Vulnerabilities protected by our XSS: Cross Site Scripting firewall rule

23,168,707
Attacks Blocked in Past 24 Hours

Showing 6261-6280 of 6,652 Vulnerabilities

Paid Memberships Pro - Courses for Membership Add On <= 1.2.4 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE ID Unknown
Aug 8, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Ninja Forms <= 3.6.25 - Authenticated (Administrator+) Stored HTML Injection
4.4
CVE-2023-4109
Aug 7, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Advanced Custom Fields 6.1 - 6.1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-40068
Aug 3, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor <= 4.4.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-1982
Aug 2, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
FormCraft <= 1.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2023-3501
Aug 2, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
wpShopGermany - Protected Shops <= 2.0 - Authenticated(Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-39919
Jul 31, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Bit Assist <= 1.1.8 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-3667
Jul 27, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Web Accessibility By accessiBe <= 1.15 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE ID Unknown
Jul 27, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
wp tell a friend popup form <= 7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-25465
Jul 26, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Ultimate Addons for Contact Form 7 <= 3.1.28 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2023-2802
Jul 24, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
WP-EMail <= 2.69.0 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2023-3721
Jul 24, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Custom Field For WP Job Manager <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-3328
Jul 24, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Contact Form Builder by Bit Form <= 2.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2023-3645
Jul 24, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Exifography <= 1.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-38521
Jul 20, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Post Affiliate Pro <= 1.24.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-38482
Jul 20, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.4.8 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-38518
Jul 20, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
WRC Pricing Tables <= 2.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-38517
Jul 20, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Gestion-Pymes <= 1.5.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-38397
Jul 20, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Media Library Categories <= 2.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-36382
Jul 20, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Post Connector <= 1.0.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-28931
Jul 20, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Title CVE ID CVSS Vector Date
Paid Memberships Pro - Courses for Membership Add On <= 1.2.4 - Authenticated (Admin+) Stored Cross-Site Scripting 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N August 8, 2023
Ninja Forms <= 3.6.25 - Authenticated (Administrator+) Stored HTML Injection CVE-2023-4109 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N August 7, 2023
Advanced Custom Fields 6.1 - 6.1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-40068 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N August 3, 2023
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor <= 4.4.5 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-1982 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N August 2, 2023
FormCraft <= 1.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2023-3501 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N August 2, 2023
wpShopGermany - Protected Shops <= 2.0 - Authenticated(Administrator+) Stored Cross-Site Scripting CVE-2023-39919 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 31, 2023
Bit Assist <= 1.1.8 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-3667 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 27, 2023
Web Accessibility By accessiBe <= 1.15 - Authenticated (Administrator+) Stored Cross-Site Scripting 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 27, 2023
wp tell a friend popup form <= 7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-25465 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 26, 2023
Ultimate Addons for Contact Form 7 <= 3.1.28 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2023-2802 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 24, 2023
WP-EMail <= 2.69.0 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2023-3721 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 24, 2023
Custom Field For WP Job Manager <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-3328 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 24, 2023
Contact Form Builder by Bit Form <= 2.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2023-3645 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 24, 2023
Exifography <= 1.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-38521 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 20, 2023
Post Affiliate Pro <= 1.24.9 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-38482 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 20, 2023
Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.4.8 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-38518 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 20, 2023
WRC Pricing Tables <= 2.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-38517 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 20, 2023
Gestion-Pymes <= 1.5.6 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-38397 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 20, 2023
Media Library Categories <= 2.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-36382 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 20, 2023
Post Connector <= 1.0.9 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-28931 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 20, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation