cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-8724,https://securityvulnerability.io/vulnerability/CVE-2024-8724,Reflected Cross-Site Scripting Vulnerability in Waitlist Woocommerce (Back in stock notifier) Plugin,"The Waitlist Woocommerce plugin for WordPress exhibits a vulnerability that allows for reflected cross-site scripting (XSS) attacks. This issue arises from improper escaping of URLs using the add_query_arg function. As a result, unauthenticated attackers can inject malicious scripts into web pages that may run if a user is manipulated into interacting with a compromised link. This poses serious security risks as it can lead to session hijacking, unauthorized access, and data theft, emphasizing the need for users to ensure that their plugins are up to date and secure.",Wordpress,Waitlist WooCommerce ( Back In Stock Notifier ),6.1,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-09-14T04:15:00.000Z,0
CVE-2024-4038,https://securityvulnerability.io/vulnerability/CVE-2024-4038,Unauthenticated Arbitrary Shortcode Execution Vulnerability in WooCommerce Waitlist Pro Plugin,"The The Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.3.1. This is due to the plugin for WordPress allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.",Wordpress,Back In Stock Notifier For WooCommerce | WooCommerce Waitlist Pro,6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-14T15:42:00.000Z,0
CVE-2022-0215,https://securityvulnerability.io/vulnerability/CVE-2022-0215,XootiX Plugins <= Various Versions Cross-Site Request Forgery to Arbitrary Options Update,"The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ), and Side Cart Woocommerce (Ajax) WordPress plugins by XootiX are vulnerable to Cross-Site Request Forgery via the save_settings function found in the ~/includes/xoo-framework/admin/class-xoo-admin-settings.php file which makes it possible for attackers to update arbitrary options on a site that can be used to create an administrative user account and grant full privileged access to a compromised site. This affects versions <= 2.2 in Login/Signup Popup, versions <= 2.5.1 in Waitlist Woocommerce ( Back in stock notifier ), and versions <= 2.0 in Side Cart Woocommerce (Ajax).",Wordpress,"Login/Signup Popup,Waitlist Woocommerce ( Back in stock notifier ),Side Cart Woocommerce (Ajax)",8.8,HIGH,0.004120000172406435,false,,false,false,false,,false,false,2022-01-18T16:52:32.000Z,0