cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-10857,https://securityvulnerability.io/vulnerability/CVE-2024-10857,WooCommerce Plugin Vulnerable to Directory Traversal,"The Product Input Fields for WooCommerce plugin for WordPress has a directory traversal vulnerability in the handle_downloads() function. This flaw arises from inadequate file path validation and sanitization. Authenticated attackers with Contributor-level access or higher can exploit this vulnerability to access arbitrary files on the server, potentially exposing sensitive data. This risk emphasizes the importance of securing file handling processes within WordPress plugins to protect user data and maintain the integrity of the web application.",Wordpress,Product Input Fields For WooCommerce,6.5,MEDIUM,0.0004900000058114529,false,,false,false,false,,false,false,2024-11-26T06:43:45.413Z,0
CVE-2020-36696,https://securityvulnerability.io/vulnerability/CVE-2020-36696,Authorization Bypass in Product Input Fields for WooCommerce Plugin,"The Product Input Fields for WooCommerce plugin for WordPress contains an authorization bypass vulnerability due to a missing capability check in the handle_downloads() function. Attackers with no authentication can exploit this flaw to download files from the affected service, potentially exposing sensitive data or resources.",Wordpress,Product Input Fields For WooCommerce,7.5,HIGH,0.0020200000144541264,false,,false,false,false,,false,false,2023-06-07T01:51:09.704Z,0