cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-3051,https://securityvulnerability.io/vulnerability/CVE-2023-3051,Stored Cross-Site Scripting in Page Builder by AZEXO Plugin for WordPress,"The Page Builder by AZEXO plugin for WordPress is affected by a vulnerability that allows contributor-level attackers to exploit the 'azh_post' shortcode. Due to insufficient input sanitization and output escaping measures, attackers can inject arbitrary web scripts into pages. These scripts execute whenever a user accesses the compromised page, potentially leading to unauthorized actions or data exposure.",Wordpress,Page Builder with Image Map by AZEXO,5.4,MEDIUM,0.0007800000021234155,false,,false,false,false,,false,false,2023-06-03T00:15:00.000Z,0
CVE-2023-3052,https://securityvulnerability.io/vulnerability/CVE-2023-3052,Cross-Site Request Forgery Vulnerability in Page Builder by AZEXO for WordPress,"The Page Builder by AZEXO plugin for WordPress is susceptible to a Cross-Site Request Forgery attack in all versions up to 1.27.133. This vulnerability arises from insufficient nonce validation in its functions, specifically 'azh_add_post', 'azh_duplicate_post', 'azh_update_post', and 'azh_remove_post'. Attackers can exploit this weakness to craft fraudulent requests, potentially tricking site administrators into executing actions that can alter, create, or delete posts without their consent.",Wordpress,Page Builder with Image Map by AZEXO,8.8,HIGH,0.0035099999513477087,false,,false,false,false,,false,false,2023-06-03T00:15:00.000Z,0
CVE-2023-3053,https://securityvulnerability.io/vulnerability/CVE-2023-3053,Unauthorized Data Modification in Page Builder by AZEXO for WordPress,"The Page Builder by AZEXO plugin for WordPress contains a flaw that allows authenticated attackers to exploit a missing capability check within the 'azh_add_post' function. This vulnerability permits attackers to create posts with any post type and post status, leading to potential unauthorized data manipulation within the WordPress environment. This issue exists in versions up to and including 1.27.133, making it essential for users to update their plugins to mitigate such risks. For further details and technical references, you can explore the provided links.",Wordpress,Page Builder with Image Map by AZEXO,4.3,MEDIUM,0.0007800000021234155,false,,false,false,false,,false,false,2023-06-03T00:15:00.000Z,0
CVE-2023-3055,https://securityvulnerability.io/vulnerability/CVE-2023-3055,Cross-Site Request Forgery in Page Builder by AZEXO for WordPress,"The Page Builder by AZEXO plugin for WordPress is susceptible to a Cross-Site Request Forgery vulnerability due to improper nonce validation in its 'azh_save' function. This flaw may allow unauthenticated attackers to manipulate post content and potentially inject harmful JavaScript into the site through a forged request. An attacker must trick a site administrator into executing malicious actions, such as clicking a compromised link, to exploit this vulnerability effectively.",Wordpress,Page Builder with Image Map by AZEXO,4.3,MEDIUM,0.0007800000021234155,false,,false,false,false,,false,false,2023-06-03T00:15:00.000Z,0