cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-0899,https://securityvulnerability.io/vulnerability/CVE-2023-0899,Steveas WP Live Chat Shoutbox <= 1.4.2 - Unauthenticated Stored XSS,"The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before outputting it back in the Shoutbox, leading to Stored Cross-Site Scripting which could be used against high privilege users such as admins.",Wordpress,Steveas WP Live Chat Shoutbox,6.1,MEDIUM,0.0007600000244565308,false,,false,false,false,,false,false,2023-04-24T19:15:00.000Z,0
CVE-2023-1020,https://securityvulnerability.io/vulnerability/CVE-2023-1020,Steveas WP Live Chat Shoutbox <= 1.4.2 - Unauthenticated SQLi,"The Steveas WP Live Chat Shoutbox plugin for WordPress, up to version 1.4.2, contains a SQL injection vulnerability due to improper sanitization and escaping of a parameter used in an unprotected AJAX action. This flaw allows unauthenticated users to execute arbitrary SQL queries, potentially leading to the compromise of the database and sensitive information exposure.",Wordpress,Steveas WP Live Chat Shoutbox,9.8,CRITICAL,0.09440000355243683,false,,false,false,false,,false,false,2023-04-24T19:15:00.000Z,0