cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-11445,https://securityvulnerability.io/vulnerability/CVE-2024-11445,Stored Cross-Site Scripting in Image Magnify Plugin for WordPress,The Image Magnify plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping on attributes supplied by users through the 'image_magnify' shortcode. This vulnerability enables authenticated users with contributor-level access or higher to inject malicious scripts that may execute in the context of an unsuspecting user's session when they visit the compromised page.,Wordpress,Image Magnify,6.4,MEDIUM,0.0005300000193528831,false,,false,false,false,false,false,false,2025-01-07T04:21:59.744Z,0
CVE-2022-4207,https://securityvulnerability.io/vulnerability/CVE-2022-4207,Stored Cross-Site Scripting in Image Hover Effects Ultimate Plugin for WordPress,"The Image Hover Effects Ultimate plugin for WordPress exposes a vulnerability that allows stored cross-site scripting through various values added to Image Hovers in versions 9.8.1 to 9.8.4. This weakness arises from inadequate input sanitization and output escaping, permitting authenticated attackers to inject malicious web scripts into pages. When a user accesses an infected page, the injected scripts execute, potentially compromising user data or site functionality. Although the feature is intended only for admin use, if an admin mistakenly grants lower-privileged users access via the 'Who Can Edit?' setting, it creates an avenue for exploitation.",Wordpress,"Image Hover Effects Ultimate (image Gallery, Effects, Lightbox, Comparison Or Magnifier)",5.5,MEDIUM,0.0006000000284984708,false,,false,false,false,,false,false,2022-12-13T20:18:36.516Z,0
CVE-2022-2935,https://securityvulnerability.io/vulnerability/CVE-2022-2935,Image Hover Effects Ultimate <= 9.7.3 - Authenticated Stored Cross-Site Scripting via Media URL,"The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Media Image URL value that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin's features available to lower privileged users through the 'Who Can Edit?' setting then this can be exploited by those users.",Wordpress,"Image Hover Effects Ultimate (image Gallery, Effects, Lightbox, Comparison Or Magnifier)",6.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2022-09-06T17:19:01.000Z,0
CVE-2022-2936,https://securityvulnerability.io/vulnerability/CVE-2022-2936,Image Hover Effects Ultimate <= 9.7.3 - Authenticated Stored Cross-Site Scripting via Video Link,"The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Video Link values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin's features available to lower privileged users through the 'Who Can Edit?' setting then this can be exploited by those users.",Wordpress,"Image Hover Effects Ultimate (image Gallery, Effects, Lightbox, Comparison Or Magnifier)",6.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2022-09-06T17:19:00.000Z,0
CVE-2021-25031,https://securityvulnerability.io/vulnerability/CVE-2021-25031,Image Hover Effects Ultimate < 9.7.1 - Reflected Cross-Site Scripting,"The Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier) WordPress plugin before 9.7.1 does not escape the effects parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting",Wordpress,"Image Hover Effects Ultimate (image Gallery, Effects, Lightbox, Comparison Or Magnifier)",6.1,MEDIUM,0.0007399999885819852,false,,false,false,false,,false,false,2022-01-24T08:01:14.000Z,0