cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-13367,https://securityvulnerability.io/vulnerability/CVE-2024-13367,Unauthorized Access Vulnerability in Sandbox Plugin for WordPress,"The Sandbox plugin for WordPress is susceptible to unauthorized access due to a flaw in the capability check for the export_download action. This vulnerability exists in all versions up to and including 0.4, allowing authenticated attackers with Subscriber-level access or above to download a complete copy of a sandbox environment. This breach can potentially expose sensitive information, including the wp-config.php file, posing significant security risks.",Wordpress,Sandbox,6.5,MEDIUM,0.0004900000058114529,false,,false,false,false,false,false,false,2025-01-17T07:01:27.847Z,0
CVE-2024-13366,https://securityvulnerability.io/vulnerability/CVE-2024-13366,Reflected Cross-Site Scripting Vulnerability in Sandbox Plugin for WordPress,"The Sandbox plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping on the 'debug' parameter. This flaw affects all versions up to and including 0.4, allowing unauthenticated attackers to execute arbitrary web scripts if they manage to coax a user into clicking a malicious link. Proper user education and prompt updates are essential to mitigate this risk.",Wordpress,Sandbox,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,false,false,false,2025-01-17T07:01:27.064Z,0