Wordfence Intelligence Weekly WordPress Vulnerability Report (June 12, 2023 to June 18, 2023)
Last week, there were 60 vulnerabilities disclosed in 52 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 25 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface and vulnerability API are completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
Total Unpatched & Patched Vulnerabilities Last Week
Patch Status | Number of Vulnerabilities |
Unpatched | 20 |
Patched | 40 |
Total Vulnerabilities by CVSS Severity Last Week
Severity Rating | Number of Vulnerabilities |
Low Severity | 1 |
Medium Severity | 53 |
High Severity | 6 |
Critical Severity | 0 |
Total Vulnerabilities by CWE Type Last Week
Vulnerability Type by CWE | Number of Vulnerabilities |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 26 |
Cross-Site Request Forgery (CSRF) | 21 |
Missing Authorization | 8 |
Information Exposure | 1 |
Authorization Bypass Through User-Controlled Key | 1 |
Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’) | 1 |
Unrestricted Upload of File with Dangerous Type | 1 |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) | 1 |
Researchers That Contributed to WordPress Security Last Week
Researcher Name | Number of Vulnerabilities |
Truoc Phan | 6 |
LEE SE HYOUNG | 5 |
Erwan LR | 5 |
Marco Wotschka (Wordfence Vulnerability Reasearcher) | 4 |
Abdi Pranata | 3 |
Mika | 3 |
Lana Codes (Wordfence Vulnerability Reasearcher) | 3 |
yuyudhn | 3 |
Nguyen Xuan Chien | 3 |
Rafshanzani Suhada | 2 |
konagash | 2 |
NeginNrb | 2 |
Rafie Muhammad | 2 |
A. S. M. Muhiminul Hasan | 1 |
Theodoros Malachias | 1 |
Rio Darmawan | 1 |
Le Ngoc Anh | 1 |
emad | 1 |
Alex Thomas (Wordfence Vulnerability Reasearcher) | 1 |
Daniel Ruf | 1 |
Amirmohammad vakili | 1 |
thiennv | 1 |
Chloe Chamberland (Wordfence Vulnerability Reasearcher) | 1 |
Phd | 1 |
killr00t | 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and obtain a CVE ID through this form. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
Software Name | Software Slug |
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup | armember-membership |
All Bootstrap Blocks | all-bootstrap-blocks |
Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress and all Kinds of Equipment | booking-and-rental-manager-for-woocommerce |
CF7 Google Sheets Connector | cf7-google-sheets-connector |
CF7 Google Sheets Connector Pro | cf7-google-sheets-connector-pro |
CHP Ads Block Detector | chp-ads-block-detector |
Church Admin | church-admin |
Constant Contact Forms | constant-contact-forms |
Contact Form by WD – responsive drag & drop contact form builder tool | contact-form-maker |
Elementor Forms Google Sheet Connector | gsheetconnector-for-elementor-forms |
Elementor Forms Google Sheet Connector Pro | gsheetconnector-for-elementor-forms-pro |
Flo Forms – Easy Drag & Drop Form Builder | flo-forms |
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder | form-maker |
Forminator – Contact Form, Payment Form & Custom Form Builder | forminator |
Galleria | galleria |
Google Map Shortcode | google-map-shortcode |
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor | front-editor |
LWS Cleaner | lws-cleaner |
LWS Tools | lws-tools |
Login Configurator | login-configurator |
MStore API | mstore-api |
MasterStudy LMS WordPress Plugin – for Online Courses and Education | masterstudy-lms-learning-management-system |
ND Shortcodes | nd-shortcodes |
Ninja Forms Google Sheet Connector | gsheetconnector-ninja-forms |
Ninja Forms Google Sheet Connector Pro | gsheetconnector-ninja-forms-pro |
Password Protected | password-protected |
Protect WP Admin | protect-wp-admin |
Recent Posts Slider | recent-posts-slider |
Recipe Maker For Your Food Blog from Zip Recipes | zip-recipes |
Securimage-WP | securimage-wp |
Seed Fonts | seed-fonts |
Sermon’e – Sermons Online | UNKNOWN-CVE-2023-35776-1 |
Stock Manager for WooCommerce | woocommerce-stock-manager |
Template Debugger | quick-edit-template-link |
Tutor LMS – eLearning and online course solution | tutor |
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) | unlimited-elements-for-elementor |
WP Affiliate Links | wp-affiliate-links |
WP Backup Manager | wp-backup-manager |
WP Directory Kit | wpdirectorykit |
WP Matterport Shortcode | shortcode-gallery-for-matterport-showcase |
WP PDF Generator | wp-pdf-generator |
WPForms Google Sheet Connector | gsheetconnector-wpforms |
WPForms Google Sheet Connector Pro | gsheetconnector-wpforms-pro |
Who Hit The Page – Hit Counter | who-hit-the-page-hit-counter |
WooCommerce Stripe Payment Gateway | woocommerce-gateway-stripe |
WordPress Contact Forms by Cimatti | contact-forms |
WordPress NextGen GalleryView | wordpress-nextgen-galleryview |
YaySMTP – Simple WP SMTP Mail | yaysmtp |
Zephyr Project Manager | zephyr-project-manager |
breadcrumb simple | breadcrumb-simple |
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin | mycred |
胖鼠采集(Fat Rat Collect) 微信知乎简书腾讯新闻列表分页采集, 还有自动采集、自动发布、自动标签、等多项功能。开源插件 | fat-rat-collect |
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities.
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Source: wordfence.com