Vulnerabilities protected by our XSS: Cross Site Scripting firewall rule

23,117,908
Attacks Blocked in Past 24 Hours

Showing 6301-6320 of 6,652 Vulnerabilities

Social Share Boost <= 4.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-25044
Jul 7, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
WP Full Stripe Free <= 7.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-28934
Jul 5, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Livestream Notice <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-27621
Jul 5, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Simple Light Weight Social Share (Tweet, Like, Share and Linkedin) <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-37388
Jul 5, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
WP Content Copy Protection & No Right Click <= 3.5.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-36678
Jul 4, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Mobile Call Now & Map Buttons <= 1.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-24401
Jul 4, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Simple Site Verify <= 1.0.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-36688
Jul 4, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Reservation.Studio widget <= 1.0.11 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-24397
Jul 4, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
WP-Cirrus <= 0.6.11 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-36692
Jul 4, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
All-in-one Floating Contact Form <= 2.1.1 - Authenticated(Administrator+) Stored Cross-Site Scripting via plugin settings
4.4
CVE-2023-3248
Jul 3, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Auto Location for WP Job Manager via Google <= 1.0 - Authenticated (Administrator+) Stored Cross Site Scripting
4.4
CVE-2023-3344
Jul 3, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
SP Project & Document Manager <= 4.67 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
4.4
CVE-2023-36530
Jun 30, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Knowledge Center <= 2.7 - Authenticated (Admin+) Cross-Site Scripting
4.4
CVE ID Unknown
Jun 30, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
My Content Management <= 1.7.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-34377
Jun 30, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Short URL <= 1.6.4 - Authenticated(Admin+) Stored Cross-Site Scripting
4.4
CVE-2023-1602
Jun 28, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Side Cart Woocommerce (Ajax) <= 2.2 Authenticated(Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-28415
Jun 28, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Catalyst Connect Zoho CRM Client Portal <= 2.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2022-44629
Jun 27, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
ARMember <= 4.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2022-47421
Jun 27, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
WP Abstracts <= 2.6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-28692
Jun 27, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
ApplyOnline – Application Form Builder and Manager <= 2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-24391
Jun 26, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Title CVE ID CVSS Vector Date
Social Share Boost <= 4.4 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-25044 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 7, 2023
WP Full Stripe Free <= 7.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-28934 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 5, 2023
Livestream Notice <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-27621 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 5, 2023
Simple Light Weight Social Share (Tweet, Like, Share and Linkedin) <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-37388 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 5, 2023
WP Content Copy Protection & No Right Click <= 3.5.5 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-36678 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 4, 2023
Mobile Call Now & Map Buttons <= 1.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-24401 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 4, 2023
Simple Site Verify <= 1.0.7 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-36688 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 4, 2023
Reservation.Studio widget <= 1.0.11 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-24397 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 4, 2023
WP-Cirrus <= 0.6.11 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-36692 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 4, 2023
All-in-one Floating Contact Form <= 2.1.1 - Authenticated(Administrator+) Stored Cross-Site Scripting via plugin settings CVE-2023-3248 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 3, 2023
Auto Location for WP Job Manager via Google <= 1.0 - Authenticated (Administrator+) Stored Cross Site Scripting CVE-2023-3344 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 3, 2023
SP Project & Document Manager <= 4.67 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings CVE-2023-36530 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N June 30, 2023
Knowledge Center <= 2.7 - Authenticated (Admin+) Cross-Site Scripting 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N June 30, 2023
My Content Management <= 1.7.6 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-34377 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N June 30, 2023
Short URL <= 1.6.4 - Authenticated(Admin+) Stored Cross-Site Scripting CVE-2023-1602 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N June 28, 2023
Side Cart Woocommerce (Ajax) <= 2.2 Authenticated(Administrator+) Stored Cross-Site Scripting CVE-2023-28415 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N June 28, 2023
Catalyst Connect Zoho CRM Client Portal <= 2.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2022-44629 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N June 27, 2023
ARMember <= 4.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2022-47421 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N June 27, 2023
WP Abstracts <= 2.6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-28692 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N June 27, 2023
ApplyOnline – Application Form Builder and Manager <= 2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-24391 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N June 26, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation