HG WEB STUDIO

WordPress Vulnerabilities Update: November Report [2023]

In November 2023, the Wordfence Threat Intelligence Team found 455 vulnerabilities in 373 plugins and 3 themes.

Each week, Wordfence releases a report that lists the vulnerabilities found in WordPress plugins and themes. Unfortunately, not all issues are immediately fixed. As of this writing, several vulnerabilities have not been patched.

In this post, I’ll provide a rundown of the plugins and themes that were affected. Be sure to check the list to determine if your WordPress site was affected. At the end of the post, I’ll explain what to do if your website has a vulnerable plugin or theme.

JUMP TO THE LIST

Key Vulnerabilities Uncovered

The Wordfence November reports provide a comprehensive analysis of the latest vulnerabilities in WordPress plugins and themes. 

Among the key findings:

82% of vulnerabilities were classified as medium severity level

17% of vulnerabilities were classified as high or critical severity 

269 vulnerabilities remain unpatched in 92 active plugins

53 Plugins were removed from the WordPress repository

Vulnerabilities found in 3 themes – all patched

What do the severity levels mean?

The Common Vulnerability Scoring System (CVSS) is a standardized framework for rating the severity of security vulnerabilities in software. Scores are calculated based on various metrics that assess aspects like the complexity of the attack, the impact on confidentiality, integrity, and availability, and other factors. 

Critical and high vulnerabilities can allow attackers to gain extensive control over a system or access sensitive data with minimal effort, posing a significant risk

Medium severity vulnerabilities, while still important to address, typically have a more limited impact and may require more specific conditions to be exploited effectively.

While low severity vulnerabilities are less critical than higher-rated ones, they can still have significant impacts on a system. For example, attackers could chain multiple low severity vulnerabilities together to achieve a more impactful exploit.

What You Can Do

Review the list of plugins with unpatched vulnerabilities and plugins removed from the WordPress repository. Verify you don’t have any of those plugins installed on your website.

If you do, consider removing them and finding replacements.

Additionally, you can review the plugin page on the WordPress repository site and check for any notes from WordPress or the author. They may have updates/patches or other information to help you make your decision on what to do next.

Keep Your WordPress Website Safe

Here’s what you can do to keep your site secure:

  1. Regular Updates: Ensure your WordPress core, plugins, and themes are up to date. This simple step is often the first line of defense against vulnerabilities.
  2. Security Plugins: Consider using security plugins like Wordfence, Sucuri, or Solid Security to monitor and protect your site.
  3. Stay Informed: Regularly follow reports like these to stay ahead of potential threats.

How to Choose a Security Plugin for Your WordPress Website

Final Thoughts

The findings from the November 2023 Wordfence reports serve as an important reminder of the ongoing challenges and responsibilities we face in protecting our WordPress sites. 

The 455 vulnerabilities uncovered in 373 plugins and 3 themes, with a significant number still unpatched, highlight our need to stay vigilant and proactive.

The key takeaway from this report is the importance of regular maintenance and staying informed. By reviewing and updating your plugins and themes, and considering the use of security plugins, you can significantly enhance the security of your WordPress site.

The Ultimate Checklist for WordPress Security [2023]

Woman in white coat with transparent clipboard against neon purple background

Unpatched Plugins (as of 11/30/2023)

* Indicates the plugin was removed from the WordPress repository

A

Actueel Financieel Nieuws

Acme Fix Images

Add Local Avatar

add-facebook*

add-widgets-to-page*

Additional Order Filters for WooCommerce

ajax-domain-checker*

amazonify*

amp-plus*

ANAC XML Bandi di Gara

ANAC XML Viewer

anywhere-flash-embed*

ARI Stream Quiz

audio-merchant*

Auto Tag Creator

Availability Calendar

B

badgeos*

bamboo-columns*

Best Restaurant Menu by PriceListo

better-rss-widget*

Bmi-calculator-shortcode*

Bootstrap Shortcodes Ultimate

bp-profile-shortcodes-extra*

bsk-contact-form-7*

Bulk Comment Remove

Byconsole-woo-order-delivery-time*

BZScore – Live Score

C

Captcha Code

catablog*

Category Post List Widget

CBX Map for Google Map & OpenStreetMap

cf7-constant-contact*

cf7-live-preview*

CoCart – Decoupling WooCommerce Made Easy

Comments Ratings

Community by PeepSo

consensu-io*

Contact Form to Any API

Countdown and CountUp, WooCommerce Sales Timer

D

Display Custom Post

Dragfy Addons for Elementor

drawit*

Droit Dark Mode

E

EasyAzon – Amazon Associates Affiliate Plugin

easy-call-now*

Easyrotator-for-wordpress*

EazyDocs

Edit WooCommerce Templates

eDoc Employee Job Application

Extra Product Options for WooCommerce

F

Fast Custom Social Share by CodeBard

Finale Lite – Sales Countdown Timer & Discount for WooCommerce

Flo Forms – Easy Drag & Drop Form Builder

Footer Putter

Foyer – Digital Signage for WordPress

Frontier Post

H

hide-login-page*

I

idbbee*

iframe Forms*

Image Hover Effects

imagemapper*

Integrate Google Drive

Interactive World Map

K

Korea SNS

L

Lava Directory Manager

League Table

Linker

Live Gold Price & Silver Price Charts Widgets

luckywp-scripts-control*

M

Mail Bank

Maspik – Spam

Mmm-file-list*

MSHOP MY SITE

myCred

P

Parallax Image

paytr-taksit-tablosu-woocommerce*

Permalinks Customizer

Photo Feed

Plainview Protect Passwords

Podlove Web Player

Post Pay Counter

Post Sliders & Post Grids

powr-pack*

Preloader Matrix

Product Enquiry for WooCommerce

Product Visibility by Country for WooCommerce

Products, Order & Customers Export for WooCommerce

product-carousel-slider-for-woocommerce*

ProfileGrid

Pz-LinkCard

Q

Q2W3 Post Order

qr-code-tag*

quick-call-button*

R

Recently viewed and most viewed products

Rename-media-files*

responsive-column-widgets*

Restrict Categories

S

save-grab*

Seers | GDPR & CCPA Cookie Consent & Compliance

SendPress Newsletters

seo-by-10web*

Seraphinite Post

Short URL

shortcodes-ui*

Simple Testimonials Showcase

Simply Exclude

slider-slideshow*

smart-donations*

SpiderVPlayer

star-cloudprnt-for-woocommerce*

Super Progressive Web Apps

T

Taxonomy filter

Team Members Showcase

telephone-number-linker*

TextMe SMS

Theater for WordPress

Theme Editor

Top 25 Social Icons

TriPay Payment Gateway

TWB Woocommerce Reviews

U

Under Construction / Maintenance Mode from Acurax

UserHeat Plugin

V

video-popup*

Visitor Traffic Real Time Statistics

W

Welcome Email Editor

Widget-twitter*

Who-hit-the-page-hit-counter*

Woo Custom and Sequential Order Number

WooCommerce Product Enquiry

WP Child Theme Generator

WP Edit Username

WP Travel

WPCafe

WPDBSpringClean

wpForo Forum

wpmandrill*

Wp-bitly*

wp-full-stripe-free*

wp-githuber-md*

wd-google-analytics*

wp-like-button*

wp-mapit*

wp-not-login-hide-wpnlh*

wp-sponsors*

Y

Youtube SpeedLoad

Sources

1. Wordfence Intelligence Weekly WordPress Vulnerability Report (October 30, 2023 to November 5, 2023)

2. Wordfence Intelligence Weekly WordPress Vulnerability Report (November 6, 2023 to November 12, 2023)

3. Wordfence Intelligence Weekly WordPress Vulnerability Report (November 13, 2023 to November 19, 2023)

4. Wordfence Intelligence Weekly WordPress Vulnerability Report (November 20, 2023 to November 26, 2023)

more posts