cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12416,https://securityvulnerability.io/vulnerability/CVE-2024-12416,SQL Injection Vulnerability in Woomotiv Plugin for WooCommerce by WordPress,"The Live Sales Notification for WooCommerce - Woomotiv plugin for WordPress contains a SQL Injection vulnerability due to insufficient escaping of user-supplied parameters and inadequate preparation of SQL queries. This security flaw affects all versions up to and including 3.6.1, allowing unauthenticated attackers to execute arbitrary SQL commands through manipulated cookies. Exploitation of this vulnerability could lead to unauthorized access and extraction of sensitive data from the database, posing significant risks to WordPress site operators.",Wordpress,Live Sales Notification For WooCommerce – Woomotiv,7.5,HIGH,0.0006000000284984708,false,,false,false,false,false,false,false,2025-01-07T03:21:56.673Z,0
CVE-2024-1325,https://securityvulnerability.io/vulnerability/CVE-2024-1325,Cross-Site Request Forgery Vulnerability in Woomotiv Plugin,"The Live Sales Notification for Woocommerce – Woomotiv plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.3. This is due to missing or incorrect nonce validation on the 'ajax_cancel_review' function. This makes it possible for unauthenticated attackers to reset the site's review count via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",Wordpress,Live Sales Notification For WooCommerce – Woomotiv,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-03-20T06:48:28.425Z,0