cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-4098,https://securityvulnerability.io/vulnerability/CVE-2024-4098,Unauthorized File Inclusion Vulnerability in Shariff Wrapper Plugin for WordPress,"The Shariff Wrapper plugin for WordPress is vulnerable to a Local File Inclusion (LFI) issue in versions up to and including 4.6.13 due to a flaw in the shariff3uu_fetch_sharecounts function. This vulnerability allows unauthenticated attackers to include and execute arbitrary files on the server. Exploiting this flaw could lead to the execution of any PHP code contained within those files, enabling attackers to bypass existing access controls, access sensitive data, or execute malicious scripts when 'safe' file types, such as images, are uploaded and included. It's crucial for users of the Shariff Wrapper plugin to upgrade to the latest secure version to mitigate these risks.",Wordpress,Shariff Wrapper,9.8,CRITICAL,0.00044999999227002263,false,,false,false,false,,false,false,2024-06-20T06:58:02.886Z,0
CVE-2024-2695,https://securityvulnerability.io/vulnerability/CVE-2024-2695,Stored Cross-Site Scripting Vulnerability in Shariff Wrapper Plugin Affects WordPress,"The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.13 due to insufficient input sanitization and output escaping on user supplied attributes such as 'borderradius' and 'timestamp'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Shariff Wrapper,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-06-15T08:42:16.998Z,0
CVE-2024-1450,https://securityvulnerability.io/vulnerability/CVE-2024-1450,Stored Cross-Site Scripting Vulnerability in Shariff Wrapper Plugin Affects WordPress Pages,"The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.10 due to insufficient input sanitization and output escaping on user supplied attributes such as 'align'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Shariff Wrapper,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-03-21T02:51:00.000Z,0
CVE-2024-1106,https://securityvulnerability.io/vulnerability/CVE-2024-1106,Unfiltered HTML Setting Vulnerability in Shariff Wrapper WordPress Plugin Allows Stored Cross-Site Scripting Attacks,"The Shariff Wrapper WordPress plugin before 4.6.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)",Wordpress,Shariff Wrapper,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-02-27T08:30:30.863Z,0