cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-56302,https://securityvulnerability.io/vulnerability/CVE-2024-56302,Cross-Site Scripting Vulnerability in ConvertCalculator for WordPress,"A security flaw exists in ConvertCalculator for WordPress that enables cross-site scripting (XSS) attacks. This vulnerability arises from improper neutralization of user input during the generation of web pages, allowing malicious users to inject and execute harmful scripts in a victim's browser. Websites using ConvertCalculator for WordPress, particularly versions up to and including 1.1.1, are susceptible. Successful exploitation can lead to unauthorized actions, data theft, or further attacks on visitors of the affected site. Website administrators are advised to review their current version and take immediate steps to mitigate this risk by updating or applying recommended security patches.",Wordpress,Convertcalculator For WordPress,6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,false,false,false,2025-01-02T12:01:32.295Z,0
CVE-2024-10015,https://securityvulnerability.io/vulnerability/CVE-2024-10015,Stored Cross-Site Scripting Vulnerability in ConvertCalculator for WordPress,"The ConvertCalculator for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' and 'type' parameters in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Convertcalculator For WordPress,6.4,MEDIUM,0.00044999999227002263,false,,false,false,true,true,false,false,2024-11-16T03:20:50.139Z,0