🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Vulnerabilities protected by our XSS: Cross Site Scripting firewall rule

34,321,107

Attacks Blocked in Past 24 Hours

Showing 81-100 of 6,132 Vulnerabilities

Easy Coming Soon < 1.8.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

7.4

CVE ID Unknown

Aug 24, 2015

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Contact Form by FormGet < 5.3.1 - Authenticated Stored Cross-Site Scripting

7.4

CVE ID Unknown

Mar 7, 2015

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

WooCommerce <= 2.2.2 - Cross-Site Scripting via range Parameter

7.3

CVE-2014-6313

Sep 15, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Sticky Anything <= 2.1.5 - Missing Authorization

7.2

CVE-2024-33646

Apr 25, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Poll Maker – Best WordPress Poll Plugin <= 5.1.8 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2024-3600

Apr 18, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

WP-Cufon <= 1.6.10 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2024-32541

Apr 15, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Language Translate Widget for WordPress – ConveyThis <= 223 - Unauthenticated Stored Cross-Site Scripting via api_key

7.2

CVE-2023-6811

Apr 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Customily Product Personalizer <= 1.23.3 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2024-1774

Apr 9, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Sticky Anything <= 2.1.5 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2024-30551

Mar 29, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting <= 1.12.9 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2024-0609

Mar 28, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Salon booking system <= 9.6.2 - Authenticated (Customer+) Stored Cross-Site Scripting via 'sms_prefix'

7.2

CVE-2024-2102

Mar 27, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Simple Ajax Chat <= 20240216 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2024-1983

Mar 26, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Better Search <= 3.3.0 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2024-29142

Mar 18, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Contact Forms by Cimatti <= 1.7.0 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2024-29117

Mar 16, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Extensions For CF7 <= 3.0.6 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2024-29102

Mar 15, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

weForms <= 1.6.21 - Unauthenticated Stored Cross-Site Scripting via Referer

7.2

CVE-2024-0386

Mar 12, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Giveaways and Contests by RafflePress <= 1.12.5 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2024-1935

Feb 29, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

coreActivity <= 1.8 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2024-0852

Jan 26, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

illi Link Party! <= 1.0 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2023-7228

Jan 23, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

WPForms Pro 1.8.4 - 1.8.5.3 - Unauthenticated Stored Cross-Site Scripting via Form Submission

7.2

CVE-2023-7063

Jan 19, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Easy Coming Soon < 1.8.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting		7.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L	August 24, 2015
Contact Form by FormGet < 5.3.1 - Authenticated Stored Cross-Site Scripting		7.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L	March 7, 2015
WooCommerce <= 2.2.2 - Cross-Site Scripting via range Parameter	CVE-2014-6313	7.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L	September 15, 2014
Sticky Anything <= 2.1.5 - Missing Authorization	CVE-2024-33646	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	April 25, 2024
Poll Maker – Best WordPress Poll Plugin <= 5.1.8 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting	CVE-2024-3600	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	April 18, 2024
WP-Cufon <= 1.6.10 - Unauthenticated Stored Cross-Site Scripting	CVE-2024-32541	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	April 15, 2024
Language Translate Widget for WordPress – ConveyThis <= 223 - Unauthenticated Stored Cross-Site Scripting via api_key	CVE-2023-6811	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	April 10, 2024
Customily Product Personalizer <= 1.23.3 - Unauthenticated Stored Cross-Site Scripting	CVE-2024-1774	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	April 9, 2024
Sticky Anything <= 2.1.5 - Unauthenticated Stored Cross-Site Scripting	CVE-2024-30551	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	March 29, 2024
WP ERP \| Complete HR solution with recruitment & job listings \| WooCommerce CRM & Accounting <= 1.12.9 - Unauthenticated Stored Cross-Site Scripting	CVE-2024-0609	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	March 28, 2024
Salon booking system <= 9.6.2 - Authenticated (Customer+) Stored Cross-Site Scripting via 'sms_prefix'	CVE-2024-2102	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	March 27, 2024
Simple Ajax Chat <= 20240216 - Unauthenticated Stored Cross-Site Scripting	CVE-2024-1983	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	March 26, 2024
Better Search <= 3.3.0 - Unauthenticated Stored Cross-Site Scripting	CVE-2024-29142	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	March 18, 2024
Contact Forms by Cimatti <= 1.7.0 - Unauthenticated Stored Cross-Site Scripting	CVE-2024-29117	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	March 16, 2024
Extensions For CF7 <= 3.0.6 - Unauthenticated Stored Cross-Site Scripting	CVE-2024-29102	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	March 15, 2024
weForms <= 1.6.21 - Unauthenticated Stored Cross-Site Scripting via Referer	CVE-2024-0386	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	March 12, 2024
Giveaways and Contests by RafflePress <= 1.12.5 - Unauthenticated Stored Cross-Site Scripting	CVE-2024-1935	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	February 29, 2024
coreActivity <= 1.8 - Unauthenticated Stored Cross-Site Scripting	CVE-2024-0852	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	January 26, 2024
illi Link Party! <= 1.0 - Unauthenticated Stored Cross-Site Scripting	CVE-2023-7228	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	January 23, 2024
WPForms Pro 1.8.4 - 1.8.5.3 - Unauthenticated Stored Cross-Site Scripting via Form Submission	CVE-2023-7063	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	January 19, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation