🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Vulnerabilities protected by our Stored Cross-Site Scripting via Shortcode firewall rule

868

Attacks Blocked in Past 24 Hours

Showing 441-460 of 463 Vulnerabilities

Themify Portfolio Post <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2023-0362

Jan 19, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Theme Blvd Responsive Google Maps <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes

6.4

CVE-2023-22698

Jan 19, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

amr shortcode any widget <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2022-4458

Jan 19, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

YARPP – Yet Another Related Posts Plugin <= 5.30.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2022-4471

Jan 19, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Contact Form 7 Dynamic Text Extension <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE ID Unknown

Jan 19, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Youtube Shortcode <= 1.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2023-23687

Jan 19, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Oi Yandex.Maps for WordPress <= 3.2.7 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode

6.4

CVE-2023-22721

Jan 19, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Easy PayPal Buy Now Button <= 1.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2022-4628

Jan 19, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Location Weather <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes

6.4

CVE-2023-0360

Jan 18, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

WidgetShortcode <= 0.3.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2022-4473

Jan 17, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Rich Table of Contents <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2022-4551

Jan 17, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Widgets on Pages <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2022-4488

Jan 17, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Simple File Downloader <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2022-4764

Jan 5, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Video.js – HTML5 Video Player for WordPress <= 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2022-4786

Jan 4, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

List Pages Shortcode <= 1.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2022-4757

Jan 4, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Lightbox Gallery <= 0.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2022-4682

Jan 4, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Show-Hide / Collapse-Expand <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2022-4829

Jan 4, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Embed PDF <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2022-4788

Jan 4, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CPT Bootstrap Carousel <= 1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2022-4834

Jan 3, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Meteor Slides <= 1.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2022-4486

Dec 21, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Themify Portfolio Post <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2023-0362	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 19, 2023
Theme Blvd Responsive Google Maps <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes	CVE-2023-22698	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 19, 2023
amr shortcode any widget <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4458	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 19, 2023
YARPP – Yet Another Related Posts Plugin <= 5.30.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4471	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 19, 2023
Contact Form 7 Dynamic Text Extension <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode		6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 19, 2023
Youtube Shortcode <= 1.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2023-23687	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 19, 2023
Oi Yandex.Maps for WordPress <= 3.2.7 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode	CVE-2023-22721	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 19, 2023
Easy PayPal Buy Now Button <= 1.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4628	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 19, 2023
Location Weather <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes	CVE-2023-0360	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 18, 2023
WidgetShortcode <= 0.3.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4473	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 17, 2023
Rich Table of Contents <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4551	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 17, 2023
Widgets on Pages <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2022-4488	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 17, 2023
Simple File Downloader <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4764	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 5, 2023
Video.js – HTML5 Video Player for WordPress <= 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4786	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 4, 2023
List Pages Shortcode <= 1.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4757	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 4, 2023
Lightbox Gallery <= 0.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4682	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 4, 2023
Show-Hide / Collapse-Expand <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4829	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 4, 2023
Embed PDF <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4788	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 4, 2023
CPT Bootstrap Carousel <= 1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4834	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 3, 2023
Meteor Slides <= 1.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2022-4486	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 21, 2022

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation