cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-1938,https://securityvulnerability.io/vulnerability/CVE-2022-1938,Awin Data Feed < 1.8 - Unauthenticated Stored Cross-Site Scripting,"The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a header when processing request to generate analytics data, allowing unauthenticated users to perform Stored Cross-Site Scripting attacks against a logged in admin viewing the plugin's settings",Wordpress,Awin Data Feed,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2022-07-11T12:56:40.000Z,0
CVE-2022-1937,https://securityvulnerability.io/vulnerability/CVE-2022-1937,Awin Data Feed < 1.8 - Reflected Cross-Site Scripting,"The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a parameter before outputting it back via an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting",Wordpress,Awin Data Feed,6.1,MEDIUM,0.0008900000248104334,false,,false,false,false,,false,false,2022-07-11T12:56:35.000Z,0