cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-2457,https://securityvulnerability.io/vulnerability/CVE-2024-2457,Stored Cross-Site Scripting in Modal Window Plugin for WordPress,"The Modal Window plugin for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability due to inadequate input sanitization and output escaping in its shortcode implementation. This flaw allows authenticated attackers with contributor-level permissions or higher to inject malicious web scripts into pages. These scripts execute whenever users access the compromised pages, potentially leading to unauthorized access and other security risks.",Wordpress,Modal Window – Create Popup Modal Window,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-09T18:58:57.293Z,0
CVE-2023-5161,https://securityvulnerability.io/vulnerability/CVE-2023-5161,Stored Cross-Site Scripting Vulnerability in Modal Window Plugin for WordPress,"The Modal Window plugin for WordPress has a vulnerability that allows authenticated users, specifically those with contributor-level permissions and above, to conduct Stored Cross-Site Scripting attacks. This occurs due to inadequate input sanitization and output escaping of user-supplied attributes in shortcodes. When exploited, it enables attackers to inject arbitrary JavaScript code into web pages. This malicious script executes when users visit the compromised pages, posing risks such as data theft, session hijacking, and other forms of exploitation.",Wordpress,Modal Window – create popup modal window,5.4,MEDIUM,0.0007099999929778278,false,,false,false,false,,false,false,2023-09-27T15:19:00.000Z,0
CVE-2021-25051,https://securityvulnerability.io/vulnerability/CVE-2021-25051,Modal Window < 5.2.2 - RFI leading to RCE via CSRF,"The Modal Window WordPress plugin before 5.2.2 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE.",Wordpress,Modal Window – Create Popup Modal Window,8.8,HIGH,0.0018599999602884054,false,,false,false,false,,false,false,2022-01-10T15:30:35.000Z,0