Vulnerabilities protected by our XSS: Cross Site Scripting firewall rule

15,697,211
Attacks Blocked in Past 24 Hours

Showing 1-20 of 7,093 Vulnerabilities

Title CVE ID CVSS Vector Date
Refraction <= 1.3 - Multiple Vulnerabilities 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N September 27, 2014
Slash WP (All Versions) - Multiple Vulnerabilities 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N June 20, 2013
I LOVE IT! < 2.4 - Multiple Vulnerabilities 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N May 16, 2013
Photocrati (Unknown Versions) - Multiple Vulnerabilities 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N April 24, 2013
Imperial Fairytale Theme (All Versions) - Multiple Vulnerabilities 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N April 24, 2013
Music <= 1.5 - Multiple Vulnerabilities 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N April 24, 2013
Feather12 (Unkown Versions) - Multiple Vulnerabilities 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N April 24, 2013
Ezoic <= 2.8.8 - Missing Authorization to Stored Cross-Site Scripting CVE-2022-41132 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H November 17, 2022
LMS by LifterLMS <= 3.35.0 - Stored Cross-Site Scripting via Import CVE-2019-15896 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H September 9, 2019
Smush – Lazy Load Images, Optimize & Compress Images <= 2.9.1 - Cross-Site Scripting 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H December 10, 2018
Ultimate Addons for WPBakery <= 3.16.11 - Stored Cross-Site Scripting 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H April 16, 2017
Patreon WordPress <= 1.7.0 - Reflected Cross-Site Scripting CVE-2021-24228 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H March 26, 2021
Patreon WordPress <= 1.7.0 - Reflected Cross-Site Scripting CVE-2021-24229 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H March 26, 2021
WP Armour Honeypot Anti Spam <= 1.5.6 -Cross-Site Request Forgery to Arbitrary Options Update 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H February 8, 2021
Formidable Form Builder <= 4.09.04 - Unauthenticated Stored Cross-Site Scripting CVE-2021-24884 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H January 28, 2021
Simple Download Monitor <= 3.9.4 - Contributor+ Stored Cross-Site Scripting via File Thumbnail CVE-2021-24693 9.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H October 5, 2021
WordPress Core < 6.0.3 - Reflected Cross-Site Scripting via SQL Injection CVE-2022-43497 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H October 18, 2022
Thumbnail For Excerpts <= 2.1 - Cross-Site Request Forgery 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H June 17, 2022
Hermit 音乐播放器 <= 3.1.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting CVE-2022-29413 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H April 28, 2022
Custom TinyMCE Shortcode Button <= 1.1 - Cross-Site Request Forgery to Cross-Site Scripting CVE-2022-1217 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H April 19, 2022

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation