🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Vulnerabilities protected by our XSS: Cross Site Scripting firewall rule

33,467,167

Attacks Blocked in Past 24 Hours

Showing 81-100 of 6,132 Vulnerabilities

BA Book Everything <= 1.6.8 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2024-32598

Apr 16, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

WordPress Simple HTML Sitemap <= 2.8 - Reflected Cross-Site Scripting

6.1

CVE-2024-32574

Apr 16, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Import Content in WordPress & WooCommerce with Excel <= 4.2 - Reflected Cross-Site Scripting

6.1

CVE-2024-32585

Apr 16, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WP-Lister Lite for eBay <= 3.5.11 - Authenticated (Shop Manager+) Stored Cross-Site Scripting

4.4

CVE-2024-32573

Apr 16, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

WP 2FA – Two-factor authentication for WordPress <= 2.6.2 - Reflected Cross-Site Scripting

6.1

CVE-2024-32568

Apr 16, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

QR Code Composer – Automatic QR code Generator <= 2.0.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVE-2024-32560

Apr 16, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

HT Mega – Absolute Addons For Elementor <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'size'

6.4

CVE-2024-2085

Apr 16, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

LearnPress Export Import <= 4.0.3 - Reflected Cross-Site Scripting

6.1

CVE-2024-32588

Apr 16, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EnvíaloSimple: Email Marketing y Newsletters <= 2.2 - Reflected Cross-Site Scripting

6.1

CVE-2024-32587

Apr 16, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Cornerstone <= 0.8.0 - Reflected Cross-Site Scripting via PHP_SELF

6.1

CVE-2024-32570

Apr 16, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Mega Elements <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-32575

Apr 16, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

WP Helper Premium < 4.6.0 - Reflected Cross-Site Scripting

6.1

CVE-2024-32595

Apr 16, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tax Rate Upload <= 2.4.5 - Reflected Cross-Site Scripting

6.1

CVE-2024-32546

Apr 15, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What's New Generator <= 2.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2024-32548

Apr 15, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

MJ Update History <= 1.0.4 - Reflected Cross-Site Scripting

6.1

CVE-2024-32543

Apr 15, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Code Insert Manager (Q2W3 Inc Manager) <= 2.5.3 - Reflected Cross-Site Scripting

6.1

CVE-2024-32547

Apr 15, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WP-Cufon <= 1.6.10 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2024-32541

Apr 15, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Exclusive Addons for Elementor <= 2.6.9.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Post Grid

6.4

CVE-2024-2503

Apr 15, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Access Category Password <= 1.5.1 - Reflected Cross-Site Scripting

6.1

CVE-2024-32535

Apr 15, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Netgsm <= 2.8 - Reflected Cross-Site Scripting

6.1

CVE-2024-32544

Apr 15, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
BA Book Everything <= 1.6.8 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2024-32598	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 16, 2024
WordPress Simple HTML Sitemap <= 2.8 - Reflected Cross-Site Scripting	CVE-2024-32574	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 16, 2024
Import Content in WordPress & WooCommerce with Excel <= 4.2 - Reflected Cross-Site Scripting	CVE-2024-32585	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 16, 2024
WP-Lister Lite for eBay <= 3.5.11 - Authenticated (Shop Manager+) Stored Cross-Site Scripting	CVE-2024-32573	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 16, 2024
WP 2FA – Two-factor authentication for WordPress <= 2.6.2 - Reflected Cross-Site Scripting	CVE-2024-32568	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 16, 2024
QR Code Composer – Automatic QR code Generator <= 2.0.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting	CVE-2024-32560	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	April 16, 2024
HT Mega – Absolute Addons For Elementor <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'size'	CVE-2024-2085	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	April 16, 2024
LearnPress Export Import <= 4.0.3 - Reflected Cross-Site Scripting	CVE-2024-32588	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 16, 2024
EnvíaloSimple: Email Marketing y Newsletters <= 2.2 - Reflected Cross-Site Scripting	CVE-2024-32587	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 16, 2024
Cornerstone <= 0.8.0 - Reflected Cross-Site Scripting via PHP_SELF	CVE-2024-32570	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 16, 2024
Mega Elements <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-32575	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	April 16, 2024
WP Helper Premium < 4.6.0 - Reflected Cross-Site Scripting	CVE-2024-32595	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 16, 2024
Tax Rate Upload <= 2.4.5 - Reflected Cross-Site Scripting	CVE-2024-32546	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 15, 2024
What's New Generator <= 2.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2024-32548	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 15, 2024
MJ Update History <= 1.0.4 - Reflected Cross-Site Scripting	CVE-2024-32543	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 15, 2024
Code Insert Manager (Q2W3 Inc Manager) <= 2.5.3 - Reflected Cross-Site Scripting	CVE-2024-32547	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 15, 2024
WP-Cufon <= 1.6.10 - Unauthenticated Stored Cross-Site Scripting	CVE-2024-32541	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	April 15, 2024
Exclusive Addons for Elementor <= 2.6.9.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Post Grid	CVE-2024-2503	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	April 15, 2024
Access Category Password <= 1.5.1 - Reflected Cross-Site Scripting	CVE-2024-32535	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 15, 2024
Netgsm <= 2.8 - Reflected Cross-Site Scripting	CVE-2024-32544	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 15, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation