cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-12585,https://securityvulnerability.io/vulnerability/CVE-2024-12585,Reflected Cross-Site Scripting Vulnerability in Property Hive WordPress Plugin,"The Property Hive plugin for WordPress, prior to version 2.1.1, contains a vulnerability where a parameter is not adequately sanitized and escaped before being rendered on the web page. This oversight enables attackers to conduct Reflected Cross-Site Scripting (XSS) attacks, potentially compromising high privilege user accounts, including administrator accounts. Attackers can exploit this vulnerability to execute arbitrary scripts in the context of the affected user's session, leading to unauthorized actions and data exposure.",Wordpress,Property Hive,,,0.0004299999854993075,false,,false,false,true,2025-01-08T06:00:14.000Z,true,false,false,,2025-01-08T06:00:14.363Z,0
CVE-2024-12465,https://securityvulnerability.io/vulnerability/CVE-2024-12465,Stored Cross-Site Scripting Vulnerability in Property Hive Stamp Duty Calculator plugin,"The Property Hive Stamp Duty Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stamp_duty_calculator_scotland' shortcode in all versions up to, and including, 1.0.22 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Property Hive Stamp Duty Calculator,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-12-13T08:24:52.444Z,0
CVE-2024-11940,https://securityvulnerability.io/vulnerability/CVE-2024-11940,Mortgage Calculator Plugin Vulnerable to Stored Cross-Site Scripting,"The Property Hive Mortgage Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘price’ parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Property Hive Mortgage Calculator,6.4,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2024-12-10T08:23:39.768Z,0