cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-8481,https://securityvulnerability.io/vulnerability/CVE-2024-8481,Unauthenticated Shortcode Execution Vulnerability in Special Text Boxes Plugin,"The Special Text Boxes plugin for WordPress contains a vulnerability that permits arbitrary shortcode execution within comment sections. This flaw exists in all versions up to and including 6.2.2, stemming from the addition of the filter 'add_filter('comment_text', 'do_shortcode');'. This configuration enables unauthenticated attackers to execute malicious shortcodes by injecting them into comments, posing serious security risks for websites using this plugin. Administrators are advised to immediately review their plugin versions and consider applying the necessary patches or disabling the plugin until a secure version is released.",Wordpress,Special Text Boxes,7.3,HIGH,0.0004600000102072954,false,,false,false,false,,false,false,2024-09-25T03:15:00.000Z,0
CVE-2021-24485,https://securityvulnerability.io/vulnerability/CVE-2021-24485,Special Text Boxes < 5.9.110 - Admin+ Stored Cross-Site Scripting,"The Special Text Boxes WordPress plugin before 5.9.110 does not sanitise or escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.",Wordpress,Special Text Boxes,4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2021-10-25T13:20:35.000Z,0