cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-1072,https://securityvulnerability.io/vulnerability/CVE-2024-1072,Unauthorized Modification of Data in Website Builder Plugin for WordPress,"The Website Builder by SeedProd, especially its Theme Builder and various page-building functionalities, contains a vulnerability that allows unauthorized modification of data. This issue arises from a missing capability check in the seedprod_lite_new_lpage function, present in all versions up to and including 6.15.21. As a result, unauthenticated attackers can manipulate critical web content, including coming-soon, maintenance, login, and 404 pages. Although version 6.15.22 addresses this vulnerability, it inadvertently introduces a bug impacting the functionality of admin pages. Users are advised to upgrade to version 6.15.23 to mitigate security risks effectively.",Wordpress,"Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode",7.5,HIGH,0.0005799999926239252,false,,false,false,false,,false,false,2024-02-05T21:21:50.961Z,0
CVE-2023-4975,https://securityvulnerability.io/vulnerability/CVE-2023-4975,Cross-Site Request Forgery Risk in Website Builder Plugin by SeedProd for WordPress,"The Website Builder by SeedProd plugin for WordPress contains a Cross-Site Request Forgery vulnerability due to inadequate nonce validation in the builder.php file. This flaw allows unauthenticated attackers to manipulate the stripe connect token by tricking an administrator into executing a forged request, potentially compromising the security of the site.",Wordpress,"Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode",4.3,MEDIUM,0.0006500000017695129,false,,false,false,false,,false,false,2023-10-20T07:15:00.000Z,0