cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-5331,https://securityvulnerability.io/vulnerability/CVE-2024-5331,Unauthorized Access to User Data in Breakdance Plugin,"The Breakdance plugin for WordPress is vulnerable to unauthorized access of data in all versions up to, and including, 1.7.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to export form submissions.",Wordpress,Breakdance,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-08-01T06:47:05.356Z,0
CVE-2024-5330,https://securityvulnerability.io/vulnerability/CVE-2024-5330,Stored Cross-Site Scripting Vulnerability in Breakdance WordPress Plugin,"The Breakdance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the breakdance_css_file_paths_cache parameter in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Breakdance,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-08-01T06:47:04.811Z,0
CVE-2024-4605,https://securityvulnerability.io/vulnerability/CVE-2024-4605,Breakdance <= 1.7.1 - Authenticated (Contributor+) Remote Code Execution,"The Breakdance plugin for WordPress suffers from a vulnerability that allows Remote Code Execution due to improper handling of post meta data. Versions up to 1.7.1 are impacted as the plugin stores custom data in metadata without the necessary underscore prefix. This design flaw permits lower-privileged users, such as contributors, to modify sensitive data through the user interface, potentially allowing them to escalate their privileges and execute arbitrary code on the server. Website administrators using the Breakdance plugin are advised to update to version 1.7.2 or later to mitigate this vulnerability.",Wordpress,Breakdance,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-14T15:44:00.000Z,0
CVE-2023-6854,https://securityvulnerability.io/vulnerability/CVE-2023-6854,Stored Cross-Site Scripting Vulnerability in Breakdance Plugin for WordPress,"The Breakdance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom postmeta output in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping on user supplied post meta fields. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Breakdance,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-06T11:03:50.325Z,0