Vulnerabilities protected by our Stored Cross-Site Scripting via Shortcode firewall rule

2,094
Attacks Blocked in Past 24 Hours

Showing 401-420 of 493 Vulnerabilities

vSlider Multi Image Slider <= 4.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
6.4
CVE-2023-25797
Feb 15, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Ultimate WP Query Search Filter <= 1.0.10 - Authenticated (Contributor+) Stored Cross Site Scripting
6.4
CVE-2023-23832
Feb 15, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Ocean Extra <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2023-24399
Feb 14, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Advanced Recent Posts <= 0.6.14 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode
6.4
CVE-2023-0212
Feb 13, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
UpQode Google Maps <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
6.4
CVE-2023-0094
Feb 13, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Download Attachments <= 1.2.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
6.4
CVE-2023-0076
Feb 13, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Product GTIN (EAN, UPC, ISBN) for WooCommerce <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
6.4
CVE-2023-0068
Feb 13, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
WPaudio MP3 Player <= 4.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
6.4
CVE-2023-0069
Feb 13, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
i2 Pros & Cons <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2023-0065
Feb 13, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
WordPress Shortcodes <= 1.6.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
6.4
CVE-2023-0063
Feb 13, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Shortcodes Ultimate <= 5.12.6 - Authenticated (Contributor+) Stored Cross Site Scripting
6.4
CVE-2023-25040
Feb 10, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Scriptless Social Sharing <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Options
6.4
CVE-2023-0377
Feb 9, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Yellow Yard Searchbar <= 2.7.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
6.4
CVE-2023-1110
Feb 7, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Icegram Collect <= 1.3.8 - Authenticated(Contributor+) Cross-Site Scripting via Shortcode
6.4
CVE-2023-25024
Feb 6, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Quebely <= 1.8.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'className' Block Option
6.4
CVE-2023-0376
Feb 6, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
VK All in One Expansion Unit <= 9.85.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
6.4
CVE-2023-0230
Feb 3, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Galleries by Angie Makes <= 1.67 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
6.4
CVE-2022-4795
Feb 2, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Ocean Extra <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
6.4
CVE-2023-23891
Feb 1, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Wufoo Shortcode <= 1.51 - Authenticated (Contributor+) Cross-Site Scripting via Shortcodes
6.4
CVE-2022-4679
Feb 1, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Donation Block For PayPal <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
6.4
CVE-2023-0535
Feb 1, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Title CVE ID CVSS Vector Date
vSlider Multi Image Slider <= 4.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-25797 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 15, 2023
Ultimate WP Query Search Filter <= 1.0.10 - Authenticated (Contributor+) Stored Cross Site Scripting CVE-2023-23832 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 15, 2023
Ocean Extra <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2023-24399 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 14, 2023
Advanced Recent Posts <= 0.6.14 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode CVE-2023-0212 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 13, 2023
UpQode Google Maps <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-0094 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 13, 2023
Download Attachments <= 1.2.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-0076 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 13, 2023
Product GTIN (EAN, UPC, ISBN) for WooCommerce <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-0068 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 13, 2023
WPaudio MP3 Player <= 4.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-0069 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 13, 2023
i2 Pros & Cons <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2023-0065 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 13, 2023
WordPress Shortcodes <= 1.6.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-0063 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 13, 2023
Shortcodes Ultimate <= 5.12.6 - Authenticated (Contributor+) Stored Cross Site Scripting CVE-2023-25040 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 10, 2023
Scriptless Social Sharing <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Options CVE-2023-0377 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 9, 2023
Yellow Yard Searchbar <= 2.7.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-1110 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 7, 2023
Icegram Collect <= 1.3.8 - Authenticated(Contributor+) Cross-Site Scripting via Shortcode CVE-2023-25024 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 6, 2023
Quebely <= 1.8.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'className' Block Option CVE-2023-0376 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 6, 2023
VK All in One Expansion Unit <= 9.85.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-0230 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 3, 2023
Galleries by Angie Makes <= 1.67 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2022-4795 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 2, 2023
Ocean Extra <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-23891 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 1, 2023
Wufoo Shortcode <= 1.51 - Authenticated (Contributor+) Cross-Site Scripting via Shortcodes CVE-2022-4679 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 1, 2023
Donation Block For PayPal <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-0535 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 1, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation