cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12294,https://securityvulnerability.io/vulnerability/CVE-2024-12294,Sensitive Information Exposure Vulnerability in The Last Viewed Posts Plugin,"The Last Viewed Posts by WPBeginner plugin for WordPress is susceptible to a vulnerability that allows unauthenticated attackers to gain access to sensitive information. This includes titles and permalinks of posts that are private, password-protected, pending, or in draft status. The vulnerability lies within the 'get_legacy_cookies' function, which fails to properly secure sensitive data, resulting in potential data exposure for website administrators and users. Users who have installed versions of the plugin up to and including 1.0.1 should take immediate action to secure their sites against possible data breaches.",Wordpress,Last Viewed Posts By WPbeginner,5.3,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-12-11T10:57:30.270Z,0
CVE-2024-3070,https://securityvulnerability.io/vulnerability/CVE-2024-3070,Unauthenticated Attackers Can Inject PHP Object via Deserialization in WPBeginner's Last Viewed Posts Plugin,"The Last Viewed Posts plugin for WordPress, developed by WPBeginner, is susceptible to a PHP Object Injection vulnerability in all versions up to and including 1.0.0. This vulnerability arises from the deserialization of untrusted data from the LastViewedPosts Cookie, allowing unauthenticated attackers to inject arbitrary PHP objects. There is no known proof-of-concept (POP) chain directly related to this plugin; however, if it coexists with any additional vulnerable plugins or themes on the WordPress installation, it could potentially enable attackers to execute various malicious actions such as deleting arbitrary files, accessing sensitive information, or executing unauthorized code.",Wordpress,Last Viewed Posts By WPbeginner,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-14T15:39:00.000Z,0