cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-9350,https://securityvulnerability.io/vulnerability/CVE-2024-9350,Unauthorized Script Injection Vulnerability in DPD Baltic Shipping Plugin for WordPress,"The DPD Baltic Shipping plugin for WordPress exhibits a vulnerability that allows for Reflected Cross-Site Scripting (XSS) due to inadequate input sanitization on the 'search_value' parameter. This flaw exists in all versions up to and including 1.2.83. Attackers could exploit this weakness by injecting malicious scripts into web pages, which may execute in a user's browser if the user is manipulated into clicking a crafted link. This vulnerability poses risks for user data and site integrity, necessitating prompt attention to plugin updates and security measures.",Wordpress,Dpd Baltic Shipping,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2024-10-18T04:32:53.714Z,0
CVE-2022-3999,https://securityvulnerability.io/vulnerability/CVE-2022-3999,WooCommerce Shipping - DPD baltic < 1.2.57 - Subscriber+ Arbitrary Options Deletion,"The DPD Baltic Shipping WordPress plugin before 1.2.57 does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable.",Wordpress,Dpd Baltic Shipping,8.1,HIGH,0.0007099999929778278,false,,false,false,false,,false,false,2022-12-12T17:54:49.698Z,0