cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-43235,https://securityvulnerability.io/vulnerability/CVE-2024-43235,WordPress Meta Box plugin <= 5.9.10 - Broken Access Control vulnerability,"A vulnerability exists in the MetaBox.Io Meta Box – WordPress Custom Fields Framework due to missing authorization mechanisms. This flaw allows unauthorized access by exploiting incorrectly configured access control security levels, potentially enabling malicious actors to interact with functionalities that should require higher levels of permissions. The vulnerability affects all versions from n/a through 5.9.10, raising concerns for site administrators regarding the risks posed to sensitive data and user interactions. Users are advised to assess their current configurations and apply necessary updates to mitigate potential exploitation.",Wordpress,Meta Box – WordPress Custom Fields Framework,7.1,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-11-01T14:17:36.843Z,0
CVE-2023-6526,https://securityvulnerability.io/vulnerability/CVE-2023-6526,Stored Cross-Site Scripting Vulnerability in Meta Box Plugin for WordPress,"The Meta Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping related to custom post meta values. This flaw affects all versions up to and including 5.9.2, allowing authenticated attackers with contributor-level access or higher to inject malicious web scripts. Such scripts are executed whenever a user accesses an affected page, potentially compromising user data and security.",Wordpress,Meta Box – WordPress Custom Fields Framework,6.4,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2024-02-05T21:21:37.891Z,0