cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-3609,https://securityvulnerability.io/vulnerability/CVE-2024-3609,ReviewX – Multi-criteria Rating & Reviews for WooCommerce <= 1.6.27 - Missing Authorization,"The ReviewX – Multi-criteria Rating & Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the reviewx_remove_guest_image function in all versions up to, and including, 1.6.27. This makes it possible for authenticated attackers, with subscriber access and above, to delete attachments.",Wordpress,Reviewx – Multi-criteria Rating & Reviews For WooCommerce,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-16T20:31:04.842Z,0
CVE-2023-2833,https://securityvulnerability.io/vulnerability/CVE-2023-2833,Privilege Escalation in ReviewX Plugin for WordPress,"The ReviewX plugin for WordPress contains a vulnerability that allows authenticated users with minimal permissions, such as subscribers, to escalate their privileges. This occurs due to insufficient restrictions placed on the 'rx_set_screen_options' function. Attackers can exploit this flaw by manipulating parameters during a screen option update, potentially enabling them to alter their user role. It's crucial for site administrators to update to a patched version to mitigate this vulnerability.",Wordpress,Reviewx – Multi-criteria Rating & Reviews For WooCommerce,8.8,HIGH,0.007780000101774931,false,,false,false,true,true,false,false,2023-06-06T10:15:00.000Z,0