Vulnerabilities protected by our XSS: Cross Site Scripting firewall rule

22,704,617
Attacks Blocked in Past 24 Hours

Showing 6481-6500 of 6,652 Vulnerabilities

Order date time for WooCommerce <= 3.0.19 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-28991
Mar 31, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
WPMobile.App <= 11.20 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-28932
Mar 30, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
No CAPTCHA reCAPTCHA for WooCommerce <= 1.2.6 - Authenticated(Admin+) Stored Cross-Site Scripting via Plugin Settings
4.4
CVE ID Unknown
Mar 30, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Premmerce Redirect Manager <= 1.0.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-23789
Mar 30, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Direct checkout, Add to cart redirect for Woocommerce <= 2.1.48 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-28988
Mar 30, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Social Proof (Testimonial) Slider <= 2.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-24389
Mar 29, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Wp Ultimate Review <= 2.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-28751
Mar 29, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Quick Paypal Payments <= 5.7.26.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-1554
Mar 27, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Review Stream <= 1.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-28774
Mar 27, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Pagination by BestWebSoft <= 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-28778
Mar 27, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Pagination by BestWebSoft < 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE ID Unknown
Mar 23, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress <= 4.6.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE ID Unknown
Mar 23, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Userlike <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-23734
Mar 21, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
VigilanTor <= 1.3.10 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-28695
Mar 21, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Lazy Social Comments <= 2.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Options
4.4
CVE-2023-23733
Mar 21, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Disqus Conditional Load <= 11.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings.
4.4
CVE-2023-23732
Mar 21, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Simple Custom Author Profiles <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-24372
Mar 21, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
All-In-One Security (AIOS) <= 5.1.4 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2023-0157
Mar 20, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Cyberus Key <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'uid' in 'cyberkey_settings' Plugin Setting
4.4
CVE-2023-28620
Mar 20, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Event Manager for WooCommerce <= 3.8.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'mep_get_option' function
4.4
CVE-2023-28422
Mar 20, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Title CVE ID CVSS Vector Date
Order date time for WooCommerce <= 3.0.19 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-28991 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N March 31, 2023
WPMobile.App <= 11.20 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-28932 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N March 30, 2023
No CAPTCHA reCAPTCHA for WooCommerce <= 1.2.6 - Authenticated(Admin+) Stored Cross-Site Scripting via Plugin Settings 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N March 30, 2023
Premmerce Redirect Manager <= 1.0.9 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-23789 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N March 30, 2023
Direct checkout, Add to cart redirect for Woocommerce <= 2.1.48 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-28988 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N March 30, 2023
Social Proof (Testimonial) Slider <= 2.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-24389 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N March 29, 2023
Wp Ultimate Review <= 2.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-28751 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N March 29, 2023
Quick Paypal Payments <= 5.7.26.3 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-1554 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N March 27, 2023
Review Stream <= 1.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-28774 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N March 27, 2023
Pagination by BestWebSoft <= 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-28778 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N March 27, 2023
Pagination by BestWebSoft < 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N March 23, 2023
Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress <= 4.6.9 - Authenticated (Administrator+) Stored Cross-Site Scripting 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N March 23, 2023
Userlike <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-23734 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N March 21, 2023
VigilanTor <= 1.3.10 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-28695 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N March 21, 2023
Lazy Social Comments <= 2.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Options CVE-2023-23733 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N March 21, 2023
Disqus Conditional Load <= 11.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings. CVE-2023-23732 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N March 21, 2023
Simple Custom Author Profiles <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-24372 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N March 21, 2023
All-In-One Security (AIOS) <= 5.1.4 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2023-0157 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N March 20, 2023
Cyberus Key <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'uid' in 'cyberkey_settings' Plugin Setting CVE-2023-28620 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N March 20, 2023
Event Manager for WooCommerce <= 3.8.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'mep_get_option' function CVE-2023-28422 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N March 20, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation