cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-5506,https://securityvulnerability.io/vulnerability/CVE-2023-5506,Data Loss Vulnerability in ImageMapper Plugin for WordPress,"The ImageMapper plugin for WordPress is susceptible to a vulnerability that allows authenticated users with subscriber-level permissions and above to delete arbitrary posts and pages. This is due to a missing capability check in the 'imgmap_delete_area_ajax' function, which allows attackers to exploit the flaw and result in unauthorized loss of data. Users of versions up to and including 1.2.6 are at risk and should take immediate action to secure their sites.",Wordpress,ImageMapper,4.3,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2023-11-07T11:15:00.000Z,0
CVE-2023-5507,https://securityvulnerability.io/vulnerability/CVE-2023-5507,Stored Cross-Site Scripting Vulnerability in ImageMapper Plugin for WordPress,"The ImageMapper plugin for WordPress allows authenticated users with contributor permissions and higher to exploit a Stored Cross-Site Scripting vulnerability. This occurs via the 'imagemap' shortcode, as insufficient input validation and output escaping allows attackers to inject arbitrary scripts into webpages. When users access these compromised pages, the injected scripts are executed, potentially leading to unauthorized actions and data exposure.",Wordpress,ImageMapper,5.4,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2023-11-07T11:15:00.000Z,0
CVE-2023-5975,https://securityvulnerability.io/vulnerability/CVE-2023-5975,Cross-Site Request Forgery Vulnerability in ImageMapper Plugin for WordPress,"The ImageMapper plugin for WordPress contains a vulnerability that allows unauthenticated attackers to exploit missing or incorrect nonce validation in multiple functions. This weakens the plugin's security, enabling attackers to perform unauthorized updates to settings if they manage to trick a site administrator into initiating an action, such as clicking on a malicious link. The vulnerability affects all versions up to and including 1.2.6, making it crucial for users to take action to safeguard their sites.",Wordpress,ImageMapper,4.3,MEDIUM,0.00139999995008111,false,,false,false,false,,false,false,2023-11-07T11:15:00.000Z,0
CVE-2023-5532,https://securityvulnerability.io/vulnerability/CVE-2023-5532,Cross-Site Request Forgery Vulnerability in ImageMapper Plugin for WordPress,"The ImageMapper plugin for WordPress is prone to Cross-Site Request Forgery due to insufficient nonce validation in the 'imgmap_save_area_title' function. This security flaw allows unauthenticated attackers to potentially alter post titles and inject malicious JavaScript code. The exploit can be executed when an administrator is tricked into clicking a manipulated link, thereby performing the attacker's desired actions unwittingly. It is critical for site owners to ensure timely updates and implement best practices to mitigate such vulnerabilities.",Wordpress,ImageMapper,4.3,MEDIUM,0.0005099999834783375,false,,false,false,false,,false,false,2023-11-07T11:15:00.000Z,0