Vulnerabilities protected by our XSS: Cross Site Scripting firewall rule

34,765,865
Attacks Blocked in Past 24 Hours

Showing 1-20 of 6,225 Vulnerabilities

Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.13 - Authenticated (Subscriber+) Stored Cross-Site Scripting
6.4
CVE-2024-2772
May 17, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 4.23.8 - Reflected Cross-Site Scripting
6.1
CVE-2024-4860
May 14, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Landing Page Builder <= 1.5.1.8 - Reflected Cross-Site Scripting via pageType
6.1
CVE-2024-34752
May 14, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
DethemeKit For Elementor <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-34575
May 14, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Authenticated (Author+) Stored Cross-Site Scripting via Code Injection
6.4
CVE-2024-0756
May 14, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Magazine Blocks <= 1.3.6 - Authenticated (Author+) Stored Cross-Site Scripting
6.4
CVE-2024-34760
May 14, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Popup Builder <= 1.1.29 - Authenticated (Author+) Stored Cross-Site Scripting
6.4
CVE-2024-34567
May 14, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Picture Gallery <= 1.5.11 - Authenticated (Author+) Stored Cross-Site Scripting
6.4
CVE-2024-34759
May 14, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
WP SMS <= 6.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2024-34811
May 13, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Propovoice CRM <= 1.7.6.2 - Unauthenticated Stored Cross-Site Scripting
7.2
CVE-2024-4747
May 10, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Sticky banner <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2024-35170
May 10, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via layout_html Parameter
6.4
CVE-2024-4277
May 9, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Reflected Cross-Site Scripting
6.1
CVE-2024-3547
May 9, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EmbedPress Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
6.4
CVE-2024-4316
May 9, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Heateor Social Login WordPress <= 1.1.31 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-32674
May 8, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Themify Shortcodes <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via themify_button Shortcode
6.4
CVE-2024-4567
May 8, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Debug Info <= 1.3.10 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2024-34565
May 7, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Table Maker <= 1.9.1 - Authenticated (Author+) Stored Cross-Site Scripting
5.4
CVE-2024-34574
May 7, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Visual Footer Credit Remover <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2024-2846
May 7, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
ADFO – Custom data in admin dashboard <= 1.9.0 - Reflected Cross-Site Scripting
6.1
CVE-2024-4104
May 7, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Title CVE ID CVSS Vector Date
Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.13 - Authenticated (Subscriber+) Stored Cross-Site Scripting CVE-2024-2772 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N May 17, 2024
RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 4.23.8 - Reflected Cross-Site Scripting CVE-2024-4860 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N May 14, 2024
Landing Page Builder <= 1.5.1.8 - Reflected Cross-Site Scripting via pageType CVE-2024-34752 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N May 14, 2024
DethemeKit For Elementor <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-34575 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N May 14, 2024
Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Authenticated (Author+) Stored Cross-Site Scripting via Code Injection CVE-2024-0756 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N May 14, 2024
Magazine Blocks <= 1.3.6 - Authenticated (Author+) Stored Cross-Site Scripting CVE-2024-34760 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N May 14, 2024
Popup Builder <= 1.1.29 - Authenticated (Author+) Stored Cross-Site Scripting CVE-2024-34567 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N May 14, 2024
Picture Gallery <= 1.5.11 - Authenticated (Author+) Stored Cross-Site Scripting CVE-2024-34759 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N May 14, 2024
WP SMS <= 6.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2024-34811 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N May 13, 2024
Propovoice CRM <= 1.7.6.2 - Unauthenticated Stored Cross-Site Scripting CVE-2024-4747 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N May 10, 2024
Sticky banner <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2024-35170 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N May 10, 2024
LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via layout_html Parameter CVE-2024-4277 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N May 9, 2024
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Reflected Cross-Site Scripting CVE-2024-3547 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N May 9, 2024
EmbedPress Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter CVE-2024-4316 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N May 9, 2024
Heateor Social Login WordPress <= 1.1.31 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-32674 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N May 8, 2024
Themify Shortcodes <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via themify_button Shortcode CVE-2024-4567 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N May 8, 2024
Debug Info <= 1.3.10 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2024-34565 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N May 7, 2024
Table Maker <= 1.9.1 - Authenticated (Author+) Stored Cross-Site Scripting CVE-2024-34574 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N May 7, 2024
Visual Footer Credit Remover <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2024-2846 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N May 7, 2024
ADFO – Custom data in admin dashboard <= 1.9.0 - Reflected Cross-Site Scripting CVE-2024-4104 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N May 7, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation