cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-5601,https://securityvulnerability.io/vulnerability/CVE-2024-5601,Stored Cross-Site Scripting Vulnerability in Create by Mediavine Plugin for WordPress,"The Create by Mediavine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Schema Meta shortcode in all versions up to, and including, 1.9.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Create By Mediavine,5.4,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-06-27T07:44:27.083Z,0
CVE-2024-1711,https://securityvulnerability.io/vulnerability/CVE-2024-1711,Unauthenticated SQL Injection Vulnerability in Create by Mediavine Plugin for WordPress,"The Mediavine Create plugin for WordPress is susceptible to an SQL Injection vulnerability via the 'id' parameter. All versions up to and including 1.9.4 are affected. The vulnerability arises from inadequate escaping of user-supplied parameters, coupled with a lack of sufficient preparation in the existing SQL query. This exploit enables unauthorized attackers to append additional SQL queries into the existing queries, potentially allowing them to extract sensitive data from the database. Users of the affected plugin should take immediate action to mitigate risks related to sensitive data exposure.",Wordpress,Create By Mediavine,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,2024-03-20T06:48:28.971Z,0