cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-10483,https://securityvulnerability.io/vulnerability/CVE-2024-10483,Reflected Cross-Site Scripting in Simple:Press Forum for WordPress,"A vulnerability exists in the Simple:Press Forum WordPress plugin prior to version 6.10.11 due to inadequate sanitization and escaping of user input. This flaw allows an attacker to inject malicious scripts that could be executed in the context of a user's browser, leading to unauthorized access and potential data theft. The improper handling of parameters significantly raises the risk of reflected cross-site scripting attacks, making it crucial for users to upgrade to the latest version to mitigate this risk.",WordPress,Simple:press Forum,7.1,HIGH,0.01,false,,false,false,true,2025-02-26T06:00:05.000Z,true,false,false,,2025-02-26T06:00:05.748Z,0
CVE-2020-36706,https://securityvulnerability.io/vulnerability/CVE-2020-36706,Arbitrary File Upload Vulnerability in Simple:Press Forum Plugin for WordPress,"The Simple:Press Forum Plugin used in WordPress is susceptible to an arbitrary file upload vulnerability due to inadequate file type validation in the '/admin/resources/jscript/ajaxupload/sf-uploader.php' script. Versions up to and including 6.6.0 are affected, enabling malicious attackers to upload unauthorized files onto the server. This vulnerability can potentially facilitate remote code execution, posing a significant security risk to websites utilizing this plugin.",Wordpress,Simple:press Forum,9.8,CRITICAL,0.01769999973475933,false,,false,false,false,,,false,false,,2023-10-20T06:35:22.945Z,0
CVE-2022-4031,https://securityvulnerability.io/vulnerability/CVE-2022-4031,Arbitrary File Modification in Simple:Press Plugin for WordPress,"The Simple:Press plugin for WordPress is susceptible to arbitrary file modifications due to improper handling of the 'file' parameter. This vulnerability allows users with high-level permissions, such as administrators, to alter files on the server outside the intended boundaries of the plugin. This could lead to unauthorized access or modifications, potentially compromising the security of the entire website.",Wordpress,Simple:press – WordPress Forum Plugin,3.8,LOW,0.0005699999746866524,false,,false,false,false,,,false,false,,2022-11-29T20:15:59.914Z,0
CVE-2022-4030,https://securityvulnerability.io/vulnerability/CVE-2022-4030,Path Traversal Vulnerability in Simple:Press Plugin for WordPress,"The Simple:Press plugin for WordPress is susceptible to a Path Traversal vulnerability that allows unauthorized users to manipulate the 'file' parameter during user avatar deletion. This issue enables attackers with minimal permissions, such as a subscriber, to specify paths leading to arbitrary files on the server, which can be deleted. A successful exploitation could lead to the deletion of critical files, such as wp-config.php, thereby granting an attacker the potential to reconfigure the site's settings and execute remote code.",Wordpress,Simple:press – WordPress Forum Plugin,8.1,HIGH,0.0017300000181421638,false,,false,false,false,,,false,false,,2022-11-29T20:13:25.260Z,0