cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-11496,https://securityvulnerability.io/vulnerability/CVE-2024-11496,Data Modification Vulnerability in Infility Global Plugin for WordPress,"The Infility Global plugin for WordPress contains a vulnerability that allows authenticated users with Subscriber-level access and higher to modify plugin options without proper checks. This oversight arises from a missing capability check on the infility_global_ajax function in all versions up to and including 2.9.8. Consequently, attackers can exploit this vulnerability to alter crucial setting configurations, which can lead to significant operational issues or compromise the site's integrity.",Wordpress,Infility Global,6.5,MEDIUM,0.000539999979082495,false,,false,false,false,false,false,false,2025-01-07T04:22:20.164Z,0
CVE-2024-12290,https://securityvulnerability.io/vulnerability/CVE-2024-12290,Reflected Cross-Site Scripting Vulnerability in Infility Global Plugin for WordPress,"The Infility Global plugin for WordPress has a vulnerability that allows unauthenticated attackers to execute arbitrary web scripts on user sessions. This is possible through the manipulation of the 'set_type' parameter due to inadequate input sanitization and output escaping. Attackers could potentially trick users into clicking on malicious links leading to exploitation, making it crucial for administrators to update their plugins to the latest versions to mitigate this risk.",Wordpress,Infility Global,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,false,false,false,2025-01-07T04:22:00.720Z,0