cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-6310,https://securityvulnerability.io/vulnerability/CVE-2024-6310,Advanced AJAX Page Loader <= 2.7.7 - Cross-Site Request Forgery to Arbitrary File Upload,"The Advanced AJAX Page Loader plugin for WordPress is susceptible to vulnerabilities that allow unauthenticated attackers to exploit Cross-Site Request Forgery. Due to insufficient nonce validation in the 'admin_init_AAPL' function and inadequate file type validation in the 'AAPL_options_validate' function, attackers can upload files to the server. This flaw poses a significant security risk, as it enables malicious users to potentially execute arbitrary code if they can manipulate a site administrator into interacting with a crafted request.",Wordpress,Advanced Ajax Page Loader,8.8,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2024-07-09T08:15:00.000Z,0
CVE-2016-10929,https://securityvulnerability.io/vulnerability/CVE-2016-10929,,The advanced-ajax-page-loader plugin before 2.7.7 for WordPress has no protection against the reading of uploaded files when not logged in.,Wordpress,Advanced Ajax Page Loader,5.3,MEDIUM,0.0007800000021234155,false,,false,false,false,,false,false,2019-08-22T19:39:22.000Z,0