cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-6569,https://securityvulnerability.io/vulnerability/CVE-2024-6569,Full Path Disclosure Vulnerability Affects Campaign Monitor WordPress Plugin,"The Campaign Monitor for WordPress plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.8.15. This is due the plugin not properly restricting direct access to /forms/views/admin/create.php and display_errors being enabled. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.",Wordpress,Campaign Monitor For WordPress,5.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-07-27T08:36:22.863Z,0
CVE-2023-38474,https://securityvulnerability.io/vulnerability/CVE-2023-38474,WordPress Campaign Monitor for WordPress Plugin <= 2.8.12 is vulnerable to Cross Site Scripting (XSS),"A Cross-site Scripting (XSS) vulnerability exists in the Campaign Monitor for WordPress plugin, particularly affecting versions up to 2.8.12. This issue arises from improper neutralization of user input during web page generation, allowing attackers to inject malicious scripts that could be executed in the context of the user's browser. This vulnerability can lead to unauthorized actions, data manipulation, and compromise of user information. Admins and users of the affected versions are advised to apply patches swiftly to mitigate potential risks.",Wordpress,Campaign Monitor For WordPress,7.1,HIGH,0.0005000000237487257,false,,false,false,false,,false,false,2023-11-30T13:15:00.000Z,0