🦸 Calling all superheroes! Introducing the WordPress Superhero Challenge for the Wordfence Bug Bounty Program: Earn up to $31,200 for High Impact Vulnerabilities! Through October 14th, 2024, all vulnerabilities reported in plugins or themes with >= 5,000,000 active installs will be 3x our highest bounty rewards making our top reward $31,200. Check out the updated bounties here!

Vulnerabilities protected by our XSS: Cross Site Scripting firewall rule

23,108,284

Attacks Blocked in Past 24 Hours

Showing 6221-6240 of 6,652 Vulnerabilities

Back To The Top Button <= 2.1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-41733

Sep 5, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Swifty Bar, sticky bar by WPGens <= 1.2.10 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-41737

Sep 5, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Insert Estimated Reading Time <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-41734

Sep 5, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Cookie Notice & Consent 1.6.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-41948

Sep 5, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

SendPress Newsletters <= 1.23.11.6 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-41729

Sep 5, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

iFolders <= 1.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-41949

Sep 5, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

WordPress File Sharing Plugin <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2023-4636

Sep 4, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

HollerBox <= 2.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-41657

Sep 1, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Smarty for WordPress <= 3.1.35 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-41661

Sep 1, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Snap Pixel <= 1.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-41242

Aug 29, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Popup Box <= 3.7.1 - Authenticated(Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-4390

Aug 29, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

SureCart <= 2.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings

4.4

CVE-2023-41241

Aug 29, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

GuruWalk Affiliates <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings

4.4

CVE-2023-27622

Aug 28, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Popup Builder <= 4.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2023-3226

Aug 28, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Easy Coming Soon <= 2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings

4.4

CVE-2023-25483

Aug 28, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

GTranslate <= 3.0.3 - Authenticated (Administrator+) Cross-Site Scripting via Multiple Parameters

4.4

CVE-2023-4502

Aug 25, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Leyka <= 3.30.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-2995

Aug 23, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Landing Page Builder <= 1.5.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-40675

Aug 22, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Slimstat Analytics <= 5.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings

4.4

CVE-2023-40676

Aug 22, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Vertical Marquee Plugin <= 7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-40677

Aug 22, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Back To The Top Button <= 2.1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-41733	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	September 5, 2023
Swifty Bar, sticky bar by WPGens <= 1.2.10 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-41737	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	September 5, 2023
Insert Estimated Reading Time <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-41734	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	September 5, 2023
Cookie Notice & Consent 1.6.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-41948	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	September 5, 2023
SendPress Newsletters <= 1.23.11.6 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-41729	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	September 5, 2023
iFolders <= 1.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-41949	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	September 5, 2023
WordPress File Sharing Plugin <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2023-4636	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	September 4, 2023
HollerBox <= 2.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-41657	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	September 1, 2023
Smarty for WordPress <= 3.1.35 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-41661	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	September 1, 2023
Snap Pixel <= 1.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-41242	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	August 29, 2023
Popup Box <= 3.7.1 - Authenticated(Administrator+) Stored Cross-Site Scripting	CVE-2023-4390	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	August 29, 2023
SureCart <= 2.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings	CVE-2023-41241	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	August 29, 2023
GuruWalk Affiliates <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings	CVE-2023-27622	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	August 28, 2023
Popup Builder <= 4.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2023-3226	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	August 28, 2023
Easy Coming Soon <= 2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings	CVE-2023-25483	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	August 28, 2023
GTranslate <= 3.0.3 - Authenticated (Administrator+) Cross-Site Scripting via Multiple Parameters	CVE-2023-4502	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	August 25, 2023
Leyka <= 3.30.3 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-2995	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	August 23, 2023
Landing Page Builder <= 1.5.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-40675	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	August 22, 2023
Slimstat Analytics <= 5.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings	CVE-2023-40676	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	August 22, 2023
Vertical Marquee Plugin <= 7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-40677	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	August 22, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation