cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-10294,https://securityvulnerability.io/vulnerability/CVE-2024-10294,Unauthorized Modification of Data in CE21 Suite Plugin for WordPress,"The CE21 Suite plugin for WordPress contains a vulnerability that allows unauthorized users to modify data due to a missing capability check in the 'ce21_single_sign_on_save_api_settings' function. This flaw affects versions up to and including 2.2.0, enabling unauthenticated attackers to alter plugin settings, thereby potentially compromising site security and functionality. Timely updates and patches are crucial to prevent exploitation.",Wordpress,Ce21 Suite,7.5,HIGH,0.0004799999878741801,false,,false,false,false,,false,false,2024-11-09T02:32:03.300Z,0
CVE-2024-10285,https://securityvulnerability.io/vulnerability/CVE-2024-10285,Sensitive Information Disclosure Vulnerability in CE21 Suite WordPress Plugin,"The CE21 Suite plugin for WordPress has a vulnerability that allows unauthenticated attackers to access sensitive information through the plugin-log.txt file. Versions up to and including 2.2.0 are affected, enabling attackers to log in as the user linked to the JSON Web Token (JWT). This security flaw could potentially disclose critical user data, making it imperative for users to update to the latest version to mitigate exposure risks. Regular monitoring and patching of WordPress plugins are crucial to maintaining a secure environment.",Wordpress,Ce21 Suite,7.5,HIGH,0.0006399999838322401,false,,false,false,false,,false,false,2024-11-09T02:32:01.740Z,0
CVE-2024-10284,https://securityvulnerability.io/vulnerability/CVE-2024-10284,Unauthorized Access to WordPress Sites via Hardcoded Encryption Key,"The CE21 Suite plugin for WordPress has a vulnerability that allows unauthenticated attackers to bypass authentication mechanisms. This flaw arises from a hardcoded encryption key used in the 'ce21_authentication_phrase' function. As a result, any attacker with knowledge of the email address of an existing user, including administrators, can gain unauthorized access to their accounts. This vulnerability poses significant risks to website security, as it may lead to unauthorized actions taken on behalf of legitimate users.",Wordpress,Ce21 Suite,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,false,false,2024-11-09T02:32:00.635Z,0