cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-11777,https://securityvulnerability.io/vulnerability/CVE-2024-11777,Stored Cross-Site Scripting Vulnerability in Sell Media Plugin for WordPress,"The Sell Media plugin for WordPress allows for Stored Cross-Site Scripting due to inadequate sanitization and escaping of user-supplied input in the 'sell_media_search_form_gutenberg' shortcode. This vulnerability can be exploited by authenticated users with contributor-level access or higher, enabling them to inject malicious web scripts into pages. These scripts are executed when other users access compromised content, potentially compromising user data and site integrity.",Wordpress,Sell Media,6.4,MEDIUM,0.0005300000193528831,false,,false,false,false,false,false,false,2025-01-07T03:21:57.148Z,0
CVE-2021-4420,https://securityvulnerability.io/vulnerability/CVE-2021-4420,Cross-Site Request Forgery in Sell Media Plugin for WordPress,"The Sell Media plugin for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability that affects versions up to and including 2.5.5. The issue arises from inadequate nonce validation within the sell_media_process() function, allowing unauthenticated attackers to execute unauthorized actions. By deceiving a site administrator into clicking a malicious link, attackers can forge requests to process media PayPal orders, potentially compromising the site’s integrity and security.",Wordpress,Sell Media,4.3,MEDIUM,0.00046999999904073775,false,,false,false,false,,false,false,2023-07-12T06:52:33.825Z,0
CVE-2019-6112,https://securityvulnerability.io/vulnerability/CVE-2019-6112,,A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field).,Wordpress,Sell Media,6.1,MEDIUM,0.006630000192672014,false,,false,false,false,,false,false,2020-08-14T13:42:24.000Z,0