cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-10046,https://securityvulnerability.io/vulnerability/CVE-2024-10046,SMS Plugin Vulnerable to Reflected Cross-Site Scripting,"The افزونه پیامک ووکامرس Persian WooCommerce SMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.0.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",Wordpress,افزونه پیامک ووکامرس Persian WooCommerce Sms,6.1,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-12-07T02:15:00.000Z,0
CVE-2024-9213,https://securityvulnerability.io/vulnerability/CVE-2024-9213,WooCommerce SMS Plugin Vulnerable to Reflected Cross-Site Scripting,"The Persian WooCommerce SMS plugin for WordPress has a vulnerability that arises from the improper use of remove_query_arg without appropriate escaping on the URL in its coding. This flaw is present in all versions up to and including 7.0.2. As a result, unauthenticated attackers can exploit this vulnerability to inject arbitrary web scripts into the affected websites. If a user is deceived into clicking a malicious link crafted by the attacker, the injected scripts may execute in their browser session, potentially compromising data security and user privacy.",Wordpress,افزونه پیامک ووکامرس Persian WooCommerce Sms,6.1,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-10-17T06:52:33.758Z,0