cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-4031,https://securityvulnerability.io/vulnerability/CVE-2022-4031,Arbitrary File Modification in Simple:Press Plugin for WordPress,"The Simple:Press plugin for WordPress is susceptible to arbitrary file modifications due to improper handling of the 'file' parameter. This vulnerability allows users with high-level permissions, such as administrators, to alter files on the server outside the intended boundaries of the plugin. This could lead to unauthorized access or modifications, potentially compromising the security of the entire website.",Wordpress,Simple:press – WordPress Forum Plugin,3.8,LOW,0.0005699999746866524,false,,false,false,false,,false,false,2022-11-29T20:15:59.914Z,0
CVE-2022-4030,https://securityvulnerability.io/vulnerability/CVE-2022-4030,Path Traversal Vulnerability in Simple:Press Plugin for WordPress,"The Simple:Press plugin for WordPress is susceptible to a Path Traversal vulnerability that allows unauthorized users to manipulate the 'file' parameter during user avatar deletion. This issue enables attackers with minimal permissions, such as a subscriber, to specify paths leading to arbitrary files on the server, which can be deleted. A successful exploitation could lead to the deletion of critical files, such as wp-config.php, thereby granting an attacker the potential to reconfigure the site's settings and execute remote code.",Wordpress,Simple:press – WordPress Forum Plugin,8.1,HIGH,0.0017300000181421638,false,,false,false,false,,false,false,2022-11-29T20:13:25.260Z,0
CVE-2022-4029,https://securityvulnerability.io/vulnerability/CVE-2022-4029,Reflected Cross-Site Scripting Vulnerability in Simple:Press Plugin for WordPress,"The Simple:Press plugin for WordPress is susceptible to a reflected cross-site scripting vulnerability through the 'sforum_[md5 hash of the WordPress URL]' cookie. This issue arises from inadequate sanitization of input and ineffective output escaping in versions up to 6.8. As a result, unauthorized attackers can potentially inject malicious web scripts into pages viewed by users, provided they manage to deceive a user into executing a crafted action, such as clicking a link. Although exploitation of this vulnerability is complex, it requires the attacker to manipulate cookie data for the targeted user.",Wordpress,Simple:press – WordPress Forum Plugin,4.7,MEDIUM,0.0006500000017695129,false,,false,false,false,,false,false,2022-11-29T20:10:24.741Z,0
CVE-2022-4028,https://securityvulnerability.io/vulnerability/CVE-2022-4028,Stored Cross-Site Scripting Vulnerability in Simple:Press Plugin for WordPress,"The Simple:Press plugin for WordPress has a vulnerability that allows authenticated attackers with minimal permissions, like subscribers, to perform Stored Cross-Site Scripting (XSS). This occurs through the manipulation of the 'postitem' parameter during the profile-save action when modifying a profile signature. Insufficient input sanitization and output escaping enable attackers to inject arbitrary web scripts into pages. As a result, whenever a user views a page with an injected script, it can execute, potentially compromising user data and security.",Wordpress,Simple:press – WordPress Forum Plugin,6.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2022-11-29T20:08:35.119Z,0
CVE-2022-4027,https://securityvulnerability.io/vulnerability/CVE-2022-4027,Stored Cross-Site Scripting in Simple:Press Plugin for WordPress,"The Simple:Press plugin for WordPress is at risk due to a Stored Cross-Site Scripting vulnerability that stems from inadequate input sanitization and output escaping. Specifically, this vulnerability involves the 'postitem' parameter during forum responses, allowing unauthorized attackers to inject arbitrary web scripts. When users access forum threads with malicious responses, these scripts execute, creating significant potential for exploitation and compromising the integrity of the website.",Wordpress,Simple:press – WordPress Forum Plugin,7.2,HIGH,0.0005000000237487257,false,,false,false,false,,false,false,2022-11-29T20:06:05.069Z,0