cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-10891,https://securityvulnerability.io/vulnerability/CVE-2024-10891,Stored Cross-Site Scripting Vulnerability in Save as PDF Plugin,"The Save as PDF Plugin by Pdfcrowd for WordPress contains a vulnerability that allows for Stored Cross-Site Scripting (XSS) through the 'save_as_pdf_pdfcrowd' shortcode. This issue arises from the plugin's failure to properly sanitize user-supplied input and escape output, which affects all versions up to and including 4.2.1. Authenticated attackers with contributor-level access or higher can exploit this vulnerability to inject arbitrary web scripts into pages. These scripts will execute when users access the compromised pages, potentially leading to session hijacking, defacement, or the installation of malicious content. It is crucial for website administrators using this plugin to apply appropriate security measures and updates to mitigate the risk of exploitation.",Wordpress,Save As PDF Plugin By PDFcrowd,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-11-20T09:31:54.364Z,0
CVE-2023-5971,https://securityvulnerability.io/vulnerability/CVE-2023-5971,Pdfcrowd Save as PDF Plugin Vulnerability Could Lead to Stored Cross-Site Scripting Attacks,"The Save as PDF Plugin by Pdfcrowd WordPress plugin before 3.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)",Wordpress,Save As PDF Plugin By PDFcrowd,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-05-14T14:31:00.000Z,0