cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12854,https://securityvulnerability.io/vulnerability/CVE-2024-12854,Arbitrary File Upload Vulnerability in Garden Gnome Package Plugin for WordPress,"The Garden Gnome Package plugin for WordPress suffers from a critical vulnerability due to inadequate file type validation when processing 'ggpkg' files. This issue, present in all versions up to 2.3.0, allows authenticated users with Author-level privileges and above to upload malicious files. Such uploads can potentially lead to remote code execution on the server hosting the affected WordPress site.",Wordpress,Garden Gnome Package,8.8,HIGH,0.0005000000237487257,false,,false,false,false,false,false,false,2025-01-08T09:18:36.303Z,0
CVE-2024-8657,https://securityvulnerability.io/vulnerability/CVE-2024-8657,Cross-Site Scripting Vulnerability in Garden Gnome Package for WordPress,"The Garden Gnome Package plugin for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability caused by insufficient sanitization and escaping of user-supplied attributes within the plugin's ggpkg shortcode. This vulnerability allows authenticated attackers, including those with contributor-level access and above, to inject arbitrary scripts into web pages. The injected scripts are executed in the browser of any user who visits the affected page, potentially leading to unauthorized data manipulation or exposure.",Wordpress,Garden Gnome Package,5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-09-24T01:56:45.907Z,0
CVE-2023-5664,https://securityvulnerability.io/vulnerability/CVE-2023-5664,Stored Cross-Site Scripting Vulnerability in Garden Gnome Package Plugin for WordPress,"The Garden Gnome Package plugin for WordPress is susceptible to Stored Cross-Site Scripting through its 'ggpkg' shortcode in all versions up to and including 2.2.8. This vulnerability stems from inadequate input sanitization and output escaping on attributes supplied by users. Authenticated attackers with contributor-level permissions can exploit this flaw to inject arbitrary web scripts into pages, leading to their execution whenever an unsuspecting user accesses the compromised page. A partial patch was implemented in version 2.2.7, with a complete fix introduced in version 2.2.9.",Wordpress,Garden Gnome Package,5.4,MEDIUM,0.0006699999794363976,false,,false,false,false,,false,false,2023-11-22T16:15:00.000Z,0