Vulnerabilities protected by our XSS: Cross Site Scripting firewall rule

23,054,489
Attacks Blocked in Past 24 Hours

Showing 1-20 of 6,645 Vulnerabilities

Title CVE ID CVSS Vector Date
Exit Notifier <= 1.9.1 - Reflected Cross-Site Scripting CVE-2024-8730 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N September 12, 2024
WP Simple Booking Calendar <= 2.0.10 - Reflected Cross-Site Scripting CVE-2024-8663 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N September 12, 2024
WP Test Email <= 1.1.7 - Reflected Cross-Site Scripting CVE-2024-8664 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N September 12, 2024
WPFactory Helper <= 1.7.0 - Reflected Cross-Site Scripting CVE-2024-8656 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N September 12, 2024
Cron Jobs <= 1.2.9 - Reflected Cross-Site Scripting CVE-2024-8731 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N September 12, 2024
WordPress Affiliates Plugin — SliceWP Affiliates <= 1.1.20 - Reflected Cross-Site Scripting CVE-2024-8714 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N September 12, 2024
amCharts: Charts and Maps <= 1.4.4 - Reflected Cross-Site Scripting via Cross-Site Request Forgery CVE-2024-8622 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N September 11, 2024
Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.34.0 - Reflected Cross-Site Scripting CVE-2024-45625 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N September 9, 2024
Cab fare calculator <= 1.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2022-3556 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N September 4, 2024
The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Reflected Cross-Site Scripting via selected_option CVE-2024-8117 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N September 3, 2024
LatePoint <= 4.9.91 - Authenticated (Subscriber+) Stored Cross-Site Scripting CVE-2024-43992 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N August 29, 2024
Like Button Rating <= 2.6.54 - Reflected Cross-Site Scripting CVE-2024-44064 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N August 29, 2024
WP Booking Calendar <= 10.5 - Reflected Cross-Site Scripting CVE-2024-8274 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N August 29, 2024
Taxi Booking Manager for WooCommerce – WordPress plugin | Ecab <= 1.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2024-43986 4.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N August 29, 2024
EasyJobs <= 2.4.14 - Reflected Cross-Site Scripting CVE-2024-43997 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N August 29, 2024
Filmix <= 1.1 - Reflected Cross-Site Scripting CVE-2024-44060 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N August 29, 2024
Opor Ayam <= 1.8 - Reflected Cross-Site Scripting CVE-2024-44053 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N August 29, 2024
EU/UK VAT Manager for WooCommerce <= 2.12.12 - Reflected Cross-Site Scripting CVE-2024-44061 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N August 29, 2024
Ninja Forms <= 3.8.11 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2024-43999 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N August 28, 2024
Super Store Finder <= 6.9.7 - Unauthenticated Stored Cross-Site Scripting CVE-2024-43975 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N August 28, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation