cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-11851,https://securityvulnerability.io/vulnerability/CVE-2024-11851,Unauthorized Arbitrary Transient Update in NitroPack Plugin for WordPress,"The NitroPack plugin for WordPress contains a security flaw that allows authenticated attackers, with subscriber permissions or higher, to perform unauthorized arbitrary updates to transient data via the nitropack_rml_notification function. This vulnerability arises from a lack of capability checks, which exposes the system to potential risks. It should be noted that the updates can only be made to integer values, which may limit the scope of potential exploits but still poses a significant security concern for WordPress sites using this plugin.",Wordpress,"Nitropack – Caching & Speed Optimization For Core Web Vitals, Defer Css & Js, Lazy Load Images And Cdn",4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,false,false,false,2025-01-15T11:29:52.770Z,0
CVE-2024-11848,https://securityvulnerability.io/vulnerability/CVE-2024-11848,Unauthorized Data Modification in NitroPack Plugin for WordPress,"The NitroPack plugin for WordPress is exposed to a vulnerability that allows users with subscriber-level access and higher to modify data without the necessary capability checks. Specifically, the 'nitropack_dismiss_notice_forever' AJAX action is affected, enabling unauthorized changes like activating user registration or altering options that may lead to denial of service. This issue exists in all versions up to and including 1.17.0, posing a significant risk to WordPress sites utilizing this plugin.",Wordpress,"Nitropack – Caching & Speed Optimization For Core Web Vitals, Defer Css & Js, Lazy Load Images And Cdn",8.1,HIGH,0.0004600000102072954,false,,false,false,false,false,false,false,2025-01-15T11:24:35.912Z,0