cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12477,https://securityvulnerability.io/vulnerability/CVE-2024-12477,Stored Cross-Site Scripting Vulnerability in Avada Builder Plugin for WordPress,"The Avada Builder plugin for WordPress, present in versions up to and including 3.11.11, suffers from a Stored Cross-Site Scripting vulnerability. This issue arises from inadequate input sanitization and output escaping of user-supplied attributes in the plugin's shortcodes. Consequently, authenticated users with contributor-level access or higher can exploit this vulnerability by injecting arbitrary web scripts into pages. These scripts execute every time a user visits the compromised page, potentially leading to data theft and site manipulation.",Wordpress,Avada (fusion) Builder,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,false,false,false,2025-01-22T21:21:53.814Z,0
CVE-2024-12335,https://securityvulnerability.io/vulnerability/CVE-2024-12335,Information Exposure Vulnerability in Avada Builder Plugin for WordPress,"The Avada (Fusion) Builder plugin for WordPress has a vulnerability that allows authenticated attackers with contributor-level access and above to exploit information exposure. Through the handle_clone_post() function and the 'fusion_blog' shortcode, the plugin lacks adequate restrictions, enabling unauthorized access to data from password-protected, private, or draft posts. This poses a significant risk as attackers may glean sensitive information they are not permitted to access, potentially compromising user data confidentiality.",Wordpress,Avada (fusion) Builder,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-12-25T06:42:13.625Z,0