cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12814,https://securityvulnerability.io/vulnerability/CVE-2024-12814,Stored Cross-Site Scripting Vulnerability in Loan Comparison Plugin for WordPress,"The Loan Comparison Plugin for WordPress contains a vulnerability that allows for Stored Cross-Site Scripting via its 'loancomparison' shortcode in all versions up to and including 2.0. Due to inadequate input sanitization and output escaping for attributes supplied by users, authenticated attackers with contributor-level access or above can inject arbitrary scripts into the pages. This injected code can then execute whenever a user accesses the affected pages, potentially compromising user data and site integrity. Site administrators should take immediate action to upgrade to the latest version to mitigate this vulnerability and enhance overall site security.",Wordpress,Loan Comparison,6.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-12-24T06:59:01.230Z,0
CVE-2023-0366,https://securityvulnerability.io/vulnerability/CVE-2023-0366,Loan Comparison < 1.5.3 - Contributor+ Stored XSS via shortcode,"The Loan Comparison WordPress plugin before 1.5.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks",Wordpress,Loan Comparison,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2023-02-21T09:15:00.000Z,0
CVE-2023-0442,https://securityvulnerability.io/vulnerability/CVE-2023-0442,Loan Comparison < 1.5.2 - Reflected XSS via shortcode,"The Loan Comparison WordPress plugin before 1.5.3 does not validate and escape some of its query parameters before outputting them back in a page/post via an embedded shortcode, which could allow an attacker to inject javascript into into the site via a crafted URL.",Wordpress,Loan Comparison,6.1,MEDIUM,0.0007600000244565308,false,,false,false,false,,false,false,2023-02-21T09:15:00.000Z,0