Wordfence Intelligence Weekly WordPress Vulnerability Report (September 18, 2023 to September 24, 2023)

Last week, there were 42 vulnerabilities disclosed in 37 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 10 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API and webhook integration are completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report. Individuals and Enterprises can use the vulnerability Database API to receive a complete dump of our database of over 11,800 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database all for free. This data can even be used commercially without any charge.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:

• Super Store Finder <= 6.9.2 – Unauthenticated Email Creation/Sending

Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.

Total Unpatched & Patched Vulnerabilities Last Week

Patch Status	Number of Vulnerabilities
Unpatched	5
Patched	37

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating	Number of Vulnerabilities
Low Severity	0
Medium Severity	37
High Severity	5
Critical Severity	0

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE	Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)	21
Cross-Site Request Forgery (CSRF)	8
Missing Authorization	6
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)	2
Improper Neutralization of Formula Elements in a CSV File	1
Information Exposure	1
Deserialization of Untrusted Data	1
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)	1
Authorization Bypass Through User-Controlled Key	1

Researchers That Contributed to WordPress Security Last Week

Researcher Name	Number of Vulnerabilities
Lana Codes (Wordfence Vulnerability Researcher)	11
Marco Wotschka (Wordfence Vulnerability Researcher)	3
Ivan Kuzymchak (Wordfence Vulnerability Researcher)	3
Do Xuan Trung	1
Skalucy	1
Zeyad Alshahrani	1
Etharus	1
JackYu	1
Malek Althubiany	1
Nguyen Xuan Chien	1

 

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.

WordPress Plugins with Reported Vulnerabilities Last Week

Software Name	Software Slug
Ad Inserter – Ad Manager & AdSense Ads	ad-inserter
Anchor Episodes Index (Spotify for Podcasters)	anchor-episodes-index
Astra Bulk Edit	astra-bulk-edit
Brands for WooCommerce	brands-for-woocommerce
Chat Button: WhatsApp, Facebook Messenger Chat, Telegram Chat, WeChat, Line Chat, Discord Chat for Customer Support Chat with floating Chat Widget	bit-assist
Checkfront Online Booking System	checkfront-wp-booking
Comment Blacklist Updater	comment-blacklist-updater
Comments – wpDiscuz	wpdiscuz
Connect Matomo (WP-Matomo, WP-Piwik)	wp-piwik
Contact Form by FormGet – Best Form Builder Plugin for WordPress	formget-contact-form
Copy Anything to Clipboard	copy-the-code
DoFollow Case by Case	dofollow-case-by-case
Drag and Drop Multiple File Upload for WooCommerce	drag-and-drop-multiple-file-upload-for-woocommerce
Easy Registration Forms	easy-registration-forms
Inactive Logout	inactive-logout
Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free	funnelforms-free
Leaflet Map	leaflet-map
Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator	legal-pages
Media Library Assistant	media-library-assistant
Memberlite Shortcodes	memberlite-shortcodes
Migration, Backup, Staging – WPvivid	wpvivid-backuprestore
Payment gateway per Product for WooCommerce	woocommerce-product-payments
Pop ups, WordPress Exit Intent Popup, Email Pop Up, Lightbox Pop Up, Spin the Wheel, Contact Form Builder – Poptin	poptin
Pre-Publish Checklist	pre-publish-checklist
School Management System – WPSchoolPress	wpschoolpress
Simple Cloudflare Turnstile – CAPTCHA Alternative	simple-cloudflare-turnstile
Statify – Extended Evaluation	extended-evaluation-for-statify
Super Store Finder	superstorefinder-wp
Table of Contents Plus	table-of-contents-plus
WP Discord Invite	wp-discord-invite
WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce	wp-event-manager
WP Mailto Links – Protect Email Addresses	wp-mailto-links
Weaver Xtreme Theme Support	weaverx-theme-support
Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode	coming-soon
Widget Responsive for Youtube	youtube-widget-responsive
WordPress Charts	wp-charts
iPanorama 360 – WordPress Virtual Tour Builder	ipanorama-360-virtual-tour-builder-lite

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

wpDiscuz <= 7.6.5 – Unauthenticated SQL Injection

Migration, Backup, Staging – WPvivid <= 0.9.89 – Authenticated (Administrator+) Arbitrary Directory Deletion via Path Traversal

iPanorama 360 – WordPress Virtual Tour Builder <= 1.7.3 – Authenticated (Admin+) SQL injection

Weaver Xtreme Theme Support <= 6.3.0 – Authenticated (Administrator+) PHP Object Injection via Imported File

Drag and Drop Multiple File Upload for WooCommerce <= 1.1.0 – Unauthenticated Stored Cross-Site Scripting

Funnelforms Free <= 3.3.9 – Unauthenticated Stored Cross-Site Scripting

WordPress Charts <= 0.7.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Leaflet Map <= 3.3.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Widget Responsive for Youtube <= 1.6.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Poptin <= 1.3 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Simple Cloudflare Turnstile <= 1.23.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Memberlite Shortcodes <= 1.3.8 – Authenticated (Contributor+) Stored Cross-Site Scripting

Anchor Episodes Index (Spotify for Podcasters) <= 2.1.7 – Authenticated (Contributor+) Stored Cross-Site Scripting

Media Library Assistant <= 3.10 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Copy Anything to Clipboard <= 2.6.4 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

WP Mailto Links – Protect Email Addresses <= 3.1.3 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

WP-Matomo Integration (WP-Piwik) <= 1.0.28 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Contact Form by FormGet <= 5.5.5 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

WPSchoolPress <= 2.2.4 – Cross-Site Request Forgery

Payment gateway per Product for WooCommerce <= 3.2.7 – Reflected Cross-Site Scripting

WP Discord Invite <= 2.4.1 – Reflected Cross-Site Scripting via webhook

Super Store Finder <= 6.9.2 – Unauthenticated Email Creation/Sending

Statify – Extended Evaluation <= 2.6.3 – Authenticated (Admin+) CSV Injection

Comment Blacklist Updater <= 1.1.0 – Cross-Site Request Forgery via update_blacklist_manual

Ad Inserter <= 2.7.30 – Unauthenticated Sensitive Information Exposure via ai_ajax

Pre-Publish Checklist <= 1.1.1 – Insecure Direct Object Reference to Arbitrary Post ‘_ppc_meta_key’ Update

Inactive Logout <= 3.2.2 – Missing Authorization

Ad Inserter <= 2.7.30 – Unauthenticated Sensitive Information Exposure via ai-debug-processing-fe

Table of Contents Plus <= 2302 – Authenticated (Administrator+) Stored Cross-Site Scripting

Migration, Backup, Staging – WPvivid <= 0.9.89 – Authenticated Stored Cross-Site Scripting

Bit Assist <= 1.1.9 – Authenticated (Administrator+) Stored Cross-Site Scripting

Migration, Backup, Staging – WPvivid <= 0.9.89 – Authenticated (Administrator+) Stored Cross-Site Scripting

WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce <= 3.1.37.1 – Authenticated (Admin+) Stored Cross-Site Scripting

Astra Bulk Edit <= 1.2.7 – Missing Authorization

Website Builder by SeedProd <= 6.15.13.1 – Cross-Site Request Forgery to Settings Update

Easy Registration Forms <= 2.1.1 – Authenticated (Subscriber+) Information Disclosure via Shortcode

DoFollow Case by Case <= 3.4.1 Cross-Site Request Forgery via getEmail and getUrl

Brands for WooCommerce <= 3.8.2.2 – Cross-Site Request Forgery

Legal Pages <= 1.3.7 – Missing Authorization on ‘deleteLegalTemplate’

Inactive Logout <= 3.2.2 – Cross-Site Request Forgery

Brands for WooCommerce <= 3.8.2.2 – Missing Authorization to Unauthenticated Order Manipulation and Information Retrieval

Checkfront Online Booking System <= 3.6 – Cross-Site Request Forgery

As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (September 18, 2023 to September 24, 2023) appeared first on Wordfence.

Article Link: https://www.wordfence.com/blog/2023/09/wordfence-intelligence-weekly-wordpress-vulnerability-report-september-18-2023-to-september-24-2023/