cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12384,https://securityvulnerability.io/vulnerability/CVE-2024-12384,Reflected Cross-Site Scripting in Binary MLM Woocommerce Plugin for WordPress,"The Binary MLM Woocommerce plugin for WordPress exposes a vulnerability that allows for reflected cross-site scripting due to inadequate input sanitization and output escaping. Unauthenticated attackers can exploit this flaw by manipulating the 'page' parameter, leading to the injection of arbitrary web scripts. If a user is deceived into clicking a malicious link, the script may execute in their browser, compromising their session and potentially revealing sensitive information.",Wordpress,Binary Mlm WooCommerce,6.1,MEDIUM,0.0005200000014156103,false,,false,false,false,false,false,false,2025-01-07T05:24:09.839Z,0
CVE-2024-12383,https://securityvulnerability.io/vulnerability/CVE-2024-12383,Cross-Site Request Forgery Vulnerability in Binary MLM Woocommerce Plugin for WordPress,"The Binary MLM Woocommerce plugin for WordPress exposes a critical security flaw due to inadequate nonce validation in the 'bmw_display_pv_set_page' function. This vulnerability allows unauthenticated attackers to exploit insufficient input sanitization and output escaping of the 'product_points' parameter, potentially injecting arbitrary web scripts through a maliciously crafted request. The exploitation of this vulnerability could lead to unauthorized actions on behalf of legitimate users, particularly if an administrator is tricked into clicking a deceptive link.",Wordpress,Binary Mlm WooCommerce,6.1,MEDIUM,0.0005200000014156103,false,,false,false,false,false,false,false,2025-01-07T05:23:56.899Z,0