cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-6925,https://securityvulnerability.io/vulnerability/CVE-2024-6925,CSRF Vulnerability in TrueBooker WordPress Plugin Could Allow Administrator Authentication Bypass,"The TrueBooker  WordPress plugin before 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.",Wordpress,Truebooker,4.3,MEDIUM,0.0006500000017695129,false,,false,false,true,true,false,false,2024-09-08T06:00:03.340Z,0
CVE-2024-6924,https://securityvulnerability.io/vulnerability/CVE-2024-6924,Unauthenticated SQL Injection Vulnerability in TrueBooker WordPress Plugin,"A vulnerability exists in the TrueBooker WordPress plugin that allows unauthenticated users to execute SQL injection attacks. The flaw arises from insufficient sanitization and escaping of a parameter submitted via AJAX, which is then incorporated into SQL statements. This can lead to unauthorized access to the WordPress database, exposing sensitive information and potentially compromising the integrity of the website. Users are advised to update to version 1.0.3 or later to mitigate the risk associated with this vulnerability.",Wordpress,Truebooker,9.8,CRITICAL,0.0056500001810491085,false,,false,false,true,true,false,false,2024-09-08T06:00:03.155Z,0