cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-38690,https://securityvulnerability.io/vulnerability/CVE-2024-38690,WordPress iPanorama 360 plugin <= 1.8.3 - Broken Access Control vulnerability,Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1.8.3.,Wordpress,Ipanorama 360 WordPress Virtual Tour Builder,5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-11-01T14:18:09.345Z,0
CVE-2024-33941,https://securityvulnerability.io/vulnerability/CVE-2024-33941,WordPress iPanorama 360 plugin <= 1.8.1 - Broken Access Control vulnerability,"Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder.This issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1.8.1.

",Wordpress,Ipanorama 360 WordPress Virtual Tour Builder,5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-03T08:15:00.000Z,0
CVE-2023-5336,https://securityvulnerability.io/vulnerability/CVE-2023-5336,SQL Injection Vulnerability in iPanorama 360 Plugin for WordPress,"The iPanorama 360 – WordPress Virtual Tour Builder plugin is affected by an SQL Injection vulnerability that arises from improper escaping of user-supplied data within its shortcode functionality. This security flaw allows authenticated attackers with contributor-level permissions and higher to manipulate existing SQL queries by appending their own. Consequently, this exposes the plugin to potential data breaches, enabling attackers to access sensitive data stored in the database.",Wordpress,iPanorama 360 –  WordPress Virtual Tour Builder,6.5,MEDIUM,0.001019999966956675,false,,false,false,false,,false,false,2023-10-19T02:15:00.000Z,0
CVE-2022-4392,https://securityvulnerability.io/vulnerability/CVE-2022-4392,iPanorama 360 WordPress Virtual Tour Builder <= 1.6.29 - Contributor+ Stored XSS,"The iPanorama 360 WordPress Virtual Tour Builder plugin through 1.6.29 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.",Wordpress,Ipanorama 360 WordPress Virtual Tour Builder,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2023-01-09T22:13:28.879Z,0