cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-1273,https://securityvulnerability.io/vulnerability/CVE-2023-1273,ND Shortcodes < 7.0 - Subscriber+ LFI,"The ND Shortcodes plugin for WordPress, specifically in versions prior to 7.0, contains a vulnerability where it fails to validate certain shortcode attributes. This oversight allows any authenticated user, including those with minimal permissions such as subscribers, to exploit the functionality within the plugin to perform Local File Inclusion attacks. By manipulating input values to generate file paths, attackers can gain access to sensitive files on the server, potentially compromising the security of the entire WordPress installation.",Wordpress,Nd Shortcodes,8.8,HIGH,0.0009500000160187483,false,,false,false,false,,false,false,2023-07-04T08:15:00.000Z,0
CVE-2022-4623,https://securityvulnerability.io/vulnerability/CVE-2022-4623,ND Shortcodes < 7.0 - Contributor+ Stored XSS via Shortcodes,"The ND Shortcodes WordPress plugin before 7.0 does not validate and escape numerous of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks",Wordpress,Nd Shortcodes,5.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,false,false,2023-07-04T07:23:28.054Z,0