Wordfence weekly report on WordPress vulnerabilities (April 10, 2023 to April 16, 2023)

Last week, 69 vulnerabilities were revealed in 60 WordPress plugins and 4 themes that were added to the Wordfence Intelligence vulnerability database, and 32 vulnerability researchers contributed to WordPress security last week.

The mission of the Wordfence Intelligence security plugin is to make valuable vulnerability information easily accessible to everyone, such as the WordPress community, so that individuals and organizations can use this data to make the Internet safer. This article was translated directly from their newsletter.

New firewall rules rolled out last week:

Wordfence’s Threat Intelligence team reviews each vulnerability for impact and severity, as well as likelihood of exploitation, to ensure that Wordfence’s firewall provides sufficient protection.

Last week, the team deployed enhanced protection via firewall rules for the following real-time vulnerabilities for our Premium, Care and Response customers:

ZM Ajax Login & Register <= 2.0.2 – Authentication Bypass

At Farweb, we have properly updated the affected plugins and themes so that they are no longer a risk to your website even with the free version of WordFence.

WordPress Plugins with Reported Vulnerabilities Last Week

Software NameSoftware Slug
AFFILIATE Solutionaffiliate-solution
AI ChatBotchatbot
AdFoxly – Ad Manager, AdSense Ads & Ads.txtadfoxly
Affiliate Links Liteaffiliate-links
Article Directory Reduxarticle-directory-redux
Best WordPress Gallery Plugin – FooGalleryfoogallery
Better Search – Relevant search results for WordPressbetter-search
Blocksy Companionblocksy-companion
Booqable Rental Pluginbooqable-rental-reservations
Cloud Managercloud-manager
Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPresscontact-form-to-db
Coupon Affiliates – WooCommerce Affiliate Pluginwoo-coupon-usage
Custom Order Numbers for WooCommercecustom-order-numbers-for-woocommerce
Cyr to Lat enhancedcyr3lat
Database Collation Fixdatabase-collation-fix
Download Manager Prodownload-manager
Easy Appointmentseasy-appointments
Electric Studio Client Loginelectric-studio-client-login
Enable Accessibilityenable-accessibility
External Videosexternal-videos
Fantastic Content Protector Freefantastic-content-protector-free
Featured Post Creativefeatured-post-creative
Forminator – Contact Form, Payment Form & Custom Form Builderforminator
Kaya QR Code Generatorkaya-qr-code-generator
Landing Page Builder – Free Landing Page Templatesultimate-landing-page
Limit Login Attemptslimit-login-attempts
Motor Racing Leaguemotor-racing-league
Neshan Mapsneshan-maps
Optima Express + MarketBoost IDX Pluginoptima-express
Paytm – Donation Pluginpaytm-donation
Pickup | Delivery | Dine-in date timerestaurant-pickup-delivery-dine-in
PowerPress Podcasting plugin by Blubrrypowerpress
Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Pluginpretty-link
Product Catalog Feed by PixelYourSiteproduct-catalog-feed
Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPressquiz-master-next
Restricted Site Accessrestricted-site-access
ReviewX – Multi-criteria Rating & Reviews for WooCommercereviewx
Ruby Help Deskruby-help-desk
ShiftController Employee Shift Schedulingshiftcontroller
Shortcodes by Angie Makeswc-shortcodes
Simple PopUpsimple-popup
Stamped.io Product Reviews & UGC for WooCommercestampedio-product-reviews
Stock Exporter for WooCommercestock-exporter-for-woocommerce
SupportCandy – Helpdesk & Support Ticket Systemsupportcandy
Ultimate Noindex Nofollow Tool IIultimate-noindex-nofollow-tool-ii
User registration & user profile – UserPlususerplus
Vimeotheque / Vimeocodeflavors-vimeo-video-post-lite
WP EasyPay – Square for WordPresswp-easy-pay
WP Inventory Managerwp-inventory-manager
WP Reroute Emailwp-reroute-email
WP Roles at Registrationwp-roles-at-registration
Watu Quizwatu
WooCommerce Wishlist by MC + (Free Elementor & Email Marketing Automation)smart-wishlist-for-more-convert
ZM Ajax Login & Registerzm-ajax-login-register
a3 Portfolioa3-portfolio
hiWeb Migration Simplehiweb-migration-simple

WordPress Themes with Reported Vulnerabilities Last Week

Software NameSoftware Slug
Blogger Buzzblogger-buzz

More news