cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12400,https://securityvulnerability.io/vulnerability/CVE-2024-12400,Reflected Cross-Site Scripting Vulnerability in Tourmaster WordPress Plugin,"The Tourmaster WordPress plugin is susceptible to reflected Cross-Site Scripting due to improper escaping of generated URLs before they are rendered in attributes. This flaw potentially allows attackers to inject malicious scripts into web pages, affecting users who click on compromised links. Users of versions prior to 5.3.5 are particularly at risk, emphasizing the need for prompt updates to mitigate this security issue.",WordPress,Tourmaster,7.1,HIGH,0.01,false,,false,false,true,true,false,false,2025-01-30T06:00:09.161Z,0
CVE-2024-11356,https://securityvulnerability.io/vulnerability/CVE-2024-11356,Cross-Site Scripting Vulnerability in Tourmaster Plugin by WordPress,"The Tourmaster plugin for WordPress, prior to version 5.3.4, is susceptible to a Cross-Site Scripting vulnerability. This issue arises from the plugin's failure to properly sanitize and escape certain parameters before rendering them on web pages. As a result, unauthenticated users can potentially exploit this flaw to execute malicious scripts in the context of another user's browser, posing a significant security risk. It is crucial for website owners to update to the latest version to mitigate this vulnerability and safeguard their sites from potential attacks.",Wordpress,Tourmaster,6.1,MEDIUM,0.0004299999854993075,false,,false,false,true,true,false,false,2025-01-06T06:00:05.058Z,0