cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-11442,https://securityvulnerability.io/vulnerability/CVE-2024-11442,Stored Cross-Site Scripting Vulnerability in Horizontal Scroll Image Slideshow Plugin for WordPress,"The Horizontal scroll image slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'horizontal-scroll-image-slideshow' shortcode in all versions up to, and including, 10.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Horizontal Scroll Image Slideshow,6.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-12-12T03:23:03.900Z,0
CVE-2023-5413,https://securityvulnerability.io/vulnerability/CVE-2023-5413,Stored Cross-Site Scripting in Image Horizontal Reel Scroll Slideshow Plugin for WordPress,"The Image Horizontal Reel Scroll Slideshow plugin for WordPress is susceptible to Stored Cross-Site Scripting through its 'ihrss-gallery' shortcode. This vulnerability arises from inadequate input sanitization and output escaping of user-provided attributes. Consequently, authenticated users with contributor-level permissions or higher can exploit this flaw to inject malicious web scripts. These scripts will execute whenever an affected page is accessed, posing significant risks to users and website integrity.",Wordpress,Image horizontal reel scroll slideshow,6.4,MEDIUM,0.0005799999926239252,false,,false,false,false,,false,false,2023-12-19T03:15:00.000Z,0
CVE-2023-5412,https://securityvulnerability.io/vulnerability/CVE-2023-5412,SQL Injection Vulnerability in Image Horizontal Reel Scroll Slideshow for WordPress,"The Image Horizontal Reel Scroll Slideshow plugin for WordPress is vulnerable to SQL injection due to inadequate escaping of user-supplied parameters within its shortcode. This vulnerability affects versions up to and including 13.2. Authenticated attackers with subscriber-level access or higher can manipulate SQL queries by appending malicious input, potentially exposing sensitive data from the database. Proper input sanitization and SQL query preparation measures are essential to mitigate this security risk.",Wordpress,Image horizontal reel scroll slideshow,6.5,MEDIUM,0.0011899999808520079,false,,false,false,true,true,false,false,2023-10-31T09:15:00.000Z,0