cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-7317,https://securityvulnerability.io/vulnerability/CVE-2024-7317,Stored Cross-Site Scripting Vulnerability in Folder Plugin,"The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.",Wordpress,"Folders – Unlimited Folders To Organize Media Library Folder, Pages, Posts, File Manager",5.4,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-08-06T10:59:36.262Z,0
CVE-2024-2023,https://securityvulnerability.io/vulnerability/CVE-2024-2023,Arbitrary File Upload Vulnerability in Folders and Folders Pro Plugin,"The Folders and Folders Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0 in Folders and 3.0.2 in Folders Pro via the 'handle_folders_file_upload' function. This makes it possible for authenticated attackers, with author access and above, to upload files to arbitrary locations on the server.",Wordpress,"Folders – Unlimited Folders To Organize Media Library Folder, Pages, Posts, File Manager,Folders Pro",4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-06-14T12:50:56.493Z,0
CVE-2024-3868,https://securityvulnerability.io/vulnerability/CVE-2024-3868,Stored Cross-Site Scripting Vulnerability in Folders Pro Plugin,"The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's First Name and Last Name in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Folders – Unlimited Folders To Organize Media Library Folder, Pages, Posts, File Manager",5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-04T02:31:34.852Z,0
CVE-2021-24890,https://securityvulnerability.io/vulnerability/CVE-2021-24890,Scripts Organizer < 3.0 - Unauthenticated Arbitrary File Upload,"The Scripts Organizer WordPress plugin before 3.0 does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does not validate user input in any way, which could allow unauthenticated users to put arbitrary PHP code in a file",Wordpress,Scripts-organizer,8.8,HIGH,0.001560000004246831,false,,false,false,false,,false,false,2022-09-26T12:35:29.000Z,0
CVE-2022-30998,https://securityvulnerability.io/vulnerability/CVE-2022-30998,WordPress Homepage Product Organizer for WooCommerce plugin <= 1.1 - Multiple Authenticated SQL Injection (SQLi) vulnerabilities,Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in WooPlugins.co's Homepage Product Organizer for WooCommerce plugin <= 1.1 at WordPress.,Wordpress,Homepage Product Organizer For WooCommerce (WordPress Plugin),9.1,CRITICAL,0.0009500000160187483,false,,false,false,false,,false,false,2022-07-22T17:15:00.000Z,0
CVE-2020-24144,https://securityvulnerability.io/vulnerability/CVE-2020-24144,,Directory traversal in the Media File Organizer (aka media-file-organizer) plugin 1.0.1 for WordPress lets an attacker get access to files that are stored outside the web root folder via the items[] parameter in a move operation.,Wordpress,Media File Organizer,8.6,HIGH,0.002420000033453107,false,,false,false,false,,false,false,2021-07-07T13:37:20.000Z,0
CVE-2019-9908,https://securityvulnerability.io/vulnerability/CVE-2019-9908,,The font-organizer plugin 2.1.1 for WordPress has wp-admin/options-general.php manage_font_id XSS.,Wordpress,Font Organizer,6.1,MEDIUM,0.0020600000862032175,false,,false,false,false,,false,false,2019-03-22T00:29:00.000Z,0
CVE-2012-6512,https://securityvulnerability.io/vulnerability/CVE-2012-6512,,"The Organizer plugin 1.2.1 for WordPress allows remote attackers to obtain the installation path via unspecified vectors to (1) plugin_hook.php, (2) page/index.php, (3) page/dir.php (4) page/options.php, (5) page/resize.php, (6) page/upload.php, (7) page/users.php, or (8) page/view.php.",Wordpress,Organizer,,,0.0022299999836832285,false,,false,false,false,,false,false,2013-01-24T01:00:00.000Z,0
CVE-2012-6511,https://securityvulnerability.io/vulnerability/CVE-2012-6511,,"Multiple cross-site scripting (XSS) vulnerabilities in organizer/page/users.php in the Organizer plugin 1.2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) delete_id parameter or (2) extension parameter in an ""Update Setting"" action to wp-admin/admin.php.",Wordpress,Organizer,,,0.0027600000612437725,false,,false,false,false,,false,false,2013-01-24T01:00:00.000Z,0