cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-10000,https://securityvulnerability.io/vulnerability/CVE-2024-10000,LMS Vulnerable to Stored Cross-Site Scripting,"The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the question's content parameter in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with student-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Masteriyo Lms – Elearning And Online Course Builder For WordPress,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-10-29T05:32:39.066Z,0
CVE-2024-10008,https://securityvulnerability.io/vulnerability/CVE-2024-10008,Unauthorized User Profile Modification Vulnerability in Masteriyo LMS,"The Masteriyo LMS plugin for WordPress contains a vulnerability that allows authenticated attackers with student-level access and higher to modify user roles due to a lack of proper authorization checks on the /wp-json/masteriyo/v1/users/$id REST API endpoint. This issue affects all versions up to and including 1.13.3. Exploitation of this vulnerability permits attackers to escalate their privileges to that of an Administrator and potentially demote existing administrators to a lower access level, compromising the security and integrity of the affected WordPress installations.",Wordpress,Masteriyo Lms – Elearning And Online Course Builder For WordPress,8.8,HIGH,0.0005000000237487257,false,,false,false,false,,false,false,2024-10-29T05:32:38.183Z,0