Vulnerabilities protected by our Stored Cross-Site Scripting via Shortcode firewall rule

1,220
Attacks Blocked in Past 24 Hours

Showing 501-520 of 584 Vulnerabilities

Title CVE ID CVSS Vector Date
WordPress Shortcodes <= 1.6.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-0063 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 13, 2023
Shortcodes Ultimate <= 5.12.6 - Authenticated (Contributor+) Stored Cross Site Scripting CVE-2023-25040 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 10, 2023
Scriptless Social Sharing <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Options CVE-2023-0377 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 9, 2023
Yellow Yard Searchbar <= 2.7.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-1110 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 7, 2023
Icegram Collect <= 1.3.8 - Authenticated(Contributor+) Cross-Site Scripting via Shortcode CVE-2023-25024 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 6, 2023
Quebely <= 1.8.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'className' Block Option CVE-2023-0376 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 6, 2023
VK All in One Expansion Unit <= 9.85.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-0230 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 3, 2023
Galleries by Angie Makes <= 1.67 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2022-4795 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 2, 2023
Ocean Extra <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-23891 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 1, 2023
Wufoo Shortcode <= 1.51 - Authenticated (Contributor+) Cross-Site Scripting via Shortcodes CVE-2022-4679 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 1, 2023
Donation Block For PayPal <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-0535 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 1, 2023
Easy Digital Downloads <= 3.1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-0380 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 30, 2023
GS Filterable Portfolio <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-0540 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 30, 2023
GS Portfolio for Envato <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-0559 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 30, 2023
GS Products Slider for WooCommerce <= 1.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-0492 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 30, 2023
EmbedSocial – Social Media Feeds, Reviews and Galleries = 1.1.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-0371 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 30, 2023
WP Dark Mode <= 3.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2022-4714 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 30, 2023
Interactive Geo Maps <= 1.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-23866 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 30, 2023
GS Books Showcase <= 1.3.0 - Authenticator (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-0541 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 30, 2023
EmbedStories <= 0.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-0372 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 30, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation