🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Vulnerabilities protected by our XSS: Cross Site Scripting firewall rule

33,751,920

Attacks Blocked in Past 24 Hours

Showing 4361-4380 of 6,219 Vulnerabilities

Easy Property Listings <= 3.3.3 - Cross-Site Scripting

6.1

CVE-2019-15817

Aug 17, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Option Tree <= 2.5.5 - Cross-Site Scripting

6.1

CVE-2016-10895

Aug 16, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Contact Form by BestWebSoft – Advanced Contact Us Form Builder for WordPress <= 4.0.1 - Cross-Site Scripting

6.1

CVE-2016-10869

Aug 13, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Contact Form Email <= 1.2.65 - Cross-Site Scripting

6.1

CVE-2018-20963

Aug 12, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Ultimate Member <= 1.3.88 - Cross Site Scripting

6.1

CVE-2018-0585

Aug 12, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Ultimate Member <= 2.0.3 - Cross Site Scripting

6.1

CVE-2018-20965

Aug 12, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

PPOM for WooCommerce <= 18.3 - Authenticated Stored Cross-Site Scripting

5.4

CVE-2019-14948

Aug 10, 2019

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Rencontre – Dating Site <= 3.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting

6.4

CVE ID Unknown

Aug 3, 2019

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Animate It <= 2.3.5 - Cross-Site Scripting

6.1

CVE-2019-17385

Jul 27, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Animate It <= 2.3.5 - Cross-Site Scripting

6.1

CVE-2019-17384

Jul 27, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Contact Form & SMTP Plugin by PirateForms <= 2.5.1 - Unauthenticated HTML injection

7.2

CVE-2019-25145

Jul 27, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Contact Form 7 Dynamic Text Extension < 2.0.3 - Reflected Cross-Site Scripting

6.1

CVE ID Unknown

Jul 24, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WPS Limit Login < 1.4.6.1 - Stored Cross-Site Scripting

7.2

CVE ID Unknown

Jul 23, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Ultimate Member <= 2.0.53 - Cross-Site Scripting

6.4

CVE-2019-14945

Jul 22, 2019

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Real Estate 7 WordPress Theme < 2.9.1 - Stored Cross-Site Scripting

6.4

CVE ID Unknown

Jul 20, 2019

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

OneSignal Web Push Notifications <=1.17.7 - Stored Cross-Site Scripting

6.4

CVE-2019-15827

Jul 18, 2019

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

All-in-One WP Migration <= 6.97 - Authenticated Stored Cross-Site Scripting

5.5

CVE ID Unknown

Jul 18, 2019

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Coming Soon Page & Maintenance Mode <= 1.8.1 - Stored Cross Site Scripting

7.2

CVE-2019-25140

Jul 16, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

WP Code Highlight.js <= 0.6.3 - Cross-Site Scripting

7.1

CVE ID Unknown

Jul 12, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Email Subscribers & Newsletters <= 4.1.6 - Cross-Site Scripting

6.1

CVE-2019-14364

Jul 12, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Easy Property Listings <= 3.3.3 - Cross-Site Scripting	CVE-2019-15817	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	August 17, 2019
Option Tree <= 2.5.5 - Cross-Site Scripting	CVE-2016-10895	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	August 16, 2019
Contact Form by BestWebSoft – Advanced Contact Us Form Builder for WordPress <= 4.0.1 - Cross-Site Scripting	CVE-2016-10869	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	August 13, 2019
Contact Form Email <= 1.2.65 - Cross-Site Scripting	CVE-2018-20963	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	August 12, 2019
Ultimate Member <= 1.3.88 - Cross Site Scripting	CVE-2018-0585	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	August 12, 2019
Ultimate Member <= 2.0.3 - Cross Site Scripting	CVE-2018-20965	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	August 12, 2019
PPOM for WooCommerce <= 18.3 - Authenticated Stored Cross-Site Scripting	CVE-2019-14948	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	August 10, 2019
Rencontre – Dating Site <= 3.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting		6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	August 3, 2019
Animate It <= 2.3.5 - Cross-Site Scripting	CVE-2019-17385	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	July 27, 2019
Animate It <= 2.3.5 - Cross-Site Scripting	CVE-2019-17384	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	July 27, 2019
Contact Form & SMTP Plugin by PirateForms <= 2.5.1 - Unauthenticated HTML injection	CVE-2019-25145	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	July 27, 2019
Contact Form 7 Dynamic Text Extension < 2.0.3 - Reflected Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	July 24, 2019
WPS Limit Login < 1.4.6.1 - Stored Cross-Site Scripting		7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	July 23, 2019
Ultimate Member <= 2.0.53 - Cross-Site Scripting	CVE-2019-14945	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	July 22, 2019
Real Estate 7 WordPress Theme < 2.9.1 - Stored Cross-Site Scripting		6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	July 20, 2019
OneSignal Web Push Notifications <=1.17.7 - Stored Cross-Site Scripting	CVE-2019-15827	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	July 18, 2019
All-in-One WP Migration <= 6.97 - Authenticated Stored Cross-Site Scripting		5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	July 18, 2019
Coming Soon Page & Maintenance Mode <= 1.8.1 - Stored Cross Site Scripting	CVE-2019-25140	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	July 16, 2019
WP Code Highlight.js <= 0.6.3 - Cross-Site Scripting		7.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L	July 12, 2019
Email Subscribers & Newsletters <= 4.1.6 - Cross-Site Scripting	CVE-2019-14364	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	July 12, 2019

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation