Wordfence Intelligence Weekly WordPress Vulnerability Report (April 1, 2024 to April 7, 2024)

Patch Status	Number of Vulnerabilities
Patched	182
Unpatched	13

Severity Rating	Number of Vulnerabilities
Low Severity	1
Medium Severity	161
High Severity	18
Critical Severity	15

Vulnerability Type by CWE	Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	71
Missing Authorization	33
Cross-Site Request Forgery (CSRF)	28
Exposure of Sensitive Information to an Unauthorized Actor	13
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')	9
Unrestricted Upload of File with Dangerous Type	7
Authorization Bypass Through User-Controlled Key	5
Deserialization of Untrusted Data	4
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')	4
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')	2
Incorrect Privilege Assignment	2
Server-Side Request Forgery (SSRF)	2
URL Redirection to Untrusted Site ('Open Redirect')	2
Absolute Path Traversal	1
Exposure of Private Personal Information to an Unauthorized Actor	1
External Control of Assumed-Immutable Web Parameter	1
Guessable CAPTCHA	1
Improper Access Control	1
Improper Authorization	1
Improper Control of Generation of Code ('Code Injection')	1
Improper Neutralization of Alternate XSS Syntax	1
Improper Neutralization of Formula Elements in a CSV File	1
Incorrect Authorization	1
Incorrect Behavior Order: Early Validation	1
Insertion of Sensitive Information into Log File	1
Path Traversal: '.../...//'	1

Researcher Name	Number of Vulnerabilities
Francesco Carlucci	14
Lucio Sá	9
Dhabaleshwar Das	9
Majed Refaea	8
Ngô Thiên An (ancorn_)	8
beluga	7
Joshua Chan	7
wesley (wcraft)	7
Dmitrii Ignatyev	7
Bob Matyas	7
Rafie Muhammad	6
Dave Jong	5
Webbernaut	4
Khalid	4
Abdi Pranata	4
stealthcopter	4
Steven Julian	4
Le Ngoc Anh	4
Krzysztof Zając	4
Colin Xu	3
Kévin Mosbahi (Mika)	3
Ananda Dhakal	3
João Pedro Soares de Alcântara	3
1337_Wannabe	2
Skalucy	2
Dikshita Trivedi (Cybersecdexter)	2
drop	2
Dau Hoang Tai	2
João G. Barbosa (4rCanJ0x!)	2
Tim Coen	2
Nikolas	2
Nicolo	2
Peng Zhou	2
movrment	2
LVT-tholv2k	2
Phuoc Pham (p3tl0v3r)	2
Akbar Kustirama	2
Thura Moe Myint (mgthuramoemyint)	2
emad	2
Erwan LR	2
Muhammad Daffa	2
Myungju Kim	1
younsoung kim	1
SeoHyeon Lee	1
SeoHee Kang	1
Dian Sun	1
thiennv	1
Martin Thirup Christensen	1
Mr Empy	1
Dipak Panchal (th3.d1p4k)	1
Peter17	1
shaman0x01	1
Brandon James Roldan (tomorrowisnew)	1
catfather	1
Peng Zhou	1
Fariq Fadillah Gusti Insani (fariqfgi)	1
Jobert Krohnen	1
Hiroho Shimada	1
Benedictus Jovan (aillesiM)	1
Ray Wilson	1
Friday	1
Abdi Prawira Negara	1
ST	1
Cronus	1
DarkT	1
Trình Vũ	1
Vincent Fourcade (vinceMatsui)	1
qilin_99	1
Kyle Sanchez	1
cyc707	1
Robert Kruczek (ProXy)	1
CatFather	1
RandomRoot	1

Software Name	Software Slug
Advanced Order Export For WooCommerce	woo-order-export-lite
Advanced Search	advance-search
AGCA – Custom Dashboard & Login Page	ag-custom-admin
All-in-One Video Gallery	all-in-one-video-gallery
Announce from the Dashboard	announce-from-the-dashboard
Announcer – Sticky Message Banner & Notification Bar	announcer
App Builder – Create Native Android & iOS Apps On The Flight	app-builder
Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress	bookingpress-appointment-booking
AppPresser – Mobile App Framework	apppresser
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup	armember-membership
Auto Poster	auto-poster
AWP Classifieds	another-wordpress-classifieds-plugin
Bannerlid	bannerlid
Beaver Builder Page Builder – Drag and Drop Website Builder	beaver-builder-lite-version
Beaver Themer	beaver-themer
Better Comments	better-comments
Bold Page Builder	bold-page-builder
BoldGrid Easy SEO – Simple and Effective SEO	boldgrid-easy-seo
Bricksforge	bricksforge
Call Now Button – The #1 Click to Call Button for WordPress	call-now-button
Captcha by BestWebSoft – Advanced Spam Protection, Math & OCR-Friendly Captcha for Site Forms	captcha-bws
Carousel, Slider, Photo Gallery with Lightbox, Video Slider, by WP Carousel	wp-carousel-free
CGC Maintenance Mode	cgc-maintenance-mode
Checkout Field Editor (Checkout Page Manager) for WooCommerce	woo-checkout-regsiter-field-editor
Church Admin	church-admin
Classified Listing – AI-Powered Classified ads & Business Directory	classified-listing
CMB2	cmb2
Colibri Page Builder	colibri-page-builder
Comments Import & Export	comments-import-export-woocommerce
Contact Form Email	contact-form-to-email
Contact Form, Survey, Quiz & Popup Form Builder – ARForms	arforms-form-builder
Creative Addons for Elementor	creative-addons-for-elementor
Custom post types, Custom Fields & more	custom-post-types
Demo My WordPress	demo-my-wordpress
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy	easy-digital-downloads
Easy Google Maps	google-maps-easy
Easy Login Styler – White Label Admin Login Page for WordPress	easy-login-styler
Easy Social Share Buttons for WordPress	easy-social-share-buttons3
Edwiser Bridge – WordPress Moodle Integration	edwiser-bridge
Element Pack – Widgets, Templates & Addons for Elementor	bdthemes-element-pack-lite
ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor	elementskit-lite
ELEX WooCommerce Dynamic Pricing and Discounts	elex-woocommerce-dynamic-pricing-and-discounts
Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress	email-subscribers
EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more	embedpress
ENL Newsletter	enl-newsletter
EnvíaloSimple: Email Marketing y Newsletters	envialosimple-email-marketing-y-newsletters-gratis
ePoll – Best WordPress Voting Plugin for Poll & Contest	epoll-wp-voting
EventPrime – Events Calendar, Bookings and Tickets	eventprime-event-calendar-management
FancyBox for WordPress	fancybox-for-wordpress
FG Drupal to WordPress	fg-drupal-to-wp
File Manager	wp-file-manager
Flexible Checkout Fields for WooCommerce – WooCommerce Checkout Manager	flexible-checkout-fields
Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty	chaty
Form to Chat App ⚡️	form-to-chat
Formsite \| Embed online forms to collect orders, registrations, leads, and surveys	formsite
Generate Child Theme	generate-child-theme
Genesis Blocks	genesis-blocks
Global Elementor Buttons	global-elementor-buttons
Gradient Text Widget for Elementor	gradient-text-widget-for-elementor
Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns	essential-blocks
Happy Addons for Elementor	happy-elementor-addons
Image Watermark	image-watermark
Import WP – Export and Import CSV and XML files to WordPress	jc-importer
Import XML and RSS Feeds	import-xml-feed
Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress	jeg-elementor-kit
JS Help Desk – AI-Powered Support & Ticketing System	js-support-ticket
Kadence Blocks — Page Builder Toolkit for Gutenberg Editor	kadence-blocks
Kit (formerly ConvertKit) – Email Newsletter, Email Marketing, Membership, Subscribers and Landing Pages	convertkit
LayerSlider	LayerSlider
LearnPress – Backup & Migration Tool	learnpress-import-export
LearnPress – WordPress LMS Plugin for Create and Sell Online Courses	learnpress
MailMunch – Grow your Email List	mailmunch
Masteriyo LMS – LMS Course Builder, Quizzes & Certificates	learning-management-system
MasterStudy LMS WordPress Plugin – for Online Courses and Education	masterstudy-lms-learning-management-system
Media Library Folders	media-library-plus
MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor	metform
MM-email2image	mm-email2image
Modal Popup Box — Popup Maker & Popup Builder	modal-popup-box
MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar	mp3-music-player-by-sonaar
MPG – Multiple Page Generator, Bulk Landing Pages & Programmatic SEO	multiple-pages-generator-by-porthas
MultiVendorX – WooCommerce Multivendor Marketplace AI Powered Solutions	dc-woocommerce-multi-vendor
Nudgify Social Proof	nudgify
Passster – Password Protect Pages and Content	content-protector
Photo Gallery by 10Web – Mobile-Friendly Image Gallery	photo-gallery
Photo Gallery by FooGallery : Responsive Image Gallery, Masonry Gallery & Carousel	foogallery
Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery	nextgen-gallery
PickPlugins Product Designer for WooCommerce	product-designer
Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX	ultimate-post
Post Views Counter	post-views-counter
Powerkit – Supercharge your WordPress Site	powerkit
Premium Addons for Elementor – Powerful Elementor Templates & Widgets	premium-addons-for-elementor
Product Sort and Display for WooCommerce	woocommerce-product-sort-and-display
ProfileGrid – User Profiles, Groups and Communities	profilegrid-user-profiles-groups-and-communities
Quick Interest Slider	quick-interest-slider
RapidLoad AI – Optimize Web Vitals Automatically	unusedcss
ReDi Restaurant Reservation – Instant Availability & Confirmation	redi-restaurant-reservation
reHub Framework	rehub-framework
Relevanssi Premium	relevanssi-premium
Relevanssi – A Better Search	relevanssi
Responsive Lightbox & Gallery	responsive-lightbox
Royal Addons for Elementor – Addons and Templates Kit for Elementor	royal-elementor-addons
RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator	feedzy-rss-feeds
s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions	s2member
Salon Booking System – Free Version	salon-booking-system
Save as Image Plugin by PDFCrowd	save-as-image-by-pdfcrowd
SearchIQ – The Search Solution	searchiq
SecuPress with Simple SSL – Simple and Performant Security	secupress
Sharkdropship & affiliate for AliExpress	wooshark-aliexpress-importer
ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin	woolentor-addons
Shortcodes Ultimate – Content Elements	shortcodes-ultimate
ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization	shortpixel-adaptive-images
Sign-up Sheets	sign-up-sheets
Slideshow Gallery LITE	slideshow-gallery
Smart Online Order for Clover	clover-online-orders
Smart Post – Post Grid, Post Carousel, Post Slider Gutenberg Blocks for Blog & News	post-carousel
Social Sharing Plugin – Sassy Social Share	sassy-social-share
Spectra Gutenberg Blocks – Website Builder for the Block Editor	ultimate-addons-for-gutenberg
Squelch Tabs and Accordions Shortcodes	squelch-tabs-and-accordions-shortcodes
Stax Addons for Elementor	stax-addons-for-elementor
Strong Testimonials	strong-testimonials
Subscribe To Comments Reloaded	subscribe-to-comments-reloaded
Super Testimonial – Testimonial & Customer Review Slider Plugin for WordPress	super-testimonial
Sydney Toolbox	sydney-toolbox
Tag, Category, and Taxonomy Manager – Autotagger Automatically Add Terms	simple-tags
Template Kit – Import	template-kit-import
Tickera – Sell Tickets & Manage Events	tickera-event-ticketing-system
Tooltips for WordPress	wordpress-tooltips
Tracking Code Manager	tracking-code-manager
Transcoder	transcoder
Ultimate Bootstrap Elements for Elementor	ultimate-bootstrap-elements-for-elementor
Ultimate Maps by Supsystic	ultimate-maps-by-supsystic
User Activity Log	user-activity-log
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor	profile-builder
User Spam Remover	user-spam-remover
Watu Quiz	watu
WebinarPress – Webinar System for WordPress	wp-webinarsystem
Website Pop-up Builder by BDOW! (formerly Sumo): Pop-ups + forms for email opt-ins and lead generation	sumome
WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels	print-invoices-packing-slip-labels-for-woocommerce
WebToffee WP Backup and Migration	wp-migration-duplicator
Wholesale For WooCommerce	woocommerce-wholesale-pricing
WooCommerce	woocommerce
WooCommerce Customers Manager	woocommerce-customers-manager
WordPress Gallery Exporter – Export your NextGen, Envira and FooGallery galleries to your computer	wp-gallery-exporter
WP Chat App	wp-whatsapp
WP Directory Kit	wpdirectorykit
WP Google Review Slider	wp-google-places-review-slider
WP Import Export Lite	wp-import-export-lite
WP OAuth Server (OAuth Authentication)	oauth2-provider
WP Photo Album Plus	wp-photo-album-plus
WP Server Health Stats	wp-server-stats
WP Sort Order	wp-sort-order
WP-Members Membership Plugin	wp-members
WP-Stateless – Google Cloud Storage	wp-stateless
WPFront User Role Editor	wpfront-user-role-editor
WPvivid Backup for MainWP	wpvivid-backup-mainwp
Zorem Local Pickup	advanced-local-pickup-for-woocommerce

Software Name	Software Slug
Hello Elementor	hello-elementor
REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme	rehub-theme

Do Not Sell or Share My Personal Information

This form enables you to request that we stop selling or sharing your personal information with third parties. "Selling" includes exchanging your information for money or other benefits, while "sharing" refers to providing your data to third parties for targeted advertising purposes. For more information on how we process personal information, please review our Privacy Notice.

When you submit this form, we will:

Immediately disable retargeting and remarketing cookies on your current browser/device

Browser/Device Specific: This opt-out applies to the specific browser from which you submit the request. To opt out on additional devices or browsers, you will need to submit separate requests.

Cookie Management: You may also manage cookies directly through your browser settings, or on our Cookie Control form.

Questions?

Contact our Privacy Team at:

Email: privacy@defiant.com
Mail: Defiant Inc. Attn: Privacy Issues, 1700 Westlake Ave N Ste 200, Seattle, WA 98109

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 1, 2024 to April 7, 2024)

Total Unpatched & Patched Vulnerabilities Last Week

Total Vulnerabilities by CVSS Severity Last Week

Total Vulnerabilities by CWE Type Last Week

Researchers That Contributed to WordPress Security Last Week

WordPress Plugins with Reported Vulnerabilities Last Week

WordPress Themes with Reported Vulnerabilities Last Week

Vulnerability Details