🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Vulnerabilities protected by our XSS: Cross Site Scripting firewall rule

33,320,242

Attacks Blocked in Past 24 Hours

Showing 4341-4360 of 6,219 Vulnerabilities

Photo Gallery by 10Web <= 1.5.34 - Cross-Site Scripting

6.1

CVE-2019-16118

Sep 8, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Photo Gallery by 10Web <= 1.5.34 - Cross-Site Scripting

6.1

CVE-2019-16117

Sep 8, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Qwiz Online Quizzes and Flashcards < 3.37 - Reflected Cross Site Scripting

6.1

CVE ID Unknown

Sep 7, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

API Bearer Auth < 20190907 - Cross-Site Scripting

6.1

CVE-2019-16332

Sep 5, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

ECPay Logistics for WooCommerce <= 1.2.181030 - Reflected Cross-Site Scripting

6.1

CVE ID Unknown

Sep 5, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WordPress Core < 5.2.3 - Authenticated Cross-Site Scripting via Post Previews

5.4

CVE-2019-16223

Sep 5, 2019

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

WordPress Core < 5.2.3 - Stored Cross-Site Scripting via Comments via URLs

6.4

CVE-2019-16222

Sep 5, 2019

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

WordPress Core < 5.2.3 - Reflected Cross-Site Scripting via Shortcode Previews

5.4

CVE-2019-16219

Sep 5, 2019

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

WordPress Core < 5.2.3 - Stored Cross-Site Scripting via Comments

7.2

CVE-2019-16218

Sep 5, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

WordPress Core < 5.2.3 - Cross-Site Scripting via Media Uploads

6.4

CVE-2019-16217

Sep 5, 2019

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

WordPress Core < 5.2.3 - Reflected Cross-Site Scripting

6.1

CVE-2019-16221

Sep 5, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Spryng Payments for WooCommerce <= 1.6.7 - Cross-Site Scripting

6.1

CVE ID Unknown

Sep 4, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Portrait-Archiv.com Photostore < 3.2 - Reflected Cross-Site Scripting

6.1

CVE ID Unknown

Sep 3, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WooCommerce Product Feed for Google, Facebook, eBay and Many More <= 3.1.14 - Reflected Cross-Site Scripting

6.1

CVE-2019-1010124

Aug 30, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WP DSGVO Tools (GDPR) <= 2.2.18 - Cross-Site Scripting

5.4

CVE-2019-15777

Aug 27, 2019

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

WP Private Content Plus <= 1.31 - Unauthenticated Settings Change

7.5

CVE-2019-15816

Aug 27, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

UserPro <= 4.9.34 - Reflected Cross-Site Scripting

6.1

CVE-2019-14470

Aug 25, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Additional Variation Images Gallery for WooCommerce <= 1.1.28 - Authenticated Stored Cross-Site Scripting

6.4

CVE-2019-15778

Aug 20, 2019

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Sender by BestWebSoft <= 1.2.0 - Reflected Cross-Site Scripting

6.1

CVE-2017-18564

Aug 20, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Variation Swatches for WooCommerce <= 1.0.61 - Reflected Cross-Site Scripting

6.1

CVE-2019-14774

Aug 20, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Photo Gallery by 10Web <= 1.5.34 - Cross-Site Scripting	CVE-2019-16118	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	September 8, 2019
Photo Gallery by 10Web <= 1.5.34 - Cross-Site Scripting	CVE-2019-16117	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	September 8, 2019
Qwiz Online Quizzes and Flashcards < 3.37 - Reflected Cross Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	September 7, 2019
API Bearer Auth < 20190907 - Cross-Site Scripting	CVE-2019-16332	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	September 5, 2019
ECPay Logistics for WooCommerce <= 1.2.181030 - Reflected Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	September 5, 2019
WordPress Core < 5.2.3 - Authenticated Cross-Site Scripting via Post Previews	CVE-2019-16223	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	September 5, 2019
WordPress Core < 5.2.3 - Stored Cross-Site Scripting via Comments via URLs	CVE-2019-16222	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	September 5, 2019
WordPress Core < 5.2.3 - Reflected Cross-Site Scripting via Shortcode Previews	CVE-2019-16219	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	September 5, 2019
WordPress Core < 5.2.3 - Stored Cross-Site Scripting via Comments	CVE-2019-16218	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	September 5, 2019
WordPress Core < 5.2.3 - Cross-Site Scripting via Media Uploads	CVE-2019-16217	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	September 5, 2019
WordPress Core < 5.2.3 - Reflected Cross-Site Scripting	CVE-2019-16221	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	September 5, 2019
Spryng Payments for WooCommerce <= 1.6.7 - Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	September 4, 2019
Portrait-Archiv.com Photostore < 3.2 - Reflected Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	September 3, 2019
WooCommerce Product Feed for Google, Facebook, eBay and Many More <= 3.1.14 - Reflected Cross-Site Scripting	CVE-2019-1010124	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	August 30, 2019
WP DSGVO Tools (GDPR) <= 2.2.18 - Cross-Site Scripting	CVE-2019-15777	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	August 27, 2019
WP Private Content Plus <= 1.31 - Unauthenticated Settings Change	CVE-2019-15816	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	August 27, 2019
UserPro <= 4.9.34 - Reflected Cross-Site Scripting	CVE-2019-14470	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	August 25, 2019
Additional Variation Images Gallery for WooCommerce <= 1.1.28 - Authenticated Stored Cross-Site Scripting	CVE-2019-15778	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	August 20, 2019
Sender by BestWebSoft <= 1.2.0 - Reflected Cross-Site Scripting	CVE-2017-18564	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	August 20, 2019
Variation Swatches for WooCommerce <= 1.0.61 - Reflected Cross-Site Scripting	CVE-2019-14774	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	August 20, 2019

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation