Vulnerabilities protected by our XSS: Cross Site Scripting firewall rule

1,273,700
Attacks Blocked in Past 24 Hours

Showing 1-20 of 5,155 vulnerabilities

Modern Events Calendar lite < 7.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2023-4021
Sep 28, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
ActivityPub <= 0.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Content
6.4
CVE-2023-3746
Sep 25, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Simple Posts Ticker <= 1.1.5 - Authenticated(Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-4725
Sep 25, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
WP Discord Invite <= 2.4.1 - Reflected Cross-Site Scripting via webhook
6.1
CVE ID Unknown
Sep 24, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Migration, Backup, Staging – WPvivid <= 0.9.89 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-5121
Sep 22, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Migration, Backup, Staging – WPvivid <= 0.9.89 - Authenticated Stored Cross-Site Scripting
4.4
CVE-2023-5120
Sep 22, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Drag and Drop Multiple File Upload for WooCommerce <= 1.1.0 - Unauthenticated Stored Cross-Site Scripting
7.2
CVE-2023-4821
Sep 21, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Payment gateway per Product for WooCommerce <= 3.2.7 - Reflected Cross-Site Scripting
6.1
CVE-2023-44144
Sep 20, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce <= 3.1.37.1 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2023-4423
Sep 20, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Table of Contents Plus <= 2302 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE ID Unknown
Sep 19, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Bit Assist <= 1.1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE ID Unknown
Sep 18, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Funnelforms Free <= 3.3.9 - Unauthenticated Stored Cross-Site Scripting
6.5
CVE-2023-4950
Sep 18, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
PageLayer <= 1.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE ID Unknown
Sep 13, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
WP Customer Reviews <= 3.6.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-4648
Sep 13, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Jetpack CRM <= 5.5.0 - Authenticated (Client+) Stored Cross-Site Scripting
6.4
CVE ID Unknown
Sep 12, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Wordpress File Upload <= 4.23.2 - Authenticated(Administrator+) Stored Cross-Site Scripting
4.4
CVE ID Unknown
Sep 12, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Photospace Responsive <= 2.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-4271
Sep 12, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Jetpack CRM <= 5.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE ID Unknown
Sep 12, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Testimonial Slider Shortcode <= 1.1.8 - Authenticated (Contributor+) Cross-Site Scripting Vulnerability via Shortcode
6.4
CVE-2023-4795
Sep 12, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Booking Calendar <= 9.7.3 - Unauthenticated Stored Cross-Site Scripting
6.5
CVE-2023-4620
Sep 11, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Title CVE ID CVSS Vector Date
Modern Events Calendar lite < 7.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2023-4021 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N September 28, 2023
ActivityPub <= 0.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Content CVE-2023-3746 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N September 25, 2023
Simple Posts Ticker <= 1.1.5 - Authenticated(Administrator+) Stored Cross-Site Scripting CVE-2023-4725 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N September 25, 2023
WP Discord Invite <= 2.4.1 - Reflected Cross-Site Scripting via webhook 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N September 24, 2023
Migration, Backup, Staging – WPvivid <= 0.9.89 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-5121 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N September 22, 2023
Migration, Backup, Staging – WPvivid <= 0.9.89 - Authenticated Stored Cross-Site Scripting CVE-2023-5120 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N September 22, 2023
Drag and Drop Multiple File Upload for WooCommerce <= 1.1.0 - Unauthenticated Stored Cross-Site Scripting CVE-2023-4821 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N September 21, 2023
Payment gateway per Product for WooCommerce <= 3.2.7 - Reflected Cross-Site Scripting CVE-2023-44144 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N September 20, 2023
WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce <= 3.1.37.1 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2023-4423 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N September 20, 2023
Table of Contents Plus <= 2302 - Authenticated (Administrator+) Stored Cross-Site Scripting 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N September 19, 2023
Bit Assist <= 1.1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N September 18, 2023
Funnelforms Free <= 3.3.9 - Unauthenticated Stored Cross-Site Scripting CVE-2023-4950 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N September 18, 2023
PageLayer <= 1.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N September 13, 2023
WP Customer Reviews <= 3.6.6 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-4648 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N September 13, 2023
Jetpack CRM <= 5.5.0 - Authenticated (Client+) Stored Cross-Site Scripting 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N September 12, 2023
Wordpress File Upload <= 4.23.2 - Authenticated(Administrator+) Stored Cross-Site Scripting 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N September 12, 2023
Photospace Responsive <= 2.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-4271 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N September 12, 2023
Jetpack CRM <= 5.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N September 12, 2023
Testimonial Slider Shortcode <= 1.1.8 - Authenticated (Contributor+) Cross-Site Scripting Vulnerability via Shortcode CVE-2023-4795 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N September 12, 2023
Booking Calendar <= 9.7.3 - Unauthenticated Stored Cross-Site Scripting CVE-2023-4620 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N September 11, 2023

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation