cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-7692,https://securityvulnerability.io/vulnerability/CVE-2024-7692,Plugin Vulnerability Could Lead to Admin Account Takeover,"The Flaming Forms plugin for WordPress, specifically version 1.0.1, is susceptible to a Reflected Cross-Site Scripting vulnerability due to improper sanitization and escaping of user-provided parameters. This flaw can be exploited by an attacker to inject malicious scripts, compromising the security of high-privilege users, such as administrators. As these scripts can be executed in the context of the affected user’s session, it exposes sensitive data and allows a range of malicious activities. Users of the Flaming Forms plugin are advised to evaluate their installations and apply any available updates or mitigations to enhance their security posture.",Wordpress,Flaming Forms,6.1,MEDIUM,0.0004600000102072954,false,,false,false,true,true,false,false,2024-09-02T06:00:04.419Z,0
CVE-2024-7691,https://securityvulnerability.io/vulnerability/CVE-2024-7691,Unauthenticated Cross-Site Scripting Attacks Possible via Flaming Forms Plugin,"The Flaming Forms WordPress plugin prior to version 1.0.1 contains a vulnerability related to inadequate sanitization and escaping of certain parameters. This weakness enables unauthenticated users to execute Cross-Site Scripting (XSS) attacks targeting site administrators. Such attacks can compromise administrative accounts by injecting malicious scripts, leading to potential data breaches and further exploitation of the affected server.",Wordpress,Flaming Forms,6.1,MEDIUM,0.0004600000102072954,false,,false,false,true,true,false,false,2024-09-02T06:00:04.184Z,0