cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-7269,https://securityvulnerability.io/vulnerability/CVE-2023-7269,Missing CSRF Check and Sanitization in ArtPlacer Widget WordPress Plugin Could Lead to Stored XSS Attacks,"The ArtPlacer Widget WordPress plugin before 2.21.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack",Wordpress,Artplacer Widget,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-07-19T06:00:05.343Z,0
CVE-2023-7268,https://securityvulnerability.io/vulnerability/CVE-2023-7268,Unsecured Widget Deletion Vulnerability in ArtPlacer Widget WordPress Plugin,"The ArtPlacer Widget WordPress plugin before 2.21.2 does not have authorisation check in place when deleting widgets,  allowing ay authenticated users, such as subscriber, to delete arbitrary widgets",Wordpress,Artplacer Widget,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-07-19T06:00:04.159Z,0
CVE-2023-6373,https://securityvulnerability.io/vulnerability/CVE-2023-6373,ArtPlacer Widget < 2.20.7 - Editor+ SQLi,"The ArtPlacer Widget WordPress plugin is prone to a SQL injection vulnerability due to inadequate sanitization and escaping of the 'id' parameter in user-submitted queries. This weakness allows attackers with editor privileges or above to manipulate SQL queries, potentially exposing sensitive database information. Furthermore, the absence of a Cross-Site Request Forgery (CSRF) check enhances the exploitability, enabling unauthorized actions through CSRF against authenticated users, significantly increasing the risk to affected WordPress installations.",Wordpress,Artplacer Widget,8.8,HIGH,0.0008399999933317304,false,,false,false,true,true,false,false,2024-01-16T15:57:47.717Z,0