Wordfence Intelligence Weekly WordPress Vulnerability Report (July 31, 2023 to August 6, 2023)

Last week, there were 29 vulnerabilities disclosed in 24 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 18 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface and vulnerability API are completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

---

New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:

• JetElements <= 2.6.10 – Authenticated (Contributor+) Remote Code Execution

Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.

---

Total Unpatched & Patched Vulnerabilities Last Week

Patch Status	Number of Vulnerabilities
Unpatched	2
Patched	27

---

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating	Number of Vulnerabilities
Low Severity	0
Medium Severity	19
High Severity	7
Critical Severity	3

---

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE	Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)	11
Improper Privilege Management	4
Cross-Site Request Forgery (CSRF)	3
Improper Control of Generation of Code (‘Code Injection’)	3
Missing Authorization	2
Information Exposure	2
Authentication Bypass Using an Alternate Path or Channel	1
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)	1
Use of Less Trusted Source	1
Unrestricted Upload of File with Dangerous Type	1

---

Researchers That Contributed to WordPress Security Last Week

Researcher Name	Number of Vulnerabilities
Lana Codes (Wordfence Vulnerability Researcher)	5
Dmitriy	1
DoYeon Park	1
Bob Matyas	1
Marc-Alexandre Montpas	1
Rafie Muhammad	1
Dmitrii Ignatyev	1
Erwan LR	1
Daniel Ruf	1
MyungJu Kim	1
Pallab Jyoti Borah	1
Sayandeep Dutta	1
Vikas Kumawat	1
Satoo Nakano	1
Ryotaro Imamura	1
Vincenzo Turturro	1
Gianluca Parisi	1
Vincenzo Cantatore	1

 

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.

---

WordPress Plugins with Reported Vulnerabilities Last Week

Software Name	Software Slug
Advanced Custom Fields (ACF)	advanced-custom-fields
Booster for WooCommerce	woocommerce-jetpack
Bus Ticket Booking with Seat Reservation	bus-ticket-booking-with-seat-reservation
Duplicate Post	copy-delete-posts
FormCraft – Contact Form Builder for WordPress	formcraft-form-builder
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor	front-editor
Import All Pages, Post types, Products, Orders, and Users as XML & CSV	wp-ultimate-csv-importer
JetElements	jet-elements
Media from FTP	media-from-ftp
MultiParcels Shipping For WooCommerce	multiparcels-shipping-for-woocommerce
Order Delivery Date for WooCommerce	order-delivery-date-for-woocommerce
PostX – Gutenberg Post Grid Blocks	ultimate-post
Shop as a Customer for WooCommerce	shop-as-a-customer-for-woocommerce
Short URL	shorten-url
Simple Blog Card	simple-blog-card
Simple Share Follow Button	simple-share-follow-button
Simple Ticker	simple-ticker
Stripe Payment Plugin for WooCommerce	payment-gateway-stripe-and-woocommerce-integration
Subscribers Text Counter	subscribers-text-counter
TI WooCommerce Wishlist	ti-woocommerce-wishlist
Upload Media By URL	upload-media-by-url
User Access Manager	user-access-manager
WordPress Job Board and Recruitment Plugin – JobWP	jobwp
wpShopGermany – Protected Shops	wpshopgermany-protectedshops

---

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities.

Stripe Payment Plugin for WooCommerce <= 3.7.7 – Authentication Bypass

---

TI WooCommerce Wishlist <= 2.7.3 – Unauthenticated Blind SQL Injection via Rest API

---

WordPress Job Board and Recruitment Plugin – JobWP <= 2.0 – Arbitrary File Upload via ‘jobwp_upload_resume’

---

Shop as a Customer for WooCommerce <= 1.2.3 – Authenticated (Shop Manager+) Privilege Escalation

---

Shop as a Customer for WooCommerce <= 1.1.7 – Authenticated (Subscriber+) Privilege Escalation

---

JetElements <= 2.6.10 – Authenticated (Contributor+) Remote Code Execution

---

WP Ultimate CSV Importer <= 7.9.8 – Authenticated (Author+) PHP File Creation to Remote Code Execution

---

WP Ultimate CSV Importer <= 7.9.8 – Authenticated (Author+) Remote Code Execution

---

WP Ultimate CSV Importer <= 7.9.8 – Sensitive Information Exposure via Directory Listing

---

Booster for WooCommerce 7.0.0 – Authenticated (Shop Manager+) Missing Authorization to Arbitrary Options Update

---

WP Ultimate CSV Importer <= 7.9.8 – Arbitrary Usermeta Update to Authenticated (Author+) Privilege Escalation

---

Upload Media By URL <= 1.0.7 – Cross-Site Request Forgery via ‘umbu_download’

---

Simple Ticker <= 3.05 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

---

Simple Blog Card <= 1.30 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

---

Simple Share Follow Button <= 1.03 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

---

Media from FTP <= 11.15 – Improper Privilege Management

---

Duplicate Post <= 1.4.1 – Cross-Site Request Forgery via ‘cdp_action_handling’ AJAX action

---

PostX – Gutenberg Post Grid Blocks <= 3.0.5 – Reflected Cross-Site Scripting via ‘postx_type’

---

MultiParcels Shipping For WooCommerce <= 1.15.3 – Reflected Cross-Site Scripting

---

Order Delivery Date for WooCommerce <= 3.20.0 – Reflected Cross-Site Scripting via ‘orddd_lite_custom_startdate’ and ‘orddd_lite_custom_enddate’

---

Short URL <= 1.6.7 – Missing Authorization via multiple AJAX functions

---

Bus Ticket Booking with Seat Reservation <= 5.2.3 – Reflected Cross-Site Scripting

---

User Access Manager <= 2.2.16 – IP Spoofing

---

wpShopGermany – Protected Shops <= 2.0 – Authenticated(Administrator+) Stored Cross-Site Scripting

---

FormCraft <= 1.2.6 – Authenticated (Admin+) Stored Cross-Site Scripting

---

Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor <= 4.0.4 – Authenticated(Administrator+) Stored Cross-Site Scripting

---

Advanced Custom Fields <= 6.1.7 – Authenticated (Administrator+) Stored Cross-Site Scripting

---

Simple Blog Card <= 1.31 – Sensitive Information Exposure

---

Subscribers Text Counter <= 1.7 – Cross-Site Request Forgery to Settings Update and Cross-Site Scripting

---

As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.