cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-4243,https://securityvulnerability.io/vulnerability/CVE-2022-4243,ImageInject <= 1.17 - Admin+ Stored XSS,"The ImageInject WordPress plugin through 1.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).",Wordpress,Imageinject,4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2022-12-26T12:28:00.192Z,0
CVE-2018-5284,https://securityvulnerability.io/vulnerability/CVE-2018-5284,,The ImageInject plugin 1.15 for WordPress has XSS via the flickr_appid parameter to wp-admin/options-general.php.,Wordpress,Imageinject,4.8,MEDIUM,0.0008800000068731606,false,,false,false,false,,false,false,2018-01-08T07:00:00.000Z,0
CVE-2018-5285,https://securityvulnerability.io/vulnerability/CVE-2018-5285,,The ImageInject plugin 1.15 for WordPress has CSRF via wp-admin/options-general.php.,Wordpress,Imageinject,8.8,HIGH,0.007449999917298555,false,,false,false,false,,false,false,2018-01-08T07:00:00.000Z,0