Vulnerabilities protected by our XSS: Cross Site Scripting firewall rule

35,044,591
Attacks Blocked in Past 24 Hours

Showing 5821-5840 of 6,183 Vulnerabilities

Elastic Email Sender <= 1.2.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-38387
Jul 20, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
wpShopGermany IT-RECHT KANZLEI <= 1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-37993
Jul 19, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
WP Brutal AI < 2.06 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-2606
Jul 19, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
WP Food Manager <= 1.0.3 - Authenticated(Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-0604
Jul 17, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Chat Button <= 1.8.9.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
4.4
CVE-2023-32292
Jul 17, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
PDQ CSV <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
4.4
CVE-2023-31221
Jul 17, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Bubble Menu <= 3.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2023-3650
Jul 17, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
IURNY by INDIGITALL – WhatsApp Chat, Web Push Notifications (FREE) <= 3.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2023-3647
Jul 17, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
YourMembership Single Sign On <= 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
4.4
CVE-2023-37986
Jul 17, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
ARMember Lite - Membership Plugin <= 4.0.16 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-3996
Jul 14, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Dovetail <= 1.2.13 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-25984
Jul 13, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Custom Field For WP Job Manager <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-37980
Jul 13, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
WP Default Feature Image <= 1.0.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-25488
Jul 10, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
HTTP Headers <= 1.18.11 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-37874
Jul 10, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
WooCommerce Ship to Multiple Addresses <= 3.8.5 - Reflected Cross-Site Scripting
4.4
CVE-2023-37873
Jul 10, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Social Share Boost <= 4.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-25044
Jul 7, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Image Social Feed Plugin <= 1.7.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-24412
Jul 7, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
oAuth Twitter Feed for Developers <= 2.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-25042
Jul 7, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Video Gallery <= 1.3.12 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-25477
Jul 7, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Simple Light Weight Social Share (Tweet, Like, Share and Linkedin) <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-37388
Jul 5, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Title CVE ID CVSS Vector Date
Elastic Email Sender <= 1.2.6 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-38387 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 20, 2023
wpShopGermany IT-RECHT KANZLEI <= 1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-37993 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 19, 2023
WP Brutal AI < 2.06 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-2606 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 19, 2023
WP Food Manager <= 1.0.3 - Authenticated(Administrator+) Stored Cross-Site Scripting CVE-2023-0604 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 17, 2023
Chat Button <= 1.8.9.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings CVE-2023-32292 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 17, 2023
PDQ CSV <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings CVE-2023-31221 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 17, 2023
Bubble Menu <= 3.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2023-3650 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 17, 2023
IURNY by INDIGITALL – WhatsApp Chat, Web Push Notifications (FREE) <= 3.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2023-3647 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 17, 2023
YourMembership Single Sign On <= 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings CVE-2023-37986 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 17, 2023
ARMember Lite - Membership Plugin <= 4.0.16 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-3996 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 14, 2023
Dovetail <= 1.2.13 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-25984 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 13, 2023
Custom Field For WP Job Manager <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-37980 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 13, 2023
WP Default Feature Image <= 1.0.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-25488 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 10, 2023
HTTP Headers <= 1.18.11 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-37874 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 10, 2023
WooCommerce Ship to Multiple Addresses <= 3.8.5 - Reflected Cross-Site Scripting CVE-2023-37873 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 10, 2023
Social Share Boost <= 4.4 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-25044 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 7, 2023
Image Social Feed Plugin <= 1.7.6 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-24412 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 7, 2023
oAuth Twitter Feed for Developers <= 2.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-25042 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 7, 2023
Video Gallery <= 1.3.12 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-25477 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 7, 2023
Simple Light Weight Social Share (Tweet, Like, Share and Linkedin) <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-37388 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 5, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation