Last week, there were 139 vulnerabilities disclosed in 105 WordPress plugins and 2 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database by the Wordfence Threat Intelligence Team.
The team also deployed 1 new firewall rule that provide Wordfence Premium, Care and Response customers with enhanced vulnerability protection for a vulnerability that has already started seeing active exploitation. Wordfence free users will receive this protection after a 30 day delay
P.S. If you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities.
At Farweb, we have well updated the affected plugins and themes so that they are no longer a risk to your website.
The mission of the Wordfence Intelligence security plugin is to make information about vulnerabilities easily accessible to everyone. This article was translated directly from their newsletter.
New Firewall Rules Deployed Last Week
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
Essential Addons for Elementor <= 5.7.1 – Unauthenticated Arbitrary Password Reset to Privilege Escalation
This vulnerability is being actively exploited. We have blocked over 600 exploit attempts in the past 24 hours, and expect this to continue. You can read more about this here.
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
| Unpatched | 47 |
| Patched | 92 |
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
| 10Web Social Post Feed | wd-facebook-feed |
| Active Directory Integration / LDAP Integration | ldap-login-for-intranet-sites |
| Add Posts to Pages | add-posts-to-pages |
| Announcement & Notification Banner – Bulletin | bulletin-announcements |
| Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection | stopbadbots |
| Block Referer Spam | block-referer-spam |
| Booking Ultra Pro Appointments Booking Calendar Plugin | booking-ultra-pro |
| Brands for WooCommerce | brands-for-woocommerce |
| Button | button |
| CALL ME NOW | lokalyze-call-now |
| CM On Demand Search And Replace | cm-on-demand-search-and-replace |
| Column-Matic | column-matic |
| Community by PeepSo – Social Network, Membership, Registration, User Profiles | peepso-core |
| Complianz – GDPR/CCPA Cookie Consent | complianz-gdpr |
| Custom Base Terms | custom-base-terms |
| Custom Field Suite | custom-field-suite |
| DBargain | d-bargain |
| DevBuddy Twitter Feed | devbuddy-twitter-feed |
| Directorist – WordPress Business Directory Plugin with Classified Ads Listings | directorist |
| Don8 | don8 |
| Donations Made Easy – Smart Donations | smart-donations |
| Download Manager | download-manager |
| Download Monitor | download-monitor |
| Dyslexiefont Free | dyslexiefont |
| Easy Form by AYS | easy-form |
| Easy Hide Login | easy-hide-login |
| Elementor Website Builder | elementor |
| Essential Addons for Elementor | essential-addons-for-elementor-lite |
| ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) | google-analytics-dashboard-for-wp |
| Featured Image Pro Post Grid | featured-image-pro |
| Forget About Shortcode Buttons | forget-about-shortcode-buttons |
| Free WordPress Lead Generation Opt in, Free Popups, Generated Lead Email Popup, Exit-Intent Popup – NotifyVisitors | notifyvisitors-lead-form |
| Frontend Post WordPress Plugin – AccessPress Anonymous Post | accesspress-anonymous-post |
| GTmetrix for WordPress | gtmetrix-for-wordpress |
| Get your number | get-your-number |
| GiveWP – Donation Plugin and Fundraising Platform | give |
| Google Site Verification plugin using Meta Tag | google-site-verification-using-meta-tag |
| Hide My WP Ghost – Security Plugin | hide-my-wp |
| Hostel | hostel |
| Hyphenator | hyphenator |
| Injection Guard | injection-guard |
| LetterPress – E-Mail campaigns, marketing and newsletter Plugin for WordPress | letterpress |
| Link Whisper Free | link-whisper |
| Locatoraid Store Locator | locatoraid |
| MW WP Form | mw-wp-form |
| MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder | mailchimp-subscribe-sm |
| Manager for Icomoon | manager-for-icomoon |
| MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) | google-analytics-for-wordpress |
| My WP Customize Admin/Frontend | my-wp |
| Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue | mailin |
| Order Your Posts Manually | order-your-posts-manually |
| Owl Carousel | owl-carousel |
| Pinterest RSS Widget | pinterest-rss-widget |
| Portfolio Gallery – Responsive Image Gallery | gallery-portfolio |
| Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User Submissions | buddyforms |
| Post Snippets – Custom WordPress Code Snippets Customizer | post-snippets |
| Post State Tags | post-state-tags |
| Pricing Table Builder – AP Pricing Tables Lite | ap-pricing-tables-lite |
| Pro Mime Types | pro-mime-types |
| Product page shipping calculator for WooCommerce | product-page-shipping-calculator-for-woocommerce |
| QuBot – Chatbot Builder with Templates | qubotchat |
| Quick Page/Post Redirect Plugin | quick-pagepost-redirect-plugin |
| Radio Station by netmix® – Manage and play your Show Schedule in WordPress! | radio-station |
| RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | custom-registration-form-builder-with-submission-manager |
| Restaurant Menu – Food Ordering System – Table Reservation | menu-ordering-reservations |
| SALERT – Fake Sales Notification WooCommerce | salert |
| SEO by 10Web | seo-by-10web |
| ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization | shortpixel-adaptive-images |
| Simple Calendar – Google Calendar Plugin | google-calendar-events |
| Slimstat Analytics | wp-slimstat |
| Snow Monkey Forms | snow-monkey-forms |
| SoundCloud Is Gold | soundcloud-is-gold |
| Sunny Search | fast-search-powered-by-solr |
| Team Circle Image Slider With Lightbox | circle-image-slider-with-lightbox |
| Ultimate Addons for Contact Form 7 | ultimate-addons-for-contact-form-7 |
| VK All in One Expansion Unit | vk-all-in-one-expansion-unit |
| VK Blocks | vk-blocks |
| VK Blocks Pro | vk-blocks-pro |
| WCP Contact Form | wcp-contact-form |
| WP Abstracts | wp-abstracts-manuscripts-manager |
| WP All Backup | wp-all-backup |
| WP Category Post List Widget | wp-category-posts-list |
| WP Chinese Conversion | wp-chinese-conversion |
| WP Multi Store Locator | wp-multi-store-locator |
| WP Reactions Lite | wp-reactions-lite |
| WP Register Profile With Shortcode | wp-register-profile-with-shortcode |
| WP Replicate Post | wp-replicate-post |
| WP Responsive Tabs horizontal vertical and accordion Tabs | responsive-horizontal-vertical-and-accordion-tabs |
| WP-Chatbot for Messenger | wp-chatbot |
| WPCS – WordPress Currency Switcher Professional | currency-switcher |
| Web Stories for WordPress | UNKNOWN-CVE-2023-1979-1 |
| Whydonate – FREE Donate button – Crowdfunding – Fundraising | wp-whydonate |
| Wise Chat | wise-chat |
| Woo Custom Emails | woo-custom-emails |
| Woodmart Core | woodmart-core |
| WordPress Online Booking and Scheduling Plugin – Bookly | bookly-responsive-appointment-booking-tool |
| YITH WooCommerce Gift Cards Premium | yith-woocommerce-gift-cards-premium |
| Yoast SEO Premium | wordpress-seo-premium |
| Yoast SEO: Local | wpseo-local |
| Zero Spam for WordPress | zero-spam |
| eBecas | ebecas |
| iframe popup | iframe-popup |
| itemprop WP for SERP/SEO Rich snippets | itempropwp |
| weebotLite | weebotlite |
| wordpress vertical image slider plugin | wp-vertical-image-slider |
WordPress Themes with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
| Divi | Divi |
| Woodmart | woodmart |
