cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-5000,https://securityvulnerability.io/vulnerability/CVE-2023-5000,SQL Injection Vulnerability in HSAS Plugin for WordPress,"The Horizontal Scrolling Announcements plugin for WordPress is susceptible to SQL Injection attacks due to insufficient parameter escaping in the 'hsas-shortcode' shortcode. This issue affects versions up to and including 2.4. Authenticated users, particularly those with contributor-level permissions or higher, can exploit this vulnerability to modify SQL queries. By appending unauthorized SQL commands, attackers can potentially expose sensitive data stored in the database, creating serious risks for the integrity and confidentiality of the site's information.",Wordpress,Horizontal Scrolling Announcements,8.8,HIGH,0.0005600000149570405,false,,false,false,false,,false,false,2024-08-06T01:49:58.058Z,0
CVE-2023-4999,https://securityvulnerability.io/vulnerability/CVE-2023-4999,SQL Injection Vulnerability in Horizontal Scrolling Announcement Plugin for WordPress,"The Horizontal Scrolling Announcement plugin for WordPress is vulnerable to SQL Injection due to inadequate escaping of user-supplied parameters in its [horizontal-scrolling] shortcode. This issue affects versions up to and including 9.2. Authenticated attackers with subscriber-level permissions can exploit this flaw to inject additional SQL queries into existing ones, potentially leading to the extraction of sensitive information from the database.",Wordpress,Horizontal scrolling announcement,8.8,HIGH,0.0008399999933317304,false,,false,false,false,,false,false,2023-10-20T08:15:00.000Z,0
CVE-2023-5001,https://securityvulnerability.io/vulnerability/CVE-2023-5001,Stored Cross-Site Scripting Flaw in Horizontal Scrolling Announcement for WordPress,"The Horizontal Scrolling Announcement plugin for WordPress is susceptible to Stored Cross-Site Scripting vulnerabilities due to improper input sanitization and output escaping of user-supplied attributes within the 'horizontal-scrolling' shortcode. This flaw allows authenticated attackers with contributor-level or higher permissions to insert arbitrary scripts into pages, potentially compromising the security of users who access those pages.",Wordpress,Horizontal scrolling announcement,5.4,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2023-09-16T05:15:00.000Z,0