cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-2960,https://securityvulnerability.io/vulnerability/CVE-2024-2960,Cross-Site Request Forgery Vulnerability in Pricing Tables Plugin,"The SVS Pricing Tables plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the deletePricingTable() function. This makes it possible for unauthenticated attackers to delete pricing tables via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",Wordpress,Svs Pricing Tables,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-02T16:52:48.704Z,0
CVE-2024-2959,https://securityvulnerability.io/vulnerability/CVE-2024-2959,Cross-Site Request Forgery Vulnerability in SVS Pricing Tables Plugin for WordPress,"The SVS Pricing Tables plugin for WordPress is exposed to Cross-Site Request Forgery (CSRF) attacks due to inadequate nonce validation in the savePricingTable() function. This vulnerability allows unauthenticated attackers to manipulate pricing tables if they can deceive a site administrator into executing a malicious action, such as clicking a specially crafted link. Any version of the plugin up to and including 1.0.4 is affected, making it crucial for users to apply proper security measures to prevent unauthorized access.",Wordpress,Svs Pricing Tables,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-02T16:52:14.997Z,0
CVE-2024-2958,https://securityvulnerability.io/vulnerability/CVE-2024-2958,Stored Cross-Site Scripting Vulnerability in SVS Pricing Tables for WordPress,"The SVS Pricing Tables plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate sanitization of inputs and escaping of outputs in the pricing table settings. This vulnerability affects all versions up to and including 1.0.4, allowing authenticated attackers with administrator-level permissions to inject malicious web scripts. These scripts can execute whenever a user accesses an impacted page. It's particularly relevant for multi-site environments and those where the 'unfiltered_html' capability has been disabled, heightening the risk of exploitation.",Wordpress,Svs Pricing Tables,4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-02T16:52:11.744Z,0