cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2024-6688,https://securityvulnerability.io/vulnerability/CVE-2024-6688,Unauthorized modification of data in Oxygen Builder plugin,"The Oxygen Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the oxy_save_css_from_admin AJAX action in all versions up to, and including, 4.8.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update stylesheets.",Wordpress,Oxygen Builder,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-08-27T04:29:17.960Z,0 CVE-2024-4662,https://securityvulnerability.io/vulnerability/CVE-2024-4662,Oxygen Builder Plugin Vulnerable to Remote Code Execution,"The Oxygen Builder plugin for WordPress is susceptible to exploitation due to a vulnerability that allows for Remote Code Execution. This issue affects all versions up to and including 4.8.2 and arises from the manner in which the plugin handles custom data storage in post metadata, specifically the absence of an underscore prefix. This flaw enables lower privileged users, such as contributors, to inject arbitrary PHP code through the WordPress user interface, thereby potentially elevating their privileges and compromising the site’s security.",Wordpress,Oxygen Builder,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-23T04:30:54.393Z,0 CVE-2023-6938,https://securityvulnerability.io/vulnerability/CVE-2023-6938,Stored Cross-Site Scripting in Oxygen Builder Plugin for WordPress,"The Oxygen Builder plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping mechanisms. This vulnerability allows authenticated attackers with contributor-level access and above to inject arbitrary scripts into pages. When these pages are accessed by other users, the injected scripts execute, potentially leading to data theft or session hijacking. Version 4.8.1 addresses this issue by introducing an optional filter designed to enhance output escaping for dynamic data.",Wordpress,Oxygen Builder,5.4,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2024-01-11T14:32:23.606Z,0