cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-3810,https://securityvulnerability.io/vulnerability/CVE-2024-3810,Arbitrary File Inclusion Vulnerability in Salient Shortcodes Plugin,"The Salient Shortcodes plugin for WordPress is susceptible to a Local File Inclusion flaw affecting all versions up to and including 1.5.3. Affected users with contributor-level permissions can exploit this vulnerability via the 'icon' shortcode's 'image' attribute. This exploitation enables the inclusion and execution of arbitrary files on the server, facilitating unauthorized PHP code execution. The outcome of this vulnerability can result in bypassing access controls, leading to unauthorized access to sensitive data and potential code execution exploits, posing serious security implications for affected systems.",Wordpress,Salient Shortcodes,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-18T05:40:02.930Z,0
CVE-2024-3811,https://securityvulnerability.io/vulnerability/CVE-2024-3811,Stored Cross-Site Scripting Vulnerability in Salient Shortcodes Plugin,"The Salient Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'icon' shortcode in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Salient Shortcodes,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-18T05:40:02.452Z,0