Vulnerabilities protected by our XSS: Cross Site Scripting firewall rule

Title	CVE ID	CVSS	Vector	Date
Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress <= 4.6.9 - Authenticated (Administrator+) Stored Cross-Site Scripting		4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	March 23, 2023
Pagination by BestWebSoft < 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting		4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	March 23, 2023
WordPress Pinterest Plugin <= 1.6.1 - Stored (Contributor+) Cross-Site Scripting via Shortcode		6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	March 22, 2023
WooCommerce JazzCash Gateway Plugin <= 2.0 - Unauthenticated Cross-Site Scripting	CVE-2022-46822	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 22, 2023
Userlike <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting		4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	March 21, 2023
VigilanTor <= 1.3.10 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-28695	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	March 21, 2023
Team Member <= 4.4 - Authenticated (Editor+) Stored Cross-Site Scripting via new_style_name	CVE-2023-23647	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	March 21, 2023
Lazy Social Comments <= 2.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Options	CVE-2023-23733	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	March 21, 2023
Disqus Conditional Load <= 11.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings.	CVE-2023-23732	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	March 21, 2023
Simple Custom Author Profiles <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-24372	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	March 21, 2023
Open Graphite <= 1.6.0 - Reflected Cross-Site Scripting via topic parameter	CVE-2022-47439	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 21, 2023
Kanban Boards for WordPress <= 2.5.20 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-23884	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	March 20, 2023
FluentForms <= 4.3.24 - Authenticated(Contributor+) Stored Cross-Site Scripting	CVE-2023-0546	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	March 20, 2023
Store Locator WordPress <= 1.4.9 - Authenticated (Editor+) Stored Cross-Site Scripting via 'category_name', 'description', 'description_2' parameters	CVE-2023-27618	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	March 20, 2023
Slider, Gallery, and Carousel by MetaSlider <= 3.29.0 - Reflected Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 20, 2023
WP Content Filter – Censor All Offensive Content From Your Site <= 3.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-23883	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	March 20, 2023
WordPress Amazon S3 Plugin <= 1.5 - Reflected Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 20, 2023
Cyberus Key <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'uid' in 'cyberkey_settings' Plugin Setting	CVE-2023-28620	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	March 20, 2023
Event Manager for WooCommerce <= 3.8.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'mep_get_option' function	CVE-2023-28422	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	March 20, 2023
ConvertBox Auto Embed WordPress plugin <= 1.0.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2023-23664	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	March 20, 2023

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation