cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-4473,https://securityvulnerability.io/vulnerability/CVE-2024-4473,Stored Cross-Site Scripting Vulnerability in Sydney Toolbox Plugin,"The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ""aThemes: Portfolio"" widget in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Sydney Toolbox,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-14T12:49:59.513Z,0
CVE-2024-4036,https://securityvulnerability.io/vulnerability/CVE-2024-4036,Stored Cross-Site Scripting Vulnerability Affects Sydney Toolbox Plugin for WordPress,"The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in all versions up to, and including, 1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Sydney Toolbox,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-02T16:52:36.724Z,0
CVE-2024-3208,https://securityvulnerability.io/vulnerability/CVE-2024-3208,Stored Cross-Site Scripting Vulnerability in Sydney Toolbox Plugin for WordPress,"The Sydney Toolbox plugin for WordPress contains a Stored Cross-Site Scripting vulnerability found in the Filterable Gallery widget. This vulnerability arises from inadequate input sanitization and output escaping of user-supplied attributes. As a result, authenticated attackers with contributor-level access and above can inject malicious scripts into pages, which are executed when users access those compromised pages. This vulnerability underscores the importance of rigorous security measures to protect web applications from potentially harmful scripts.",Wordpress,Sydney Toolbox,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-09T18:59:22.788Z,0
CVE-2024-2936,https://securityvulnerability.io/vulnerability/CVE-2024-2936,Stored Cross-Site Scripting Vulnerability in Sydney Toolbox Plugin,"The Sydney Toolbox plugin for WordPress experiences a vulnerability that allows authenticated attackers, holding contributor-level access or higher, to exploit Stored Cross-Site Scripting through the _id attribute of widgets. This occurs because of inadequate input sanitization and output escaping on user-supplied attributes, enabling the injection of arbitrary web scripts. Users visiting affected pages may unknowingly execute these scripts, leading to potential data manipulation or exposure.",Wordpress,Sydney Toolbox,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-03-29T05:35:32.721Z,0
CVE-2024-1447,https://securityvulnerability.io/vulnerability/CVE-2024-1447,Stored Cross-Site Scripting Vulnerability in Sydney Toolbox Plugin for WordPress,"The Sydney Toolbox plugin for WordPress is exposed to Stored Cross-Site Scripting vulnerabilities due to inadequate sanitization of user inputs in the aThemes Slider button element. This issue affects all versions up to and including 1.25, enabling authenticated attackers with contributor-level permissions or higher to embed malicious web scripts. When users access pages that include these injected scripts, they may unknowingly execute harmful code, jeopardizing site integrity and user data.",Wordpress,Sydney Toolbox,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-02-29T01:43:00.000Z,0