Site icon API Security Blog

Wordfence Intelligence CE Weekly Vulnerability Report (Feb 13, 2023 to Feb 19, 2023)

Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as [Wordfence Intelligence Community Edition]().

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using [our CVE Request form](), and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Our mission with Wordfence Intelligence Community Edition is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence Community Edition user interface and vulnerability API are completely free to access and utilize both personally and commercially.

Last week, there were 104 vulnerabilities disclosed in WordPress based software that have been added to the Wordfence Intelligence Community Edition Vulnerability Database. You can find those vulnerabilities below.

* * *

#### [GamiPress <= 2.5.7 – Unauthenticated SQL Injection]()

**CVE ID**: CVE-2023-24000
**CVSS Score**: 9.8 (Critical)
**Researcher/s**: [Dave Jong]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [WatchTowerHQ <= 3.6.16 – Type Juggling to Authentication Bypass in check_ota]()

**CVE ID**: CVE-2023-25701
**CVSS Score**: 9.8 (Critical)
**Researcher/s**: [Dave Jong]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [WooCommerce Checkout Field Manager <= 17.3 – Unauthenticated Arbitrary File Upload]()

**CVE ID**: CVE-2022-4328
**CVSS Score**: 9.8 (Critical)
**Researcher/s**: [cydave]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.5.14 – Cross-Site Request Forgery]()

**CVE ID**: CVE-2023-23706
**CVSS Score**: 8.8 (High)
**Researcher/s**: [yuyudhn]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [Get URL Cron <= 1.4.7 – Missing Authorization via geturlcron_action_handle]()

**CVE ID**: CVE Unknown
**CVSS Score**: 7.5 (High)
**Researcher/s**: [Rio Darmawan]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [Quick Paypal Payments <= 5.7.25 – Missing Authorization]()

**CVE ID**: CVE-2023-25714
**CVSS Score**: 7.3 (High)
**Researcher/s**: [yuyudhn]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [RSVPMaker <= 9.9.3 – Authenticated (Admin+) SQL Injection via ‘delete’ parameter]()

**CVE ID**: CVE-2023-25047
**CVSS Score**: 7.2 (High)
**Researcher/s**: [Muhammad Arsalan Diponegoro]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [RSVPMaker <= 9.9.3 – Authenticated (Admin+) SQL Injection via $email value]()

**CVE ID**: CVE-2023-25045
**CVSS Score**: 7.2 (High)
**Researcher/s**: [Aldo Dimas Anugrah K]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [Quiz And Survey Master <= 8.0.8 – Unauthenticated Arbitrary Media Deletion]()

**CVE ID**: CVE-2023-0291
**CVSS Score**: 7.2 (High)
**Researcher/s**: [Julien Ahrens]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [Multi Rating <= 5.0.5 – Unauthenticated Stored Cross-Site Scripting]()

**CVE ID**: CVE-2022-47433
**CVSS Score**: 7.2 (High)
**Researcher/s**: [minhtuanact]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [WP Coder – add custom html, css and js code <= 2.5.3 – Authenticated (Admin+) SQL Injection]()

**CVE ID**: CVE-2023-0895
**CVSS Score**: 7.2 (High)
**Researcher/s**: [Etan Imanol Castro Aldrete]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [Media Library Assistant <= 3.05 – Authenticated (Administrator+) SQL Injection]()

**CVE ID**: CVE-2023-0279
**CVSS Score**: 7.2 (High)
**Researcher/s**: [Daniel Krohmer](), [Kunal Sharma]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [Archivist – Custom Archive Templates <= 1.7.4 – Cross-Site Request Forgery]()

**CVE ID**: CVE-2023-25448
**CVSS Score**: 7.1 (High)
**Researcher/s**: [yuyudhn]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [Ocean Extra <= 2.1.2 – Authenticated (Subscriber+) Arbitrary Post Access]()

**CVE ID**: CVE-2023-0749
**CVSS Score**: 6.5 (Medium)
**Researcher/s**: [Erwan LR]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [Protected Posts Logout Button <= 1.4.5 – Missing Authorization on pplb_options_save]()

**CVE ID**: CVE-2023-25454
**CVSS Score**: 6.5 (Medium)
**Researcher/s**: [yuyudhn]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [Profile Builder – User Profile & User Registration Forms <= 3.9.0 – Sensitive Information Disclosure via Shortcode]()

**CVE ID**: CVE-2023-0814
**CVSS Score**: 6.5 (Medium)
**Researcher/s**: [Lana Codes]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [Google Maps v3 Shortcode <= 1.2.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode]()

**CVE ID**: CVE-2023-23827
**CVSS Score**: 6.4 (Medium)
**Researcher/s**: [Lana Codes]()
**Patch Status**: Unpatched
**Vulnerability Details:**

* * *

#### [WordPress Fancy Comments <= 1.2.10 – Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode]()

**CVE ID**: CVE-2023-23670
**CVSS Score**: 6.4 (Medium)
**Researcher/s**: [Lana Codes]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [Portfolio Slideshow <= 1.13.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode]()

**CVE ID**: CVE-2023-23717
**CVSS Score**: 6.4 (Medium)
**Researcher/s**: [Lana Codes]()
**Patch Status**: Unpatched
**Vulnerability Details:**

* * *

#### [Resume Builder <= 3.1.1 – Authenticated (Subscriber+) Stored Cross-Site Scripting]()

**CVE ID**: CVE-2023-0078
**CVSS Score**: 6.4 (Medium)
**Researcher/s**: [Lana Codes]()
**Patch Status**: Unpatched
**Vulnerability Details:**

* * *

#### [Ocean Extra <= 2.1.2 – Authenticated (Contributor+) Stored Cross-Site Scripting]()

**CVE ID**: CVE-2023-24399
**CVSS Score**: 6.4 (Medium)
**Researcher/s**: [Erwan LR]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [Olevmedia Shortcodes <= 1.1.9 – Authenticated (Contributor+) Stored Cross-Site Scripting]()

**CVE ID**: CVE-2023-25798
**CVSS Score**: 6.4 (Medium)
**Researcher/s**: [yuyudhn]()
**Patch Status**: Unpatched
**Vulnerability Details:**

* * *

#### [vSlider Multi Image Slider <= 4.1.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode]()

**CVE ID**: CVE-2023-25797
**CVSS Score**: 6.4 (Medium)
**Researcher/s**: [Lana Codes]()
**Patch Status**: Unpatched
**Vulnerability Details:**

* * *

#### [Portfolio – WordPress Portfolio Plugin <= 2.8.10 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode]()

**CVE ID**: CVE-2023-23685
**CVSS Score**: 6.4 (Medium)
**Researcher/s**: [Lana Codes]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [Campaign URL Builder <= 1.8.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode]()

**CVE ID**: CVE-2023-0538
**CVSS Score**: 6.4 (Medium)
**Researcher/s**: [Lana Codes]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [Quick Paypal Payments <= 5.7.25 – Authenticated (Contributor+) Cross Site Scripting]()

**CVE ID**: CVE-2023-23889
**CVSS Score**: 6.4 (Medium)
**Researcher/s**: [yuyudhn]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [Ultimate WP Query Search Filter <= 1.0.10 – Authenticated (Contributor+) Stored Cross Site Scripting]()

**CVE ID**: CVE-2023-23832
**CVSS Score**: 6.4 (Medium)
**Researcher/s**: [Lana Codes]()
**Patch Status**: Unpatched
**Vulnerability Details:**

* * *

#### [vSlider Multi Image Slider <= 4.1.2 – Cross-Site Request Forgery]()

**CVE ID**: CVE Unknown
**CVSS Score**: 6.3 (Medium)
**Researcher/s**: Unknown
**Patch Status**: Unpatched
**Vulnerability Details:**

* * *

#### [Shoppable Images Lite <= 1.2.3 – Missing Authorization]()

**CVE ID**: CVE Unknown
**CVSS Score**: 6.3 (Medium)
**Researcher/s**: [Rio Darmawan]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [ALD Dropping and Fulfillment for AliExpress and WooCommerce <= 1.0.21 – Missing Authorization to Order Information Disclosure]()

**CVE ID**: CVE Unknown
**CVSS Score**: 6.3 (Medium)
**Researcher/s**: [Cat]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [vSlider Multi Image Slider <= 4.1.2 – Missing Authorization]()

**CVE ID**: CVE Unknown
**CVSS Score**: 6.3 (Medium)
**Researcher/s**: Unknown
**Patch Status**: Unpatched
**Vulnerability Details:**

* * *

#### [Twitch Player <= 2.1.0 – Authenticated (Admin+) Stored Cross-Site Scripting]()

**CVE ID**: CVE-2023-25464
**CVSS Score**: 6.1 (Medium)
**Researcher/s**: [yuyudhn]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [WPGlobus Translate Options <= 2.1.0 – Reflected Cross-Site Scripting via page]()

**CVE ID**: CVE-2023-25711
**CVSS Score**: 6.1 (Medium)
**Researcher/s**: [Ngo Van Thien]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [Interactive SVG Image Map Builder <= 1.0 – Authenticated(Admin+) Stored Cross-Site Scripting]()

**CVE ID**: CVE-2023-25704
**CVSS Score**: 5.5 (Medium)
**Researcher/s**: [Lokesh Dachepalli]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [Zeno Font Resizer <= 1.7.9 – Authenticated (Administrator+) Stored Cross-Site Scripting]()

**CVE ID**: CVE-2023-25442
**CVSS Score**: 5.5 (Medium)
**Researcher/s**: [Rio Darmawan]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [Quick Event Manager <= 9.6.4 – Authenticated(Admin+) Stored Cross-Site Scripting]()

**CVE ID**: CVE-2022-46863
**CVSS Score**: 5.5 (Medium)
**Researcher/s**: [Justiice]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [Archivist – Custom Archive Templates <= 1.7.4 – Authenticated(Admin+) Stored Cross-Site Scripting]()

**CVE ID**: CVE-2023-25490
**CVSS Score**: 5.5 (Medium)
**Researcher/s**: [yuyudhn]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [Click to Call or Chat Buttons <= 1.4.0 – Authenticated(Admin+) Stored Cross-Site Scripting]()

**CVE ID**: CVE-2023-25710
**CVSS Score**: 5.5 (Medium)
**Researcher/s**: [yuyudhn]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [WP Prayer <= 1.9.6 – Authenticated(Admin+) Stored Cross-Site Scripting]()

**CVE ID**: CVE-2023-25705
**CVSS Score**: 5.5 (Medium)
**Researcher/s**: [Rio Darmawan]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [Robots.txt optimization <= 1.4.5 – Cross Site Request Forgery]()

**CVE ID**: CVE-2023-25706
**CVSS Score**: 5.4 (Medium)
**Researcher/s**: [Abdi Pranata]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [Cart All In One For WooCommerce <= 1.1.10 – Cross-Site Request Forgery to Cart Changes]()

**CVE ID**: CVE-2022-46806
**CVSS Score**: 5.4 (Medium)
**Researcher/s**: [Cat]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [Advanced Dynamic Pricing for WooCommerce <= 4.1.5 – Cross-Site Request Forgery via handleSubmitAction function]()

**CVE ID**: CVE-2022-40203
**CVSS Score**: 5.4 (Medium)
**Researcher/s**: [Lana Codes]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [Shoppable Images <= 1.2.3 – Cross Site Request Forgery]()

**CVE ID**: CVE-2023-25698
**CVSS Score**: 5.4 (Medium)
**Researcher/s**: [Rio Darmawan]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [VikBooking Hotel Booking Engine & PMS <= 1.5.12 – Cross-Site Request Forgery in saveconfig function]()

**CVE ID**: CVE-2023-25707
**CVSS Score**: 5.4 (Medium)
**Researcher/s**: [Abdi Pranata]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [ALD Dropping and Fulfillment for AliExpress and WooCommerce <= 1.0.21 – Cross-Site Request Forgery to Order Information Disclosure]()

**CVE ID**: CVE-2022-46811
**CVSS Score**: 5.4 (Medium)
**Researcher/s**: [Cat]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [VikBooking Hotel Booking Engine & PMS <= 1.5.12 – Cross-Site Request Forgery in savetmplfile function]()

**CVE ID**: CVE-2023-25707
**CVSS Score**: 5.4 (Medium)
**Researcher/s**: [Abdi Pranata]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [Simple PDF Viewer <= 1.9 – Authenticated (Contributor+) Stored Cross-Site Scripting via googlepdf Shortcode]()

**CVE ID**: CVE-2023-23817
**CVSS Score**: 5.4 (Medium)
**Researcher/s**: [Lana Codes]()
**Patch Status**: Unpatched
**Vulnerability Details:**

* * *

#### [Podlove Subscribe button <= 1.3.7 – Cross-Site Request Forgery via process_form function]()

**CVE ID**: CVE-2023-25481
**CVSS Score**: 5.4 (Medium)
**Researcher/s**: [yuyudhn]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [Protected Posts Logout Button <= 1.4.4 – Cross-Site Request Forgery to Settings Update]()

**CVE ID**: CVE Unknown
**CVSS Score**: 5.4 (Medium)
**Researcher/s**: Unknown
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [VikBooking Hotel Booking Engine & PMS <= 1.5.12 – Cross-Site Request Forgery in savetranslation function]()

**CVE ID**: CVE-2023-25707
**CVSS Score**: 5.4 (Medium)
**Researcher/s**: [Abdi Pranata]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [VikBooking Hotel Booking Engine & PMS <= 1.5.12 – Cross-Site Request Forgery in savetranslationstay function]()

**CVE ID**: CVE-2023-25707
**CVSS Score**: 5.4 (Medium)
**Researcher/s**: [Abdi Pranata]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [Conditional Payments for WooCommerce <= 2.3.1 – Cross-Site Request Forgery]()

**CVE ID**: CVE-2022-46805
**CVSS Score**: 5.4 (Medium)
**Researcher/s**: [Cat]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [Podlove Subscribe button <= 1.3.7 – Cross-Site Request Forgery via save function]()

**CVE ID**: CVE-2023-25481
**CVSS Score**: 5.4 (Medium)
**Researcher/s**: [yuyudhn]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [Meta Slider and Carousel with Lightbox <= 1.6.2 – Cross-Site Request Forgery]()

**CVE ID**: CVE-2023-25703
**CVSS Score**: 5.4 (Medium)
**Researcher/s**: [Cat]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [RegistrationMagic <= 5.1.9.2 – Cross-Site Request Forgery leading to Form Metadata Deletion]()

**CVE ID**: CVE-2023-25991
**CVSS Score**: 5.4 (Medium)
**Researcher/s**: [Rafshanzani Suhada]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [WordPress Social Login and Register <= 7.6.0 – Missing Authorization to Unauthenticated Arbitrary Content Deletion]()

**CVE ID**: CVE-2023-25455
**CVSS Score**: 5.3 (Medium)
**Researcher/s**: [Rafshanzani Suhada]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [WP Post Rating <= 2.4.6 – Missing Authorization to Vote Manipulation]()

**CVE ID**: CVE-2023-25785
**CVSS Score**: 5.3 (Medium)
**Researcher/s**: [yuyudhn]()
**Patch Status**: Unpatched
**Vulnerability Details:**

* * *

#### [Woodmart <= 7.0.4 – Unauthenticated Arbitrary Content Injection]()

**CVE ID**: CVE-2023-25790
**CVSS Score**: 5.3 (Medium)
**Researcher/s**: [FearZzZz]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [VikBooking Hotel Booking Engine & PMS <= 1.5.12 – Cross-Site Request Forgery in save_admin_widgets function]()

**CVE ID**: CVE-2023-25707
**CVSS Score**: 5.3 (Medium)
**Researcher/s**: [Abdi Pranata]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [All-In-One Security (AIOS) <= 5.1.4 – Authenticated(Admin+) Directory Traversal]()

**CVE ID**: CVE Unknown
**CVSS Score**: 4.9 (Medium)
**Researcher/s**: Unknown
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [Campaign URL Builder <= 1.8.1 – Authenticated (Admin+) Stored Cross-Site Scripting via Create Link]()

**CVE ID**: CVE Unknown
**CVSS Score**: 4.4 (Medium)
**Researcher/s**: Unknown
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [WP BaiDu Submit <= 1.2.1 – Authenticated (Admin+) Stored Cross-Site Scripting]()

**CVE ID**: CVE-2023-25796
**CVSS Score**: 4.4 (Medium)
**Researcher/s**: [Rio Darmawan]()
**Patch Status**: Unpatched
**Vulnerability Details:**

* * *

#### [Announce from the Dashboard <= 1.5.1 – Authenticated (Administrator+) Stored Cross-Site Scripting]()

**CVE ID**: CVE-2023-25716
**CVSS Score**: 4.4 (Medium)
**Researcher/s**: [Rio Darmawan]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [Sticky Ad Bar <= 1.3.1 – Authenticated (Admin+) Stored Cross-Site Scripting]()

**CVE ID**: CVE-2023-25784
**CVSS Score**: 4.4 (Medium)
**Researcher/s**: [Rio Darmawan]()
**Patch Status**: Unpatched
**Vulnerability Details:**

* * *

#### [Easy Panorama <= 1.1.4 – Authenticated (Administrator+) Stored Cross-Site Scripting]()

**CVE ID**: CVE-2023-23799
**CVSS Score**: 4.4 (Medium)
**Researcher/s**: [Rio Darmawan]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [Eyes Only: User Access Shortcode <= 1.8.2 – Authenticated (Administrator+) Stored Cross-Site Scripting]()

**CVE ID**: CVE-2023-25786
**CVSS Score**: 4.4 (Medium)
**Researcher/s**: [Rio Darmawan]()
**Patch Status**: Unpatched
**Vulnerability Details:**

* * *

#### [Podlove Subscribe button <= 1.3.7 – Authenticated (Administrator+) Stored Cross-Site Scripting]()

**CVE ID**: CVE-2023-25479
**CVSS Score**: 4.4 (Medium)
**Researcher/s**: [yuyudhn]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [Quick Contact Form <= 8.0.3.1 – Authenticated (Admin+) Stored Cross Site Scripting]()

**CVE ID**: CVE-2022-47608
**CVSS Score**: 4.4 (Medium)
**Researcher/s**: [yuyudhn]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [Feed Changer <= 0.2 – Authenticated (Admin+) Stored Cross-Site Scripting]()

**CVE ID**: CVE-2023-25795
**CVSS Score**: 4.4 (Medium)
**Researcher/s**: [Rio Darmawan]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [Inline Tweet Sharer <= 2.5.3 – Authenticated (Admin+) Stored Cross-Site Scripting]()

**CVE ID**: CVE-2023-24005
**CVSS Score**: 4.4 (Medium)
**Researcher/s**: [yuyudhn]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [Peadig’s Like & Share Button <= 1.1.5 – Authenticated (Administrator+) Stored Cross-Site Scripting]()

**CVE ID**: CVE-2023-25783
**CVSS Score**: 4.4 (Medium)
**Researcher/s**: [Rio Darmawan]()
**Patch Status**: Unpatched
**Vulnerability Details:**

* * *

#### [JSON Content Importer <= 1.3.15 – Authenticated (Admin+) Cross Site Scripting]()

**CVE ID**: CVE-2023-25485
**CVSS Score**: 4.4 (Medium)
**Researcher/s**: [Rio Darmawan]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [Tapfiliate <= 3.0.12 – Authenticated (Administrator+) Stored Cross-Site Scripting]()

**CVE ID**: CVE-2023-25789
**CVSS Score**: 4.4 (Medium)
**Researcher/s**: [Rio Darmawan]()
**Patch Status**: Unpatched
**Vulnerability Details:**

* * *

#### [Google Analytics Opt-Out <= 2.3.4 – Authenticated (Admin+) Stored Cross-Site Scripting]()

**CVE ID**: CVE-2023-25712
**CVSS Score**: 4.4 (Medium)
**Researcher/s**: [Rio Darmawan]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [WP资源下载管理 <= 1.3.9 – Authenticatministrator+) Stored Cross-Site Scripting]()

**CVE ID**: CVE-2023-25787
**CVSS Score**: 4.4 (Medium)
**Researcher/s**: [Rio Darmawan]()
**Patch Status**: Unpatched
**Vulnerability Details:**

* * *

#### [WP Open Social <= 5.0 – Authenticated (Administrator+) Stored Cross-Site Scripting]()

**CVE ID**: CVE-2023-25792
**CVSS Score**: 4.4 (Medium)
**Researcher/s**: [Rio Darmawan]()
**Patch Status**: Unpatched
**Vulnerability Details:**

* * *

#### [WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.5.14 – Authenticated (Contributor+) Stored Cross-Site Scripting]()

**CVE ID**: CVE-2023-23710
**CVSS Score**: 4.4 (Medium)
**Researcher/s**: [yuyudhn]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [Service Area Postcode Checker <= 2.0.8 – Authenticated (Administrator+) Stored Cross-Site Scripting]()

**CVE ID**: CVE-2023-25782
**CVSS Score**: 4.4 (Medium)
**Researcher/s**: [Rio Darmawan]()
**Patch Status**: Unpatched
**Vulnerability Details:**

* * *

#### [Nooz <= 1.6.0 – Authenticated (Admin+) Stored Cross-Site Scripting]()

**CVE ID**: CVE-2023-25794
**CVSS Score**: 4.4 (Medium)
**Researcher/s**: [Rio Darmawan]()
**Patch Status**: Unpatched
**Vulnerability Details:**

* * *

#### [Simple Yearly Archive <= 2.1.8 – Authenticated (Administrator+) Stored Cross-Site Scripting]()

**CVE ID**: CVE-2023-25484
**CVSS Score**: 4.4 (Medium)
**Researcher/s**: [Rio Darmawan]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [Upload File Type Settings Plugin <= 1.1 – Authenticated (Administrator+) Stored Cross-Site Scripting]()

**CVE ID**: CVE-2023-25781
**CVSS Score**: 4.4 (Medium)
**Researcher/s**: [Rio Darmawan]()
**Patch Status**: Unpatched
**Vulnerability Details:**

* * *

#### [Wp-Insert <= 2.5.0 Authenticated (Admin+) Stored Cross Site Scripting]()

**CVE ID**: CVE-2023-25461
**CVSS Score**: 4.4 (Medium)
**Researcher/s**: [Abdi Pranata]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [VikBooking Hotel Booking Engine & PMS <= 1.5.12 – Cross-Site Request Forgery in admin_widgets_welcome function]()

**CVE ID**: CVE-2023-25707
**CVSS Score**: 4.3 (Medium)
**Researcher/s**: [Abdi Pranata]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [Advanced Dynamic Pricing for WooCommerce <= 4.1.5 – Cross-Site Request Forgery via migrateCommonToProductOnly function]()

**CVE ID**: CVE-2022-40203
**CVSS Score**: 4.3 (Medium)
**Researcher/s**: [Lana Codes]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [Advanced Dynamic Pricing for WooCommerce <= 4.1.5 – Missing Authorization in ajaxCalculatePrice function]()

**CVE ID**: CVE-2022-40203
**CVSS Score**: 4.3 (Medium)
**Researcher/s**: [Lana Codes]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [WP VR <= 8.2.7 – Cross-Site Request Forgery]()

**CVE ID**: CVE-2023-25708
**CVSS Score**: 4.3 (Medium)
**Researcher/s**: [Abdi Pranata]()
**Patch Status**: Patched
**Vulnerability Details:**

* * *

#### [Schema – All In One Schema Rich Snippets <= 1.6.5 – Cross-Site Request Forgery in rich_snippet_dashboard](Read More

Exit mobile version