cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-9354,https://securityvulnerability.io/vulnerability/CVE-2024-9354,Reflected Cross-Site Scripting Vulnerability in Estatik Mortgage Calculator Plugin for WordPress,"The Estatik Mortgage Calculator plugin for WordPress is susceptible to a reflected cross-site scripting vulnerability through the 'color' parameter. This flaw arises from inadequate input validation and failure to properly escape output, allowing unauthenticated attackers to inject malicious scripts into web pages. If a user is tricked into clicking a specially crafted link, these scripts may execute in their browser, potentially compromising user data and session integrity.",Wordpress,Estatik Mortgage Calculator,6.1,MEDIUM,0.0005200000014156103,false,,false,false,false,false,false,false,2025-01-07T06:40:57.604Z,0
CVE-2023-6050,https://securityvulnerability.io/vulnerability/CVE-2023-6050,Estatik Real Estate Plugin < 4.1.1 - Reflected XSS,"The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not sanitise and escape various parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin",Wordpress,Estatik Real Estate Plugin,6.1,MEDIUM,0.000539999979082495,false,,false,false,true,true,false,false,2024-01-15T15:10:42.097Z,0
CVE-2023-6048,https://securityvulnerability.io/vulnerability/CVE-2023-6048,Estatik Real Estate Plugin < 4.1.1 - Subscriber+ Arbitrary Option Update,"The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not prevent user with low privileges on the site, like subscribers, from setting any of the site's options to 1, which could be used to break sites and lead to DoS when certain options are reset",Wordpress,Estatik Real Estate Plugin,6.5,MEDIUM,0.0005699999746866524,false,,false,false,true,true,false,false,2024-01-15T15:10:40.683Z,0
CVE-2023-6049,https://securityvulnerability.io/vulnerability/CVE-2023-6049,Estatik Real Estate Plugin < 4.1.1 - Unauthenticated PHP Object Injection,"The Estatik Real Estate Plugin for WordPress, prior to version 4.1.1, is vulnerable to PHP Object Injection through the unserialization of user input from its cookies. This flaw can be exploited by unauthenticated users if a suitable gadget chain is present on the site, potentially leading to severe security breaches. This vulnerability underscores the importance of proper input validation and the need for timely updates to mitigate risks associated with such security weaknesses.",Wordpress,Estatik Real Estate Plugin,9.8,CRITICAL,0.0020000000949949026,false,,false,false,true,true,false,false,2024-01-15T15:10:39.151Z,0
CVE-2016-10959,https://securityvulnerability.io/vulnerability/CVE-2016-10959,,The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload (exploitable with CSRF) via es_media_images[] to wp-admin/admin-ajax.php.,Wordpress,Estatik,6.5,MEDIUM,0.0007399999885819852,false,,false,false,false,,false,false,2019-09-16T12:08:53.000Z,0
CVE-2016-10958,https://securityvulnerability.io/vulnerability/CVE-2016-10958,,The estatik plugin before 2.3.0 for WordPress has unauthenticated arbitrary file upload via es_media_images[] to wp-admin/admin-ajax.php.,Wordpress,Estatik,7.5,HIGH,0.0019099999917671084,false,,false,false,false,,false,false,2019-09-16T12:07:47.000Z,0