cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-2948,https://securityvulnerability.io/vulnerability/CVE-2024-2948,Stored Cross-Site Scripting Vulnerability in WordPress Favorites Plugin,"The Favorites plugin for WordPress is susceptible to a stored cross-site scripting vulnerability. This issue arises from inadequate sanitization of user input and improper escaping of output, particularly in the plugin's 'user_favorites' shortcode. Authenticated attackers with contributor-level access or higher can exploit this flaw to inject arbitrary JavaScript into pages. This injected code executes whenever a user accesses impacted pages, posing significant security risks to site visitors and highlighting the importance of input validation in web applications.",Wordpress,Favorites,7.2,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-03-30T07:36:30.300Z,0
CVE-2023-2304,https://securityvulnerability.io/vulnerability/CVE-2023-2304,Stored Cross-Site Scripting Vulnerability in Favorites Plugin for WordPress,"The Favorites plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping associated with the 'user_favorites' shortcode. This vulnerability enables authenticated users with contributor-level permissions and above to inject malicious web scripts into pages. These scripts can execute whenever another user accesses these manipulated pages, compromising the integrity and safety of the website.",Wordpress,Favorites,5.4,MEDIUM,0.0008099999977275729,false,,false,false,false,,false,false,2023-05-31T05:15:00.000Z,0
CVE-2015-9513,https://securityvulnerability.io/vulnerability/CVE-2015-9513,,"The Easy Digital Downloads (EDD) Favorites extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.",Wordpress,"Easy Digital Downloads,Favorites",6.1,MEDIUM,0.0007800000021234155,false,,false,false,false,,false,false,2019-10-23T16:10:43.000Z,0
CVE-2016-1160,https://securityvulnerability.io/vulnerability/CVE-2016-1160,,Cross-site scripting (XSS) vulnerability in the WP Favorite Posts plugin before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,Wordpress,WP Favorite Posts,6.1,MEDIUM,0.0010600000387057662,false,,false,false,false,,false,false,2016-03-26T01:00:00.000Z,0