cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12493,https://securityvulnerability.io/vulnerability/CVE-2024-12493,Stored Cross-Site Scripting Vulnerability in Files Download Delay Plugin for WordPress,"The Files Download Delay plugin for WordPress is susceptible to Stored Cross-Site Scripting due to a lack of proper input sanitization and output escaping within its 'fddwrap' shortcode. This vulnerability affects all versions up to and including 1.0.9. Authenticated attackers with contributor-level access can exploit this flaw, allowing them to inject arbitrary web scripts into pages. Such scripts will execute whenever unsuspecting users access the compromised pages, potentially leading to unauthorized actions and a breach of user data.",Wordpress,Files Download Delay,6.4,MEDIUM,0.0005300000193528831,false,,false,false,false,false,false,false,2025-01-09T11:10:54.340Z,0
CVE-2022-1570,https://securityvulnerability.io/vulnerability/CVE-2022-1570,Files Download Delay < 1.0.7 - Subscriber+ Settings Reset,"The Files Download Delay WordPress plugin before 1.0.7 does not have authorisation and CSRF checks when reseting its settings, which could allow any authenticated users, such as subscriber to perform such action.",Wordpress,Files Download Delay,6.5,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2022-06-08T10:15:00.000Z,0