🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Vulnerabilities protected by our XSS: Cross Site Scripting firewall rule

33,749,071

Attacks Blocked in Past 24 Hours

Showing 4341-4360 of 6,219 Vulnerabilities

CPT – Speakers <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-25977

Feb 23, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Custom Login Page <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-26012

Feb 23, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Simple Portfolio Gallery <= 0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-26016

Feb 23, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

TypeSquare Webfonts for ConoHa <= 2.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-25458

Feb 23, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

WPMobile.App — Android and iOS Mobile Application <= 11.18 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-26010

Feb 23, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Chat Bee <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-26538

Feb 24, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

All in One SEO Pack <= 4.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-0585

Feb 24, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

asMember <= 1.5.4 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.9

CVE-2023-26541

Feb 24, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Dashboard Widgets Suite <= 3.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-26517

Feb 27, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Simple Slug Translate <= 2.7.2 - Authenticated (Administrator+) Stored Cross-Site Scritping

4.4

CVE-2023-26515

Feb 27, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Darcie <= 1.1.5 - Reflected Cross-Site Scripting via JS split

6.1

CVE-2023-25961

Feb 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

GN Publisher <= 1.5.5 - Reflected Cross-Site Scripting

6.1

CVE-2023-1080

Feb 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Publish to Schedule <= 4.5.4 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-26519

Feb 27, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

We’re Open! <= 1.46 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-25964

Feb 27, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Advanced Text Widget <= 2.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-26539

Feb 28, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

WP Repost <= 0.1 - Authenticated (Administrator+) Stored Cross-Site Scritping

4.4

CVE-2023-26534

Feb 28, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

WP No External Links <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scritping

4.4

CVE-2023-26537

Feb 28, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Simple File List <= 6.0.9 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-1025

Feb 28, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Debug Assistant <= 1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-26527

Feb 28, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Real Estate 7 <= 3.3.4 - Reflected Cross-Site Scripting via ct_additional_features

6.1

CVE ID Unknown

Feb 28, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
CPT – Speakers <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-25977	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	February 23, 2023
Custom Login Page <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-26012	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	February 23, 2023
Simple Portfolio Gallery <= 0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-26016	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	February 23, 2023
TypeSquare Webfonts for ConoHa <= 2.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-25458	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	February 23, 2023
WPMobile.App — Android and iOS Mobile Application <= 11.18 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-26010	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	February 23, 2023
Chat Bee <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-26538	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	February 24, 2023
All in One SEO Pack <= 4.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-0585	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	February 24, 2023
asMember <= 1.5.4 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-26541	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L	February 24, 2023
Dashboard Widgets Suite <= 3.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-26517	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	February 27, 2023
Simple Slug Translate <= 2.7.2 - Authenticated (Administrator+) Stored Cross-Site Scritping	CVE-2023-26515	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	February 27, 2023
Darcie <= 1.1.5 - Reflected Cross-Site Scripting via JS split	CVE-2023-25961	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	February 27, 2023
GN Publisher <= 1.5.5 - Reflected Cross-Site Scripting	CVE-2023-1080	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	February 27, 2023
Publish to Schedule <= 4.5.4 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-26519	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	February 27, 2023
We’re Open! <= 1.46 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-25964	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	February 27, 2023
Advanced Text Widget <= 2.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-26539	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	February 28, 2023
WP Repost <= 0.1 - Authenticated (Administrator+) Stored Cross-Site Scritping	CVE-2023-26534	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	February 28, 2023
WP No External Links <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scritping	CVE-2023-26537	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	February 28, 2023
Simple File List <= 6.0.9 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-1025	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	February 28, 2023
Debug Assistant <= 1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-26527	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	February 28, 2023
Real Estate 7 <= 3.3.4 - Reflected Cross-Site Scripting via ct_additional_features		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	February 28, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation