🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Vulnerabilities protected by our XSS: Cross Site Scripting firewall rule

32,827,154

Attacks Blocked in Past 24 Hours

Showing 4361-4380 of 6,132 Vulnerabilities

Page Builder: KingComposer < 2.8.2 - Authenticated Stored Cross-Site Scripting

6.4

CVE ID Unknown

Apr 23, 2019

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

WP Database Backup <= 5.1.1 - Cross-Site Scripting

6.1

CVE-2019-14949

Apr 22, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CarSpot – Dealership Wordpress Classified Theme < 2.1.7 - Authenticated Stored Cross-Site Scripting

6.4

CVE-2019-15870

Apr 18, 2019

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

MailPoet – emails and newsletters in WordPress <= 3.23.1 - Reflected Cross-Site Scripting via URL parameter

6.1

CVE-2019-11843

Apr 16, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WordPress Download Manager <= 2.9.93 - Cross-Site Scripting

6.1

CVE-2019-15889

Apr 13, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

7.2

CVE-2019-11869

Apr 10, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

WP Statistics <= 12.6.3 - Referer Cross-Site Scripting

6.1

CVE-2019-10864

Apr 9, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Rencontre – Dating Site <= 3.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting

5.5

CVE ID Unknown

Apr 8, 2019

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Social Media Share Buttons & Social Sharing Icons <= 2.1.7 - Reflected Cross-Site Scripting

6.1

CVE ID Unknown

Mar 27, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Google Adsense & Banner Ads by AdsforWP < 1.6 - Cross-Site Scripting

6.4

CVE ID Unknown

Mar 26, 2019

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

PWA for WP & AMP Plugin <= 1.0.8 - Cross-Site Scripting

7.2

CVE ID Unknown

Mar 25, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Link Checker <= 1.16.2 - Unauthenticated Stored Cross-Site Scripting

7.1

CVE ID Unknown

Mar 22, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Social Warfare <= 3.5.2 - Unauthenticated Arbitrary Settings Update

7.2

CVE-2019-9978

Mar 21, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Font Organizer <= 2.1.1 - Reflected Cross-Site Scripting

6.1

CVE-2019-9908

Mar 18, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Import and export users and customers <= 1.14.0.2 - Cross-Site Scripting

6.1

CVE-2019-15328

Mar 14, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Abandoned Cart Lite for WooCommerce < 5.2.0 and Abandoned Cart Pro for WooCommerce < 7.13.0 - Stored Cross-Site Scripting

7.2

CVE-2019-25152

Mar 11, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

WooCommerce Subscriptions < 2.6.3 - Stored Cross-Site Scripting

6.1

CVE-2019-18834

Mar 11, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Quiz And Survey Master <= 6.2.1 - Cross-Site Scripting

6.1

CVE-2019-9575

Mar 5, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

The Events Calendar <= 4.8.1 - Cross-Site Scripting via tribe_paged Parameter

6.1

CVE-2019-15109

Mar 4, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WooCommerce <= 3.5.4 - Stored Cross-Site Scripting

6.1

CVE-2019-9168

Feb 20, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Page Builder: KingComposer < 2.8.2 - Authenticated Stored Cross-Site Scripting		6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	April 23, 2019
WP Database Backup <= 5.1.1 - Cross-Site Scripting	CVE-2019-14949	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 22, 2019
CarSpot – Dealership Wordpress Classified Theme < 2.1.7 - Authenticated Stored Cross-Site Scripting	CVE-2019-15870	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	April 18, 2019
MailPoet – emails and newsletters in WordPress <= 3.23.1 - Reflected Cross-Site Scripting via URL parameter	CVE-2019-11843	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 16, 2019
WordPress Download Manager <= 2.9.93 - Cross-Site Scripting	CVE-2019-15889	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 13, 2019
Yuzo Related Posts <= 5.12.93 - Missing Authorization to Stored Cross-Site Scripting	CVE-2019-11869	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	April 10, 2019
WP Statistics <= 12.6.3 - Referer Cross-Site Scripting	CVE-2019-10864	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 9, 2019
Rencontre – Dating Site <= 3.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting		5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	April 8, 2019
Social Media Share Buttons & Social Sharing Icons <= 2.1.7 - Reflected Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 27, 2019
Google Adsense & Banner Ads by AdsforWP < 1.6 - Cross-Site Scripting		6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	March 26, 2019
PWA for WP & AMP Plugin <= 1.0.8 - Cross-Site Scripting		7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	March 25, 2019
Link Checker <= 1.16.2 - Unauthenticated Stored Cross-Site Scripting		7.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L	March 22, 2019
Social Warfare <= 3.5.2 - Unauthenticated Arbitrary Settings Update	CVE-2019-9978	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	March 21, 2019
Font Organizer <= 2.1.1 - Reflected Cross-Site Scripting	CVE-2019-9908	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 18, 2019
Import and export users and customers <= 1.14.0.2 - Cross-Site Scripting	CVE-2019-15328	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 14, 2019
Abandoned Cart Lite for WooCommerce < 5.2.0 and Abandoned Cart Pro for WooCommerce < 7.13.0 - Stored Cross-Site Scripting	CVE-2019-25152	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	March 11, 2019
WooCommerce Subscriptions < 2.6.3 - Stored Cross-Site Scripting	CVE-2019-18834	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 11, 2019
Quiz And Survey Master <= 6.2.1 - Cross-Site Scripting	CVE-2019-9575	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 5, 2019
The Events Calendar <= 4.8.1 - Cross-Site Scripting via tribe_paged Parameter	CVE-2019-15109	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 4, 2019
WooCommerce <= 3.5.4 - Stored Cross-Site Scripting	CVE-2019-9168	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	February 20, 2019

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation