🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Vulnerabilities protected by our XSS: Cross Site Scripting firewall rule

32,800,406

Attacks Blocked in Past 24 Hours

Showing 4361-4380 of 6,132 Vulnerabilities

Floating Chat Widget <= 3.1.8 - Authenticated (Editor+) Stored Cross-Site Scripting

5.5

CVE-2024-2972

Apr 3, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Photo Gallery by Supsystic <= 1.15.16 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVE-2024-29921

Mar 25, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Simply Static <= 3.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVE-2024-30178

Mar 25, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Carousel Slider <= 2.2.6 - Authenticated (Editor+) Stored Cross-Site Scripting

5.5

CVE-2024-1712

Mar 25, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Slider Hero <= 8.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVE-2024-29922

Mar 25, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Breeze <= 2.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via breeze_api_token

5.5

CVE-2024-27188

Mar 25, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Funnel Builder by CartFlows <= 2.0.1 - Authenticated (Editor+) Stored Cross-Site Scripting via settings

5.5

CVE-2024-29813

Mar 25, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

WooCommerce Google Feed Manager <= 2.2.0 - Authenticated (Shop manager+) Stored Cross-Site Scripting

5.5

CVE-2024-29112

Mar 16, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Advanced Access Manager <= 6.9.20 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVE-2024-29124

Mar 16, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

ElementsKit Elementor addons <= 3.0.3 - Authenticated(Editor+) Stored Cross-Site Scripting

5.5

CVE-2023-6525

Mar 15, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

MJM Clinic <= 1.1.22 - Authenticated (Editor+) Stored Cross-Site Scripting

5.5

CVE-2024-29096

Mar 15, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Easy Digital Downloads <= 3.2.6 - Authenticated(Shop Manager+) Stored Cross-Site Scripting via variable pricing options

5.5

CVE-2024-0659

Feb 2, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Scroll Triggered Box <= 2.3 - Authenticated (Editor+) Stored Cross-Site Scripting

5.5

CVE-2024-24865

Feb 2, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

FileBird <= 5.6.0 - Authenticated(Administrator+) Stored Cross-Site Scripting via Folder Import

5.5

CVE-2024-0691

Jan 19, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

ZeroBounce Email Verification & Validation <= 1.0.11 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVE-2023-51374

Dec 26, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

HTML Forms <= 1.3.28 - Authenticated (Administrator+) Cross-Site Scripting

5.5

CVE-2023-50836

Dec 21, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Biteship <= 2.2.27 - Authenticated (Shop manager+) Stored Cross-Site Scripting

5.5

CVE-2023-49767

Dec 4, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

WP Event Manager <= 3.1.41 - Authenticated (Editor+) Stored Cross-Site Scripting

5.5

CVE-2023-49181

Nov 29, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Automatic Youtube Video Posts Plugin <= 5.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings

5.5

CVE-2023-49180

Nov 29, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Client Dash <= 2.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings

5.5

CVE-2023-49165

Nov 29, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Floating Chat Widget <= 3.1.8 - Authenticated (Editor+) Stored Cross-Site Scripting	CVE-2024-2972	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	April 3, 2024
Photo Gallery by Supsystic <= 1.15.16 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2024-29921	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	March 25, 2024
Simply Static <= 3.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2024-30178	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	March 25, 2024
Carousel Slider <= 2.2.6 - Authenticated (Editor+) Stored Cross-Site Scripting	CVE-2024-1712	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	March 25, 2024
Slider Hero <= 8.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2024-29922	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	March 25, 2024
Breeze <= 2.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via breeze_api_token	CVE-2024-27188	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	March 25, 2024
Funnel Builder by CartFlows <= 2.0.1 - Authenticated (Editor+) Stored Cross-Site Scripting via settings	CVE-2024-29813	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	March 25, 2024
WooCommerce Google Feed Manager <= 2.2.0 - Authenticated (Shop manager+) Stored Cross-Site Scripting	CVE-2024-29112	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	March 16, 2024
Advanced Access Manager <= 6.9.20 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2024-29124	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	March 16, 2024
ElementsKit Elementor addons <= 3.0.3 - Authenticated(Editor+) Stored Cross-Site Scripting	CVE-2023-6525	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	March 15, 2024
MJM Clinic <= 1.1.22 - Authenticated (Editor+) Stored Cross-Site Scripting	CVE-2024-29096	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	March 15, 2024
Easy Digital Downloads <= 3.2.6 - Authenticated(Shop Manager+) Stored Cross-Site Scripting via variable pricing options	CVE-2024-0659	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	February 2, 2024
Scroll Triggered Box <= 2.3 - Authenticated (Editor+) Stored Cross-Site Scripting	CVE-2024-24865	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	February 2, 2024
FileBird <= 5.6.0 - Authenticated(Administrator+) Stored Cross-Site Scripting via Folder Import	CVE-2024-0691	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	January 19, 2024
ZeroBounce Email Verification & Validation <= 1.0.11 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-51374	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	December 26, 2023
HTML Forms <= 1.3.28 - Authenticated (Administrator+) Cross-Site Scripting	CVE-2023-50836	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	December 21, 2023
Biteship <= 2.2.27 - Authenticated (Shop manager+) Stored Cross-Site Scripting	CVE-2023-49767	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	December 4, 2023
WP Event Manager <= 3.1.41 - Authenticated (Editor+) Stored Cross-Site Scripting	CVE-2023-49181	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	November 29, 2023
Automatic Youtube Video Posts Plugin <= 5.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings	CVE-2023-49180	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	November 29, 2023
Client Dash <= 2.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings	CVE-2023-49165	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	November 29, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation