cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-3342,https://securityvulnerability.io/vulnerability/CVE-2022-3342,PHAR Deserialization Vulnerability in Jetpack CRM Plugin for WordPress,"The Jetpack CRM plugin for WordPress has a vulnerability related to PHAR deserialization through the 'zbscrmcsvimpf' parameter in the 'zeroBSCRM_CSVImporterLitehtml_app' function. Although nonce verification is performed, failure to validate during two key steps leaves the system exposed. If an attacker uploads a crafted phar:// archive and convinces an administrator to follow a malicious link, they can exploit this vulnerability to inject objects into the execution stream.",Wordpress,"Jetpack Crm – Clients, Leads, Invoices, Billing, Email Marketing, & Automation",7.5,HIGH,0.0022799998987466097,false,,false,false,false,,false,false,2023-10-20T07:29:24.289Z,0
CVE-2022-4497,https://securityvulnerability.io/vulnerability/CVE-2022-4497,Jetpack CRM < 5.5 - Contributor+ Stored XSS,"The Jetpack CRM WordPress plugin before 5.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins",Wordpress,Jetpack Crm,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2023-01-09T22:13:36.385Z,0
CVE-2022-3919,https://securityvulnerability.io/vulnerability/CVE-2022-3919,Jetpack CRM < 5.4.3 - Admin+ Cross-Site Scripting,"The Jetpack CRM WordPress plugin before 5.4.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.",Wordpress,Jetpack Crm,4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2022-12-12T17:54:41.219Z,0