🦸 👻 Calling all superheroes and haunters! Introducing the Cybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024, all in-scope vulnerability types for WordPress plugins/themes with >= 1,000 active installations are in-scope for ALL researchers, top-tier researchers earn automatic bonuses of between 10% to 120% for valid submissions, pending report limits are increased for all, and it's possible to earn up to $31,200 for high impact vulnerabilities!

Review what's in scope for your tier and updated bounties with bonuses here!

Vulnerabilities protected by our XSS: Cross Site Scripting firewall rule

21,295,084

Attacks Blocked in Past 24 Hours

Showing 6281-6300 of 6,914 Vulnerabilities

Ready! Coming Soon <= 0.5.0 Stored Cross-Site Scripting and Cross-Site Request Forgery

6.1

CVE ID Unknown

Sep 1, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WooCommerce – Store Exporter <= 1.7.5 - Stored Cross-Site Scripting

6.4

CVE ID Unknown

Aug 26, 2014

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

WooCommerce Store Exporter <= 1.7.5 - Reflected Cross-Site Scripting

6.1

CVE ID Unknown

Aug 26, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Memphis Documents Library <= 2.6.16 - Cross-Site Scripting

6.1

CVE-2014-10385

Aug 21, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WordPress File Upload <= 2.4.3 - Reflected Cross-Site Scripting

6.1

CVE-2014-125110

Aug 20, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Improved User Search in Backend <= 1.2.5 - Cross-Site Request Forgery to Cross-Site Scripting

6.1

CVE-2014-5196

Aug 13, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

MobiLoud – WordPress Mobile Apps – Convert your WordPress Website to Native Mobile Apps < 2.3.8 - Cross-Site Scripting

6.1

CVE-2014-5344

Aug 11, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Job Board by BestWebSoft <= 1.0.0 - Unauthenticated Stored Cross-Site Scripting

6.5

CVE-2014-125100

Aug 8, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

SI CAPTCHA Anti-Spam < 2.7.6 - Reflected Cross-Site Scripting

7.1

CVE-2014-5190

Aug 7, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

PDF & Print by BestWebSoft – WordPress Posts and Pages PDF Generator Plugin < 1.7.5 - Cross-Site Scripting

6.1

CVE ID Unknown

Aug 7, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Contact Form Plugin <= 3.81 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2014-125095

Aug 7, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

BestWebSoft's Twitter <= 1.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2014-125103

Aug 7, 2014

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

WordPress Core < 3.9.2 - Authenticated Cross-Site Scripting via Avatar URL

3.8

CVE-2014-5240

Aug 6, 2014

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

WordPress Spreadsheet (wpSS) <= 0.62 - Cross-Site Scripting

6.1

CVE-2014-8364

Aug 6, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WP eCommerce <= 3.8.9 - Cross-Site Scripting

6.1

CVE ID Unknown

Aug 1, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Plugin <= 2.5 - Cross-Site Scripting

6.1

CVE-2014-4846

Aug 1, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Subscribe2 – Form, Email Subscribers & Newsletters < 8.1 - Multiple Cross-Site Scripting

7.1

CVE ID Unknown

Aug 1, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Ultimate TinyMCE < 3.6 - Cross-Site Scripting

6.1

CVE ID Unknown

Aug 1, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WP Silverlight Media Player <= 0.8 - Cross-Site Scripting

6.1

CVE-2014-4589

Aug 1, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Quick Page/Post Redirect Plugin < 5.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

7.1

CVE-2014-2598

Aug 1, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Title	CVE ID	CVSS	Vector	Date
Ready! Coming Soon <= 0.5.0 Stored Cross-Site Scripting and Cross-Site Request Forgery		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	September 1, 2014
WooCommerce – Store Exporter <= 1.7.5 - Stored Cross-Site Scripting		6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	August 26, 2014
WooCommerce Store Exporter <= 1.7.5 - Reflected Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	August 26, 2014
Memphis Documents Library <= 2.6.16 - Cross-Site Scripting	CVE-2014-10385	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	August 21, 2014
WordPress File Upload <= 2.4.3 - Reflected Cross-Site Scripting	CVE-2014-125110	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	August 20, 2014
Improved User Search in Backend <= 1.2.5 - Cross-Site Request Forgery to Cross-Site Scripting	CVE-2014-5196	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	August 13, 2014
MobiLoud – WordPress Mobile Apps – Convert your WordPress Website to Native Mobile Apps < 2.3.8 - Cross-Site Scripting	CVE-2014-5344	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	August 11, 2014
Job Board by BestWebSoft <= 1.0.0 - Unauthenticated Stored Cross-Site Scripting	CVE-2014-125100	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	August 8, 2014
SI CAPTCHA Anti-Spam < 2.7.6 - Reflected Cross-Site Scripting	CVE-2014-5190	7.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L	August 7, 2014
PDF & Print by BestWebSoft – WordPress Posts and Pages PDF Generator Plugin < 1.7.5 - Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	August 7, 2014
Contact Form Plugin <= 3.81 - Unauthenticated Stored Cross-Site Scripting	CVE-2014-125095	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	August 7, 2014
BestWebSoft's Twitter <= 1.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2014-125103	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	August 7, 2014
WordPress Core < 3.9.2 - Authenticated Cross-Site Scripting via Avatar URL	CVE-2014-5240	3.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N	August 6, 2014
WordPress Spreadsheet (wpSS) <= 0.62 - Cross-Site Scripting	CVE-2014-8364	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	August 6, 2014
WP eCommerce <= 3.8.9 - Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	August 1, 2014
Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Plugin <= 2.5 - Cross-Site Scripting	CVE-2014-4846	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	August 1, 2014
Subscribe2 – Form, Email Subscribers & Newsletters < 8.1 - Multiple Cross-Site Scripting		7.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L	August 1, 2014
Ultimate TinyMCE < 3.6 - Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	August 1, 2014
WP Silverlight Media Player <= 0.8 - Cross-Site Scripting	CVE-2014-4589	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	August 1, 2014
Quick Page/Post Redirect Plugin < 5.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting	CVE-2014-2598	7.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L	August 1, 2014

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation