cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-8621,https://securityvulnerability.io/vulnerability/CVE-2024-8621,Secure Your Database from SQL Injection Vulnerabilities,"The Daily Prayer Time plugin for WordPress has a security flaw allowing SQL Injection via the 'max_word' attribute of the 'quran_verse' shortcode. This vulnerability arises from inadequate escaping of user-supplied parameters and insufficient preparation of existing SQL queries. Authenticated attackers with Contributor-level access or higher can exploit this issue to inject additional SQL queries. The exploitation may lead to unauthorized access to sensitive data stored within the database, putting user and site information at risk. Immediate action is advised to mitigate potential exploits.",Wordpress,Daily Prayer Time,6.5,MEDIUM,0.0006600000197067857,false,,false,false,false,,false,false,2024-09-25T03:15:00.000Z,0
CVE-2022-0785,https://securityvulnerability.io/vulnerability/CVE-2022-0785,Daily Prayer Time < 2022.03.01 - Unauthenticated SQLi,"The Daily Prayer Time WordPress plugin before 2022.03.01 does not sanitise and escape the month parameter before using it in a SQL statement via the get_monthly_timetable AJAX action (available to unauthenticated users), leading to an unauthenticated SQL injection",Wordpress,Daily Prayer Time,9.8,CRITICAL,0.05697000026702881,false,,false,false,false,,false,false,2022-04-18T17:10:38.000Z,0
CVE-2021-24523,https://securityvulnerability.io/vulnerability/CVE-2021-24523,Daily Prayer Time < 2021.08.10 - Authenticated Stored XSS,"The Daily Prayer Time WordPress plugin before 2021.08.10 does not sanitise or escape some of its settings before outputting them in the page, leading to Authenticated Stored Cross-Site Scripting issues.",Wordpress,Daily Prayer Time,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2021-09-13T17:56:24.000Z,0