Vulnerabilities protected by our XSS: Cross Site Scripting firewall rule

15,606,270
Attacks Blocked in Past 24 Hours

Showing 41-60 of 7,093 Vulnerabilities

Title CVE ID CVSS Vector Date
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.3.13 - Cross-Site Scripting 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L August 27, 2018
Formidable Form Builder < 2.05.03 - Unauthenticated Stored Cross-Site Scripting CVE-2017-20192 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L November 13, 2017
Count per Day < 3.5.5 - Unauthenticated Stored Cross-Site Scripting 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L August 5, 2016
Custom Community 2.0 - 2.0.24 - Stored Cross-Site Scripting 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L March 9, 2015
iThemes Security < 3.6.4 - Stored Cross-Site Scripting 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L August 1, 2014
WPsc MijnPress <= 0.0.1 - Cross-Site Scripting 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L April 30, 2012
Fontific | Google Fonts <= 0.1.6 - Cross-Site Request Forgery via ajax_fontific_save_all CVE-2024-27194 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N February 26, 2024
Watermark RELOADED <= 1.3.5 - Cross-Site Request Forgery via optionsPage CVE-2024-27195 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N February 26, 2024
Thumbnail Slider With Lightbox <= 1.0.17 - Reflected Cross-Site Scripting 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N April 25, 2023
WordPress Core < 5.8.3 - Authenticated (Author+) Stored Cross Site Scripting CVE-2022-21662 8.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H January 6, 2022
Safe SVG <= 1.9.9 - Content-Type Bypass CVE-2022-1091 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N March 25, 2022
WordPress Core 5.4 - 5.8 - Authenticated Stored Cross-Site Scripting CVE-2021-39201 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N September 9, 2021
WordPress Core 5.8 beta - Stored Cross-Site Scripting in Custom HTML Block CVE-2021-39202 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N September 9, 2021
Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via addCountS CVE-2022-4166 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H December 5, 2022
Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_option_id CVE-2022-4157 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H December 5, 2022
Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_activate and cg_deactivate CVE-2022-4163 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H November 29, 2022
Strong Testimonials <= 2.51.2 - Authorization Bypass 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N June 30, 2021
Team Showcase <= 1.22.15 - Stored Cross-Site Scripting CVE-2020-35936 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H September 17, 2020
Team Showcase <= 1.22.15 - Stored Cross-Site Scripting CVE-2020-35937 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H September 17, 2020
WP Private Content Plus <= 1.31 - Unauthenticated Settings Change CVE-2019-15816 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N August 27, 2019

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation