🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Vulnerabilities protected by our XSS: Cross Site Scripting firewall rule

33,657,634

Attacks Blocked in Past 24 Hours

Showing 6121-6140 of 6,219 Vulnerabilities

iThemes Security < 3.2.5 - Cross-Site Scripting

7.2

CVE-2012-4263

May 11, 2012

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

WordPress Core <= 3.5.1 - Cross-Site Scripting

7.2

CVE-2012-2399

Apr 21, 2012

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

WordPress Core < 3.3.2 - Cross-Site Scripting

7.2

CVE-2012-2400

Apr 20, 2012

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

s2Member® Framework (Membership, Member Level Roles, Access Capabilities, PayPal Members) < 111220 - Cross-Site Scripting

7.2

CVE-2011-5082

Feb 12, 2012

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

7.2

CVE-2010-4402

Nov 24, 2010

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

WP-UserOnline < 2.70 - Cross-Site Scripting

7.2

CVE ID Unknown

Jul 1, 2010

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

WordPress Core <= 2.8.1 - Cross-Site Scripting

7.2

CVE-2009-2851

Jul 20, 2009

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

WordPress Core < 2.6.5 - Cross-Site Scripting

7.2

CVE-2008-5278

Dec 25, 2008

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

WordPress Core < 2.6 - Cross-Site Scripting

7.2

CVE-2008-3233

Jul 15, 2008

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Cryptographp <= 1.2 - Cross-Site Scripting

7.2

CVE-2008-0203

Nov 28, 2007

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

FeedStats < 2.4 - Cross-Site Scripting

7.2

CVE-2007-4104

Jul 13, 2007

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

stats <= 1.0 - Stored Cross-Site Scripting

7.2

CVE-2007-3288

Jun 20, 2007

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

WordPress Core <= 2.0.9 - Cross-Site Scripting

7.2

CVE-2008-0192

Apr 3, 2007

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

WordPress Core < 2.09 - Cross-Site Scripting

7.2

CVE-2007-1049

Feb 21, 2007

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

WordPress Core <= 2.0.1 - Cross-Site Scripting

7.2

CVE-2006-0985

Mar 10, 2006

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

WordPress Core <= 1.5.1.2 - Cross-Site Scripting

7.2

CVE-2005-2107

Jun 29, 2005

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

WooCommerce <= 2.2.2 - Cross-Site Scripting via range Parameter

7.3

CVE-2014-6313

Sep 15, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Event Calendar

7.4

CVE-2024-1536

Mar 11, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

YourChannel <= 1.2.1 - Missing Authorization Checks leading to Authenticated (Subscriber+) Stored Cross-Site Scripting

7.4

CVE-2022-4833

Jan 13, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

WP VR <= 8.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

7.4

CVE-2023-0174

Jan 12, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Title	CVE ID	CVSS	Vector	Date
iThemes Security < 3.2.5 - Cross-Site Scripting	CVE-2012-4263	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	May 11, 2012
WordPress Core <= 3.5.1 - Cross-Site Scripting	CVE-2012-2399	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	April 21, 2012
WordPress Core < 3.3.2 - Cross-Site Scripting	CVE-2012-2400	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	April 20, 2012
s2Member® Framework (Membership, Member Level Roles, Access Capabilities, PayPal Members) < 111220 - Cross-Site Scripting	CVE-2011-5082	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	February 12, 2012
Register Plus <= 3.5.11 - Stored Cross-Site Scripting	CVE-2010-4402	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	November 24, 2010
WP-UserOnline < 2.70 - Cross-Site Scripting		7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	July 1, 2010
WordPress Core <= 2.8.1 - Cross-Site Scripting	CVE-2009-2851	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	July 20, 2009
WordPress Core < 2.6.5 - Cross-Site Scripting	CVE-2008-5278	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	December 25, 2008
WordPress Core < 2.6 - Cross-Site Scripting	CVE-2008-3233	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	July 15, 2008
Cryptographp <= 1.2 - Cross-Site Scripting	CVE-2008-0203	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	November 28, 2007
FeedStats < 2.4 - Cross-Site Scripting	CVE-2007-4104	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	July 13, 2007
stats <= 1.0 - Stored Cross-Site Scripting	CVE-2007-3288	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	June 20, 2007
WordPress Core <= 2.0.9 - Cross-Site Scripting	CVE-2008-0192	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	April 3, 2007
WordPress Core < 2.09 - Cross-Site Scripting	CVE-2007-1049	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	February 21, 2007
WordPress Core <= 2.0.1 - Cross-Site Scripting	CVE-2006-0985	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	March 10, 2006
WordPress Core <= 1.5.1.2 - Cross-Site Scripting	CVE-2005-2107	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	June 29, 2005
WooCommerce <= 2.2.2 - Cross-Site Scripting via range Parameter	CVE-2014-6313	7.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L	September 15, 2014
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Event Calendar	CVE-2024-1536	7.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L	March 11, 2024
YourChannel <= 1.2.1 - Missing Authorization Checks leading to Authenticated (Subscriber+) Stored Cross-Site Scripting	CVE-2022-4833	7.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L	January 13, 2023
WP VR <= 8.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2023-0174	7.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L	January 12, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation