cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-2090,https://securityvulnerability.io/vulnerability/CVE-2024-2090,Arbitrary Requests Possible through Remote Content Shortcode Vulnerability,"The Remote Content Shortcode plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5 via the remote_content shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.",Wordpress,Remote Content Shortcode,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-08-01T04:29:43.930Z,0
CVE-2024-2089,https://securityvulnerability.io/vulnerability/CVE-2024-2089,Stored Cross-Site Scripting Vulnerability in Remote Content Shortcode Plugin Affects WordPress Pages,"The Remote Content Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'remote_content' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Remote Content Shortcode,5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-30T08:30:12.980Z,0