🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Vulnerabilities protected by our XSS: Cross Site Scripting firewall rule

33,540,038

Attacks Blocked in Past 24 Hours

Showing 4381-4400 of 6,219 Vulnerabilities

Gallery PhotoBlocks <= 1.1.42 - Reflected Cross-Site Scripting

6.1

CVE-2019-15829

Jul 9, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Simple Link Directory < 7.3.5 - Reflected Cross-Site Scripting

6.1

CVE-2019-13463

Jul 9, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Appointment Hour Booking – WordPress Booking Plugin <= 1.1.45 - Cross-Site Scripting

6.1

CVE-2019-13505

Jul 9, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Icegram <= 1.10.28.2 - Cross-Site Scripting

6.4

CVE-2019-15830

Jul 9, 2019

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Yoast SEO <= 11.5 - Authenticated Stored Cross Site Scripting

6.4

CVE-2019-13478

Jul 9, 2019

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Zoner - Real Estate <= 4.1 - Cross-Site Scripting

6.4

CVE ID Unknown

Jul 8, 2019

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Rencontre – Dating Site <= 3.1.2 - Cross-Site Scripting

4.8

CVE-2019-13414

Jul 8, 2019

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Gallery Photoblocks <= 1.1.40 - Reflected Cross-Site Scripting

6.1

CVE ID Unknown

Jul 5, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Appointment Booking Calendar < 1.3.19 - Cross-Site Scripting

6.1

CVE-2019-14791

Jul 4, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

MyBookTable Bookstore <= 3.2.2 - Reflected Cross-Site Scripting

7.2

CVE ID Unknown

Jul 3, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Simple Mail Address Encoder < 1.7 - Reflected Cross-Site Scripting

6.1

CVE-2019-15833

Jul 3, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Feed Them Gallery <= 1.1.8 - Cross-Site Scripting

6.1

CVE ID Unknown

Jul 3, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WP Statistics <= 12.6.6.1 - Unauthenticated Stored Cross-Site Scripting via IP Manipulation

7.2

CVE ID Unknown

Jul 1, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Newsletters <= 4.6.18 - Cross-Site Scripting via contentarea Parameter

5.4

CVE-2019-14787

Jul 1, 2019

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Easy restaurant menu manager <= 1.1.2 - Cross-Site Scripting

6.1

CVE-2019-15842

Jun 29, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Essential Real Estate <= 1.7.1 - Reflected Cross-Site Scripting

6.1

CVE ID Unknown

Jun 29, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Watu Quiz 3.1.2.1 - 3.1.2.5 - Reflected Cross-Site Scripting

7.1

CVE ID Unknown

Jun 28, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

360 Product Rotation < 1.4.8 - Reflected Cross-Site Scripting

6.1

CVE-2019-15082

Jun 27, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Limb Gallery – Create Beautiful Image & Video Galleries <= 1.3.2 - Cross-Site Scripting

6.1

CVE-2019-14790

Jun 26, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WebP Express <= 0.14.10 - Authenticated Stored Cross-Site Scripting

5.4

CVE-2019-15837

Jun 26, 2019

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Gallery PhotoBlocks <= 1.1.42 - Reflected Cross-Site Scripting	CVE-2019-15829	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	July 9, 2019
Simple Link Directory < 7.3.5 - Reflected Cross-Site Scripting	CVE-2019-13463	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	July 9, 2019
Appointment Hour Booking – WordPress Booking Plugin <= 1.1.45 - Cross-Site Scripting	CVE-2019-13505	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	July 9, 2019
Icegram <= 1.10.28.2 - Cross-Site Scripting	CVE-2019-15830	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	July 9, 2019
Yoast SEO <= 11.5 - Authenticated Stored Cross Site Scripting	CVE-2019-13478	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	July 9, 2019
Zoner - Real Estate <= 4.1 - Cross-Site Scripting		6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	July 8, 2019
Rencontre – Dating Site <= 3.1.2 - Cross-Site Scripting	CVE-2019-13414	4.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N	July 8, 2019
Gallery Photoblocks <= 1.1.40 - Reflected Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	July 5, 2019
Appointment Booking Calendar < 1.3.19 - Cross-Site Scripting	CVE-2019-14791	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	July 4, 2019
MyBookTable Bookstore <= 3.2.2 - Reflected Cross-Site Scripting		7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	July 3, 2019
Simple Mail Address Encoder < 1.7 - Reflected Cross-Site Scripting	CVE-2019-15833	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	July 3, 2019
Feed Them Gallery <= 1.1.8 - Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	July 3, 2019
WP Statistics <= 12.6.6.1 - Unauthenticated Stored Cross-Site Scripting via IP Manipulation		7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	July 1, 2019
Newsletters <= 4.6.18 - Cross-Site Scripting via contentarea Parameter	CVE-2019-14787	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	July 1, 2019
Easy restaurant menu manager <= 1.1.2 - Cross-Site Scripting	CVE-2019-15842	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 29, 2019
Essential Real Estate <= 1.7.1 - Reflected Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 29, 2019
Watu Quiz 3.1.2.1 - 3.1.2.5 - Reflected Cross-Site Scripting		7.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L	June 28, 2019
360 Product Rotation < 1.4.8 - Reflected Cross-Site Scripting	CVE-2019-15082	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 27, 2019
Limb Gallery – Create Beautiful Image & Video Galleries <= 1.3.2 - Cross-Site Scripting	CVE-2019-14790	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 26, 2019
WebP Express <= 0.14.10 - Authenticated Stored Cross-Site Scripting	CVE-2019-15837	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	June 26, 2019

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation