cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-3240,https://securityvulnerability.io/vulnerability/CVE-2024-3240,ConvertPlug Plugin Vulnerable to PHP Object Injection,"The ConvertPlug plugin for WordPress, including all versions up to and including 3.5.25, is subject to a PHP Object Injection vulnerability. This issue arises from the deserialization of untrusted input originating from the 'settings_encoded' attribute of the 'smile_info_bar' shortcode. Authenticated attackers, possessing contributor-level access or higher, could exploit this vulnerability to inject PHP objects. In scenarios where a potentially dangerous PHP Object Pollution (POP) chain is present through other plugins or themes on the system, this could facilitate various malicious activities, including the deletion of arbitrary files, retrieval of sensitive data, or unauthorized code execution.",Wordpress,Convertplug,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-04T03:31:03.810Z,0
CVE-2024-3237,https://securityvulnerability.io/vulnerability/CVE-2024-3237,Unauthorized Modification of Data Vulnerability in ConvertPlug Plugin for WordPress,"The ConvertPlug plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cp_dismiss_notice() function in all versions up to, and including, 3.5.25. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary option values to true.",Wordpress,Convertplug,5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-04T03:31:03.130Z,0