cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2021-4424,https://securityvulnerability.io/vulnerability/CVE-2021-4424,Cross-Site Request Forgery Vulnerability in Slider Hero Plugin for WordPress,"The Slider Hero plugin for WordPress has a vulnerability that allows unauthenticated attackers to exploit Cross-Site Request Forgery (CSRF) due to inadequate nonce validation in the qc_slider_hero_duplicate() function. This vulnerability could enable attackers to duplicate slides if they can successfully trick an administrator into executing malicious requests, such as clicking on deceptive links. It's crucial for site administrators to apply the latest updates to mitigate this risk.",Wordpress,"Slider Hero With Animation, Video Background",4.3,MEDIUM,0.00046999999904073775,false,,false,false,false,,false,false,2023-07-12T06:52:36.286Z,0
CVE-2022-3074,https://securityvulnerability.io/vulnerability/CVE-2022-3074,Slider Hero < 8.4.4 - Admin+ Stored Cross-Site Scripting,"The Slider Hero WordPress plugin before 8.4.4 does not escape the slider Name, which could allow high-privileged users to perform Cross-Site Scripting attacks.",Wordpress,"Slider Hero With Animation, Video Background",4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2022-09-26T12:35:41.000Z,0
CVE-2021-24506,https://securityvulnerability.io/vulnerability/CVE-2021-24506,Slider Hero < 8.2.7 - Contributor+ SQL Injection,"The Slider Hero with Animation, Video Background & Intro Maker WordPress plugin before 8.2.7 does not sanitise or escape the id attribute of its hero-button shortcode before using it in a SQL statement, allowing users with a role as low as Contributor to perform SQL injection.",Wordpress,"Slider Hero With Animation, Video Background & Intro Maker",8.8,HIGH,0.001129999989643693,false,,false,false,false,,false,false,2021-08-23T11:09:58.000Z,0