Wordfence Intelligence Weekly (December 4 to December 10, 2023)
Last week, there were 109 vulnerabilities disclosed in 98 WordPress Plugins and 10 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database. Review those vulnerabilities in this report now with your security team to ensure your site is not affected.
Credit: Wordfence Intelligence
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
| Unpatched | 63 |
| Patched | 46 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
| Low Severity | 0 |
| Medium Severity | 88 |
| High Severity | 9 |
| Critical Severity | 12 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
| Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 28 |
| Missing Authorization | 28 |
| Cross-Site Request Forgery (CSRF) | 21 |
| Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) | 6 |
| Unrestricted Upload of File with Dangerous Type | 5 |
| Deserialization of Untrusted Data | 5 |
| Information Exposure | 3 |
| Improper Authorization | 2 |
| Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) | 2 |
| Use of Less Trusted Source | 1 |
| Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) | 1 |
| Uncontrolled Resource Consumption (‘Resource Exhaustion’) | 1 |
| Protection Mechanism Failure | 1 |
| Authorization Bypass Through User-Controlled Key | 1 |
| Server-Side Request Forgery (SSRF) | 1 |
| Improper Control of Generation of Code (‘Code Injection’) | 1 |
| Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’) | 1 |
| Improper Neutralization of Alternate XSS Syntax | 1 |
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
| Advanced Database Cleaner | advanced-database-cleaner |
| Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress | advanced-page-visit-counter |
| Alma – Pay in installments or later for WooCommerce | alma-gateway-for-woocommerce |
| Alt Manager | alt-manager |
| Annual Archive | anual-archive |
| AppMySite – Create an app with the Best Mobile App Builder | appmysite |
| ArtPlacer Widget | artplacer-widget |
| Astra Pro Addon | astra-addon |
| Author Avatars List/Block | author-avatars |
| Awesome Support – WordPress HelpDesk & Support Plugin | awesome-support |
| BCorp Shortcodes | bcorp-shortcodes |
| Backup Migration | backup-backup |
| Bacola Core | bacola-core |
| Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo | biteship |
| Block for Font Awesome | block-for-font-awesome |
| Bold Page Builder | bold-page-builder |
| Bulk Edit Post Titles | bulk-edit-post-titles |
| Burst Statistics Pro | burst-pro |
| Burst Statistics – Privacy-Friendly Analytics for WordPress | burst-statistics |
| CSV Importer | csv-importer |
| CSprite | csprite |
| Caddy – Smart Side Cart for WooCommerce | caddy |
| Calculated Fields Form | calculated-fields-form |
| Clotya Core | clotya-core |
| Code Embed | simple-embed-code |
| Cookie Bar | cookie-bar |
| Cosmetsy Core | cosmetsy-core |
| Custom Login | custom-login |
| Custom Post Type Page Template | custom-post-type-page-template |
| Dashboard Widgets Suite | dashboard-widgets-suite |
| Digital Publications by Supsystic | digital-publications-by-supsystic |
| Duplicator Pro | duplicator-pro |
| Duplicator – WordPress Migration & Backup Plugin | duplicator |
| Elementor Timeline Widget | 3r-elementor-timeline-widget |
| Elementor Website Builder – More than Just a Page Builder | elementor |
| Email Subscription Popup | email-subscribe |
| EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor | embedpress |
| Event Manager, Event Calendar, Event Tickets for WooCommerce – Eventin | wp-event-solution |
| FOX – Currency Switcher Professional for WooCommerce | woocommerce-currency-switcher |
| First Order Discount Woocommerce | first-order-discount-woocommerce |
| Fix My Feed RSS Repair | fix-my-feed-rss-repair |
| Flexible Woocommerce Checkout Field Editor | flexible-woocommerce-checkout-field-editor |
| Furnob Core | furnob-core |
| Genesis Simple Love | genesis-simple-love |
| Gift Up Gift Cards for WordPress and WooCommerce | gift-up |
| Guest Author | guest-author |
| Ibtana – WordPress Website Builder | ibtana-visual-editor |
| Import and export users and customers | import-users-from-csv-with-meta |
| Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site | integrate-google-drive |
| LiveChat – WP live chat plugin for WordPress | wp-live-chat-software-for-wordpress |
| Login With Ajax | login-with-ajax |
| MW WP Form | mw-wp-form |
| Manage Notification E-mails | manage-notification-emails |
| Medibazar Core | medibazar-core |
| Menu Bar Cart Icon For WooCommerce By Binary Carpenter | bc-menu-cart-woo |
| Multi Currency For WooCommerce | wc-multi-currency |
| Optin Forms – Simple List Building Plugin for WordPress | optin-forms |
| Parto Core | partdo-core |
| PayTR Taksit Tablosu – WooCommerce | paytr-taksit-tablosu-woocommerce |
| Piotnet Forms | piotnetforms |
| Post Duplicator | post-duplicator |
| Product Catalog Feed by PixelYourSite | product-catalog-feed |
| Product Enquiry for WooCommerce | gm-woocommerce-quote-popup |
| Redirects | redirects |
| RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | custom-registration-form-builder-with-submission-manager |
| Responsive Slick Slider WordPress | responsive-slick-slider |
| Rocket Maintenance Mode & Coming Soon Page | rocket-maintenance-mode |
| Sayfa Sayac | sayfa-sayac |
| SharkDropship & Affiliate for AliExpress, eBay, Amazon, Etsy | woo-aliexpress-dropshipping |
| Shortcoder — Create Shortcodes for Anything | shortcoder |
| Shortcodes and extra features for Phlox theme | auxin-elements |
| Smart External Link Click Monitor [Link Log] | link-log |
| Smart Forms – when you need more than just a contact form | smart-forms |
| Social Media Feather | social media sharing | social-media-feather |
| Spectra – WordPress Gutenberg Blocks | ultimate-addons-for-gutenberg |
| SpeedyCache – Cache, Optimization, Performance | speedycache |
| Square Thumbnails | square-thumbnails |
| Structured Content (JSON-LD) #wpsc | structured-content |
| SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything! | suretriggers |
| Symbiostock – Sell Photos Online For Free! | symbiostock |
| System Dashboard | system-dashboard |
| Translate WordPress – Google Language Translator | google-language-translator |
| Tutor LMS – eLearning and online course solution | tutor |
| Ultimate Addons for Contact Form 7 | ultimate-addons-for-contact-form-7 |
| Ultimate Dashboard – Custom WordPress Dashboard | ultimate-dashboard |
| Video PopUp | video-popup |
| WP Booking System – Booking Calendar | wp-booking-system |
| WP Photo Album Plus | wp-photo-album-plus |
| WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts | wedevs-project-manager |
| WPBakery Page Builder Addons by Livemesh | addons-for-visual-composer |
| WPPerformanceTester | wpperformancetester |
| WPsoonOnlinePage | wp-soononline-page |
| WappPress – Create Mobile App for any WordPress site with our Mobile App Builder in just 1 minute | wapppress-builds-android-app-for-website |
| Webflow Pages | webflow-pages |
| Welcart e-Commerce | usc-e-shop |
| WooDiscuz – WooCommerce Comments | woodiscuz-woocommerce-comments |
| WooPayments – Fully Integrated Solution Built and Supported by Woo | woocommerce-payments |
| WordPress Simple HTML Sitemap | wp-simple-html-sitemap |
WordPress Themes with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
| Adifier – Classified Ads WordPress Theme | adifier-system |
| Bacola – Grocery Store and Food eCommerce Theme | bacola |
| Clotya – Fashion Store eCommerce Theme | clotya |
| Cosmetsy – Beauty Cosmetics Shop Theme | cosmetsy |
| Couponis Demo | couponis-demo |
| Furnob – Furniture Store WooCommerce Theme | furnob |
| Machic – Electronics Store WooCommerce Theme | machic-core |
| Medibazar – Medical WooCommerce Theme | medibazar |
| Partdo – Auto Parts and Tools Shop WooCommerce Theme | partdo |
| Soledad | soledad |
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
***Please note: If you subscribe to the EntreBase ~ Threat Monitoring service and EntreBase monitors your WordPress site, with the scanner enabled, you should’ve already been notified, and actions will have already been taken by our Security Team if your site was affected by any of these vulnerabilities.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us using our CVE Request form, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
