cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-11195,https://securityvulnerability.io/vulnerability/CVE-2024-11195,Stored Cross-Site Scripting Vulnerability in Email Subscription Popup Plugin,"The Email Subscription Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's print_email_subscribe_form shortcode in all versions up to, and including, 1.2.22 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Email Subscription Popup,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-11-19T11:02:30.125Z,0
CVE-2023-6527,https://securityvulnerability.io/vulnerability/CVE-2023-6527,Reflected Cross-Site Scripting in Email Subscription Popup Plugin for WordPress,"The Email Subscription Popup plugin for WordPress has a vulnerability that allows for reflected cross-site scripting attacks through inadequate sanitization of user inputs. Specifically, attackers can exploit the HTTP_REFERER header to inject malicious scripts into web pages. This occurs when unsuspecting users are tricked into clicking on malicious links, resulting in the execution of harmful scripts in their browsers. This vulnerability poses a significant risk, particularly as it affects all versions of the plugin up to and including 1.2.18.",Wordpress,Email Subscription Popup,6.1,MEDIUM,0.0006000000284984708,false,,false,false,false,,false,false,2023-12-06T05:15:00.000Z,0