cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-13099,https://securityvulnerability.io/vulnerability/CVE-2024-13099,Reflected Cross-Site Scripting Vulnerability in Widget4Call Plugin for WordPress,"The Widget4Call plugin for WordPress, up to version 1.0.7, contains a vulnerability that allows attackers to exploit reflected cross-site scripting (XSS) due to improper sanitization of user input. This flaw can be targeted against users with elevated privileges such as administrators, potentially leading to unauthorized actions and the disclosure of sensitive information. Proper input validation and output encoding are vital to mitigate this risk.",WordPress,Widget4call,5.4,MEDIUM,0.0004299999854993075,false,,false,false,true,2025-02-01T06:00:13.000Z,true,false,false,,2025-02-01T06:00:13.840Z,0
CVE-2024-5727,https://securityvulnerability.io/vulnerability/CVE-2024-5727,Cross-Site Scripting Vulnerability in Widget4Call WordPress Plugin,"The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin",Wordpress,Widget4call,,,0.0004299999854993075,false,,false,false,true,2024-06-28T05:00:03.000Z,true,false,false,,2024-06-28T06:00:03.875Z,0