cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2023-0087,https://securityvulnerability.io/vulnerability/CVE-2023-0087,Stored Cross-Site Scripting Vulnerability in Swifty Page Manager Plugin for WordPress,"The Swifty Page Manager plugin for WordPress is susceptible to Stored Cross-Site Scripting through the ‘spm_plugin_options_page_tree_max_width’ parameter, primarily due to inadequate input validation and output sanitization. This vulnerability allows authenticated users, with administrative privileges, to insert malicious web scripts into web pages. Such scripts will execute whenever an innocent user accesses the affected page. This issue specifically impacts multi-site setups and installations where the 'unfiltered_html' feature is disabled, emphasizing the need for vigilant input and output handling in web applications.",Wordpress,Swifty Page Manager,5.5,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2023-01-05T19:15:00.000Z,0 CVE-2023-0088,https://securityvulnerability.io/vulnerability/CVE-2023-0088,Cross-Site Request Forgery Vulnerability in Swifty Page Manager for WordPress,"The Swifty Page Manager plugin for WordPress is susceptible to Cross-Site Request Forgery due to inadequate nonce validation in AJAX actions responsible for page management. Attackers can exploit this flaw by tricking site administrators into triggering unintended actions, which can lead to unauthorized creation or deletion of pages. This vulnerability poses significant risks, especially in environments where user roles are not adequately managed.",Wordpress,Swifty Page Manager,8.8,HIGH,0.0019499999471008778,false,,false,false,false,,,false,false,,2023-01-05T19:15:00.000Z,0