVE-2023-40669
CVSS Score: 6.4 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/aa85abba-e13f-42cd-8f13-432ed375fb37

Simple URLs <= 117 – Authenticated (Contributor+) Stored Cross-Site Scripting

Affected Software: Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management
CVE ID: CVE-2023-40674
CVSS Score: 6.4 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/f8147f63-91a5-457c-8259-8e4ddf5c67e4

FTP Access <= 1.0 – Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting

Affected Software: FTP Access
CVE ID: CVE-2023-3510
CVSS Score: 6.1 (Medium)
Researcher/s: Bob Matyas
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0a1e0d55-2894-450b-afaf-134a13512403

gAppointments – Appointment booking addon for Gravity Forms <= 1.9.7 – Reflected Cross-Site Scripting

Affected Software: gAppointments – Appointment booking addon for Gravity Forms
CVE ID: CVE-2023-2705
CVSS Score: 6.1 (Medium)
Researcher/s: Carlos David Garrido León
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/19983f79-b439-4bb0-8f29-8312f1ff9791

Min Max Control <= 4.5 – Reflected Cross-Site Scripting

Affected Software: Min Max Control – Min Max Quantity & Step Control for WooCommerce
CVE ID: CVE-2023-4270
CVSS Score: 6.1 (Medium)
Researcher/s: Animesh Gaurav
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4240fcda-c61d-4888-8837-5012e5ba1f26

Elements kit Elementor addons <= 2.9.1 – Missing Authorization

Affected Software: ElementsKit Elementor addons
CVE ID: CVE-2023-39993
CVSS Score: 5.4 (Medium)
Researcher/s: Rafie Muhammad
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5ff589ec-756d-4183-8bb8-61dae9be7c5d

FV Flowplayer Video Player <= 7.5.37.7212 – Insufficient Input Validation to Unauthenticated Stored Cross-Site Scripting and Arbitrary Usermeta Update

Affected Software: FV Flowplayer Video Player
CVE ID: CVE-2023-4520
CVSS Score: 5.4 (Medium)
Researcher/s: Lana Codes
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/c55ca7d4-6bc0-49c9-8ce0-50fff8775a76

Void Elementor Post Grid Addon for Elementor Page builder <= 2.1.10 – Missing Authorization to Review Notice Dismissal

Affected Software: Void Elementor Post Grid Addon for Elementor Page builder
CVE ID: CVE Unknown
CVSS Score: 5.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/1b847857-5dc9-4793-b9d6-759f27377fe3

Push Notification for Post and BuddyPress <= 1.63 – Missing Authorization to Unauthenticated Admin Notice Dismissal

Affected Software: Push Notification for Post and BuddyPress
CVE ID: CVE Unknown
CVSS Score: 5.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/228a3c72-fbb0-48bc-8066-6ca954a14421

Hide My WP Ghost <= 5.0.25 – CAPTCHA Bypass in brute_math_authenticate

Affected Software: Hide My WP Ghost – Security Plugin
CVE ID: CVE-2023-34001
CVSS Score: 5.3 (Medium)
Researcher/s: konagash
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5618db77-fe74-4982-92b3-cec554640bde

Posts Like Dislike <= 1.1.1 – Missing Authorization to Authenticated (Subscriber+) Plugin Setting Reset

Affected Software: Posts Like Dislike
CVE ID: CVE Unknown
CVSS Score: 5.3 (Medium)
Researcher/s: Unknown
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/8babc42a-c45c-423f-bd09-da7afb947691

Secure Admin IP <= 2.0 – Missing Authorization via ‘saveSettings’

Affected Software: Secure Admin IP
CVE ID: CVE-2023-41133
CVSS Score: 5.3 (Medium)
Researcher/s: Mika
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/a0f38af7-7753-4dbe-a4fd-e9a01785dd13

DoLogin Security <= 3.6 – IP Address Spoofing

Affected Software: DoLogin Security
CVE ID: CVE Unknown
CVSS Score: 5.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/def06edd-ea4f-4b49-9902-b179d40e4133

Vertical Marquee Plugin <= 7.1 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Vertical marquee plugin
CVE ID: CVE-2023-40677
CVSS Score: 4.4 (Medium)
Researcher/s: yuyuddn
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/06c86c87-840c-4ca6-9582-98254194eb1b

Cookies by JM <= 1.0 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Cookies by JM
CVE ID: CVE-2023-40604
CVSS Score: 4.4 (Medium)
Researcher/s: Nithissh S
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3aa2a693-831b-44e7-b158-99fecf6506be

Slimstat Analytics <= 5.0.8 – Authenticated (Administrator+) Stored Cross-Site Scripting via settings

Affected Software: Slimstat Analytics
CVE ID: CVE-2023-40676
CVSS Score: 4.4 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/3c14a863-2aed-4f65-a0e3-eb73e485ce85

Save as PDF plugin by Pdfcrowd <= 2.16.0 – Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings

Affected Software: Save as PDF plugin by Pdfcrowd
CVE ID: CVE-2023-40668
CVSS Score: 4.4 (Medium)
Researcher/s: Mahesh Nagabhairava
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/52056177-8604-48b9-ab50-d0dc1e13a3d5

GTranslate <= 3.0.3 – Authenticated (Administrator+) Cross-Site Scripting via Multiple Parameters

Affected Software: Translate WordPress with GTranslate
CVE ID: CVE Unknown
CVSS Score: 4.4 (Medium)
Researcher/s: Unknown
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/5e24be91-6a58-42c3-84dd-4090da55b720

WP Adminify <= 3.1.5 – Authenticated (Admin+) Stored Cross-Site Scripting


Save as Image plugin by Pdfcrowd <= 2.16.0 – Authenticated (Administrator+) Stored Cross-Site Scripting via settings

Affected Software: Save as Image plugin by Pdfcrowd
CVE ID: CVE-2023-40665
CVSS Score: 4.4 (Medium)
Researcher/s: Mahesh Nagabhairava
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/74b284b7-ec0a-42c1-82e5-0c8cb422c0c5

Leyka <= 3.30.3 – Authenticated (Administrator+) Stored Cross-Site Scripting

Affected Software: Leyka
CVE ID: CVE-2023-2995
CVSS Score: 4.4 (Medium)
Researcher/s: An Dang
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/95210ed8-4606-44fa-b823-b33e1d4a4ce0

Landing Page Builder <= 1.5.1.1 – Authenticated (Administrator+) Stored Cross-Site Scripting


WP VK-付费内容插件 <= 1.3.3 – Cross-Site Request Forgery via AJions

Affected Software: WP VK-付费内容插件(付费阅读/资料/工具软件资源管理)
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0c6bc786-341a-4ab6-b86e-d21bb3dbf298

iThemes Sync <= 2.1.13 – Cross-Site Request Forgery and Missing Authorization via ‘hide_authenticate_notice’

Affected Software: iThemes Sync
CVE ID: CVE-2023-40001
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/0f9229f2-e7dd-43c9-9c15-9b76c13e895b

Simple URLs <= 117 – Missing Authorization via AJAX actions

Affected Software: Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management
CVE ID: CVE-2023-40678
CVSS Score: 4.3 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/118e1a8c-a638-4571-9ce9-cf2cba4b9b06

DX-auto-save-images <= 1.4.0 – Cross-Site Request Forgery

Affected Software: DX-auto-save-images
CVE ID: CVE-2023-40671
CVSS Score: 4.3 (Medium)
Researcher/s: Skalucy
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/2f2fb51b-984c-4b82-98d4-9a681a1855a7

Royal Elementor Addons <= 1.3.75 – Cross-Site Request Forgery

Affected Software: Royal Elementor Addons and Templates
CVE ID: CVE-2022-47175
CVSS Score: 4.3 (Medium)
Researcher/s: Muhammad Daffa
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/4809d513-69e8-4572-9549-9dba9f40cb80

Sticky Social Media Icons <= 2.0 – Missing Authorization via ajax_request_handle

Affected Software: Sticky Social Media Icons
CVE ID: CVE-2023-40672
CVSS Score: 4.3 (Medium)
Researcher/s: Nguyen Xuan Chien
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/58cfb328-40d0-4bea-a707-d5d6c1ce364a

ReviewX <= 1.6.17 – Missing Authorization in rx_coupon_from_submit

Affected Software: ReviewX – Multi-criteria Rating & Reviews for WooCommerce
CVE ID: CVE-2023-40670
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9a9f4fb7-92f5-4136-9ca3-cf7bf5c0b717

Herd Effects <= 5.2.3 – Cross-Site Request Forgery to Effect Deletion

Affected Software: Herd Effects – fake notifications and social proof plugin
CVE ID: CVE-2023-4318
CVSS Score: 4.3 (Medium)
Researcher/s: Erwan LR
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/9fd15c0b-cd3b-45e7-8379-b0e64e64d6b1

Category Slider for WooCommerce <= 1.4.15 – Missing Authorization via notice dismissal functionality

Affected Software: Category Slider for WooCommerce
CVE ID: CVE-2023-41132
CVSS Score: 4.3 (Medium)
Researcher/s: Abdi Pranata
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/ab1bd64b-8575-4ab4-bca5-8d5ce6f476d1

Simple URLs <= 117 – Cross-Site Request Forgery via AJAX actions

Affected Software: Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management
CVE ID: CVE Unknown
CVSS Score: 4.3 (Medium)
Researcher/s: Unknown
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bf101b60-f12e-4326-8e39-96d6415a218d

Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.24.1 – Cross-Site Request Forgery via submitDefaultEditor

Affected Software: Post and Page Builder by BoldGrid – Visual Drag and Drop Editor
CVE ID: CVE-2023-25480
CVSS Score: 4.3 (Medium)
Researcher/s: Rio Darmawan
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/bf801042-5cd5-424f-a25a-858302285170

Slimstat Analytics <= 5.0.5.1 – Missing Authorization via delete_pageview

Affected Software: Slimstat Analytics
CVE ID: CVE-2023-33994
CVSS Score: 4.3 (Medium)
Researcher/s: Rafshanzani Suhada
Patch Status: Patched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/cbb8501e-7e8b-4ed6-8792-c685a69de982

Lock User Account <= 1.0.3 – Cross-Site Request Forgery to Account Lock/Unlock

Affected Software: Lock User Account
CVE ID: CVE-2023-4307
CVSS Score: 4.3 (Medium)
Researcher/s: Dmitrii Ignatyev
Patch Status: Unpatched
Vulnerability Details: https://wordfence.com/threat-intel/vulnerabilities/id/d06f265c-c1c1-4316-9526-3392f6ee31da

As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

Did you enjoy this post? Share it!

Comments

2 Comments
  • Please left align the contents of the WordPress Plugins with Reported Vulnerabilities Last Week table. Centered text is very hard to scan quickly. Left aligning table cells would improve readability.

    • Thanks, I've shared this with our team and I tend to agree.