cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-10924,https://securityvulnerability.io/vulnerability/CVE-2024-10924,Authentication Bypass Vulnerability in Two-Factor Authentication,"The Really Simple Security plugins for WordPress exhibit a vulnerability in versions 9.0.0 to 9.1.1.1, where improper error handling in the two-factor REST API actions allows unauthenticated attackers to gain access as any existing user on the site, including administrators. This vulnerability becomes particularly concerning when the Two-Factor Authentication feature is enabled, as it undermines the intended security mechanism, making it critical for users to update to secure versions to protect against potential exploitation.",Wordpress,"Really Simple Security Pro Multisite,Really Simple Security – Simple And Performant Security (formerly Really Simple Ssl),Really Simple Security Pro",9.8,CRITICAL,0.23016999661922455,false,,true,false,true,2024-11-19T23:15:13.000Z,true,true,false,,2024-11-15T03:18:45.746Z,10524
CVE-2024-5932,https://securityvulnerability.io/vulnerability/CVE-2024-5932,Unauthenticated PHP Object Injection Vulnerability in GiveWP Donation Plugin,"The GiveWP Donation Plugin for WordPress is susceptible to a PHP Object Injection due to improper handling of the 'give_title' parameter. This vulnerability allows unauthenticated attackers to exploit deserialization of untrusted input, potentially leading to the injection of malicious PHP objects. With the existence of a PHP Object Pollution (POP) chain, attackers can execute arbitrary code remotely and manipulate the file system, including the deletion of files. Websites utilizing this plugin prior to version 3.14.2 are at risk and must be updated immediately to safeguard against such threats.",Wordpress,GiveWP – Donation Plugin And Fundraising Platform,9.8,CRITICAL,0.06157999858260155,false,,true,false,true,2024-08-20T07:52:26.000Z,true,true,false,,2024-08-20T02:03:16.108Z,6027
CVE-2024-4984,https://securityvulnerability.io/vulnerability/CVE-2024-4984,Yoast SEO Plugin Vulnerable to Stored Cross-Site Scripting,"The Yoast SEO plugin for WordPress has a vulnerability due to inadequate input sanitization and output escaping in the 'display_name' author meta. This flaw affects all versions up to and including 22.6, allowing authenticated users with contributor-level access or higher to inject arbitrary web scripts. When a user accesses a compromised page, these scripts can execute, potentially leading to data theft, site defacement, or further compromise of the WordPress installation. Addressing this vulnerability is essential for maintaining the integrity and security of WordPress sites utilizing this popular plugin.",Wordpress,Yoast Seo,6.4,MEDIUM,0.00044999999227002263,false,,true,false,false,,,true,false,,2024-05-16T02:02:35.901Z,4265
CVE-2024-4439,https://securityvulnerability.io/vulnerability/CVE-2024-4439,Stored Cross-Site Scripting Vulnerability in WordPress Core,"The vulnerability affects WordPress Core, specifically through the Avatar block where user display names are rendered without sufficient output escaping. This flaw allows authenticated users with contributor-level access or higher to inject malicious web scripts into pages accessed by other users. Furthermore, unauthenticated attackers can exploit this vulnerability in pages displaying comments, where they can manipulate the comment author's avatar to execute harmful scripts. It is crucial for users of affected WordPress versions to apply security updates promptly to mitigate the risk of exploitation.",Wordpress,,7.2,HIGH,0.0006399999838322401,false,,true,false,true,2024-05-06T17:50:23.000Z,true,true,false,,2024-05-03T06:15:00.000Z,4203
CVE-2024-2879,https://securityvulnerability.io/vulnerability/CVE-2024-2879,SQL Injection Vulnerability in LayerSlider Plugin for WordPress,"The LayerSlider plugin for WordPress is prone to an SQL injection vulnerability through the ls_get_popup_markup action. This flaw arises from inadequate escaping of user-supplied parameters and insufficient preparation of existing SQL queries. As a result, unauthenticated attackers can inject additional SQL commands into existing queries, facilitating the unauthorized extraction of sensitive data from the database. It is crucial for users of affected versions to update their installations to mitigate potential security risks.",Wordpress,Layerslider,9.8,CRITICAL,0.008670000359416008,false,,true,false,true,2024-04-04T16:15:37.000Z,true,true,false,,2024-04-03T04:15:00.000Z,4781