cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-7317,https://securityvulnerability.io/vulnerability/CVE-2024-7317,Stored Cross-Site Scripting Vulnerability in Folder Plugin,"The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.",Wordpress,"Folders – Unlimited Folders To Organize Media Library Folder, Pages, Posts, File Manager",5.4,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-08-06T10:59:36.262Z,0
CVE-2024-2023,https://securityvulnerability.io/vulnerability/CVE-2024-2023,Arbitrary File Upload Vulnerability in Folders and Folders Pro Plugin,"The Folders and Folders Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0 in Folders and 3.0.2 in Folders Pro via the 'handle_folders_file_upload' function. This makes it possible for authenticated attackers, with author access and above, to upload files to arbitrary locations on the server.",Wordpress,"Folders – Unlimited Folders To Organize Media Library Folder, Pages, Posts, File Manager,Folders Pro",4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-06-14T12:50:56.493Z,0
CVE-2024-3868,https://securityvulnerability.io/vulnerability/CVE-2024-3868,Stored Cross-Site Scripting Vulnerability in Folders Pro Plugin,"The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's First Name and Last Name in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Folders – Unlimited Folders To Organize Media Library Folder, Pages, Posts, File Manager",5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-04T02:31:34.852Z,0
CVE-2020-24144,https://securityvulnerability.io/vulnerability/CVE-2020-24144,,Directory traversal in the Media File Organizer (aka media-file-organizer) plugin 1.0.1 for WordPress lets an attacker get access to files that are stored outside the web root folder via the items[] parameter in a move operation.,Wordpress,Media File Organizer,8.6,HIGH,0.002420000033453107,false,,false,false,false,,false,false,2021-07-07T13:37:20.000Z,0