cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-0081,https://securityvulnerability.io/vulnerability/CVE-2023-0081,MonsterInsights < 8.12.1 - Contributor+ Stored XSS,"The MonsterInsights WordPress plugin before 8.12.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.",Wordpress,Monsterinsights,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2023-02-06T20:15:00.000Z,0
CVE-2022-3904,https://securityvulnerability.io/vulnerability/CVE-2022-3904,MonsterInsights < 8.9.1 - Stored Cross-Site Scripting via Google Analytics,"The MonsterInsights WordPress plugin before 8.9.1 does not sanitize or escape page titles in the top posts/pages section, allowing an unauthenticated attacker to inject arbitrary web scripts into the titles by spoofing requests to google analytics.",Wordpress,Monsterinsights,6.1,MEDIUM,0.0009399999980814755,false,,false,false,true,true,false,false,2023-01-16T15:37:44.169Z,0