🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Vulnerabilities protected by our Stored Cross-Site Scripting via Shortcode firewall rule

898

Attacks Blocked in Past 24 Hours

Showing 61-80 of 463 Vulnerabilities

Easy!Appointments < 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-0698

Mar 4, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Master Slider – Responsive Touch Slider <= 3.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-1449

Mar 1, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Advanced iFrame <= 2024.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

4.9

CVE-2024-1341

Feb 28, 2024

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

Download Manager <= 3.2.85 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2023-6954

Feb 28, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

WP Social Widget <= 2.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

6.4

CVE-2024-27189

Feb 28, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Custom fields shortcode <= 0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode

6.4

CVE-2023-6809

Feb 27, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

SoundCloud Shortcode <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

6.4

CVE-2024-25936

Feb 26, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

ProfilePress <= 4.15.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via profilepress-edit-profile Shortcode

6.4

CVE-2024-1806

Feb 23, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via [reg-select-role] Shortcode

6.4

CVE-2024-1409

Feb 22, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Tabs Shortcode and Widget <= 1.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2024-0719

Feb 20, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Sassy Social Share <= 3.3.56 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-1448

Feb 20, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

FormFacade <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

6.4

CVE-2024-25934

Feb 20, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Page scroll to id <= 1.7.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2024-1445

Feb 16, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

TNC PDF viewer <= 2.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

6.4

CVE-2024-25097

Feb 12, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

NEX-Forms – Ultimate Form Builder <= 8.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

6.4

CVE-2024-25593

Feb 12, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Paytium: Mollie payment forms & donations <= 4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

6.4

CVE-2024-25099

Feb 12, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

PJ News Ticker <= 6.8.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode

6.4

CVE-2024-25094

Feb 12, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

PB oEmbed HTML5 Audio <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

6.4

CVE-2024-25098

Feb 12, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

MyWaze <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

6.4

CVE-2024-25594

Feb 12, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Content Cards <= 0.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

6.4

CVE-2024-24928

Feb 9, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Easy!Appointments < 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-0698	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	March 4, 2024
Master Slider – Responsive Touch Slider <= 3.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-1449	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	March 1, 2024
Advanced iFrame <= 2024.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-1341	4.9	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N	February 28, 2024
Download Manager <= 3.2.85 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2023-6954	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	February 28, 2024
WP Social Widget <= 2.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode	CVE-2024-27189	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	February 28, 2024
Custom fields shortcode <= 0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode	CVE-2023-6809	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	February 27, 2024
SoundCloud Shortcode <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode	CVE-2024-25936	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	February 26, 2024
ProfilePress <= 4.15.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via profilepress-edit-profile Shortcode	CVE-2024-1806	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	February 23, 2024
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via [reg-select-role] Shortcode	CVE-2024-1409	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	February 22, 2024
Tabs Shortcode and Widget <= 1.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2024-0719	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	February 20, 2024
Sassy Social Share <= 3.3.56 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-1448	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	February 20, 2024
FormFacade <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode	CVE-2024-25934	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	February 20, 2024
Page scroll to id <= 1.7.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2024-1445	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	February 16, 2024
TNC PDF viewer <= 2.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode	CVE-2024-25097	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	February 12, 2024
NEX-Forms – Ultimate Form Builder <= 8.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode	CVE-2024-25593	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	February 12, 2024
Paytium: Mollie payment forms & donations <= 4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode	CVE-2024-25099	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	February 12, 2024
PJ News Ticker <= 6.8.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode	CVE-2024-25094	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	February 12, 2024
PB oEmbed HTML5 Audio <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode	CVE-2024-25098	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	February 12, 2024
MyWaze <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode	CVE-2024-25594	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	February 12, 2024
Content Cards <= 0.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode	CVE-2024-24928	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	February 9, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation