Wordfence Intelligence

Title	CVE ID	CVSS	Vector	Date
Easy Fancybox <= 1.8.17 - Authenticated Stored Cross-Site Scripting	CVE-2019-16524	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	September 25, 2019
Rich Reviews <= 1.7.4 - Stored Cross-Site Scripting		7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	September 24, 2019
Zoner - Real Estate WordPress Theme < 4.2 - Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	September 24, 2019
Simple Fields <= 1.4.11 - Cross-Site Scripting		7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	September 24, 2019
WP MAPS – Easiest & Most Advanced WordPress Plugin for Google Maps <= 4.0.9 - Reflected Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	September 21, 2019
DELUCKS SEO < 2.1.8 - Stored Cross Site Scripting	CVE-2019-25146	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	September 21, 2019
Motors – Car Dealer, Classifieds & Listing <= 1.4.0 - Stored Cross-Site Scripting	CVE-2019-17229	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	September 20, 2019
Ultimate FAQ <= 1.8.24 - Cross-Site Scripting	CVE-2019-17233	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	September 20, 2019
Poll, Survey & Quiz Maker Plugin by Opinion Stage <= 19.6.24 - Unauthenticated Stored Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	September 16, 2019
Woody Ad Snippets <= 2.2.8 - Authenticated Cross-Site Scripting	CVE-2019-16289	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	September 13, 2019
Human Presence – Stop Form Spam Without ReCaptcha < 2.0.9 - Reflected Cross-Site Scripting		7.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L	September 11, 2019
Groundhogg <= 2.0.8.1 - Reflected Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	September 10, 2019
Magic Fields 1 <= 1.7.1 - Cross-Site Scripting via custom-write-panel-id Parameter	CVE-2017-18609	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	September 10, 2019
Magic Fields 1 <= 1.7.1 - Cross-Site Scripting via RCCWP_CreateCustomFieldPage.php custom-group-id parameter	CVE-2017-18610	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	September 10, 2019
SlickQuiz <= 1.3.7.1 - Stored Cross-Site Scripting	CVE-2019-12517	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	September 10, 2019
Checklist <= 1.1.8 - Cross-Site Scripting	CVE-2019-16525	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	September 10, 2019
Magic Fields 1 <= 1.7.1 - Cross-Site Scripting via RCCWP_CreateCustomFieldPage.php custom-field-css parameter	CVE-2017-18611	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	September 10, 2019
LMS by LifterLMS <= 3.35.0 - Stored Cross-Site Scripting via Import	CVE-2019-15896	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	September 9, 2019
Photo Gallery by 10Web <= 1.5.34 - Cross-Site Scripting	CVE-2019-16118	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	September 8, 2019
Reality <= 2.3.0 - Stored Cross-Site Scripting		6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	September 8, 2019

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation

Vulnerabilities protected by our XSS: Cross Site Scripting firewall rule

Showing 4321-4340 of 6,219 Vulnerabilities