cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-10832,https://securityvulnerability.io/vulnerability/CVE-2024-10832,Posti Shipping Plugin Vulnerable to Cross-Site Request Forgery,"The Posti Shipping plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.10.3. This is due to missing or incorrect nonce validation on the generate_notices_html() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",Wordpress,Posti Shipping,6.1,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-12-04T02:40:24.613Z,0
CVE-2019-20204,https://securityvulnerability.io/vulnerability/CVE-2019-20204,,"The Postie plugin 1.9.40 for WordPress allows XSS, as demonstrated by a certain payload with jaVasCript:/* at the beginning and a crafted SVG element.",Wordpress,Postie,5.4,MEDIUM,0.0033499998971819878,false,,false,false,false,,false,false,2020-01-02T14:16:00.000Z,0
CVE-2019-20203,https://securityvulnerability.io/vulnerability/CVE-2019-20203,,The Authorized Addresses feature in the Postie plugin 1.9.40 for WordPress allows remote attackers to publish posts by spoofing the From information of an email message.,Wordpress,Postie,5.3,MEDIUM,0.009270000271499157,false,,false,false,false,,false,false,2020-01-02T14:16:00.000Z,0
CVE-2012-2580,https://securityvulnerability.io/vulnerability/CVE-2012-2580,,"Cross-site scripting (XSS) vulnerability in the Postie plugin 1.4.3, and possibly before 1.5.15, for WordPress allows remote attackers to inject arbitrary web script or HTML via the From field of an email.",Wordpress,Postie,,,0.009499999694526196,false,,false,false,false,,false,false,2014-06-20T14:00:00.000Z,0