cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-7688,https://securityvulnerability.io/vulnerability/CVE-2024-7688,CSRF Vulnerability in AZIndex WordPress Plugin Could Allow Admin to Delete Arbitrary Index,"The AZIndex WordPress plugin, notably up to version 0.8.1, is susceptible to vulnerabilities due to the absence of Cross-Site Request Forgery (CSRF) checks in certain functionalities. This security oversight may enable attackers to exploit authenticated sessions, allowing malicious actions such as unauthorized deletion of indexes by users with admin privileges. It is imperative for users of this plugin to implement security measures to mitigate the risk associated with this vulnerability.",Wordpress,Azindex,6.5,MEDIUM,0.0004799999878741801,false,,false,false,true,true,false,false,2024-09-09T06:00:02.549Z,0
CVE-2024-7687,https://securityvulnerability.io/vulnerability/CVE-2024-7687,Unauthorized Stored Cross-Site Scripting (XSS) vulnerability in AZIndex WordPress plugin,"The AZIndex WordPress plugin has been identified with vulnerabilities due to missing Cross-Site Request Forgery (CSRF) checks in certain functionalities. This oversight allows unauthorized users to submit requests on behalf of logged-in administrators, potentially resulting in the insertion of Stored Cross-Site Scripting (XSS) payloads. The absence of appropriate input sanitization and escaping mechanisms magnifies the risk, enabling attackers to exploit the plugin and compromise the integrity of the affected WordPress installations. Webmasters utilizing this plugin should assess their environment and apply necessary mitigations to prevent exploitation.",Wordpress,Azindex,4.3,MEDIUM,0.0004600000102072954,false,,false,false,true,true,false,false,2024-09-09T06:00:02.313Z,0