🦸 💥 Calling all superheroes and hunters! Introducing the End of Year Holiday Extravaganza and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program

Through December 9th, 2024, all in-scope vulnerability types for WordPress plugins/themes with >= 1,000 Active Installations are in-scope for ALL researchers, all plugins and themes that are hosted in the WordPress.org repository with at least 50 active installs that have been updated in the last 2 years will be in-scope for ALL researchers, the minimum bounty awarded for all in-scope submissions will be $5, and ALL researchers earn automatic bonuses of 5%-180% for valid submissions in software with 1,000 - 4,999,999 active installs, pending report limits are increased for all, and it's possible to earn up to $31,200 for high impact vulnerabilities!

Review what's in scope for your tier and updated bounties with bonuses here!

Vulnerabilities protected by our XSS: Cross Site Scripting firewall rule

15,902,892

Attacks Blocked in Past 24 Hours

Showing 1-20 of 7,090 Vulnerabilities

NPS computy <= 2.8.0 - Reflected Cross-Site Scripting

6.1

CVE-2024-11807

Dec 3, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Pulsating Chat Button <= 1.3.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVE-2024-11813

Dec 3, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Campaign Monitor Forms by Optin Cat <= 2.5.7 - Reflected Cross-Site Scripting

6.1

CVE-2024-11326

Dec 2, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AWeber Forms by Optin Cat <= 2.5.7 - Reflected Cross-Site Scripting

5.2

CVE-2024-11325

Dec 2, 2024

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Quick License Manager – WooCommerce Plugin <= 2.4.17 - Reflected Cross-Site Scripting

6.1

CVE-2024-11805

Dec 2, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

My auctions allegro <= 3.6.17 - Reflected Cross-Site Scripting

6.1

CVE-2024-11707

Dec 2, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Social Sharing Plugin – Sassy Social Share <= 3.3.69 - Reflected Cross-Site Scripting via heateor_mastodon_share Parameter

6.1

CVE-2024-11252

Nov 29, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Kudos Donations – Easy donations and payments with Mollie <= 3.2.9 - Reflected Cross-Site Scripting

6.1

CVE-2024-11684

Nov 27, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Kudos Donations – Easy donations and payments with Mollie <= 3.2.9 - Reflected Cross-Site Scripting via 'add_query_arg'

6.1

CVE-2024-11685

Nov 27, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

FAQ Builder AYS <= 1.7.1 - Reflected Cross-Site Scripting

6.1

CVE-2024-11458

Nov 27, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

SEO Landing Page Generator <= 1.66.2 - Reflected Cross-Site Scripting

6.1

CVE-2024-11366

Nov 27, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Additional Order Filters for WooCommerce <= 1.21 - Reflected Cross-Site Scripting

6.1

CVE-2024-11418

Nov 25, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Skt NURCaptcha <= 3.5.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVE-2024-11342

Nov 25, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Fintelligence Calculator <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-53731

Nov 23, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Checkout with Cash App on WooCommerce <= 6.0.2 - Reflected Cross-Site Scripting

6.1

CVE-2024-9635

Nov 22, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Chessgame Shizzle <= 1.3.0 - Reflected Cross-Site Scripting

6.1

CVE-2024-11446

Nov 22, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Custom CSS, JS & PHP <= 2.3.0 - Reflected Cross-Site Scripting

6.1

CVE-2024-11330

Nov 22, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

DeBounce Email Validator <= 5.6.5 - Reflected Cross-Site Scripting

6.1

CVE-2024-11463

Nov 22, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

GuardGiant Brute Force Protection <= 2.2.6 - Reflected Cross-Site Scripting

6.1

CVE-2024-10869

Nov 22, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Advanced Event Manager <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-53721

Nov 22, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
NPS computy <= 2.8.0 - Reflected Cross-Site Scripting	CVE-2024-11807	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 3, 2024
Pulsating Chat Button <= 1.3.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting	CVE-2024-11813	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 3, 2024
Campaign Monitor Forms by Optin Cat <= 2.5.7 - Reflected Cross-Site Scripting	CVE-2024-11326	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 2, 2024
AWeber Forms by Optin Cat <= 2.5.7 - Reflected Cross-Site Scripting	CVE-2024-11325	5.2	CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 2, 2024
Quick License Manager – WooCommerce Plugin <= 2.4.17 - Reflected Cross-Site Scripting	CVE-2024-11805	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 2, 2024
My auctions allegro <= 3.6.17 - Reflected Cross-Site Scripting	CVE-2024-11707	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 2, 2024
Social Sharing Plugin – Sassy Social Share <= 3.3.69 - Reflected Cross-Site Scripting via heateor_mastodon_share Parameter	CVE-2024-11252	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	November 29, 2024
Kudos Donations – Easy donations and payments with Mollie <= 3.2.9 - Reflected Cross-Site Scripting	CVE-2024-11684	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	November 27, 2024
Kudos Donations – Easy donations and payments with Mollie <= 3.2.9 - Reflected Cross-Site Scripting via 'add_query_arg'	CVE-2024-11685	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	November 27, 2024
FAQ Builder AYS <= 1.7.1 - Reflected Cross-Site Scripting	CVE-2024-11458	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	November 27, 2024
SEO Landing Page Generator <= 1.66.2 - Reflected Cross-Site Scripting	CVE-2024-11366	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	November 27, 2024
Additional Order Filters for WooCommerce <= 1.21 - Reflected Cross-Site Scripting	CVE-2024-11418	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	November 25, 2024
Skt NURCaptcha <= 3.5.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting	CVE-2024-11342	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	November 25, 2024
Fintelligence Calculator <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-53731	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	November 23, 2024
Checkout with Cash App on WooCommerce <= 6.0.2 - Reflected Cross-Site Scripting	CVE-2024-9635	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	November 22, 2024
Chessgame Shizzle <= 1.3.0 - Reflected Cross-Site Scripting	CVE-2024-11446	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	November 22, 2024
Custom CSS, JS & PHP <= 2.3.0 - Reflected Cross-Site Scripting	CVE-2024-11330	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	November 22, 2024
DeBounce Email Validator <= 5.6.5 - Reflected Cross-Site Scripting	CVE-2024-11463	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	November 22, 2024
GuardGiant Brute Force Protection <= 2.2.6 - Reflected Cross-Site Scripting	CVE-2024-10869	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	November 22, 2024
Advanced Event Manager <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-53721	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	November 22, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation