cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-9619,https://securityvulnerability.io/vulnerability/CVE-2024-9619,Stored Cross-Site Scripting Vulnerability in WP SHAPES Plugin for WordPress,"The WP SHAPES plugin for WordPress is susceptible to a stored cross-site scripting (XSS) vulnerability due to inadequate input sanitization and output escaping. This vulnerability affects all versions up to and including 1.0.0, enabling authenticated attackers with Author-level access and higher to exploit the flaw by uploading SVG files containing malicious web scripts. These scripts can execute when unsuspecting users access the SVG files, posing significant security risks to the integrity of web pages and the safety of user data.",Wordpress,WP Shapes,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-12-20T06:59:07.849Z,0
CVE-2020-36708,https://securityvulnerability.io/vulnerability/CVE-2020-36708,Function Injection Vulnerability in Popular WordPress Themes,"An unauthenticated function injection vulnerability exists in multiple WordPress themes due to the epsilon_framework_ajax_action, allowing attackers to invoke sensitive functions and potentially achieve remote code execution. This affects versions of popular themes such as Shapely, NewsMag, and Activello, among others. It is crucial for users of these themes to apply updates to safeguard against unauthorized access and exploitation.",Wordpress,"Allegiant,Naturemag Lite,Newsmag,Shapely,Bonkers,Regina Lite,Transcend,Sparkling,Newspaper X,Antreas,Affluent,Brilliance,Activello,Illdy,Medzone Lite,Pixova Lite",9.8,CRITICAL,0.04871999844908714,false,,false,false,false,,false,false,2023-06-07T01:51:22.525Z,0