cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-13584,https://securityvulnerability.io/vulnerability/CVE-2024-13584,Stored Cross-Site Scripting in Picture Gallery Plugin for WordPress,"The Picture Gallery – Frontend Image Uploads, AJAX Photo List plugin for WordPress suffers from a Stored Cross-Site Scripting vulnerability due to inadequate input sanitization and output escaping associated with the 'videowhisper_pictures' shortcode. This vulnerability enables authenticated attackers, specifically those with contributor-level access or higher, to inject arbitrary scripts into web pages. These scripts can execute whenever users view the compromised pages, posing significant risks to user data and site integrity.",Wordpress,"Picture Gallery – Frontend Image Uploads, Ajax Photo List",5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,false,false,false,2025-01-22T03:21:31.223Z,0
CVE-2024-12696,https://securityvulnerability.io/vulnerability/CVE-2024-12696,Stored Cross-Site Scripting in Picture Gallery Plugin for WordPress,"The Picture Gallery – Frontend Image Uploads, AJAX Photo List plugin for WordPress presents a vulnerability that allows authenticated attackers with contributor-level access or higher to exploit the videowhisper_picture_upload_guest shortcode. This vulnerability arises from inadequate input sanitization and output escaping of user-supplied attributes, leading to stored Cross-Site Scripting. When a user accesses a compromised page, arbitrary web scripts can execute, posing a significant risk to site security and user safety.",Wordpress,"Picture Gallery – Frontend Image Uploads, Ajax Photo List",6.4,MEDIUM,0.0005300000193528831,false,,false,false,false,false,false,false,2025-01-18T07:05:10.013Z,0