Vulnerabilities protected by our XSS: Cross Site Scripting firewall rule

23,775,341
Attacks Blocked in Past 24 Hours

Showing 101-120 of 6,627 Vulnerabilities

Tin Canny Reporting for LearnDash <= 4.3.0.7 - Reflected Cross-Site Scripting
6.1
CVE-2024-39656
Aug 1, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Extensions for Elementor <= 2.0.31 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-39668
Aug 1, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Eventin <= 4.0.5 - Authenticated (Author+) Stored Cross-Site Scripting
6.4
CVE-2024-39648
Aug 1, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
LiquidPoll – Advanced Polls for Creators and Brands <= 3.3.77 - Unauthenticated Stored Cross-Site Scripting
7.2
CVE-2024-39655
Aug 1, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
WP-PostRatings <= 1.91.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-39659
Aug 1, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
WP Fast Total Search <= 1.68.232 - Unauthenticated Stored Cross-Site Scripting
7.2
CVE-2024-39663
Aug 1, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
WooCommerce PDF Vouchers <= 4.9.4 - Reflected Cross-Site Scripting
6.1
CVE-2024-39652
Aug 1, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Photo Engine <= 6.3.1 - Authenticated (Author+) Stored Cross-Site Scripting
6.4
CVE-2024-39660
Aug 1, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
RegistrationMagic <= 6.0.0.1 - Unauthenticated Stored Cross-Site Scripting
7.2
CVE-2024-39643
Aug 1, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Message Filter for Contact Form 7 <= 1.6.1.1 - Reflected Cross-Site Scripting
6.1
CVE-2024-39647
Aug 1, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.85 - Authenticated (Contributor+) Stored Cross-Site Scripting via redirectURL Parameter of Date Countdown Widget
6.4
CVE-2024-6346
Jul 31, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Element Pack - Addon for Elementor Page Builder WordPress Plugin <= 7.9.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Wrapper Link URL
6.4
CVE-2024-2455
Jul 31, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
ParityPress <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
5.5
CVE-2024-6661
Jul 26, 2024
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
Contest Gallery <= 23.1.2 - Unauthenticated Stored Cross-Site Scripting
6.1
CVE-2024-39631
Jul 24, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
WP eMember <= 10.6.6 - Reflected Cross-Site Scripting via $_SERVER['REQUEST_URI']
6.1
CVE-2024-5744
Jul 23, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Redux Framework 4.4.12 - 4.4.17 - Unauthenticated JSON File Upload to Stored Cross-Site Scripting
7.2
CVE-2024-6828
Jul 22, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Generate Images – Magic Post Thumbnail <= 5.2.7 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2024-6724
Jul 22, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Himalayas <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2024-39629
Jul 22, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
NextGEN Gallery <= 3.59.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2024-39627
Jul 22, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Pretty Simple Popup Builder <= 1.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2024-39626
Jul 22, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Title CVE ID CVSS Vector Date
Tin Canny Reporting for LearnDash <= 4.3.0.7 - Reflected Cross-Site Scripting CVE-2024-39656 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N August 1, 2024
Extensions for Elementor <= 2.0.31 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-39668 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N August 1, 2024
Eventin <= 4.0.5 - Authenticated (Author+) Stored Cross-Site Scripting CVE-2024-39648 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N August 1, 2024
LiquidPoll – Advanced Polls for Creators and Brands <= 3.3.77 - Unauthenticated Stored Cross-Site Scripting CVE-2024-39655 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N August 1, 2024
WP-PostRatings <= 1.91.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-39659 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N August 1, 2024
WP Fast Total Search <= 1.68.232 - Unauthenticated Stored Cross-Site Scripting CVE-2024-39663 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N August 1, 2024
WooCommerce PDF Vouchers <= 4.9.4 - Reflected Cross-Site Scripting CVE-2024-39652 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N August 1, 2024
Photo Engine <= 6.3.1 - Authenticated (Author+) Stored Cross-Site Scripting CVE-2024-39660 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N August 1, 2024
RegistrationMagic <= 6.0.0.1 - Unauthenticated Stored Cross-Site Scripting CVE-2024-39643 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N August 1, 2024
Message Filter for Contact Form 7 <= 1.6.1.1 - Reflected Cross-Site Scripting CVE-2024-39647 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N August 1, 2024
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.85 - Authenticated (Contributor+) Stored Cross-Site Scripting via redirectURL Parameter of Date Countdown Widget CVE-2024-6346 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N July 31, 2024
Element Pack - Addon for Elementor Page Builder WordPress Plugin <= 7.9.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Wrapper Link URL CVE-2024-2455 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N July 31, 2024
ParityPress <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2024-6661 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N July 26, 2024
Contest Gallery <= 23.1.2 - Unauthenticated Stored Cross-Site Scripting CVE-2024-39631 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N July 24, 2024
WP eMember <= 10.6.6 - Reflected Cross-Site Scripting via $_SERVER['REQUEST_URI'] CVE-2024-5744 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N July 23, 2024
Redux Framework 4.4.12 - 4.4.17 - Unauthenticated JSON File Upload to Stored Cross-Site Scripting CVE-2024-6828 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N July 22, 2024
Generate Images – Magic Post Thumbnail <= 5.2.7 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2024-6724 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 22, 2024
Himalayas <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2024-39629 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 22, 2024
NextGEN Gallery <= 3.59.3 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2024-39627 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 22, 2024
Pretty Simple Popup Builder <= 1.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2024-39626 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 22, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation