cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-3495,https://securityvulnerability.io/vulnerability/CVE-2024-3495,SQL Injection Vulnerability in CF7 Plugin for WordPress Could Lead to Sensitive Data Exfiltration,"The Country State City Dropdown CF7 plugin for WordPress is exposed to an SQL Injection vulnerability, allowing attackers to exploit the 'cnt' and 'sid' parameters due to inadequate escaping of user-supplied input and insufficient preparation in the SQL query. This vulnerability enables unauthorized users to inject additional SQL commands into existing queries, potentially leading to unauthorized access and extraction of sensitive database information. It is crucial for users of the affected plugin version to update to the latest version to mitigate this security risk.",Wordpress,Country State City Dropdown Cf7,9.8,CRITICAL,0.0006600000197067857,false,,false,false,true,2024-05-23T11:41:15.000Z,true,false,false,,2024-05-22T08:31:21.432Z,0
CVE-2024-3520,https://securityvulnerability.io/vulnerability/CVE-2024-3520,Data Modification Vulnerability in Country State City Dropdown CF7 Plugin for WordPress,"The Country State City Dropdown CF7 plugin for WordPress exposes a critical security flaw due to a missing capability check. This vulnerability affects all versions up to and including 2.7.1, allowing authenticated users with subscriber access and above to modify data unimpeded. Specifically, these users can add new states or cities to the dropdown list, potentially impacting user selection and overall data integrity.",Wordpress,Country State City Dropdown Cf7,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-02T16:51:44.028Z,0