Site icon API Security Blog

Wordfence Intelligence Weekly WordPress Vulnerability Report (July 17, 2023 to July 23, 2023)

Last week, there were 62 vulnerabilities disclosed in 1035 WordPress Plugins and 90 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 36 Vulnerability Researchers that contributed to WordPress Security last week. **Review those vulnerabilities in this report now to ensure your site is not affected.**

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface and vulnerability API are completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

_[Click here to sign-up for our mailing list]() to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published. _

* * *

### New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our [Premium](), [Care](), and [Response]() customers last week:

* [Spectra <= 2.6.6 – Authenticated (Contributor+) Server-Side Request Forgery in template_importer and import_wpforms]()

Wordfence [Premium](), [Care](), and [Response]() customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.

* * *

### Total Unpatched & Patched Vulnerabilities Last Week

**Patch Status** | **Number of Vulnerabilities**
—|—
Unpatched | 30
Patched | 32

* * *

### Total Vulnerabilities by CVSS Severity Last Week

**Severity Rating** | **Number of Vulnerabilities**
—|—
Low Severity | 0
Medium Severity | 54
High Severity | 7
Critical Severity | 1

* * *

### Total Vulnerabilities by CWE Type Last Week

**Vulnerability Type by CWE** | **Number of Vulnerabilities**
—|—
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 28
Cross-Site Request Forgery (CSRF) | 10
Missing Authorization | 10
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) | 4
Information Exposure | 3
URL Redirection to Untrusted Site (‘Open Redirect’) | 3
Use of Hard-coded Cryptographic Key | 1
Improper Control of Interaction Frequency | 1
Authorization Bypass Through User-Controlled Key | 1
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) | 1

* * *

### Researchers That Contributed to WordPress Security Last Week

**Researcher Name** | **Number of Vulnerabilities**
—|—
[Rio Darmawan]() | 7
[Lana Codes]()
(Wordfence Vulnerability Researcher) | 6
[Rafie Muhammad]() | 4
[Mika]() | 3
[Elliot]() | 2
[Skalucy]() | 2
[yuyudhn]() | 2
[FearZzZz]() | 2
[Erwan LR]() | 2
[Aman Rawat]() | 2
[Phd]() | 2
[Ulyses Saicha]() | 2
[Arvandy]() | 2
[Gaurav Bhosale]() | 1
[Katharina Altmann]() | 1
[Abdi Pranata]() | 1
[Lokesh Dachepalli]() | 1
[OZ1NG (TOOR, LISA)]() | 1
[Taurus Omar]() | 1
[Nithissh Sathish]() | 1
[Juampa Rodríguez]() | 1
[Jayasuryapal G]() | 1
[Jeong Seong Ho]() | 1
[LEE SE HYOUNG]() | 1
[Abu Hurayra]() | 1
[Friday]() | 1
[Dave Jong]() | 1
[qilin_99]() | 1
[Dipak Panchal]() | 1
[thiennv]() | 1
[Dao Xuan Hieu]() | 1
[minhtuanact]() | 1
[Prasanna V Balaji]() | 1
[Abde Ouabala]() | 1
[Rafshanzani Suhada]() | 1
[Cat]() | 1

_Are you a security researcher who would like to be featured in our weekly vulnerability report?_ You can responsibly disclose your WordPress vulnerability discoveries to us and [obtain a CVE ID through this form](). Responsibly disclosing your vulnerability discoveries to us will also get your name added on the [Wordfence Intelligence leaderboard]() along with being mentioned in our weekly vulnerability report.

* * *

### WordPress Plugins with Reported Vulnerabilities Last Week

**Software Name** | **Software Slug**
—|—
1 click close store | [1-click-close-store]()
2MB Autocode | [2mb-autocode]()
360 Javascript Viewer | [360deg-javascript-viewer]()
3D viewer – Embed 3D Models on WordPress | [3d-viewer]()
404 to 301 – Redirect, Log and Notify 404 Errors | [404-to-301]()
5 Stars Rating Funnel WordPress Plugin | RRatingg | [5-stars-rating-funnel]()
A no-code page builder for beautiful performance-based content | [setka-editor]()
AADMY – Add Auto Date Month Year Into Posts | [auto-date-year-month]()
ACF for WooCommerce Product | [acf-for-woocommerce-product]()
ACF-VC Integrator | [acf-vc-integrator]()
AI Image Generator – Experience the future of image creation with AI | [ai-image-generator]()
AI Moderator for BuddyPress | [ai-moderator-for-buddypress-and-buddyboss]()
AI Power: Complete AI Pack – Powered by GPT-4 | [gpt3-ai-content-generator]()
AI Tools – Chatbot, ChatGPT, Content Generator, Image Generator, Artificial Intelligence GPT | [artificial-intelligence-auto-content-generator]()
APIExperts Square for WooCommerce | [woosquare]()
APPExperts – Mobile App Builder for WordPress | WooCommerce to iOS and Android Apps | [appexperts]()
ASVG – Lottie icon library for Elementor | [animated-svg]()
Abeta OCI PunchOut | [abeta-punchout]()
Accept Stripe Donation – AidWP | [wp-stripe-donation]()
Accordion & FAQ – Helpie WordPress Frequently Asked Questions plugin | [helpie-faq]()
ActiveCampaign Email Preference Center | [pramadillo-activecampaign-email-preference-center]()
Activity Log For MainWP | [activity-log-mainwp]()
Ad Blocker Notify Lite | [adblock-notify-by-bweb]()
Add Expires Headers & Optimized Minify | [add-expires-headers]()
Admin Quick Panel | [admin-quick-panel]()
Admin Speedo | [admin-speedo]()
Admin User Search | [admin-user-search]()
Advance Menu Manager | [advance-menu-manager]()
Advance Search for WooCommerce | [woo-advance-search]()
Advanced Classifieds & Directory Pro | [advanced-classifieds-and-directory-pro]()
Advanced Custom Fields Frontend Forms – ACF Forms – ACF Post Form – ACF Registration Form – ACF Content Form – ACF Profile Form | [buddyforms-acf]()
Advanced Database Replacer | [advanced-database-replacer]()
Advanced Exchange Rates for WooCommerce Multilingual | [advanced-exchange-rates]()
Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms | [advanced-form-integration]()
Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress | [advanced-page-visit-counter]()
Advanced Product Sample for WooCommerce | [free-product-sample]()
Advanced USPS Shipping Method | [advanced-usps-shipping-method]()
Advanced Visual Elements – Shortcode addons for Elementor & Gutenberg | [advanced-visual-elements]()
Advanced WP Table | [advanced-wp-table]()
AffiEasy | [affieasy]()
Affiliate Advantage – Sky Rocket Your Affiliate Marketing Business | [affiliate-advantage]()
Affiliate Link Builder Plugin for Amazon Associates – Review Engine | [review-engine]()
Age Verification Screen for WooCommerce | [age-verification-screen-for-woocommerce]()
AgendaPress – Easily Publish Meeting Agendas and Programs on WordPress | [agendapress]()
Aiify Blocks – ChatGPT AI Copywriting, Content Writing, Rewriting and Editing | [aiify]()
Airpress | [airpress]()
Ajax Live Search Plugin For WordPress | [ajax-live-search]()
Ajax Press – Easily Enable Fast Ajax Navigation | [ajax-press]()
All in One Video Downloader | [all-in-one-video-downloader]()
All-in-One Video Gallery | [all-in-one-video-gallery]()
Alley Business Toolkit | [alley-business-toolkit]()
Alt Manager | [alt-manager]()
AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations | [animategl]()
Announcement & Notification Banner – Bulletin | [bulletin-announcements]()
Ant Admin Notices for Team | [admin-notices-for-team]()
Anti Spam by Fullworks | [fullworks-anti-spam]()
AnyComment | [anycomment]()
AnyWhere Elementor | [anywhere-elementor]()
Art Decoration Shortcode | [art-decoration-shortcode]()
Asset CleanUp: Page Speed Booster | [wp-asset-clean-up]()
Atlas – Knowledge Base | [atlas-knowledge-base]()
Audio Player with Playlist Ultimate | [audio-player-with-playlist-ultimate]()
Authorize.Net Payment Gateway For WooCommerce | [woo-authorize-net-gateway-aim]()
Auto Featured Image (Auto Generated) | [auto-featured-image-auto-generated]()
Auto Keyword Backlink | [auto-keyword-backlink]()
Auto Set Admin Colour on Staging and Dev | [set-admin-colour-on-staging-and-dev]()
AutoMail – Event-driven Email Automation. Easy email Notification and Auto-reply. | [automail]()
AutoSave Net | [autosave-net]()
Autocomplete Address and Location Picker for WooCommerce | [autocomplete-address-and-location-picker-for-woocommerce]()
Automatic YouTube Gallery | [automatic-youtube-gallery]()
Automizy Gravity Forms | [automizy-gravity-forms]()
Awesome SSL | [awesome-ssl]()
Awesome Social Icons | [awesome-social-icons]()
BAVOKO SEO Tools – All-in-One WordPress SEO | [wp-seo-keyword-optimizer]()
BNG Gateway For WooCommerce | [bng-gateway-for-woocommerce]()
BP WC Vendors | [bp-wc-vendors]()
Backup Bolt | [backup-bolt]()
Banner Management For WooCommerce | [banner-management-for-woocommerce]()
Before and After Product Images for WooCommerce | [before-and-after-product-images-for-woocommerce]()
Best Responsive Comparison Table for Gutenberg Editor – NicheTable | [nichetable]()
Best WordPress Gallery Plugin – FooGallery | [foogallery]()
Better Comments | [better-comments]()
Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss | [bp-better-messages]()
Better Sharing | [better-sharing]()
Bing Custom Search for WordPress | [wp-bing-search]()
Block Styler For Gravity Forms | [block-styler-for-gravity-forms]()
Block, Suspend, Report for BuddyPress | [bp-toolkit]()
BlockMeister – Block Pattern Builder | [blockmeister]()
Blocked in China | Check if your site is available in the Chinese mainland | [blocked-in-china]()
Blockons – Gutenberg blocks for WordPress and WooCommerce websites | [blockons]()
Blocks Bakery – Gutenberg Blocks | [blocks-bakery]()
Blocks Product Editor for WooCommerce | [blocks-product-editor-for-woocommerce]()
Blockspare – Free Gutenberg Blocks for News, Magazine, and Business Websites (Templates, Patterns, and Page Builder) | [blockspare]()
Blocksy Companion | [blocksy-companion]()
BlockyPage – Gutenberg Based Page Builder | [blockypage]()
Blog Sidebar Widget | [blog-sidebar-widget]()
BlogPost – BlogPost Widgets – Amazing Blog Layouts | [blogpost-widgets]()
BlogSafe Scanner | [blogsafe-scanner]()
Book BuyBack Prices | [book-buyback-prices]()
BookPress – For Book Authors | [book-press]()
Booking Addon for WooCommerce | [booking-for-woocommerce]()
Booking Calendar | Appointment Booking | BookIt | [bookit]()
Booking Weir | [booking-weir]()
Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg | [borderless]()
BuddyDrive | [buddydrive]()
BuddyForms Anonymous Author | [buddyforms-anonymous-author]()
BuddyForms Attach Post with Group | [buddyforms-attach-posts-to-groups-extension]()
BuddyForms EasyPin | [buddyforms-easypin]()
BuddyForms Form Elements for WooCommerce | [buddyforms-woocommerce-form-elements]()
BuddyForms Hierarchical Posts | [buddyforms-hierarchical-posts]()
BuddyForms Moderation ( Former: Review Logic ) | [buddyforms-review]()
BuddyForms Posts 2 Posts | [buddyforms-posts-to-posts-integration]()
BuddyForms Remote | [buddyforms-remote]()
BuddyForms Ultimate Member | [buddyforms-ultimate-member]()
BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages | [wc4bp]()
Builder for WooCommerce product reviews shortcodes – ReviewShort | [woo-product-reviews-shortcode]()
Bulk Attachment Download | [bulk-attachment-download]()
Bulk Edit Categories and Tags – Create Thousands Quickly on the Editor | [bulk-edit-categories-tags]()
Bulk Edit Easy Digital Downloads – Fast Bulk Creator | [wp-sheet-editor-edd-downloads]()
Bulk Edit Events – Create Events in a Bulk Editor | [bulk-edit-events]()
Bulk Edit Posts and Products in Spreadsheet | [wp-sheet-editor-bulk-spreadsheet-editor-for-posts-and-pages]()
Bulk Edit and Create User Profiles – WP Sheet Editor | [bulk-edit-user-profiles-in-spreadsheet]()
Bulk Landing Page Creator for WordPress – LPagery | [lpagery]()
Bulk WooCommerce Category Creator | [bulk-woocommerce-category-creator]()
Business Profile Reviews | [business-profile-reviews]()
CAPTCHA 4WP | [advanced-nocaptcha-recaptcha]()
CF7 Constant Contact Fields Mapping | [cf7-constant-contact-fields-mapping]()
CF7 ReCaptcha Mine | [cf7-recaptcha-mine]()
CF7 Skins for Contact Form 7 | [contact-form-7-skins]()
CPA OFFERWALL | [cpa-offerwall]()
Caldera Forms – More Than Contact Forms | [caldera-forms]()
Campation PostOffice – Send Email Spam-free on HighSpeed without WP SMTP Email plugin | [campation-postoffice]()
Carousel, Recent Post Slider and Banner Slider | [spice-post-slider]()
Cart Weight for WooCommerce | [cart-weight-for-woocommerce]()
CartPops – High Converting Add To Cart Popup For WooCommerce | [cartpops]()
Caxton – Create Pro page layouts in Gutenberg | [caxton]()
Chamber Dashboard Business Directory | [chamber-dashboard-business-directory]()
Change Price Title for WooCommerce | [change-wc-price-title]()
Change Prices with Time for WooCommerce | [change-prices-with-time-for-woocommerce]()
Chat Button by GetButton.io | [whatshelp-chat-button]()
Chat Button- Leads and Order over Chat | [order-on-chat-for-woocommerce]()
ChatPressAI – AI Supported Blogging and Reasearch | [chatpressai]()
Check Zipcode | [check-zipcode]()
Checkbox | [checkbox]()
Checkout with Cash App on WooCommerce | [wc-cashapp]()
Checkout with Venmo on Woocommerce | [momo-venmo]()
Checkout with Zelle on Woocommerce | [wc-zelle]()
Child Support Calculator | [child-support-calculator]()
China Payments Plugin | Accept WeChat Pay and Alipay | [wp-stripe-global-payments]()
Choice Payment Gateway for WooCommerce | [choice-payment-gateway-for-woocommerce]()
Cleanup Action Scheduler | [cleanup-action-scheduler]()
Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress | [sprout-invoices]()
Client Portal : SuiteDash Direct Login | [client-portal-suitedash-login]()
ClimateClick: Climate Action for all | [co2ok-for-woocommerce]()
ClinicalWP Core | [clinicalwp-core]()
Cloud SAML SSO – Single Sign On Login | [cloud-sso-single-sign-on]()
Code Manager | [code-manager]()
CodePile | [codepile]()
Coinbase Commerce for Contact Form 7 | [coinbase-commerce-for-contact-form-7]()
Coinbase Commerce – Crypto Gateway for WooCommerce | [commerce-coinbase-for-woocommerce]()
Coming Soon Master | [coming-soon-master]()
Coming Soon Page and Maintenance Mode for WordPress Block Editor | [coming-soon-blocks]()
Coming Soon Pages for WordPress – Coming Soon Booster | [wp-coming-soon-booster]()
Comments Not Replied To | [comments-not-replied-to]()
Compare Affiliated Products | [compare-affiliated-products]()
Conditional Logic for Woo Product Add-ons | [conditional-logic-for-woo-product-add-ons]()
Conditional Payment Methods for WooCommerce | [conditional-payments]()
ConeBlog – WordPress Blog Widgets | [coneblog-widgets]()
Connect WooCommerce Holded | [import-holded-products-woocommerce]()
Connected Sermons | [connected-sermons]()
Constellation: Smart Tools for WooCommerce | [smart-tools-for-woocommerce]()
Contact Form 7 Designer | [contact-form-7-designer]()
Contact Form 7 Module For Divi Builder | [cf7-styler-for-divi]()
Contact Form 7 Multi-Step Forms | [contact-form-7-multi-step-module]()
Contact Form 7 – Capsule CRM – Integration | [integration-of-capsule-crm-for-contact-form-7]()
Contact Form By Mega Forms – Drag and Drop Form Builder | [mega-forms]()
Contact Form DB Divi | [contact-form-db-divi]()
Contact Form Generator : Creative form builder for WordPress | [contact-form-generator]()
Contact Form for WordPress- Cybrosys | [reach-us-contact-form]()
Contact Form to Any API | [contact-form-to-any-api]()
Contact List – Easy Contact Manager, Address Book and Business Directory Plugin | [contact-list]()
Contact Widgets For Elementor all the contact links you need in one place | [contact-widgets-for-elementor]()
Contact form builder for Gutenberg – Formello | [formello]()
Content Blocks Builder | [content-blocks-builder]()
Content Hubs | [content-hubs]()
Content Scheduler – Schedule Posts, Editorial Calendar and Notes | [wpcs-content-scheduler]()
Content Sidebars | [content-sidebars]()
Content Slider for WP Posts (Section Slider) | [section-slider]()
Convert Classic Editor to Gutenberg Blocks | [convert-classic-editor-to-blocks]()
Convert Pro | [convertpro]()
Convoworks WP | [convoworks-wp]()
Cooked – Recipe Plugin | [cooked]()
Cookii – Free GDPR Cookie Consent | [easy-wp-cookie-popup]()
Cool Author Box – For Widget and Post Content | [hm-cool-author-box-widget]()
Copy Anything to Clipboard | [copy-the-code]()
Cost Calculator Builder | [cost-calculator-builder]()
Country Based Payments for WooCommerce | [woocommerce-country-based-payments]()
Court Reservation – Manage Your Court Bookings Online | [court-reservation]()
Cozy Addons for Elementor – Header and Footer builder for Elementor, Layout and Widgets for WooCommerce, Magazine, slider, blog and more. | [cozy-addons]()
Cryptocurrency Portfolio Tracker | [cryptocurrency]()
Cryptocurrency Product for WooCommerce | [cryptocurrency-product-for-woocommerce]()
Custom Login Page Customizer | [login-customizer]()
Custom Login Page Customizer – Login Designer | [login-designer]()
Custom Order Status Per Product for WooCommerce | [woo-order-status-per-product]()
Custom Product Builder – Designer and Order Customized | [custom-product-builder-for-woocommerce]()
Custom Product Type For WooCommerce | [custom-product-type-for-woocommerce]()
Custom Tabs for Products WooCommerce | [custom-tabs-for-products-woocommerce]()
Custom User Guide | [custom-user-guide]()
Custom Welcome Guide | [custom-welcome-guide]()
Custom WooCommerce Checkout Fields Editor | [add-fields-to-checkout-page-woocommerce]()
Customer Chat Facebook | [customer-chat-facebook]()
Customize WordPress Emails and Alerts – Better Notifications for WP | [bnfw]()
Customizer custom controls with Drag and Drop builder – Customizely | [customizely]()
DEV.LAND | [dev-land]()
DIVI Enhancer – DIVI Modules and Options | [miguras-divi-enhancer]()
Da Reactions | [da-reactions]()
DancePress (TRWA) | [dancepress-trwa]()
Dashy – Google Analytics advanced dashboard | [dashylite](Read More

Exit mobile version