cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2024-6628,https://securityvulnerability.io/vulnerability/CVE-2024-6628,EleForms All In One Form Integration plugin vulnerable to Cross-Site Request Forgery,"The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.9.9. This is due to missing or incorrect nonce validation when deleting form submissions. This makes it possible for unauthenticated attackers to delete form submissions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",Wordpress,Eleforms – All In One Form Integration Including Db For Elementor,4.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2024-11-16T03:20:50.643Z,0 CVE-2024-6626,https://securityvulnerability.io/vulnerability/CVE-2024-6626,EleForms All In One Form Integration Plugin Vulnerable to Unauthorized Access,"The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several functions in all versions up to, and including, 2.9.9.9. This makes it possible for unauthenticated attackers to view form submissions.",Wordpress,Eleforms – All In One Form Integration Including Db For Elementor,5.3,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-11-06T06:43:32.465Z,0 CVE-2024-2082,https://securityvulnerability.io/vulnerability/CVE-2024-2082,EleForms All In One Form Integration Plugin Vulnerable to Stored Cross-Site Scripting,"The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to inadequate input sanitization and output escaping methods. This flaw allows unauthenticated attackers to exploit certain parameters, enabling them to inject arbitrary web scripts. These malicious scripts execute when users access compromised pages, potentially leading to serious security implications for both site administrators and visitors.",Wordpress,Eleforms – All In One Form Integration Including Db For Elementor,7.2,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-02T16:52:41.080Z,0 CVE-2024-2043,https://securityvulnerability.io/vulnerability/CVE-2024-2043,Unauthorized Data Access in EleForms Plugin for WordPress,"The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress has a serious security flaw that allows unauthorized users to access sensitive form submission data. This vulnerability arises from a lack of necessary capability checks when downloading form submissions, impacting all versions up to and including 2.9.9.7. As a result, unauthenticated attackers can potentially exploit this weakness to view private information, posing a significant risk to data privacy and integrity.",Wordpress,Eleforms – All In One Form Integration Including Db For Elementor,5.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-02T16:52:13.126Z,0