cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-1568,https://securityvulnerability.io/vulnerability/CVE-2024-1568,Arbitrary Location Query Vulnerability in Seraphinite Accelerator Plugin for WordPress,"The Seraphinite Accelerator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.20.52 via the OnAdminApi_HtmlCheck function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.",Wordpress,Seraphinite Accelerator,6.4,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2024-02-28T06:46:47.074Z,0
CVE-2023-5611,https://securityvulnerability.io/vulnerability/CVE-2023-5611,Seraphinite Accelerator < 2.20.32 - Unauthorised Settings Reset/Import,"The Seraphinite Accelerator WordPress plugin before 2.20.32 does not have authorisation and CSRF checks when resetting and importing its settings, allowing unauthenticated users to reset them",Wordpress,Seraphinite Accelerator,5.3,MEDIUM,0.0011500000255182385,false,,false,false,true,true,false,false,2023-11-27T17:15:00.000Z,0
CVE-2023-5609,https://securityvulnerability.io/vulnerability/CVE-2023-5609,Seraphinite Accelerator < 2.20.29 - Reflected XSS,"The Seraphinite Accelerator WordPress plugin before 2.2.29 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin",Wordpress,Seraphinite Accelerator,6.1,MEDIUM,0.0006600000197067857,false,,false,false,false,,false,false,2023-11-20T19:15:00.000Z,0
CVE-2023-5610,https://securityvulnerability.io/vulnerability/CVE-2023-5610,Seraphinite Accelerator < 2.20.29 - Authenticated Arbitrary Redirect,"The Seraphinite Accelerator WordPress plugin before 2.2.29 does not validate the URL to redirect any authenticated user to, leading to an arbitrary redirect",Wordpress,Seraphinite Accelerator,5.4,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2023-11-20T19:15:00.000Z,0