cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-9860,https://securityvulnerability.io/vulnerability/CVE-2024-9860,Unauthorized Modification of Data in Bridge Core Plugin for WordPress,"The Bridge Core plugin for WordPress exhibits a significant vulnerability related to inadequate capability checks in the 'import_action' and 'install_plugin_per_demo' functions for versions up to and including 3.3. This flaw enables authenticated users with subscriber-level permissions or higher to manipulate plugin settings, import demo content, and install limited plugins. Such unauthorized modifications can lead to data loss or alterations, compromising website integrity and security.",Wordpress,Bridge Core,6.5,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2024-10-12T02:05:43.175Z,0
CVE-2024-9292,https://securityvulnerability.io/vulnerability/CVE-2024-9292,Stored Cross-Site Scripting Vulnerability in Bridge Core Plugin,"The Bridge Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formforall' shortcode in versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Bridge Core,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-10-08T05:36:26.043Z,0