cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12073,https://securityvulnerability.io/vulnerability/CVE-2024-12073,Stored Cross-Site Scripting in Meteor Slides Plugin for WordPress,"The Meteor Slides plugin for WordPress is susceptible to Stored Cross-Site Scripting (XSS) due to inadequate input sanitization and output escaping. This vulnerability allows authenticated attackers with a Contributor-level role or higher to inject malicious scripts through the 'slide_url_value' parameter. When a user accesses the compromised page, the injected script executes, potentially leading to session hijacking, data theft, or other malicious activities. Users of Meteor Slides versions up to and including 1.5.7 are strongly advised to update to the latest version to mitigate this vulnerability.",Wordpress,Meteor Slides,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,false,false,false,2025-01-07T05:23:57.939Z,0
CVE-2022-4486,https://securityvulnerability.io/vulnerability/CVE-2022-4486,Meteor Slides < 1.5.7 - Contributor+ Stored XSS,"The Meteor Slides WordPress plugin before 1.5.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.",Wordpress,Meteor Slides,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2023-01-16T15:37:42.618Z,0