cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-0268,https://securityvulnerability.io/vulnerability/CVE-2023-0268,Mega Addons For WPBakery Page Builder < 4.3.0 - Contributor+ Stored XSS,"The Mega Addons For WPBakery Page Builder WordPress plugin before 4.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.",Wordpress,Mega Addons For WPbakery Page Builder,5.4,MEDIUM,0.000539999979082495,false,,false,false,true,true,false,false,2023-05-08T14:15:00.000Z,0
CVE-2022-4501,https://securityvulnerability.io/vulnerability/CVE-2022-4501,Authorization Bypass in Mega Addons Plugin for WordPress,"The Mega Addons plugin for WordPress has a vulnerability that allows authenticated users, including those with subscriber-level permissions, to bypass authorization checks. This occurs due to a missing capability verification in the vc_saving_data function, present in versions up to 4.2.7. By exploiting this flaw, attackers can modify critical plugin settings, potentially leading to unauthorized alterations of the site's configuration and functionality.",Wordpress,Mega Addons For WPbakery Page Builder,7.1,HIGH,0.0005000000237487257,false,,false,false,false,,false,false,2022-12-14T20:38:45.281Z,0
CVE-2022-36798,https://securityvulnerability.io/vulnerability/CVE-2022-36798,WordPress Mega Addons For WPBakery Page Builder plugin <= 4.2.7 - Cross-Site Request Forgery (CSRF) vulnerability,Cross-Site Request Forgery (CSRF) vulnerability in Topdigitaltrends Mega Addons For WPBakery Page Builder plugin <= 4.2.7 at WordPress.,Wordpress,Mega Addons For WPbakery Page Builder (WordPress Plugin),5.4,MEDIUM,0.0010100000072270632,false,,false,false,false,,false,false,2022-09-23T14:15:00.000Z,0