cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-2404,https://securityvulnerability.io/vulnerability/CVE-2023-2404,Stored Cross-Site Scripting Vulnerability in CRM and Lead Management by vcita Plugin,"The CRM and Lead Management by vcita plugin for WordPress is susceptible to stored cross-site scripting due to inadequate input sanitization and output escaping, specifically via the 'email' parameter. This vulnerability allows authenticated users with edit_posts capabilities, such as contributors, to embed arbitrary web scripts into pages. Consequently, these scripts will execute every time a user accesses affected pages, potentially leading to significant security risks and exploitation.",Wordpress,CRM and Lead Management by vcita,5.4,MEDIUM,0.0009200000204145908,false,,false,false,false,,false,false,2023-06-03T05:15:00.000Z,0
CVE-2023-2405,https://securityvulnerability.io/vulnerability/CVE-2023-2405,Cross-Site Request Forgery in CRM and Lead Management Plugin for WordPress by vcita,"The CRM and Lead Management plugin developed by vcita for WordPress exhibits a vulnerability to Cross-Site Request Forgery (CSRF) in versions up to and including 2.6.2. This vulnerability arises from inadequate nonce validation within the vcita-callback.php file. An attacker could exploit this flaw by deceiving an unsuspecting site administrator into executing a request, allowing unauthorized modifications to the plugin's settings and potentially leading to the injection of malicious JavaScript.",Wordpress,CRM and Lead Management by vcita,6.5,MEDIUM,0.0014900000533089042,false,,false,false,false,,false,false,2023-06-03T05:15:00.000Z,0