cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-2082,https://securityvulnerability.io/vulnerability/CVE-2023-2082,Cross-Site Scripting Vulnerability in Buy Me a Coffee Plugin for WordPress,"The Buy Me a Coffee – Button and Widget Plugin for WordPress is subject to a Cross-Site Scripting vulnerability due to inadequate sanitization and escaping techniques on the 'text value' resulting from the bmc_post_reception action. This flaw allows authenticated users with subscriber-level permissions and higher to inject arbitrary scripts into the WordPress pages, which can be executed when victims access those pages, potentially leading to malicious actions such as session hijacking or data theft.",Wordpress,Buy Me A Coffee – Button And Widget Plugin,6.4,MEDIUM,0.00139999995008111,false,,false,false,false,,false,false,2023-07-14T05:15:00.000Z,0
CVE-2023-2078,https://securityvulnerability.io/vulnerability/CVE-2023-2078,Unauthorized Data Modification Vulnerability in Buy Me a Coffee Plugin for WordPress,"The Buy Me a Coffee – Button and Widget Plugin for WordPress is susceptible to unauthorized data modification due to inadequate capability checks on critical functions such as recieve_post, bmc_disconnect, name_post, and widget_post. This flaw allows authenticated attackers with minimal permissions, including subscribers, to alter the plugin's settings, potentially leading to further exploitation or unauthorized access to user data.",Wordpress,Buy Me A Coffee – Button And Widget Plugin,7.3,HIGH,0.0010100000072270632,false,,false,false,false,,false,false,2023-07-11T03:15:00.000Z,0
CVE-2023-2079,https://securityvulnerability.io/vulnerability/CVE-2023-2079,Cross-Site Request Forgery Vulnerability in Buy Me a Coffee Plugin for WordPress,"The Buy Me a Coffee – Button and Widget Plugin for WordPress is susceptible to Cross-Site Request Forgery due to insufficient nonce validation in specific functions including receive_post, bmc_disconnect, name_post, and widget_post. This vulnerability allows unauthenticated attackers to change plugin settings by tricking site administrators into performing unintended actions, such as clicking a malicious link, thus compromising site integrity and security.",Wordpress,Buy Me A Coffee – Button And Widget Plugin,8.3,HIGH,0.001550000044517219,false,,false,false,false,,false,false,2023-07-11T03:15:00.000Z,0