cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-1282,https://securityvulnerability.io/vulnerability/CVE-2024-1282,Stored Cross-Site Scripting Vulnerability in Email Encoder Plugin,"The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Email Encoder – Protect Email Addresses and Phone Numbers,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-02-29T01:43:00.000Z,0
CVE-2023-7070,https://securityvulnerability.io/vulnerability/CVE-2023-7070,Stored Cross-Site Scripting in Email Encoder Plugin for WordPress,"The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is susceptible to Stored Cross-Site Scripting (XSS) through its eeb_mailto shortcode. This vulnerability arises from inadequate input sanitization and output escaping for user-supplied attributes. As a result, authenticated attackers with contributor-level and higher permissions can inject arbitrary web scripts that execute when users access compromised pages, posing significant security risks to site visitors.",Wordpress,Email Encoder – Protect Email Addresses and Phone Numbers,5.4,MEDIUM,0.0006699999794363976,false,,false,false,false,,false,false,2024-01-11T08:33:09.043Z,0
CVE-2023-4599,https://securityvulnerability.io/vulnerability/CVE-2023-4599,Stored Cross-Site Scripting in Slimstat Analytics Plugin for WordPress,"The Slimstat Analytics plugin for WordPress is impacted by a Stored Cross-Site Scripting vulnerability through the 'eeb_mailto' shortcode in versions up to and including 2.1.7. This vulnerability arises from inadequate input sanitization and output escaping for user-supplied attributes, allowing authenticated attackers with contributor-level permissions or higher to inject malicious web scripts. These injected scripts can execute whenever a user accesses a compromised page, potentially leading to unauthorized actions or data exposure.",Wordpress,Email Encoder – Protect Email Addresses and Phone Numbers,5.4,MEDIUM,0.0007200000109151006,false,,false,false,false,,false,false,2023-08-30T02:15:00.000Z,0