Vulnerabilities protected by our XSS: Cross Site Scripting firewall rule

1,273,700
Attacks Blocked in Past 24 Hours

Showing 1-20 of 5,155 vulnerabilities

Title CVE ID CVSS Vector Date
Modern Events Calendar lite < 7.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2023-4021 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N September 28, 2023
ActivityPub <= 0.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Content CVE-2023-3746 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N September 25, 2023
Simple Posts Ticker <= 1.1.5 - Authenticated(Administrator+) Stored Cross-Site Scripting CVE-2023-4725 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N September 25, 2023
WP Discord Invite <= 2.4.1 - Reflected Cross-Site Scripting via webhook 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N September 24, 2023
Migration, Backup, Staging – WPvivid <= 0.9.89 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-5121 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N September 22, 2023
Migration, Backup, Staging – WPvivid <= 0.9.89 - Authenticated Stored Cross-Site Scripting CVE-2023-5120 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N September 22, 2023
Drag and Drop Multiple File Upload for WooCommerce <= 1.1.0 - Unauthenticated Stored Cross-Site Scripting CVE-2023-4821 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N September 21, 2023
Payment gateway per Product for WooCommerce <= 3.2.7 - Reflected Cross-Site Scripting CVE-2023-44144 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N September 20, 2023
WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce <= 3.1.37.1 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2023-4423 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N September 20, 2023
Table of Contents Plus <= 2302 - Authenticated (Administrator+) Stored Cross-Site Scripting 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N September 19, 2023
Bit Assist <= 1.1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N September 18, 2023
Funnelforms Free <= 3.3.9 - Unauthenticated Stored Cross-Site Scripting CVE-2023-4950 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N September 18, 2023
PageLayer <= 1.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N September 13, 2023
WP Customer Reviews <= 3.6.6 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-4648 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N September 13, 2023
Jetpack CRM <= 5.5.0 - Authenticated (Client+) Stored Cross-Site Scripting 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N September 12, 2023
Wordpress File Upload <= 4.23.2 - Authenticated(Administrator+) Stored Cross-Site Scripting 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N September 12, 2023
Photospace Responsive <= 2.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-4271 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N September 12, 2023
Jetpack CRM <= 5.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N September 12, 2023
Testimonial Slider Shortcode <= 1.1.8 - Authenticated (Contributor+) Cross-Site Scripting Vulnerability via Shortcode CVE-2023-4795 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N September 12, 2023
Booking Calendar <= 9.7.3 - Unauthenticated Stored Cross-Site Scripting CVE-2023-4620 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N September 11, 2023

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation