cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-1845,https://securityvulnerability.io/vulnerability/CVE-2024-1845,Unprotected CSRF Vulnerability in Car Rental Management System WordPress Plugin Allows Attackers to Trick Logged-In Users into Performing Unwanted Actions,"The VikRentCar Car Rental Management System Plugin for WordPress prior to version 1.3.2 is susceptible to Cross-Site Request Forgery (CSRF) vulnerabilities. This security flaw arises from the absence of adequate CSRF checks in certain functionalities of the plugin, potentially enabling attackers to trick authenticated users into executing unintended actions. Such exploitation can compromise user data and operational integrity, making it crucial for users to update their plugin versions to mitigate associated risks.",Wordpress,Vikrentcar Car Rental Management System,8.8,HIGH,0.000750000006519258,false,,false,false,true,true,false,false,2024-07-11T06:00:02.403Z,0
CVE-2021-24519,https://securityvulnerability.io/vulnerability/CVE-2021-24519,Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS),"The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the 'Text Next to Icon' field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue",Wordpress,Vikrentcar Car Rental Management System,4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2021-08-16T10:48:25.000Z,0
CVE-2021-24388,https://securityvulnerability.io/vulnerability/CVE-2021-24388,Vik Rent Car < 1.1.7 - CSRF to Stored XSS,"In the VikRentCar Car Rental Management System WordPress plugin before 1.1.7, there is a custom filed option by which we can manage all the fields that the users will have to fill in before saving the order. However, the field name is not sanitised or escaped before being output back in the page, leading to a stored Cross-Site Scripting issue. There is also no CSRF check done before saving the setting, allowing attackers to make a logged in admin set arbitrary Custom Fields, including one with XSS payload in it.",Wordpress,Vikrentcar Car Rental Management System,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2021-07-06T11:03:29.000Z,0