Vulnerabilities protected by our XSS: Cross Site Scripting firewall rule

23,188,505
Attacks Blocked in Past 24 Hours

Showing 6241-6260 of 6,652 Vulnerabilities

Cookies by JM <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-40604
Aug 21, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Herd Effects <= 5.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-4022
Aug 21, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
WP Adminify <= 3.1.5 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2023-4060
Aug 21, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Save as PDF plugin by Pdfcrowd <= 2.16.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings
4.4
CVE-2023-40668
Aug 21, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Save as Image plugin by Pdfcrowd <= 2.16.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
4.4
CVE-2023-40665
Aug 21, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
WooCommerce PDF Invoice Builder <= 1.2.90 - Authenticated (Administrator+) Cross-Site Scripting
4.4
CVE-2023-4160
Aug 18, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Popup Box <= 3.7.0 - Authenticated(Administrator+) Stored Cross-Site Scripting
4.4
CVE ID Unknown
Aug 18, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
tagDiv Composer <= 4.1 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2023-3170
Aug 17, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
RSVPMarker <= 10.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings
4.4
CVE-2023-27617
Aug 17, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Simple Staff List <= 2.2.3 - Authenticated (Editor+) Stored Cross-Site Scripting
4.4
CVE-2023-28790
Aug 17, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
CT Commerce <= 2.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings
4.4
CVE-2023-40007
Aug 16, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Carrot <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-40328
Aug 16, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Schedule Posts Calendar <= 5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings
4.4
CVE-2023-40560
Aug 16, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Custom Admin Login Page | WPZest <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-40329
Aug 16, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Robo Gallery <= 3.2.15 - Authenticated(Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-3499
Aug 15, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
123.chat <= 1.3.0 - Authenticated(Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-4298
Aug 14, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Advanced Custom Fields PRO 6.1 - 6.1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE ID Unknown
Aug 10, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
wSecure Lite <= 2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
4.4
CVE-2023-39987
Aug 9, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
ChatBot 4.7.7 - Authenticated (Administrator+) Stored Cross-Site Scripting in Language Settings
4.4
CVE-2023-4254
Aug 8, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
ChatBot <= 4.7.7 - Authenticated (Administrator+) Stored Cross-Site Scripting in FAQ Builder
4.4
CVE-2023-4253
Aug 8, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Title CVE ID CVSS Vector Date
Cookies by JM <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-40604 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N August 21, 2023
Herd Effects <= 5.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-4022 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N August 21, 2023
WP Adminify <= 3.1.5 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2023-4060 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N August 21, 2023
Save as PDF plugin by Pdfcrowd <= 2.16.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings CVE-2023-40668 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N August 21, 2023
Save as Image plugin by Pdfcrowd <= 2.16.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings CVE-2023-40665 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N August 21, 2023
WooCommerce PDF Invoice Builder <= 1.2.90 - Authenticated (Administrator+) Cross-Site Scripting CVE-2023-4160 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N August 18, 2023
Popup Box <= 3.7.0 - Authenticated(Administrator+) Stored Cross-Site Scripting 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N August 18, 2023
tagDiv Composer <= 4.1 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2023-3170 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N August 17, 2023
RSVPMarker <= 10.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings CVE-2023-27617 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N August 17, 2023
Simple Staff List <= 2.2.3 - Authenticated (Editor+) Stored Cross-Site Scripting CVE-2023-28790 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N August 17, 2023
CT Commerce <= 2.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings CVE-2023-40007 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N August 16, 2023
Carrot <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-40328 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N August 16, 2023
Schedule Posts Calendar <= 5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings CVE-2023-40560 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N August 16, 2023
Custom Admin Login Page | WPZest <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-40329 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N August 16, 2023
Robo Gallery <= 3.2.15 - Authenticated(Administrator+) Stored Cross-Site Scripting CVE-2023-3499 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N August 15, 2023
123.chat <= 1.3.0 - Authenticated(Administrator+) Stored Cross-Site Scripting CVE-2023-4298 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N August 14, 2023
Advanced Custom Fields PRO 6.1 - 6.1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N August 10, 2023
wSecure Lite <= 2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings CVE-2023-39987 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N August 9, 2023
ChatBot 4.7.7 - Authenticated (Administrator+) Stored Cross-Site Scripting in Language Settings CVE-2023-4254 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N August 8, 2023
ChatBot <= 4.7.7 - Authenticated (Administrator+) Stored Cross-Site Scripting in FAQ Builder CVE-2023-4253 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N August 8, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation