cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-2995,https://securityvulnerability.io/vulnerability/CVE-2023-2995,Leyka < 3.30.4 - Admin+ Stored XSS,"The Leyka WordPress plugin before 3.30.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)",Wordpress,Leyka,4.8,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2023-09-19T20:15:00.000Z,0
CVE-2023-4917,https://securityvulnerability.io/vulnerability/CVE-2023-4917,Sensitive Information Exposure in Leyka Plugin for WordPress,"The Leyka plugin for WordPress presents a serious vulnerability in versions up to 3.30.3, allowing authenticated users with subscriber-level permissions or above to exploit the 'leyka_ajax_get_env_and_options' function. This critical flaw enables attackers to retrieve sensitive information, including Sberbank API keys and passwords, as well as PayPal Client Secrets. Website administrators must act swiftly to update the plugin to secure their environments and protect their users' sensitive data from being compromised.",Wordpress,Leyka,6.5,MEDIUM,0.0006200000061653554,false,,false,false,false,,false,false,2023-09-13T03:15:00.000Z,0