cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-10825,https://securityvulnerability.io/vulnerability/CVE-2024-10825,Unprotected Against Reflected Cross-Site Scripting (RCS),"The Hide My WP Ghost – Security & Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL in all versions up to, and including, 5.3.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrative user into performing an action such as clicking on a link.",Wordpress,Hide My WP Ghost – Security & Firewall,6.1,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-11-15T06:48:04.243Z,0
CVE-2022-4537,https://securityvulnerability.io/vulnerability/CVE-2022-4537,IP Address Spoofing Vulnerability in Hide My WP Ghost Security Plugin for WordPress,"The Hide My WP Ghost – Security Plugin for WordPress is susceptible to IP Address Spoofing due to inadequate restrictions governing the retrieval of IP address information for request logging and login limit enforcement. This vulnerability enables attackers to manipulate the X-Forwarded-For header to present a misleading IP address, which may subsequently bypass any settings that would normally prevent that IP from accessing the system. As a result, unauthorized users can gain access where they should otherwise be blocked.",Wordpress,Hide My WP Ghost – Security Plugin,6.5,MEDIUM,0.0008699999889358878,false,,false,false,false,,false,false,2023-05-09T02:47:14.059Z,0