cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-2302,https://securityvulnerability.io/vulnerability/CVE-2024-2302,Unauthenticated Attackers Can Access Private Information via Directory Listing,"The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.9. This makes it possible for unauthenticated attackers to download the debug log via Directory Listing. This file may include PII.",Wordpress,Easy Digital Downloads – Sell Digital Files & Subscriptions (ecommerce Store + Payments Made Easy),5.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-04-09T18:58:30.328Z,0
CVE-2024-0659,https://securityvulnerability.io/vulnerability/CVE-2024-0659,Stored Cross-Site Scripting Vulnerability in Easy Digital Downloads Plugin by WordPress,"The Easy Digital Downloads plugin for WordPress, specifically versions up to and including 3.2.6, is susceptible to a Stored Cross-Site Scripting vulnerability. This flaw arises from inadequate input sanitization and insufficient output escaping in the variable pricing option title. Authenticated attackers with shop manager-level access could exploit this vulnerability to inject arbitrary web scripts into pages. When users access these compromised pages, the injected scripts would execute in their browsers, potentially leading to unauthorized access and data leakage.",Wordpress,Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy),4.8,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-02-05T21:21:35.898Z,0