cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-5096,https://securityvulnerability.io/vulnerability/CVE-2023-5096,Stored Cross-Site Scripting in HTML Filter and CSV-File Search Plugin by WordPress,"The HTML Filter and CSV-File Search plugin for WordPress is prone to a Stored Cross-Site Scripting vulnerability. This flaw arises from inadequate input sanitization and output escaping within the plugin's 'csvsearch' shortcode. As a result, authenticated users—specifically those with contributor-level permissions or higher—can exploit this vulnerability to inject arbitrary web scripts. These scripts will execute whenever a user visits an affected page, posing significant security risks to both the website and its visitors.",Wordpress,HTML filter and csv-file search,5.4,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2023-11-22T16:15:00.000Z,0
CVE-2023-5099,https://securityvulnerability.io/vulnerability/CVE-2023-5099,Local File Inclusion Vulnerability in HTML Filter and CSV Search Plugin for WordPress,"The HTML filter and CSV file search plugin for WordPress is susceptible to a Local File Inclusion flaw that affects versions up to and including 2.7. This vulnerability originates from the 'src' attribute in the 'csvsearch' shortcode, enabling authenticated users with contributor-level permissions or higher to potentially include and execute arbitrary files hosted on the server. Attackers can exploit this flaw to bypass access controls, access sensitive data, or execute arbitrary PHP code, posing significant security risks even when uploading seemingly safe file types like images.",Wordpress,HTML filter and csv-file search,8.8,HIGH,0.0013699999544769526,false,,false,false,false,,false,false,2023-10-31T12:15:00.000Z,0