Vulnerabilities protected by our Stored Cross-Site Scripting via Shortcode firewall rule

2,159
Attacks Blocked in Past 24 Hours

Showing 101-120 of 493 Vulnerabilities

Title CVE ID CVSS Vector Date
Tabs Shortcode and Widget <= 1.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2024-0719 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 20, 2024
FormFacade <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode CVE-2024-25934 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 20, 2024
Page scroll to id <= 1.7.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2024-1445 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 16, 2024
TNC PDF viewer <= 2.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode CVE-2024-25097 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 12, 2024
NEX-Forms – Ultimate Form Builder <= 8.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode CVE-2024-25593 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 12, 2024
Paytium: Mollie payment forms & donations <= 4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode CVE-2024-25099 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 12, 2024
PB oEmbed HTML5 Audio <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode CVE-2024-25098 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 12, 2024
MyWaze <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode CVE-2024-25594 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 12, 2024
PJ News Ticker <= 1.9.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode CVE-2024-25094 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 12, 2024
Content Cards <= 0.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode CVE-2024-24928 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 9, 2024
Before After Image Slider WP <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode CVE-2024-24931 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 9, 2024
Buttons Shortcode and Widget <= 1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode CVE-2024-24930 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 9, 2024
WP Shortcodes Plugin — Shortcodes Ultimate <= 7.0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode CVE-2024-0792 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 7, 2024
Apollo13 Framework Extensions <= 1.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-24880 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 5, 2024
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-1046 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 1, 2024
Heateor Social Login <= 1.1.30 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2024-24712 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 31, 2024
Auto Listings <= 2.6.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2024-24713 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 31, 2024
Formzu WP <= 1.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-22310 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 19, 2024
WP Recipe Maker <= 9.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via icon_color CVE-2024-0255 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 17, 2024
Post Grid, Image Gallery & Portfolio for Elementor | PowerFolio <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode CVE-2024-22150 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 16, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation