cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2025-24659,https://securityvulnerability.io/vulnerability/CVE-2025-24659,SQL Injection Vulnerability in WordPress Download Manager Premium Packages,"A vulnerability exists in the WordPress Download Manager Premium Packages that allows for Blind SQL Injection due to improper neutralization of special elements in SQL commands. This flaw impacts versions from n/a through 5.9.6, enabling attackers to execute unauthorized SQL queries leading to potential data breaches and manipulation.",Wordpress,Premium Packages,7.6,HIGH,0.0004299999854993075,false,,false,false,false,false,false,false,2025-01-24T17:24:44.883Z,0
CVE-2024-11225,https://securityvulnerability.io/vulnerability/CVE-2024-11225,Premium Packages Vulnerable to Reflected Cross-Site Scripting,"The Premium Packages – Sell Digital Products Securely plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.9.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",Wordpress,Premium Packages – Sell Digital Products Securely,6.1,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-11-22T05:33:42.053Z,0
CVE-2024-10164,https://securityvulnerability.io/vulnerability/CVE-2024-10164,Stored Cross-Site Scripting Vulnerability in Premium Packages,"The Premium Packages – Sell Digital Products Securely plugin for WordPress is exposed to Stored Cross-Site Scripting vulnerabilities via the wpdmpp_pay_link shortcode. This issue stems from inadequate input sanitization and output escaping associated with user-supplied attributes. Authenticated attackers with contributor-level access or higher can exploit this vulnerability by injecting arbitrary web scripts into pages, leading to execution whenever a user visits an affected page. This vulnerability presents significant risks to user data and application integrity.",Wordpress,Premium Packages – Sell Digital Products Securely,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-11-21T02:06:21.099Z,0
CVE-2023-4293,https://securityvulnerability.io/vulnerability/CVE-2023-4293,Privilege Escalation Vulnerability in Premium Packages Plugin by WordPress,"The Premium Packages - Sell Digital Products Securely plugin for WordPress is susceptible to a privilege escalation issue. This vulnerability arises from insufficient checks within the 'wpdmpp_update_profile' function. Authenticated users, even those with minimal permissions like subscribers, can exploit this vulnerability to alter their own user roles by sending a manipulated 'profile[role]' parameter during a profile update process. This could allow unauthorized elevation of privileges, leading to significant risks for the website.",Wordpress,Premium Packages – Sell Digital Products Securely,6.5,MEDIUM,0.0009200000204145908,false,,false,false,false,,false,false,2023-08-12T08:15:00.000Z,0