cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-11202,https://securityvulnerability.io/vulnerability/CVE-2024-11202,WordPress Plugins Vulnerable to Reflected Cross-Site Scripting,Multiple plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the cminds_free_guide shortcode in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.,Wordpress,"Cm WordPress Search And Replace Plugin,Video Lessons Manager – WordPress Lms Plugin,Cm Tooltip Glossary,Cm Pop-up Banners For WordPress,Cm Header & Footer Script Loader – Insert Script Plugin,Name: Cm E-mail Registration Blacklist,Cm Business Directory Plugin – Business Listing Directory",6.1,MEDIUM,0.0009200000204145908,false,,false,false,false,,false,false,2024-11-26T07:31:31.790Z,0
CVE-2024-5799,https://securityvulnerability.io/vulnerability/CVE-2024-5799,Pop-Up Banners Plugin Vulnerable to Cross-Site Scripting,"The CM Pop-Up Banners for WordPress plugin before 1.7.3 does not sanitise and escape some of its popup fields, which could allow high privilege users such as Contributors to perform Cross-Site Scripting attacks.",Wordpress,Cm Pop-up Banners For WordPress,4.8,MEDIUM,0.00044999999227002263,false,,false,false,true,true,false,false,2024-09-12T06:00:02.912Z,0
CVE-2024-3602,https://securityvulnerability.io/vulnerability/CVE-2024-3602,Unauthorized Update of Plugin Settings Due to Missing Capability Check,"The Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the disconnect_promolayer function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber access or higher, to remove the Promolayer connection.",Wordpress,"Pop Ups, Exit Intent Popups, Email Popups, Banners, Bars, Countdowns And Cart Savers – Promolayer",4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-06-20T02:08:19.025Z,0
CVE-2023-4961,https://securityvulnerability.io/vulnerability/CVE-2023-4961,Stored Cross-Site Scripting in Poptin Plugin for WordPress,"The Poptin plugin for WordPress, prior to version 1.3, contains a Stored Cross-Site Scripting vulnerability due to inadequate input sanitization and output escaping of user-supplied attributes in the 'poptin-form' shortcode. This flaw allows authenticated attackers with contributor-level or higher permissions to inject arbitrary web scripts into pages. These scripts could execute whenever an unsuspecting user accesses a page containing the modified form, potentially compromising user data and site integrity.",Wordpress,"Pop ups, WordPress Exit Intent Popup, Email Pop Up, Lightbox Pop Up, Spin the Wheel, Contact Form Builder – Poptin",5.4,MEDIUM,0.0006000000284984708,false,,false,false,false,,false,false,2023-10-20T08:15:00.000Z,0
CVE-2023-3977,https://securityvulnerability.io/vulnerability/CVE-2023-3977,Cross-Site Request Forgery Vulnerability in Inisev WordPress Plugins,"Multiple Inisev plugins for WordPress are susceptible to Cross-Site Request Forgery attacks due to a missing nonce verification in the handle_installation function. This vulnerability enables unauthorized attackers to force plugin installations by tricking an admin into clicking a malicious link, thus executing forged requests. Affected plugins include Feedburner Alternative and RSS Redirect, Ultimate Social Media Icons, and several others. It is crucial for site administrators to be vigilant about potential social engineering tactics that exploit this flaw.",Wordpress,"SSL Mixed Content Fix,Duplicate Post,Social Share Icons & Social Share Buttons,Ultimate Posts Widget,Backup Migration,Pop-up,Redirection,Clone,Social Media Share Buttons & Social Sharing Icons,RSS Redirect & Feedburner Alternative,Enhanced Text Widget",4.3,MEDIUM,0.001829999964684248,false,,false,false,false,,false,false,2023-07-28T05:15:00.000Z,0
CVE-2023-0958,https://securityvulnerability.io/vulnerability/CVE-2023-0958,Unauthorized Plugin Installation in WordPress Plugins by Inisev,"Multiple WordPress plugins developed by Inisev are susceptible to a critical weakness that permits authenticated users, even those with minimal permissions, such as subscribers, to install specific plugins without proper authorization. This arises from a lack of capability verification in the function handling plugin installations, leading to potential exploitation and unauthorized control over affected sites. It is crucial for users of these plugins to take immediate action to secure their installations and prevent unwanted access.",Wordpress,"Ssl Mixed Content Fix,Duplicate Post,Social Share Icons & Social Share Buttons,Ultimate Posts Widget,Backup Migration,Pop-up,Redirection,Clone,Social Media Share Buttons & Social Sharing Icons,Rss Redirect & Feedburner Alternative,Enhanced Text Widget",4.3,MEDIUM,0.001449999981559813,false,,false,false,false,,false,false,2023-07-28T05:15:00.000Z,0
CVE-2022-41638,https://securityvulnerability.io/vulnerability/CVE-2022-41638,WordPress Pop-Up Chop Chop plugin <= 2.1.7 - Auth. Stored Cross-Site Scripting (XSS) vulnerability,Auth. Stored Cross-Site Scripting (XSS) in Pop-Up Chop Chop plugin <= 2.1.7 on WordPress.,Wordpress,Pop-up Chop Chop (WordPress Plugin),5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2022-10-21T16:15:00.000Z,0
CVE-2022-38070,https://securityvulnerability.io/vulnerability/CVE-2022-38070,WordPress Pop-up plugin <= 1.1.5 - Privilege Escalation vulnerability,Privilege Escalation (subscriber+) vulnerability in Pop-up plugin <= 1.1.5 at WordPress.,Wordpress,Pop-up (WordPress Plugin),5.4,MEDIUM,0.0009699999936856329,false,,false,false,false,,false,false,2022-09-09T15:15:00.000Z,0