Vulnerabilities protected by our Stored Cross-Site Scripting via Shortcode firewall rule

1,220
Attacks Blocked in Past 24 Hours

Showing 541-560 of 584 Vulnerabilities

Title CVE ID CVSS Vector Date
Simple Staff List <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-23686 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 20, 2023
Image Hover Effects For WPBakery Page Builder <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode CVE-2023-23681 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 20, 2023
JetWidgets For Elementor <= 1.0.13 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2023-0034 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 19, 2023
Themify Portfolio Post <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-0362 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 19, 2023
Theme Blvd Responsive Google Maps <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes CVE-2023-22698 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 19, 2023
amr shortcode any widget <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2022-4458 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 19, 2023
YARPP – Yet Another Related Posts Plugin <= 5.30.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2022-4471 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 19, 2023
Contact Form 7 Dynamic Text Extension <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 19, 2023
Youtube Shortcode <= 1.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-23687 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 19, 2023
Oi Yandex.Maps for WordPress <= 3.2.7 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode CVE-2023-22721 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 19, 2023
Easy PayPal Buy Now Button <= 1.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2022-4628 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 19, 2023
Location Weather <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes CVE-2023-0360 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 18, 2023
WidgetShortcode <= 0.3.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2022-4473 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 17, 2023
Rich Table of Contents <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2022-4551 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 17, 2023
Widgets on Pages <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2022-4488 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 17, 2023
Simple File Downloader <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2022-4764 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 5, 2023
Video.js – HTML5 Video Player for WordPress <= 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2022-4786 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 4, 2023
List Pages Shortcode <= 1.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2022-4757 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 4, 2023
Show-Hide / Collapse-Expand <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2022-4829 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 4, 2023
Embed PDF <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2022-4788 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 4, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation