cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-4939,https://securityvulnerability.io/vulnerability/CVE-2024-4939,Stored Cross-Site Scripting Vulnerability in Weaver Xtreme Theme Support Plugin,"The Weaver Xtreme Theme Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's div shortcode in all versions up to, and including, 6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Weaver Xtreme Theme Support,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-06-05T08:15:00.000Z,0
CVE-2023-4971,https://securityvulnerability.io/vulnerability/CVE-2023-4971,Weaver Xtreme Theme Support < 6.3.1 - Admin+ PHP Object Injection,"The Weaver Xtreme Theme Support plugin, prior to version 6.3.1, is vulnerable to PHP object injection through the unserialization of imported files. When a user with elevated privileges imports a malicious file, it can exploit the presence of a suitable gadget chain on the WordPress blog, potentially leading to the execution of arbitrary PHP code. This vulnerability highlights the importance of securing file imports and validating data to prevent unauthorized access and manipulation.",Wordpress,Weaver Xtreme Theme Support,7.2,HIGH,0.0008399999933317304,false,,false,false,false,,false,false,2023-10-16T20:15:00.000Z,0
CVE-2023-0276,https://securityvulnerability.io/vulnerability/CVE-2023-0276,Weaver Xtreme Theme Support < 6.2.7 - Contributor+ Stored XSS,"The Weaver Xtreme Theme Support WordPress plugin before 6.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.",Wordpress,Weaver Xtreme Theme Support,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2023-04-24T19:15:00.000Z,0