cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-13234,https://securityvulnerability.io/vulnerability/CVE-2024-13234,SQL Injection in Product Table Plugin for WordPress by WBW,"The Product Table by WBW plugin for WordPress is susceptible to SQL Injection through the 'additionalCondition' parameter. This vulnerability arises from inadequate escaping of user-supplied data, along with poor preparation of the existing SQL query. Consequently, malicious actors can execute unauthorized SQL commands, potentially extracting sensitive information from the database, thereby compromising the security and integrity of affected WordPress installations.",Wordpress,Product Table By Wbw,7.5,HIGH,0.0008699999889358878,false,,false,false,false,false,false,false,2025-01-23T11:13:27.688Z,0
CVE-2024-6365,https://securityvulnerability.io/vulnerability/CVE-2024-6365,Remote Code Execution Vulnerability in Product Table plugin for WordPress,"The WBW Product Table plugin for WordPress is exposed to a Remote Code Execution vulnerability, allowing unauthorized users to execute arbitrary code on the server. This vulnerabilities stem from the 'saveCustomTitle' function, which lacks necessary authorization checks and sanitization processes for data inputs, particularly in the languages/customTitle.php file. Attackers can exploit this flaw to compromise the server's integrity, emphasizing the need for immediate updates and security measures for all installations of version 2.0.1 and prior.",Wordpress,Product Table By Wbw,9.8,CRITICAL,0.00044999999227002263,false,,false,false,false,,false,false,2024-07-09T03:33:03.786Z,0