cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-10527,https://securityvulnerability.io/vulnerability/CVE-2024-10527,Unauthorized Data Access in Spacer Plugin by WordPress,"The Spacer plugin for WordPress is subject to a security concern that stems from a missing capability check in the motech_spacer_callback() function. This issue affects all versions of the plugin up to and including 3.0.7, allowing authenticated attackers with Subscriber-level access or higher to potentially access and view sensitive setting information. This vulnerability underscores the importance of proper access control mechanisms within WordPress plugins to protect user data.",Wordpress,Spacer,3.1,LOW,0.00044999999227002263,false,,false,false,false,false,false,false,2025-01-07T04:21:55.254Z,0
CVE-2022-3618,https://securityvulnerability.io/vulnerability/CVE-2022-3618,Spacer < 3.0.7 - Admin+ Stored XSS,"The Spacer WordPress plugin before 3.0.7 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).",Wordpress,Spacer,4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2022-11-21T00:00:00.000Z,0