🦸 🧭 Calling all superheroes and explorers! Introducing the WordPress Superhero Challenge and WordPress XSSplorer Challenge for the Wordfence Bug Bounty Program: Earn up to $31,200 for High Impact Vulnerabilities AND XSS vulnerabilities are in scope for all researchers in plugins/themes >= 1,000 Active Installs!

Through October 7th, 2024 all Cross-Site Scripting (XSS) vulnerabilities in plugins/themes with >= 1,000 Active Installs will be in scope for all researchers regardless of researcher tier. In addition, through October 14th, 2024, all vulnerabilities reported in plugins or themes with >= 5,000,000 active installs will be 3x our highest bounty rewards making our top reward $31,200.

Check out the updated bounties here!

Vulnerabilities protected by our XSS: Cross Site Scripting firewall rule

23,775,341

Attacks Blocked in Past 24 Hours

Showing 6441-6460 of 6,627 Vulnerabilities

Backend Localization <= 2.0 - Reflected Cross-Site Scripting

6.1

CVE-2012-10014

Jul 30, 2012

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Count per Day Plugin < 3.2.3 - Cross-Site Scripting

6.1

CVE-2012-6714

Jul 20, 2012

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Job Manager <= 0.7.18 - Cross-Site Scripting

6.1

CVE-2012-6713

Jun 28, 2012

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WordPress Core <= 3.3.2 - Cross-Site Scripting

6.5

CVE-2012-6633

Jun 27, 2012

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

NextGen Gallery <= 1.9.7 - Cross-Site Scripting

6.1

CVE-2012-3414

Jun 14, 2012

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WassUp Real Time Analytics < 1.8.3.1 - Cross-Site Scripting

6.1

CVE-2012-2633

Jun 6, 2012

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) < 2.4 - Cross-Site Scripting

6.1

CVE ID Unknown

Jun 6, 2012

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

FormBuilder <= 0.90 - Unauthenticated Stored Cross-Site Scripting

6.1

CVE-2012-6715

May 28, 2012

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Events Manager < 5.1.7 - Cross-Site Scripting

6.1

CVE-2012-6716

May 22, 2012

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Share and Follow <= 1.80.3 - Cross-Site Scripting

7.2

CVE-2012-2917

May 21, 2012

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

6.1

CVE-2012-2759

May 18, 2012

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Album and Image Gallery with Lightbox – Flagallery Photo Portfolio <= 1.72 - Reflected Cross-Site Scripting

6.1

CVE ID Unknown

May 15, 2012

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

PDF & Print Button Joliprint <= 1.3.0 - Cross-Site Scripting

7.1

CVE ID Unknown

May 15, 2012

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

WP Forum Server <= 1.7.3 - Authenticated (Admin+) Stored Cross-Site Scripting

6.1

CVE-2012-6622

May 15, 2012

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Mingle Forum <= 1.0.33 - Cross-Site Scripting

6.1

CVE ID Unknown

May 15, 2012

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Dynamic Widgets <= 1.5.1 - Cross Site Scripting

7.2

CVE ID Unknown

May 15, 2012

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Survey And Quiz Tool <= 2.9.2 - Unauthenticated Cross-Site Scripting

6.1

CVE ID Unknown

May 15, 2012

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) < 2.3.1 - Cross-Site Scripting

6.1

CVE-2012-2913

May 15, 2012

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Sabre < 1.2.2 - Cross-Site Scripting

6.1

CVE-2012-2916

May 15, 2012

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Newsletter Manager < 1.0.2 - Cross-Site Scripting via test_mail.php

6.1

CVE-2012-6627

May 15, 2012

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Backend Localization <= 2.0 - Reflected Cross-Site Scripting	CVE-2012-10014	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	July 30, 2012
Count per Day Plugin < 3.2.3 - Cross-Site Scripting	CVE-2012-6714	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	July 20, 2012
Job Manager <= 0.7.18 - Cross-Site Scripting	CVE-2012-6713	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 28, 2012
WordPress Core <= 3.3.2 - Cross-Site Scripting	CVE-2012-6633	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	June 27, 2012
NextGen Gallery <= 1.9.7 - Cross-Site Scripting	CVE-2012-3414	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 14, 2012
WassUp Real Time Analytics < 1.8.3.1 - Cross-Site Scripting	CVE-2012-2633	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 6, 2012
Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) < 2.4 - Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 6, 2012
FormBuilder <= 0.90 - Unauthenticated Stored Cross-Site Scripting	CVE-2012-6715	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 28, 2012
Events Manager < 5.1.7 - Cross-Site Scripting	CVE-2012-6716	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 22, 2012
Share and Follow <= 1.80.3 - Cross-Site Scripting	CVE-2012-2917	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	May 21, 2012
Login With Ajax <= 3.0.4 - Cross-Site Scripting	CVE-2012-2759	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 18, 2012
Album and Image Gallery with Lightbox – Flagallery Photo Portfolio <= 1.72 - Reflected Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 15, 2012
PDF & Print Button Joliprint <= 1.3.0 - Cross-Site Scripting		7.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L	May 15, 2012
WP Forum Server <= 1.7.3 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2012-6622	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 15, 2012
Mingle Forum <= 1.0.33 - Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 15, 2012
Dynamic Widgets <= 1.5.1 - Cross Site Scripting		7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	May 15, 2012
Survey And Quiz Tool <= 2.9.2 - Unauthenticated Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 15, 2012
Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) < 2.3.1 - Cross-Site Scripting	CVE-2012-2913	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 15, 2012
Sabre < 1.2.2 - Cross-Site Scripting	CVE-2012-2916	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 15, 2012
Newsletter Manager < 1.0.2 - Cross-Site Scripting via test_mail.php	CVE-2012-6627	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 15, 2012

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation