cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12285,https://securityvulnerability.io/vulnerability/CVE-2024-12285,Reflected Cross-Site Scripting Vulnerability in SEMA API Plugin for WordPress,"The SEMA API plugin for WordPress contains a vulnerability that permits unauthenticated users to execute reflected cross-site scripting attacks. This is achieved through the 'catid' parameter, which lacks adequate input sanitization and output escaping. If attackers can manipulate users into clicking on a specific link, they can inject arbitrary web scripts that are then executed in the context of the user's session. This vulnerability underscores the importance of securing web applications through proper input handling techniques to maintain user trust and data integrity.",Wordpress,Sema Api,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,false,false,false,2025-01-09T11:10:56.456Z,0
CVE-2022-0836,https://securityvulnerability.io/vulnerability/CVE-2022-0836,SEMA API < 4.02 - Unauthenticated SQLi,"The SEMA API WordPress plugin before 4.02 does not properly sanitise and escape some parameters before using them in SQL statements via an AJAX action, leading to SQL Injections exploitable by unauthenticated users",Wordpress,Sema Api,9.8,CRITICAL,0.0036100000143051147,false,,false,false,false,,false,false,2022-05-09T16:50:37.000Z,0