🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Vulnerabilities protected by our XSS: Cross Site Scripting firewall rule

33,803,135

Attacks Blocked in Past 24 Hours

Showing 6021-6040 of 6,219 Vulnerabilities

Yatra <= 2.1.14 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2022-47436

Apr 19, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Ebook Store < 5.78 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-22690

Apr 19, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Simple Tooltips <= 2.1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-25958

Apr 19, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Continuous announcement scroller <= 13.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings

4.4

CVE-2022-46819

Apr 19, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Panorama – WordPress Project Management Plugin <= 1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-23810

Apr 18, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

ApexChat <= 1.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings

4.4

CVE-2023-28414

Apr 18, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Captcha Them All <= 1.3.3 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2023-30786

Apr 18, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Pretty Url <= 1.5.4 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2023-2009

Apr 18, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

WP Custom Author URL <= 1.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-1614

Apr 18, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Semalt Blocker <= 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-23794

Apr 18, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

WP Roles at Registration <= 0.23 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-27609

Apr 14, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Motor Racing League <= 1.9.9 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-27614

Apr 14, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Electric Studio Client Login <= 0.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-27425

Apr 14, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Optima Express + MarketBoost IDX Plugin <= 7.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-30749

Apr 14, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Booqable Rental Plugin <= 2.4.15 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-30746

Apr 14, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Easy Appointments <= 3.11.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-30748

Apr 14, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

AFFILIATE Solution <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-30477

Apr 13, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

AI ChatBot <= 4.4.9 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-1649

Apr 12, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Pickup | Delivery | Dine-in date time <= 1.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2023-0894

Apr 12, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Cancel order request WooCommerce <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-29423

Apr 6, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Yatra <= 2.1.14 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2022-47436	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 19, 2023
Ebook Store < 5.78 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-22690	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 19, 2023
Simple Tooltips <= 2.1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-25958	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 19, 2023
Continuous announcement scroller <= 13.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings	CVE-2022-46819	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 19, 2023
Panorama – WordPress Project Management Plugin <= 1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-23810	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 18, 2023
ApexChat <= 1.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings	CVE-2023-28414	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 18, 2023
Captcha Them All <= 1.3.3 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2023-30786	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 18, 2023
Pretty Url <= 1.5.4 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2023-2009	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 18, 2023
WP Custom Author URL <= 1.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-1614	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 18, 2023
Semalt Blocker <= 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-23794	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 18, 2023
WP Roles at Registration <= 0.23 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-27609	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 14, 2023
Motor Racing League <= 1.9.9 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-27614	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 14, 2023
Electric Studio Client Login <= 0.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-27425	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 14, 2023
Optima Express + MarketBoost IDX Plugin <= 7.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-30749	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 14, 2023
Booqable Rental Plugin <= 2.4.15 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-30746	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 14, 2023
Easy Appointments <= 3.11.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-30748	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 14, 2023
AFFILIATE Solution <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-30477	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 13, 2023
AI ChatBot <= 4.4.9 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-1649	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 12, 2023
Pickup \| Delivery \| Dine-in date time <= 1.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2023-0894	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 12, 2023
Cancel order request WooCommerce <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-29423	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 6, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation