cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12494,https://securityvulnerability.io/vulnerability/CVE-2024-12494,Stored Cross-Site Scripting Risk in BMLT Meeting Map Plugin for WordPress,"The BMLT Meeting Map plugin for WordPress has a vulnerability that allows authenticated attackers with contributor-level access or above to perform Stored Cross-Site Scripting (XSS) attacks. This is due to inadequate input sanitization and output escaping on user-supplied attributes within the plugin's 'bmlt_meeting_map' shortcode. As a result, attackers can inject arbitrary web scripts, which will execute whenever a user accesses a page that has been compromised.",Wordpress,Bmlt Meeting Map,6.4,MEDIUM,0.0005300000193528831,false,,false,false,false,false,false,false,2025-01-24T09:21:51.989Z,0
CVE-2024-13593,https://securityvulnerability.io/vulnerability/CVE-2024-13593,Local File Inclusion Vulnerability in BMLT Meeting Map Plugin for WordPress,"The BMLT Meeting Map plugin for WordPress is susceptible to Local File Inclusion (LFI) vulnerabilities, which impact all versions up to and including 2.6.0. This vulnerability allows authenticated attackers with Contributor-level access or higher to exploit the 'bmlt_meeting_map' shortcode. By including arbitrary files from the server, attackers can execute potentially malicious PHP code, bypassing access controls. This could lead to unauthorized data access, data leakage, or code execution via uploaded files that are deemed 'safe', such as images. Users of the affected plugin are strongly advised to upgrade to the latest version to mitigate this risk.",Wordpress,Bmlt Meeting Map,7.5,HIGH,0.0005600000149570405,false,,false,false,false,false,false,false,2025-01-23T09:21:09.348Z,0