cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-13726,https://securityvulnerability.io/vulnerability/CVE-2024-13726,SQL Injection Vulnerability in Coder WordPress Plugin Affects Multiple Versions,"The Coder plugin for WordPress, up to version 1.3.4, allows unauthenticated users to execute arbitrary SQL code through an AJAX action, due to insufficient sanitization and escaping of parameters. This vulnerability can lead to unauthorized access and manipulation of the database, posing significant risks to website integrity and security.",WordPress,Themes Coder,8.6,HIGH,0.0005300000193528831,false,,false,false,true,2025-02-17T06:00:09.000Z,true,false,false,,2025-02-17T06:00:09.727Z,0
CVE-2024-12402,https://securityvulnerability.io/vulnerability/CVE-2024-12402,Privilege Escalation Vulnerability in Themes Coder Plugin for WordPress,"The Themes Coder plugin for WordPress is subject to a privilege escalation vulnerability that allows unauthenticated attackers to modify user passwords without proper identity validation. This flaw arises from the plugin's failure to correctly validate a user's identity during the password update process in the update_user_profile() function. As a result, attackers can exploit this weakness to change the passwords of any user, including administrators, effectively leading to unauthorized account access and control. Users are advised to update to the latest version to mitigate this risk.",Wordpress,Themes Coder – Create Android & iOS Apps For Your WooCommerce Site,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,false,false,false,,2025-01-07T03:21:53.748Z,0