🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Vulnerabilities protected by our XSS: Cross Site Scripting firewall rule

33,751,888

Attacks Blocked in Past 24 Hours

Showing 121-140 of 6,219 Vulnerabilities

PeproDev CF7 Database <= 1.7.0 - Unauthenticated Stored Cross-Site Scripting via form submission

7.2

CVE-2023-41863

Sep 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Travel Map <= 1.0.1 - Unauthenticated Cross-Site Scripting

7.2

CVE-2023-41860

Sep 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Mortgage Calculator Estatik <= 2.0.10 - Unauthenticated Cross-Site Scripting

7.2

CVE-2023-40601

Aug 17, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Cleverwise Daily Quotes <= 3.2 - Reflected Cross-Site Scripting

7.2

CVE-2023-40335

Aug 17, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

tagDiv Composer <= 4.1 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2023-3169

Aug 17, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

RSVPMaker <= 10.6.5 - Unauthenticated Stored Cross-Site Scripting via 'email'

7.2

CVE-2023-27616

Aug 17, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

User Submitted Posts <= 20230809 - Unauthenticated Stored Cross-Site Scripting via 'user-submitted-content'

7.2

CVE-2023-4308

Aug 14, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

WP 404 Auto Redirect to Similar Post <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

7.2

CVE-2023-40206

Aug 11, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

MultiParcels Shipping For WooCommerce <= 1.15.5 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE ID Unknown

Jul 25, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Radio Forge Muses Player with Skins <= 2.5 - Reflected Cross-Site Scripting

7.2

CVE-2023-37976

Jul 12, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

MailArchiver <= 2.10.1 - Unauthenticated Stored Cross-Site Scripting via Email Subject

7.2

CVE-2023-3136

Jul 12, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Post SMTP <= 2.5.7 - Unauthenticated Stored Cross-Site Scripting via Email

7.2

CVE-2023-3082

Jul 11, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Mail Control <= 0.2.8 - Unauthenticated Stored Cross-Site Scripting via Email Subject

7.2

CVE-2023-3158

Jul 10, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

FluentSMTP <= 2.2.4 - Unauthenticated Stored Cross-Site Scripting via Email Subject

7.2

CVE-2023-3087

Jul 6, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

SMTP Mail <= 1.3.21 - Unauthenticated Stored Cross-Site Scripting via Email Subject

7.2

CVE-2023-3092

Jul 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

WP Mail Log <= 1.1.1 - Unauthenticated Stored Cross-Site Scripting via Email

7.2

CVE-2023-3088

Jul 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

WP Reroute Email <= 1.4.9 - Unauthenticated Stored Cross-Site Scripting via Email Subject

7.2

CVE-2023-3168

Jul 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Autochat Automatic Conversation <= 1.1.7 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2023-3041

Jun 26, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

PostX – Gutenberg Blocks for Post Grid <= 2.9.9 - Unauthenticated Cross-Site Scripting

7.2

CVE-2023-36385

Jun 23, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Mail Queue <= 1.1 - Unauthenticated Stored Cross-Site Scripting via Email Subject

7.2

CVE-2023-3167

Jun 22, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
PeproDev CF7 Database <= 1.7.0 - Unauthenticated Stored Cross-Site Scripting via form submission	CVE-2023-41863	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	September 5, 2023
Travel Map <= 1.0.1 - Unauthenticated Cross-Site Scripting	CVE-2023-41860	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	September 5, 2023
Mortgage Calculator Estatik <= 2.0.10 - Unauthenticated Cross-Site Scripting	CVE-2023-40601	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	August 17, 2023
Cleverwise Daily Quotes <= 3.2 - Reflected Cross-Site Scripting	CVE-2023-40335	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	August 17, 2023
tagDiv Composer <= 4.1 - Unauthenticated Stored Cross-Site Scripting	CVE-2023-3169	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	August 17, 2023
RSVPMaker <= 10.6.5 - Unauthenticated Stored Cross-Site Scripting via 'email'	CVE-2023-27616	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	August 17, 2023
User Submitted Posts <= 20230809 - Unauthenticated Stored Cross-Site Scripting via 'user-submitted-content'	CVE-2023-4308	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	August 14, 2023
WP 404 Auto Redirect to Similar Post <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-40206	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	August 11, 2023
MultiParcels Shipping For WooCommerce <= 1.15.5 - Unauthenticated Stored Cross-Site Scripting		7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	July 25, 2023
Radio Forge Muses Player with Skins <= 2.5 - Reflected Cross-Site Scripting	CVE-2023-37976	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	July 12, 2023
MailArchiver <= 2.10.1 - Unauthenticated Stored Cross-Site Scripting via Email Subject	CVE-2023-3136	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	July 12, 2023
Post SMTP <= 2.5.7 - Unauthenticated Stored Cross-Site Scripting via Email	CVE-2023-3082	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	July 11, 2023
Mail Control <= 0.2.8 - Unauthenticated Stored Cross-Site Scripting via Email Subject	CVE-2023-3158	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	July 10, 2023
FluentSMTP <= 2.2.4 - Unauthenticated Stored Cross-Site Scripting via Email Subject	CVE-2023-3087	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	July 6, 2023
SMTP Mail <= 1.3.21 - Unauthenticated Stored Cross-Site Scripting via Email Subject	CVE-2023-3092	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	July 5, 2023
WP Mail Log <= 1.1.1 - Unauthenticated Stored Cross-Site Scripting via Email	CVE-2023-3088	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	July 5, 2023
WP Reroute Email <= 1.4.9 - Unauthenticated Stored Cross-Site Scripting via Email Subject	CVE-2023-3168	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	July 5, 2023
Autochat Automatic Conversation <= 1.1.7 - Unauthenticated Stored Cross-Site Scripting	CVE-2023-3041	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	June 26, 2023
PostX – Gutenberg Blocks for Post Grid <= 2.9.9 - Unauthenticated Cross-Site Scripting	CVE-2023-36385	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	June 23, 2023
Mail Queue <= 1.1 - Unauthenticated Stored Cross-Site Scripting via Email Subject	CVE-2023-3167	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	June 22, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation