cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-7648,https://securityvulnerability.io/vulnerability/CVE-2024-7648,Sensitive Information Exposure Vulnerability in Opal Membership,"The Opal Membership plugin for WordPress is susceptible to a vulnerability that permits authenticated users, with subscriber-level access and higher, to gain unauthorized visibility into private notes associated with payments. This occurs due to the interaction with WordPress comments, which are not sufficiently restricted to administrators, thereby exposing sensitive information that should remain confidential. As a result, attackers can exploit this flaw to access data intended only for administrators, raising significant security concerns for website owners and users.",Wordpress,Opal Membership,4.3,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-08-12T13:38:00.000Z,0
CVE-2024-7649,https://securityvulnerability.io/vulnerability/CVE-2024-7649,Opal Membership Plugin Vulnerable to Stored Cross-Site Scripting,"The Opal Membership plugin for WordPress is vulnerable to stored cross-site scripting (XSS) attacks due to inadequate input sanitization and output escaping in its checkout form fields. This flaw allows unauthenticated attackers to inject malicious web scripts, potentially leading to unauthorized actions within the user's browser whenever they visit an affected page. The vulnerability affects all plugin versions up to and including 1.2.4, making it imperative for users to update to a secure version to mitigate risks associated with XSS attacks.",Wordpress,Opal Membership,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2024-08-12T13:38:00.000Z,0