cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-8199,https://securityvulnerability.io/vulnerability/CVE-2024-8199,Unauthorized Modification of Data Passwords in The Reviews Feed Plugin,"The Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress contains a security flaw that allows authorized users with Subscriber-level access or higher to modify sensitive data. This vulnerability arises due to a missing capability check within the 'update_api_key' function, potentially enabling attackers to change API Key options without proper authorization. All versions up to and including 1.1.2 are impacted, highlighting the need for prompt action to secure affected installations.",Wordpress,"Reviews Feed – Add Testimonials And Customer Reviews From Google Reviews, Yelp, Tripadvisor, And More",4.3,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-08-27T15:32:32.328Z,0
CVE-2024-8200,https://securityvulnerability.io/vulnerability/CVE-2024-8200,Cross-Site Request Forgery Vulnerability in The Reviews Feed Plugin,"The Reviews Feed plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF) attacks, affecting all versions up to and including 1.1.2. This vulnerability arises from improper nonce validation within the 'update_api_key' function. As a result, attackers can exploit this weakness to send forged requests that update an API key without authentication. If a site administrator is tricked into performing an action, such as clicking a malicious link, an attacker can gain unauthorized control over API configurations, potentially leading to further security breaches.",Wordpress,"Reviews Feed – Add Testimonials And Customer Reviews From Google Reviews, Yelp, Tripadvisor, And More",4.3,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-08-27T15:32:31.676Z,0