cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-6966,https://securityvulnerability.io/vulnerability/CVE-2023-6966,Moneytizer Plugin Vulnerable to Data Theft and Modification,"The Moneytizer plugin for WordPress is susceptible to significant security issues due to inadequate capability checks on multiple AJAX functions located in the /core/core_ajax.php file. This vulnerability potentially allows authenticated attackers, with at least subscriber access, to gain unauthorized access to sensitive data, modify existing data, and even lose crucial information. Attackers could exploit this flaw to update and retrieve sensitive billing and banking details, alter the plugin's settings, and manipulate language settings along with other less severe actions. Proper security measures and updates are imperative to mitigate the risks associated with this vulnerability.",Wordpress,The Moneytizer,8.1,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-06-06T02:15:00.000Z,0
CVE-2023-6968,https://securityvulnerability.io/vulnerability/CVE-2023-6968,Moneytizer Plugin Vulnerable to Cross-Site Request Forgery,"The The Moneytizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.5.20. This is due to missing or incorrect nonce validation on multiple AJAX functions. This makes it possible for unauthenticated attackers to to update and retrieve billing and bank details, update and reset the plugin's settings, and update languages as well as other lower-severity actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",Wordpress,The Moneytizer,5.4,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2024-06-06T02:15:00.000Z,0