Vulnerabilities protected by our XSS: Cross Site Scripting firewall rule

23,269,367
Attacks Blocked in Past 24 Hours

Showing 6381-6400 of 6,652 Vulnerabilities

Stop Spammers Security <= 2022.6 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2023-2489
May 15, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Quick Page/Post Redirect <= 5.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
4.4
CVE-2023-25063
May 12, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Button <= 1.1.22 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-23871
May 12, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Column-Matic <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
4.4
CVE-2023-32578
May 12, 2023
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
Sunny Search <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
4.4
CVE-2023-32595
May 12, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Product page shipping calculator for WooCommerce <= 1.3.25 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings
4.4
CVE-2023-32575
May 12, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Get Your Number <= 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-2634
May 12, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
iframe popup <= 3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
4.4
CVE-2023-24394
May 12, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
WP Register Profile With Shortcode <= 3.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-23818
May 12, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
DBargain <= 3.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
4.4
CVE-2023-32591
May 12, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
weebotLite <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
4.4
CVE-2023-32596
May 12, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
eBecas <= 3.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
4.4
CVE-2023-32584
May 11, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
DevBuddy Twitter Feed <= 4.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
4.4
CVE-2023-32577
May 11, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Don8 <= 0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
4.4
CVE-2023-32582
May 11, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
LetterPress <= 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
4.4
CVE-2023-27415
May 11, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
NotifyVisitors <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
4.4
CVE-2023-27426
May 11, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Custom Base Terms <= 1.0.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'base'
4.4
CVE-2023-2600
May 10, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
SEO By 10Web <= 1.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2023-2224
May 10, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Hostel <= 1.1.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-0545
May 10, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Custom Field Suite <= 2.6.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-32515
May 10, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Title CVE ID CVSS Vector Date
Stop Spammers Security <= 2022.6 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2023-2489 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N May 15, 2023
Quick Page/Post Redirect <= 5.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings CVE-2023-25063 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N May 12, 2023
Button <= 1.1.22 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-23871 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N May 12, 2023
Column-Matic <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2023-32578 4.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N May 12, 2023
Sunny Search <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings CVE-2023-32595 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N May 12, 2023
Product page shipping calculator for WooCommerce <= 1.3.25 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings CVE-2023-32575 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N May 12, 2023
Get Your Number <= 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-2634 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N May 12, 2023
iframe popup <= 3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings CVE-2023-24394 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N May 12, 2023
WP Register Profile With Shortcode <= 3.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-23818 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N May 12, 2023
DBargain <= 3.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings CVE-2023-32591 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N May 12, 2023
weebotLite <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings CVE-2023-32596 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N May 12, 2023
eBecas <= 3.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings CVE-2023-32584 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N May 11, 2023
DevBuddy Twitter Feed <= 4.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings CVE-2023-32577 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N May 11, 2023
Don8 <= 0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings CVE-2023-32582 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N May 11, 2023
LetterPress <= 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings CVE-2023-27415 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N May 11, 2023
NotifyVisitors <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings CVE-2023-27426 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N May 11, 2023
Custom Base Terms <= 1.0.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'base' CVE-2023-2600 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N May 10, 2023
SEO By 10Web <= 1.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2023-2224 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N May 10, 2023
Hostel <= 1.1.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-0545 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N May 10, 2023
Custom Field Suite <= 2.6.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-32515 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N May 10, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation