cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-8056,https://securityvulnerability.io/vulnerability/CVE-2024-8056,Plugin Vulnerability Leads to Reflected Cross-Site Scripting in Old Web Browsers,"The MM-Breaking News WordPress plugin prior to version 0.7.9 fails to properly escape the 'REQUEST_URI' parameter. This oversight can lead to reflected cross-site scripting (XSS) attacks, especially impacting users of older web browsers. Attackers may exploit this vulnerability by crafting malicious URLs that, when accessed, can execute harmful scripts within the context of the victim's browser, potentially leading to unauthorized access or data exposure.",Wordpress,Mm-breaking News,6.1,MEDIUM,0.0004600000102072954,false,,false,false,true,true,false,false,2024-09-12T06:00:07.211Z,0
CVE-2024-8054,https://securityvulnerability.io/vulnerability/CVE-2024-8054,Stored XSS Vulnerability in MM-Breaking News WordPress Plugin,"The MM-Breaking News WordPress plugin versions up to 0.7.9 exhibit security flaws by lacking adequate CSRF protections and failing to implement proper data sanitization and escaping. These vulnerabilities create a pathway for attackers to execute Stored XSS attacks by manipulating logged-in administrators' actions through crafted requests. This could potentially lead to unauthorized access, data theft, or the injection of harmful scripts affecting website users. Site administrators are advised to review their installation and implement necessary updates to safeguard against these threats.",Wordpress,Mm-breaking News,6.1,MEDIUM,0.0004600000102072954,false,,false,false,true,true,false,false,2024-09-12T06:00:06.875Z,0