Vulnerabilities protected by our XSS: Cross Site Scripting firewall rule

33,553,053
Attacks Blocked in Past 24 Hours

Showing 121-140 of 6,219 Vulnerabilities

WooCommerce Shipping Label <= 2.3.8 - Authenticated (Shop Manager+) Stored Cross-Site Scripting
3.3
CVE-2024-32834
Apr 22, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N
Max Addons Pro for Bricks <= 1.6.1 - Reflected Cross-Site Scripting
6.1
CVE-2024-32952
Apr 22, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Royal Elementor Addons and Templates <= 1.3.971 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags
6.4
CVE-2024-2799
Apr 22, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
wpDiscuz <= 7.6.15 - Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Image Alternative Text
6.4
CVE-2024-2477
Apr 22, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
WP Media Category Management <= 2.2 - Reflected Cross-Site Scripting
6.1
CVE-2024-32950
Apr 22, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
ARforms <= 6.4 - Reflected Cross-Site Scripting
6.1
CVE-2024-32702
Apr 22, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, Product Slider, Ecommerce Slider) <= 3.14.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
5.4
CVE-2024-1730
Apr 19, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Happy Addons for Elementor <= 3.10.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags
6.4
CVE-2024-3891
Apr 19, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
AI Infographic Maker <= 4.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
5.4
CVE-2024-32696
Apr 19, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Language Switcher for Transposh <= 1.5.9 - Reflected Cross-Site Scripting
6.1
CVE-2024-32695
Apr 19, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Essential Addons for Elementor Pro <= 5.8.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_html_tag'
6.4
CVE-2024-3645
Apr 19, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Happy Addons for Elementor <= 3.10.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Stack Group, Photo Stack, & Horizontal Timeline
6.4
CVE-2024-3724
Apr 19, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
hCaptcha for WordPress <= 4.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via cf7-hcaptcha Shortcode
6.4
CVE-2024-4014
Apr 19, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
RSS Feed Widget <= 2.9.7 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2024-32690
Apr 19, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin <= 3.62 - Reflected Cross-Site Scripting
6.1
CVE-2024-32694
Apr 19, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Save as PDF Plugin by Pdfcrowd <= 3.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2023-5971
Apr 18, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
UnGallery <= 2.2.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting
6.1
CVE-2024-3582
Apr 18, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
LearnPress – WordPress LMS Plugin <= 4.2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-3560
Apr 18, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
ElementsKit Pro <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ekit_btn_id'
6.4
CVE-2024-3598
Apr 18, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Forminator <= 1.15.2 - Reflected Cross-Site Scripting
6.1
CVE-2024-31857
Apr 18, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Title CVE ID CVSS Vector Date
WooCommerce Shipping Label <= 2.3.8 - Authenticated (Shop Manager+) Stored Cross-Site Scripting CVE-2024-32834 3.3 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N April 22, 2024
Max Addons Pro for Bricks <= 1.6.1 - Reflected Cross-Site Scripting CVE-2024-32952 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N April 22, 2024
Royal Elementor Addons and Templates <= 1.3.971 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags CVE-2024-2799 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N April 22, 2024
wpDiscuz <= 7.6.15 - Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Image Alternative Text CVE-2024-2477 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N April 22, 2024
WP Media Category Management <= 2.2 - Reflected Cross-Site Scripting CVE-2024-32950 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N April 22, 2024
ARforms <= 6.4 - Reflected Cross-Site Scripting CVE-2024-32702 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N April 22, 2024
Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, Product Slider, Ecommerce Slider) <= 3.14.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-1730 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N April 19, 2024
Happy Addons for Elementor <= 3.10.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags CVE-2024-3891 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N April 19, 2024
AI Infographic Maker <= 4.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-32696 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N April 19, 2024
Language Switcher for Transposh <= 1.5.9 - Reflected Cross-Site Scripting CVE-2024-32695 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N April 19, 2024
Essential Addons for Elementor Pro <= 5.8.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_html_tag' CVE-2024-3645 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N April 19, 2024
Happy Addons for Elementor <= 3.10.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Stack Group, Photo Stack, & Horizontal Timeline CVE-2024-3724 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N April 19, 2024
hCaptcha for WordPress <= 4.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via cf7-hcaptcha Shortcode CVE-2024-4014 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N April 19, 2024
RSS Feed Widget <= 2.9.7 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2024-32690 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 19, 2024
3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin <= 3.62 - Reflected Cross-Site Scripting CVE-2024-32694 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N April 19, 2024
Save as PDF Plugin by Pdfcrowd <= 3.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2023-5971 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 18, 2024
UnGallery <= 2.2.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting CVE-2024-3582 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N April 18, 2024
LearnPress – WordPress LMS Plugin <= 4.2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-3560 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N April 18, 2024
ElementsKit Pro <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ekit_btn_id' CVE-2024-3598 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N April 18, 2024
Forminator <= 1.15.2 - Reflected Cross-Site Scripting CVE-2024-31857 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N April 18, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation