cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-36428,https://securityvulnerability.io/vulnerability/CVE-2022-36428,WordPress Rock Convert plugin <= 2.11.0 - Auth. Cross-Site Scripting (XSS) vulnerability,Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Stage Rock Convert plugin <= 2.11.0 on WordPress.,Wordpress,Rock Convert (WordPress Plugin),4.8,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2022-11-03T20:15:00.000Z,0
CVE-2022-3440,https://securityvulnerability.io/vulnerability/CVE-2022-3440,Rock Convert < 2.6.0 - Reflected Cross-Site Scripting,"The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape an URL before outputting it back in an attribute when a specific widget is present on a page, leading to a Reflected Cross-Site Scripting",Wordpress,Rock Convert,6.1,MEDIUM,0.0007600000244565308,false,,false,false,false,,false,false,2022-10-31T00:00:00.000Z,0
CVE-2022-3441,https://securityvulnerability.io/vulnerability/CVE-2022-3441,Rock Convert < 2.11.0 - Admin+ Stored Cross-Site Scripting,"The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)",Wordpress,Rock Convert,4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2022-10-31T00:00:00.000Z,0