cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-2406,https://securityvulnerability.io/vulnerability/CVE-2023-2406,Stored Cross-Site Scripting Vulnerability in Event Registration Calendar and Online Payments Plugins by vcita,"The Event Registration Calendar by vcita plugin and the Online Payments plugin for WordPress are susceptible to stored Cross-Site Scripting (XSS) vulnerabilities due to inadequate input sanitization and output escaping in the 'email' parameter. Authenticated attackers with the capability to edit posts can exploit this vulnerability to inject arbitrary web scripts. These scripts will execute whenever a user accesses an affected page, leading to potential unauthorized actions or data disclosure. Users are strongly urged to upgrade to secure versions to mitigate this risk.",Wordpress,"Event Registration Calendar By vcita,Online Payments – Get Paid with PayPal, Square & Stripe",5.4,MEDIUM,0.004449999891221523,false,,false,false,false,,false,false,2023-06-03T05:15:00.000Z,0
CVE-2023-2407,https://securityvulnerability.io/vulnerability/CVE-2023-2407,Cross-Site Request Forgery in Event Registration Calendar Plugin by vcita for WordPress,"The Event Registration Calendar and Online Payments plugins by vcita for WordPress are susceptible to Cross-Site Request Forgery (CSRF) due to inadequate nonce validation in the ls_parse_vcita_callback() function. This vulnerability allows unauthenticated attackers to alter plugin settings and potentially inject malicious JavaScript through deceptive requests if they manage to coerce an administrator into executing a specific action, such as clicking a rogue link.",Wordpress,"Event Registration Calendar By vcita,Online Payments – Get Paid with PayPal, Square & Stripe",6.5,MEDIUM,0.0020699999295175076,false,,false,false,false,,false,false,2023-06-03T05:15:00.000Z,0