cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-4889,https://securityvulnerability.io/vulnerability/CVE-2023-4889,Stored Cross-Site Scripting in Shareaholic Plugin for WordPress,"The Shareaholic plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping on user-supplied attributes within the 'shareaholic' shortcode. This vulnerability allows authenticated attackers with contributor-level permissions or higher to inject malicious web scripts into pages. These scripts can execute in the browsers of users who access the compromised pages, potentially leading to identity theft, session hijacking, or other malicious exploits.",Wordpress,"Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic",5.4,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2023-11-15T07:15:00.000Z,0
CVE-2022-0594,https://securityvulnerability.io/vulnerability/CVE-2022-0594,Shareaholic < 9.7.6 - Information Disclosure,"The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in v < 9.7.5) and author+ (in v9.7.5) users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc.",Wordpress,"Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic",5.3,MEDIUM,0.0013500000350177288,false,,false,false,false,,false,false,2022-07-25T12:45:37.000Z,0