Wordfence Intelligence Weekly WordPress Vulnerability Report (Apr 24, 2023 to Apr 30, 2023)

Last week, there were 77 vulnerabilities disclosed in 68 WordPress plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database by the Wordfence Threat Intelligence Team.

There were more unpatched vulnerabilities than patched vulnerabilities last week, so it’s more important than ever to review the vulnerability report to ensure your site isn’t affected by any of the vulnerabilities that have been disclosed, and take corrective action if your site is.

At Farweb, we have well updated the affected plugins and themes so that they are no longer a risk to your website.

The mission of the Wordfence Intelligence security plugin is to make information about vulnerabilities easily accessible to everyone. This article was translated directly from their newsletter.

Total Unpatched & Patched Vulnerabilities Last Week

Patch Status Number of Vulnerabilities
Unpatched 40
Patched 37

WordPress Plugins with Reported Vulnerabilities Last Week

Software Name Software Slug
AJAX Thumbnail Rebuild ajax-thumbnail-rebuild
Advanced Category Template advanced-category-template
Advanced Youtube Channel Pagination advanced-youtube-channel-pagination
Arconix Shortcodes arconix-shortcodes
Autoptimize autoptimize
BSK Forms Blacklist bsk-gravityforms-blacklist
Bit File Manager – 100% free file manager for WordPress file-manager
Booking Manager booking-manager
CM On Demand Search And Replace cm-on-demand-search-and-replace
CRM Memberships crm-memberships
Chronosly Events Calendar chronosly-events-calendar
ClickFunnels clickfunnels
Custom 404 Pro custom-404-pro
Customizer Export/Import customizer-export-import
Decon WP SMS decon-wp-sms
Depicter Slider – Responsive Image Slider, Video Slider & Post Slider depicter
Display custom fields in the frontend – Post and User Profile Fields shortcode-to-display-post-and-user-data
Dynamically Register Sidebars dynamically-register-sidebars
Easy Bet easy-bet
Elementor Website Builder elementor
Emails & Newsletters with Jackmail jackmail-newsletters
Extensions for Leaflet Map extensions-leaflet-map
Forms Ada – Form Builder forms-ada-form-builder
HTTP Headers http-headers
Image Optimizer by 10web – Image Optimizer and Compression plugin image-optimizer-wd
Inactive User Deleter inactive-user-deleter
Integration for Contact Form 7 HubSpot cf7-hubspot
Ko-fi Button ko-fi-button
Logo Scheduler – Great for holidays, events, and more logo-scheduler-great-for-holidays-events-and-more
Maintenance Switch maintenance-switch
Mass Email To users mass-email-to-users
NS Coupon To Become Customer ns-coupon-to-become-customer
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress ninja-forms
Orbit Fox by ThemeIsle themeisle-companion
Photo Gallery Slideshow & Masonry Tiled Gallery wp-responsive-photo-gallery
Plugins List plugins-list
Progress Bar progress-bar
Push Notifications for WordPress by PushAssist push-notification-for-wp-by-pushassist
REST API TO MiniProgram rest-api-to-miniprogram
Rating-Widget: Star Review System rating-widget
Recipe Maker For Your Food Blog from Zip Recipes zip-recipes
SEO ALert seo-alert
Shield Security – Smart Bot Blocking & Intrusion Prevention wp-simple-firewall
Simple Giveaways – Grow your business, email lists and traffic with contests giveasap
Stock Sync for WooCommerce stock-sync-for-woocommerce
Stream stream
Thumbnail Slider With Lightbox wp-responsive-slider-with-lightbox
Thumbs Rating thumbs-rating
Tiempo.com tiempocom
Tippy tippy
URL Params url-params
Ultimate Addons for Contact Form 7 ultimate-addons-for-contact-form-7
Updraft updraft
User IP and Location user-ip-and-location
Video XML Sitemap Generator video-xml-sitemap-generator
WP BrowserUpdate wp-browser-update
WP Directory Kit wpdirectorykit
WP Inventory Manager wp-inventory-manager
WP Page Numbers wp-page-numbers
WP Search Analytics search-analytics
WP Visitor Statistics (Real Time Traffic) wp-stats-manager
WP-CORS wp-cors
WooCommerce Multivendor Marketplace – REST API wcfm-marketplace-rest-api
Woocommerce Tip/Donation woo-tipdonation
XML for Google Merchant Center xml-for-google-merchant-center
YARPP – Yet Another Related Posts Plugin yet-another-related-posts-plugin
Zephyr Project Manager zephyr-project-manager
wordpress vertical image slider plugin wp-vertical-image-slider

WordPress Themes with Reported Vulnerabilities Last Week

Software Name Software Slug
Arya Multipurpose arya-multipurpose
Mocho Blog mocho-blog
Viable Blog viable-blog

Source : https://www.wordfence.com/blog/2023/05/wordfence-intelligence-weekly-wordpress-vulnerability-report-apr-24-2023-to-apr-30-2023/

Facebook
Twitter
LinkedIn

More news