Vulnerabilities protected by our XSS: Cross Site Scripting firewall rule

22,704,617
Attacks Blocked in Past 24 Hours

Showing 6421-6440 of 6,652 Vulnerabilities

Decon WP SMS <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
4.4
CVE-2023-27416
Apr 24, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
NS Coupon to Become Customer <= 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
4.4
CVE-2023-27422
Apr 24, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Dynamically Register Sidebars <= 1.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
4.4
CVE-2023-31091
Apr 24, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Formilla Edge <= 1.0 - Authenticated (Administrator+) Cross-Site Scripting via 'FormillaPluginID'
4.4
CVE ID Unknown
Apr 21, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Formilla Live Chat <= 1.3.0 - Authenticated (Administrator+) Cross-Site Scripting via 'FormillaID'
4.4
CVE-2023-23727
Apr 21, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Dave's WordPress Live Search <= 4.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-30876
Apr 21, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Formilla Chat and Marketing Automation <= 1.0 - Authenticated (Administrator+) Cross-Site Scripting via 'FormillaToolsID'
4.4
CVE ID Unknown
Apr 21, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Redirect After Login <= 0.1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
4.4
CVE-2023-27624
Apr 21, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
GPS Plotter <= 5.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-30874
Apr 21, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Cab Grid <= 1.5.15 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-28533
Apr 21, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Image Optimizer WD <= 1.0.26 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE ID Unknown
Apr 21, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
eRocket <= 1.2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-28174
Apr 21, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Verified Reviews (Avis Vérifiés) <= 2.3.14 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-23720
Apr 20, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Yatra <= 2.1.14 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2022-47436
Apr 19, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Ebook Store < 5.78 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-22690
Apr 19, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
WP Original Media Path <= 2.4.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
4.4
CVE-2023-23674
Apr 19, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Ninja Tables <= 4.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
4.4
CVE-2022-47137
Apr 19, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Easy Ad Manager <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-25460
Apr 19, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Continuous announcement scroller <= 13.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
4.4
CVE-2022-46819
Apr 19, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Simple Tooltips <= 2.1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-25958
Apr 19, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Title CVE ID CVSS Vector Date
Decon WP SMS <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings CVE-2023-27416 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 24, 2023
NS Coupon to Become Customer <= 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings CVE-2023-27422 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 24, 2023
Dynamically Register Sidebars <= 1.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings CVE-2023-31091 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 24, 2023
Formilla Edge <= 1.0 - Authenticated (Administrator+) Cross-Site Scripting via 'FormillaPluginID' 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 21, 2023
Formilla Live Chat <= 1.3.0 - Authenticated (Administrator+) Cross-Site Scripting via 'FormillaID' CVE-2023-23727 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 21, 2023
Dave's WordPress Live Search <= 4.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-30876 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 21, 2023
Formilla Chat and Marketing Automation <= 1.0 - Authenticated (Administrator+) Cross-Site Scripting via 'FormillaToolsID' 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 21, 2023
Redirect After Login <= 0.1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings CVE-2023-27624 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 21, 2023
GPS Plotter <= 5.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-30874 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 21, 2023
Cab Grid <= 1.5.15 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-28533 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 21, 2023
Image Optimizer WD <= 1.0.26 - Authenticated (Administrator+) Stored Cross-Site Scripting 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 21, 2023
eRocket <= 1.2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-28174 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 21, 2023
Verified Reviews (Avis Vérifiés) <= 2.3.14 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-23720 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 20, 2023
Yatra <= 2.1.14 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2022-47436 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 19, 2023
Ebook Store < 5.78 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-22690 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 19, 2023
WP Original Media Path <= 2.4.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings CVE-2023-23674 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 19, 2023
Ninja Tables <= 4.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings CVE-2022-47137 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 19, 2023
Easy Ad Manager <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-25460 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 19, 2023
Continuous announcement scroller <= 13.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings CVE-2022-46819 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 19, 2023
Simple Tooltips <= 2.1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-25958 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 19, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation