Wordfence Intelligence Weekly WordPress Vulnerability Report (May 8, 2023 to May 14, 2023)

Last week, there were 139 vulnerabilities disclosed in 105 WordPress plugins and 2 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database by the Wordfence Threat Intelligence Team.

The team also deployed 1 new firewall rule that provide Wordfence Premium, Care and Response customers with enhanced vulnerability protection for a vulnerability that has already started seeing active exploitation. Wordfence free users will receive this protection after a 30 day delay

P.S. If you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities.


At Farweb, we have well updated the affected plugins and themes so that they are no longer a risk to your website.

The mission of the Wordfence Intelligence security plugin is to make information about vulnerabilities easily accessible to everyone. This article was translated directly from their newsletter.

New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:

Essential Addons for Elementor <= 5.7.1 – Unauthenticated Arbitrary Password Reset to Privilege Escalation
This vulnerability is being actively exploited. We have blocked over 600 exploit attempts in the past 24 hours, and expect this to continue. You can read more about this here.

Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.

Total Unpatched & Patched Vulnerabilities Last Week

Patch Status Number of Vulnerabilities
Unpatched 47
Patched 92

WordPress Plugins with Reported Vulnerabilities Last Week

Software Name Software Slug
10Web Social Post Feed wd-facebook-feed
Active Directory Integration / LDAP Integration ldap-login-for-intranet-sites
Add Posts to Pages add-posts-to-pages
Announcement & Notification Banner – Bulletin bulletin-announcements
Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection stopbadbots
Block Referer Spam block-referer-spam
Booking Ultra Pro Appointments Booking Calendar Plugin booking-ultra-pro
Brands for WooCommerce brands-for-woocommerce
Button button
CALL ME NOW lokalyze-call-now
CM On Demand Search And Replace cm-on-demand-search-and-replace
Column-Matic column-matic
Community by PeepSo – Social Network, Membership, Registration, User Profiles peepso-core
Complianz – GDPR/CCPA Cookie Consent complianz-gdpr
Custom Base Terms custom-base-terms
Custom Field Suite custom-field-suite
DBargain d-bargain
DevBuddy Twitter Feed devbuddy-twitter-feed
Directorist – WordPress Business Directory Plugin with Classified Ads Listings directorist
Don8 don8
Donations Made Easy – Smart Donations smart-donations
Download Manager download-manager
Download Monitor download-monitor
Dyslexiefont Free dyslexiefont
Easy Form by AYS easy-form
Easy Hide Login easy-hide-login
Elementor Website Builder elementor
Essential Addons for Elementor essential-addons-for-elementor-lite
ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) google-analytics-dashboard-for-wp
Featured Image Pro Post Grid featured-image-pro
Forget About Shortcode Buttons forget-about-shortcode-buttons
Free WordPress Lead Generation Opt in, Free Popups, Generated Lead Email Popup, Exit-Intent Popup – NotifyVisitors notifyvisitors-lead-form
Frontend Post WordPress Plugin – AccessPress Anonymous Post accesspress-anonymous-post
GTmetrix for WordPress gtmetrix-for-wordpress
Get your number get-your-number
GiveWP – Donation Plugin and Fundraising Platform give
Google Site Verification plugin using Meta Tag google-site-verification-using-meta-tag
Hide My WP Ghost – Security Plugin hide-my-wp
Hostel hostel
Hyphenator hyphenator
Injection Guard injection-guard
LetterPress – E-Mail campaigns, marketing and newsletter Plugin for WordPress letterpress
Link Whisper Free link-whisper
Locatoraid Store Locator locatoraid
MW WP Form mw-wp-form
MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder mailchimp-subscribe-sm
Manager for Icomoon manager-for-icomoon
MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) google-analytics-for-wordpress
My WP Customize Admin/Frontend my-wp
Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue mailin
Order Your Posts Manually order-your-posts-manually
Owl Carousel owl-carousel
Pinterest RSS Widget pinterest-rss-widget
Portfolio Gallery – Responsive Image Gallery gallery-portfolio
Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User Submissions buddyforms
Post Snippets – Custom WordPress Code Snippets Customizer post-snippets
Post State Tags post-state-tags
Pricing Table Builder – AP Pricing Tables Lite ap-pricing-tables-lite
Pro Mime Types pro-mime-types
Product page shipping calculator for WooCommerce product-page-shipping-calculator-for-woocommerce
QuBot – Chatbot Builder with Templates qubotchat
Quick Page/Post Redirect Plugin quick-pagepost-redirect-plugin
Radio Station by netmix® – Manage and play your Show Schedule in WordPress! radio-station
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login custom-registration-form-builder-with-submission-manager
Restaurant Menu – Food Ordering System – Table Reservation menu-ordering-reservations
SALERT – Fake Sales Notification WooCommerce salert
SEO by 10Web seo-by-10web
ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization shortpixel-adaptive-images
Simple Calendar – Google Calendar Plugin google-calendar-events
Slimstat Analytics wp-slimstat
Snow Monkey Forms snow-monkey-forms
SoundCloud Is Gold soundcloud-is-gold
Sunny Search fast-search-powered-by-solr
Team Circle Image Slider With Lightbox circle-image-slider-with-lightbox
Ultimate Addons for Contact Form 7 ultimate-addons-for-contact-form-7
VK All in One Expansion Unit vk-all-in-one-expansion-unit
VK Blocks vk-blocks
VK Blocks Pro vk-blocks-pro
WCP Contact Form wcp-contact-form
WP Abstracts wp-abstracts-manuscripts-manager
WP All Backup wp-all-backup
WP Category Post List Widget wp-category-posts-list
WP Chinese Conversion wp-chinese-conversion
WP Multi Store Locator wp-multi-store-locator
WP Reactions Lite wp-reactions-lite
WP Register Profile With Shortcode wp-register-profile-with-shortcode
WP Replicate Post wp-replicate-post
WP Responsive Tabs horizontal vertical and accordion Tabs responsive-horizontal-vertical-and-accordion-tabs
WP-Chatbot for Messenger wp-chatbot
WPCS – WordPress Currency Switcher Professional currency-switcher
Web Stories for WordPress UNKNOWN-CVE-2023-1979-1
Whydonate – FREE Donate button – Crowdfunding – Fundraising wp-whydonate
Wise Chat wise-chat
Woo Custom Emails woo-custom-emails
Woodmart Core woodmart-core
WordPress Online Booking and Scheduling Plugin – Bookly bookly-responsive-appointment-booking-tool
YITH WooCommerce Gift Cards Premium yith-woocommerce-gift-cards-premium
Yoast SEO Premium wordpress-seo-premium
Yoast SEO: Local wpseo-local
Zero Spam for WordPress zero-spam
eBecas ebecas
iframe popup iframe-popup
itemprop WP for SERP/SEO Rich snippets itempropwp
weebotLite weebotlite
wordpress vertical image slider plugin wp-vertical-image-slider

WordPress Themes with Reported Vulnerabilities Last Week

Software Name Software Slug
Divi Divi
Woodmart woodmart

Source : https://www.wordfence.com/blog/2023/05/wordfence-intelligence-weekly-wordpress-vulnerability-report-may-8-2023-to-may-14-2023/


More news