cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12394,https://securityvulnerability.io/vulnerability/CVE-2024-12394,Cross-Site Request Forgery Vulnerability in Action Network Plugin for WordPress,"The Action Network plugin for WordPress has a vulnerability that could allow attackers to execute unauthorized actions on behalf of an authenticated administrator due to inadequate nonce validation. This flaw permits unauthenticated attackers to craft malicious requests that can inject harmful scripts into web applications, potentially compromising site integrity and security if a site administrator inadvertently triggers these actions.",Wordpress,Action Network,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,false,false,false,2025-01-09T11:11:04.460Z,0
CVE-2024-2954,https://securityvulnerability.io/vulnerability/CVE-2024-2954,SQL Injection Vulnerability in The Action Network WordPress Plugin,"The Action Network plugin for WordPress has a vulnerability that allows authenticated users with administrator-level access to perform SQL Injection through the 'bulk-action' parameter in version 1.4.3. This flaw is caused by inadequate escaping of user-supplied input and a lack of proper preparation in the SQL queries. As a result, attackers can insert malicious SQL commands into existing queries, potentially revealing sensitive data stored in the database. Organizations using this plugin should take immediate measures to patch the affected version and ensure robust security practices to protect against such vulnerabilities.",Wordpress,Action Network,7.2,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-03-27T06:40:51.010Z,0