cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-0829,https://securityvulnerability.io/vulnerability/CVE-2024-0829,"Missing Authorization Vulnerability in Comment Extra Fields For Post, Pages and CPT plugin","The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.0. This is due to missing or incorrect capability checks on several ajax actions. This makes it possible for authenticated attackers, with subscriber access or higher, to invoke those actions. As a result, they may modify comment form fields and update plugin settings.",Wordpress,"Comments Extra Fields For Post,pages And Cpt",4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-03-13T15:27:14.507Z,0
CVE-2024-0830,https://securityvulnerability.io/vulnerability/CVE-2024-0830,Cross-Site Request Forgery Vulnerability in Comments Extra Fields for WordPress,"The Comments Extra Fields For Post, Pages and CPT plugin for WordPress is affected by a Cross-Site Request Forgery vulnerability due to inadequate nonce validation across multiple AJAX actions. This issue allows unauthenticated attackers to send crafted requests to the WordPress site, potentially tricking site administrators into executing harmful actions, such as altering comment form fields and manipulating plugin settings. Implementing proper nonce validation is essential to mitigate this risk and ensure the security of the affected plugin.",Wordpress,"Comments Extra Fields For Post,pages And Cpt",4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-03-13T15:27:04.650Z,0