cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-10937,https://securityvulnerability.io/vulnerability/CVE-2024-10937,Sensitive Information Exposure Vulnerability in Related Posts Plugin,"The Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.58 via the wp_ajax_nopriv_related_post_ajax_get_post_ids AJAX action. This makes it possible for unauthenticated attackers to extract sensitive data including titles of posts in draft status.",Wordpress,"Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By Pickplugins",5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2024-12-05T08:23:59.347Z,0
CVE-2023-0252,https://securityvulnerability.io/vulnerability/CVE-2023-0252,Contextual Related Posts < 3.3.1 - Contributor+ Stored XSS,"The Contextual Related Posts WordPress plugin before 3.3.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks",Wordpress,Contextual Related Posts,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2023-02-06T20:15:00.000Z,0
CVE-2014-3937,https://securityvulnerability.io/vulnerability/CVE-2014-3937,,SQL injection vulnerability in the Contextual Related Posts plugin before 1.8.10.2 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.,Wordpress,Contextual Related Posts,,,0.001829999964684248,false,,false,false,false,,false,false,2014-06-02T15:55:00.000Z,0
CVE-2013-2710,https://securityvulnerability.io/vulnerability/CVE-2013-2710,,Cross-site request forgery (CSRF) vulnerability in the Contextual Related Posts plugin before 1.8.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via unspecified vectors.,Wordpress,Contextual Related Posts,,,0.001339999958872795,false,,false,false,false,,false,false,2014-06-02T15:00:00.000Z,0