cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-10881,https://securityvulnerability.io/vulnerability/CVE-2024-10881,Stored Cross-Site Scripting Vulnerability in LUNA RADIO PLAYER Plugin,"The LUNA RADIO PLAYER plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lunaradio' shortcode in versions up to, and including, 6.24.11.07 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Luna Radio Player,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-12-05T03:23:44.481Z,0
CVE-2024-10816,https://securityvulnerability.io/vulnerability/CVE-2024-10816," directory traversal vulnerability in LUNA RADIO PLAYER plugin for WordPress","The LUNA RADIO PLAYER plugin for WordPress is affected by a Directory Traversal vulnerability that allows unauthenticated attackers to access and read the contents of sensitive files on the server through the js/fallback.php file. This exposure can lead to the leakage of private data stored on the server, increasing the risk of exploitation for malicious purposes. Users of the LUNA RADIO PLAYER are advised to review their security measures and update to the latest version to mitigate this risk.",Wordpress,Luna Radio Player,7.5,HIGH,0.0008999999845400453,false,,false,false,false,,false,false,2024-11-13T03:30:10.803Z,0