cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-4045,https://securityvulnerability.io/vulnerability/CVE-2024-4045,Stored Cross-Site Scripting Vulnerability in OptinMonster's Popup Builder,"The Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘campaign_id’ parameter in versions up to, and including, 2.16.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Popup Builder By Optinmonster – WordPress Popups For Optins, Email Newsletters And Lead Generation",6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-25T05:36:43.663Z,0
CVE-2023-0772,https://securityvulnerability.io/vulnerability/CVE-2023-0772,Popup Builder by OptinMonster < 2.12.2 - Subscriber+ Arbitrary Post Content Disclosure,"The Popup Builder by OptinMonster WordPress plugin before 2.12.2 does not ensure that the campaign to be loaded via some shortcodes is actually a campaign, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, like draft, private or even password protected ones.",Wordpress,Popup Builder by OptinMonster,6.5,MEDIUM,0.0008500000112690032,false,,false,false,false,,false,false,2023-03-13T17:15:00.000Z,0