cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-13683,https://securityvulnerability.io/vulnerability/CVE-2024-13683,Cross-Site Request Forgery Vulnerability in Automate Hub Free by Sperse.IO,"The Automate Hub Free plugin by Sperse.IO for WordPress is susceptible to an exposure that allows Cross-Site Request Forgery (CSRF) attacks. Specifically, this vulnerability arises from inadequate nonce validation on the 'automate_hub' settings page. As a result, unauthenticated attackers could exploit this flaw to manipulate the activation status of the plugin by deceiving a site administrator into executing a malicious request, such as clicking on a compromised link. This behavior compromises the integrity of the plugin and could lead to unauthorized changes within the site.",Wordpress,Automate Hub Free By Sperse.io,4.3,MEDIUM,0.0005200000014156103,false,,false,false,false,false,false,false,2025-01-24T07:04:09.519Z,0
CVE-2024-11377,https://securityvulnerability.io/vulnerability/CVE-2024-11377,Reflected Cross-Site Scripting in Automate Hub Free Plugin by Sperse.IO,"The Automate Hub Free plugin for WordPress has a reflected cross-site scripting vulnerability that affects all versions up to and including 1.7.0. This flaw arises from inadequate input sanitization and output escaping in the 'id' parameter. Attackers can exploit this vulnerability to inject malicious scripts into web pages, potentially leading to unauthorized actions if a user is misled into clicking a crafted link. It’s imperative for users of the affected version to apply updates promptly to mitigate this risk.",Wordpress,Automate Hub Free By Sperse.io,6.1,MEDIUM,0.0007200000109151006,false,,false,false,false,false,false,false,2025-01-07T04:22:17.201Z,0