cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-13236,https://securityvulnerability.io/vulnerability/CVE-2024-13236,SQL Injection Risk in Tainacan Plugin for WordPress,"The Tainacan plugin for WordPress contains a vulnerability that allows authenticated users, with Subscriber-level access and above, to manipulate SQL queries through the 'collection_id' parameter. This exploitation occurs due to insufficient parameter escaping and inadequate preparation of the SQL query, enabling attackers to inject additional SQL commands. Such actions can lead to unauthorized access to sensitive database information, posing a significant risk to the integrity of the data managed by the plugin.",Wordpress,Tainacan,6.5,MEDIUM,0.0007900000200606883,false,,false,false,false,false,false,false,2025-01-23T11:13:28.519Z,0
CVE-2024-9221,https://securityvulnerability.io/vulnerability/CVE-2024-9221,Reflected Cross-Site Scripting Vulnerability in Tainacan Plugin,"The Tainacan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.21.10. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",Wordpress,Tainacan,6.1,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-10-11T06:50:17.312Z,0
CVE-2024-7135,https://securityvulnerability.io/vulnerability/CVE-2024-7135,Unauthorized Access to Sensitive Information Due to Function Vulnerability in Tainacan plugin for WordPress,"The Tainacan plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_file' function in all versions up to, and including, 0.21.7. The function is also vulnerable to directory traversal. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.",Wordpress,Tainacan,6.5,MEDIUM,0.0009699999936856329,false,,false,false,true,true,false,false,2024-07-31T10:59:18.370Z,0
CVE-2024-3867,https://securityvulnerability.io/vulnerability/CVE-2024-3867,Unauthenticated Cross-Site Scripting Vulnerability in Archive-tainacan-collection Theme for WordPress,The archive-tainacan-collection theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in version 2.7.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.,Wordpress,Tainacan Interface,6.1,MEDIUM,0.0004299999854993075,false,,false,false,true,true,false,false,2024-04-16T09:32:59.856Z,0