Last week, there were 132 vulnerabilities disclosed in 119 WordPress Plugins and no WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 47 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Table of Contents
- New Firewalls
- Total Patched & Unpatched
- Total Vulnerabilities By CVSS
- Total Vulnerabilities By CWE
- WordPress Themes Vulnerabilities Reported
- WordPress Plugins Vulnerabilities Reported
New Firewall Rules Deployed Last Week
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
- None
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
|---|---|
| Patched | 88 |
| Unpatched | 44 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
|---|---|
| Medium Severity | 105 |
| High Severity | 18 |
| Critical Severity | 9 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
|---|---|
| Missing Authorization | 33 |
| Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 32 |
| Cross-Site Request Forgery (CSRF) | 18 |
| Exposure of Sensitive Information to an Unauthorized Actor | 10 |
| Unrestricted Upload of File with Dangerous Type | 7 |
| Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) | 5 |
| Deserialization of Untrusted Data | 3 |
| Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) | 3 |
| Server-Side Request Forgery (SSRF) | 3 |
| Authorization Bypass Through User-Controlled Key | 2 |
| Improper Authorization | 2 |
| Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) | 2 |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | 2 |
| Improper Control of Generation of Code (‘Code Injection’) | 1 |
| Incorrect Authorization | 1 |
| Incorrect Comparison | 1 |
| Insertion of Sensitive Information into Log File | 1 |
| Missing Authentication for Critical Function | 1 |
| Protection Mechanism Failure | 1 |
| Reliance on Untrusted Inputs in a Security Decision | 1 |
| URL Redirection to Untrusted Site (‘Open Redirect’) | 1 |
| Use of Hard-coded Cryptographic Key | 1 |
| Use of Hard-coded Password | 1 |
WordPress Themes with Reported Vulnerabilities Last Week
| Software Slug |
|---|
| NO THEMES THIS WEEK |
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| Academy LMS Pro | academy-pro |
| Academy LMS – WordPress LMS Plugin for Complete eLearning Solution | academy |
| Ad Inserter – Ad Manager & AdSense Ads | ad-inserter |
| Ai Auto Tool Content Writing Assistant All in One | ai-auto-tool |
| AI Engine | ai-engine |
| Alex Reservations: Smart Restaurant Booking | alex-reservations |
| All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier | aio-time-clock-lite |
| Asgaros Forum | asgaros-forum |
| Associados Amazon Plugin | brzon |
| aThemes Addons for Elementor | athemes-addons-for-elementor-lite |
| Auto Prune Posts | auto-prune-posts |
| Backup Migration | backup-backup |
| Better Find and Replace – AI-Powered Suggestions | real-time-auto-find-and-replace |
| Blog2Social: Social Media Auto Post & Scheduler | blog2social |
| Booking Manager – Sync WP Booking Calendar – Import Events, Export Bookings to ICS Calendar | booking-manager |
| Bootstrap Multi-language Responsive Portfolio | bootstrap-multi-language-responsive-portfolio |
| Broken Link Manager | broken-link-manager |
| Carousel Block – Responsive Image and Content Carousel | b-carousel-block |
| CE21 Suite | ce21-suite |
| Centangle-Team | centangle-team |
| clubmember | clubmember |
| Connector Wizard (formerly LC Wizard) | ghl-wizard |
| Contact Form 7 AWeber Extension | integrate-contact-form-7-and-aweber |
| Content Locker for Elementor | content-locker-for-elementor |
| Content Pilot – Autoblogging & Affiliate Marketing Suite | wp-content-pilot |
| Cookie Banner, Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) : WP Cookie Consent | gdpr-cookie-consent |
| CoSchedule | coschedule-by-todaymade |
| Course Booking System | course-booking-system |
| Crypto Payment Gateway with Payeer for WooCommerce | crypto-payment-gateway-with-payeer-for-woocommerce |
| CYAN Backup | cyan-backup |
| Depicter — Popup & Slider Builder | depicter |
| Document Embedder – Embed PDFs, Word, Excel, and Other Files | document-emberdder |
| DominoKit | dominokit |
| Download Manager | download-manager |
| Easy Digital Downloads – eCommerce Payments and Subscriptions made easy | easy-digital-downloads |
| Easy Email Subscription | email-subscription-with-secure-captcha |
| Easy Upload Files During Checkout | easy-upload-files-during-checkout |
| Easy WordPress Funnel Builder To Collect Leads And Increase Sales – WPFunnels | wpfunnels |
| Elegance Menu | elegance-menu |
| EM Beer Manager | em-beer-manager |
| Email Subscribers & Newsletters – Powerful Email Marketing, Post Notification & Newsletter Plugin for WordPress & WooCommerce | email-subscribers |
| EventPrime – Events Calendar, Bookings and Tickets | eventprime-event-calendar-management |
| Everest Forms Pro | everest-forms-pro |
| Extensions for Leaflet Map | extensions-leaflet-map |
| Features | features |
| File Manager for Google Drive – Integrate Google Drive | integrate-google-drive |
| Flexible Refund and Return Order for WooCommerce | flexible-refund-and-return-order-for-woocommerce |
| Footnotes Made Easy | footnotes-made-easy |
| Free Quotation | free-quotation |
| FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce | wp-marketing-automations |
| Gallery Plugin for WordPress – Envira Photo Gallery | envira-gallery-lite |
| Graphina – Charts and Graphs For Elementor | graphina-elementor-charts-and-graphs |
| Gravity Forms | gravityforms |
| Greenshift – animation and page builder blocks | greenshift-animation-and-page-builder-blocks |
| Groups | groups |
| Guest posting / Frontend Posting / Front Editor – WP Front User Submit | front-editor |
| HTML Forms – Simple WordPress Forms Plugin | html-forms |
| Hubbub Lite – Fast, free social sharing and follow buttons | social-pug |
| IDonate – Blood Donation, Request And Donor Management System | idonate |
| Image Comparison Addon for Elementor | image-comparison-elementor-addon |
| Image Hover Effects for Elementor | image-hover-effects-elementor-addon |
| Import Export For WooCommerce | import-export-for-woocommerce |
| Insert Headers and Footers Code – HT Script | insert-headers-and-footers-script |
| KiotViet Sync | kiotvietsync |
| Label Plugins | label-plugins |
| LearnPress – WordPress LMS Plugin | learnpress |
| LinkedIn Resume | linkedin-resume |
| LMB^Box Smileys | lmbbox-smileys |
| Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more | mail-mint |
| Mang Board WP | mangboard |
| MapMap | mapmap |
| Master Blocks – Ultimate Gutenberg Blocks for Marketers | ultimate-blocks-for-gutenberg |
| MeetingList | meeting-list |
| Nari Accountant | nari-accountant |
| New User Approve | new-user-approve |
| Ohio Extra | ohio-extra |
| Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More | themeisle-companion |
| Ovatheme Events Manager | ova-events-manager |
| Page & Post Notes | page-post-notes |
| Pagerank tools | pagerank-tools |
| Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction | paid-member-subscriptions |
| Posts Navigation Links for Sections and Headings – Free by WP Masters | posts-navigation-links-for-sections-and-headings-free-by-wp-masters |
| Premium Portfolio Features for Phlox theme | auxin-portfolio |
| Quick Featured Images | quick-featured-images |
| Reuse Builder | reuse-builder |
| Rey Core | Rey-Core |
| Saphali LiqPay for donate | saphali-liqpay-for-donate |
| Seriously Simple Podcasting | seriously-simple-podcasting |
| SH Contextual Help | sh-contextual-help |
| ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution (formerly WooLentor) | woolentor-addons |
| Simple Downloads List | simple-downloads-list |
| Simple User Capabilities | simple-user-capabilities |
| Smart Auto Upload Images – Import External Images | smart-auto-upload-images |
| SMS for WordPress | sms4wp |
| Spectra Gutenberg Blocks – Website Builder for the Block Editor | ultimate-addons-for-gutenberg |
| Strong Testimonials | strong-testimonials |
| SUMO Affiliates Pro | affs |
| TablePress – Tables in WordPress made easy | tablepress |
| Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI | simple-tags |
| TAX SERVICE Electronic HDM | virtual-hdm-for-taxservice-am |
| The Events Calendar | the-events-calendar |
| Top Bar Notification | top-bar-notification |
| Travelers’ Map | travelers-map |
| Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin | uncanny-automator |
| ViaAds | viaads |
| Visit Counter | visit-counter |
| Visual Link Preview | visual-link-preview |
| WooCommerce Ultimate Points And Rewards | woocommerce-ultimate-points-and-rewards |
| WordPress eCommerce Plugin – Studiocart | studiocart |
| WP 2FA – Two-factor authentication for WordPress | wp-2fa |
| WP Airbnb Review Slider | wp-airbnb-review-slider |
| WP Carticon | wp-carticon |
| WP Global Screen Options | wp-global-screen-options |
| WP Hotel Booking | wp-hotel-booking |
| WP Snow Effect | wp-snow-effect |
| WP2Social Auto Publish | facebook-auto-publish |
| WPCF7 Stop words | wpcf7-stop-words |
| WPeMatico RSS Feed Fetcher | wpematico |
| ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns | zoloblocks |
Have ServiceNow & WordPress?
Purchase ServicePress Core and get ServicePress: Wordfence Security (add-on) for Free.