Wordfence Intelligence

Title	CVE ID	CVSS	Vector	Date
Download Monitor < 3.3.6.2 - Cross-Site Scripting via sort Parameter	CVE-2013-5098	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	July 23, 2013
FlagEm (Unknown Versions) - Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	July 22, 2013
Download Monitor < 3.3.6.2 - Cross-Site Scripting via p Parameter	CVE-2013-3262	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	July 22, 2013
WooCommerce <= 2.0.12 - Self-Reflected Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	July 18, 2013
Category Grid View Gallery <= 2.3.1 - Reflected Cross-Site Scripting	CVE-2013-4117	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	July 12, 2013
Pinpoint Booking System – #1 WordPress Booking Plugin <= 1.3.1 - Reflected Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	July 4, 2013
BuddyPress Extended Friendship Request < 1.0.2 - Cross-Site Scripting	CVE-2013-4944	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	July 3, 2013
Xorbin Digital Flash Clock < 1.0 - DOM Cross-Site Scripting	CVE-2013-4693	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 30, 2013
WordPress Core < 3.5.2 - Cross-Site Scripting	CVE-2013-2205	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	June 21, 2013
WordPress Core < 3.5.2 - Cross-Site Scripting via Multiple Vectors	CVE-2013-2201	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	June 21, 2013
Slash WP (All Versions) - Multiple Vulnerabilities		10.0	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N	June 20, 2013
JobRoller <= 1.7.4 - Reflected Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 11, 2013
Ambience (Unspecified Versions) - Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 9, 2013
ADIF Log Search Widget <= 1.0f - Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 27, 2013
Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) < 3.5.4 - Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 24, 2013
Social Sharing Toolkit < 2.1.2 - Cross-Site Scripting	CVE-2013-6280	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 22, 2013
Crius (All Known Versions) - Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 16, 2013
Photolio Theme (All Known Versions) - Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 16, 2013
Smart Start <= 1.0.8 - Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 16, 2013
Source (All Versions) - Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 16, 2013

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation

Vulnerabilities protected by our XSS: Cross Site Scripting firewall rule

Showing 6341-6360 of 6,652 Vulnerabilities