cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-11938,https://securityvulnerability.io/vulnerability/CVE-2024-11938,Stored Cross-Site Scripting in One Click Upsell Funnel Plugin for WordPress,"CVE-2024-11938 exposes a serious stored cross-site scripting (XSS) vulnerability in the One Click Upsell Funnel plugin for WooCommerce, specifically through the 'wps_wocuf_pro_yes' shortcode. This vulnerability impacts all versions up to and including 3.4.9 due to inadequate input sanitization and output escaping of user-supplied attributes. As a result, authenticated attackers with contributor-level access or higher can exploit this vulnerability to inject arbitrary web scripts into pages. These scripts will execute when users access the affected pages, potentially compromising sensitive data and jeopardizing site integrity. It is crucial for users of this plugin to update to the latest version immediately to mitigate the risk.",Wordpress,"One Click Upsell Funnel For WooCommerce –  Funnel Builder For WordPress, Create WooCommerce Upsell, Post-purchase Upsell & Cross Sell Offers That Boost Sales & Increase Profits With Sales Funnel Builder",6.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-12-21T07:03:00.273Z,0
CVE-2015-9510,https://securityvulnerability.io/vulnerability/CVE-2015-9510,,"The Easy Digital Downloads (EDD) Cross-sell Upsell extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.",Wordpress,"Easy Digital Downloads,Cross-sell And Upsell",6.1,MEDIUM,0.0007800000021234155,false,,false,false,false,,false,false,2019-10-23T16:12:02.000Z,0