cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-8246,https://securityvulnerability.io/vulnerability/CVE-2024-8246,Potential Privilege Escalation Vulnerability in The Post Form Plugin,"The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is prone to a vulnerability allowing privilege escalation due to insufficient access restrictions on user roles during registration. Authenticated attackers with contributor-level access or higher can exploit this weakness by creating a custom registration form that designates them as administrators, thereby gaining higher-level permissions within the WordPress site.",Wordpress,Buddyforms,8.8,HIGH,0.0005000000237487257,false,,false,false,false,,false,false,2024-09-14T04:15:00.000Z,0
CVE-2023-26326,https://securityvulnerability.io/vulnerability/CVE-2023-26326,Unauthenticated Insecure Deserialization in BuddyForms Plugin by WordPress,"The BuddyForms WordPress plugin, specifically in versions before 2.7.8, is exposed to a serious flaw allowing unauthenticated attackers to exploit an insecure deserialization vulnerability. By leveraging a PHAR wrapper, attackers can deserialize data and invoke arbitrary PHP objects, leading to unauthorized actions. This vulnerability emphasizes the need for timely updates and security patches to maintain the integrity of WordPress installations.",Wordpress,BuddyForms WordPress Plugin,9.8,CRITICAL,0.002520000096410513,false,,false,false,false,,false,false,2023-02-23T00:00:00.000Z,0
CVE-2018-21003,https://securityvulnerability.io/vulnerability/CVE-2018-21003,,The buddyforms plugin before 2.2.8 for WordPress has SQL injection.,Wordpress,Buddyforms,9.8,CRITICAL,0.0019099999917671084,false,,false,false,false,,false,false,2019-08-27T11:26:17.000Z,0