cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2021-4448,https://securityvulnerability.io/vulnerability/CVE-2021-4448,Unauthorized Actions Possible in Kaswara Modern VC Addons Plugin Due to Authentication Bypass,"The Kaswara Modern VC Addons plugin for WordPress is susceptible to authorization bypass, enabling unauthorized users to execute a range of actions due to inadequate capability validation in multiple AJAX functionalities. Unauthenticated attackers can exploit this vulnerability to import data, upload arbitrary files, and delete files, posing serious security risks to WordPress sites utilizing this plugin. Ensuring that your website has updated and secure plugins is essential to safeguard against these unauthorized actions.",Wordpress,Kaswara Modern Vc Addons,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,false,false,2024-10-16T06:43:31.059Z,0
CVE-2021-24284,https://securityvulnerability.io/vulnerability/CVE-2021-24284,Kaswara Modern VC Addons <= 3.0.1 - Unauthenticated Arbitrary File Upload,The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fonts_icon directory with no checks for malicious files such as PHP.,Wordpress,Kaswara Modern Vc Addons,9.8,CRITICAL,0.9630299806594849,false,,false,false,false,,false,false,2021-05-14T11:38:17.000Z,0