🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Vulnerabilities protected by our Stored Cross-Site Scripting via Shortcode firewall rule

881

Attacks Blocked in Past 24 Hours

Showing 101-120 of 463 Vulnerabilities

Themify Icons <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2023-51693

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Back Button Widget <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2023-51399

Dec 26, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

WordPress Infinite Scroll – Ajax Load More <= 6.1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2023-50874

Dec 22, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Booking for Appointments and Events Calendar – Amelia <= 1.0.85 - Stored Cross-Site Scripting via Shortcode

6.4

CVE-2023-50860

Dec 22, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Limit Login Attempts Reloaded <= 2.25.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2023-6934

Dec 20, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

iframe Shortcode <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

6.4

CVE-2023-50825

Dec 19, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CSS & JavaScript Toolbox <= 11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

6.4

CVE-2023-50823

Dec 19, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Insert or Embed Articulate Content into WordPress <= 4.3000000021 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

6.4

CVE-2023-50824

Dec 19, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Currency Converter Widget <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

6.4

CVE-2023-50822

Dec 19, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

WP Shortcodes Plugin — Shortcodes Ultimate <= 7.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

5.4

CVE-2023-6488

Dec 18, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AMP for WP – Accelerated Mobile Pages <= 1.0.92 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode

6.4

CVE-2023-6782

Dec 18, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Import and export users and customers <= 1.24.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

4.9

CVE-2023-6624

Dec 11, 2023

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

Ibtana – WordPress Website Builder <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2023-6684

Dec 7, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Shortcodes and extra features for Phlox theme <= 2.15.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

6.4

CVE-2023-50368

Dec 6, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Video PopUp <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2023-4962

Dec 4, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Spiffy Calendar <= 4.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2023-49745

Dec 1, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

6.4

CVE-2023-51666

Nov 30, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

UserPro <= 5.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2023-2439

Nov 30, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Event post <= 5.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

6.4

CVE-2023-49179

Nov 29, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

10to8 Online Appointment Booking System <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

6.4

CVE-2023-49173

Nov 29, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Themify Icons <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2023-51693	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 27, 2023
Back Button Widget <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2023-51399	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 26, 2023
WordPress Infinite Scroll – Ajax Load More <= 6.1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2023-50874	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 22, 2023
Booking for Appointments and Events Calendar – Amelia <= 1.0.85 - Stored Cross-Site Scripting via Shortcode	CVE-2023-50860	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 22, 2023
Limit Login Attempts Reloaded <= 2.25.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2023-6934	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 20, 2023
iframe Shortcode <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode	CVE-2023-50825	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 19, 2023
CSS & JavaScript Toolbox <= 11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode	CVE-2023-50823	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 19, 2023
Insert or Embed Articulate Content into WordPress <= 4.3000000021 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode	CVE-2023-50824	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 19, 2023
Currency Converter Widget <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode	CVE-2023-50822	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 19, 2023
WP Shortcodes Plugin — Shortcodes Ultimate <= 7.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2023-6488	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	December 18, 2023
AMP for WP – Accelerated Mobile Pages <= 1.0.92 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode	CVE-2023-6782	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 18, 2023
Import and export users and customers <= 1.24.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode	CVE-2023-6624	4.9	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N	December 11, 2023
Ibtana – WordPress Website Builder <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2023-6684	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 7, 2023
Shortcodes and extra features for Phlox theme <= 2.15.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode	CVE-2023-50368	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 6, 2023
Video PopUp <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2023-4962	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 4, 2023
Spiffy Calendar <= 4.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2023-49745	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 1, 2023
Related Post <= 2.0.53 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2023-51666	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	November 30, 2023
UserPro <= 5.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2023-2439	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	November 30, 2023
Event post <= 5.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode	CVE-2023-49179	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	November 29, 2023
10to8 Online Appointment Booking System <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode	CVE-2023-49173	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	November 29, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation