cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-5884,https://securityvulnerability.io/vulnerability/CVE-2023-5884,Word Balloon < 4.20.3 - Avatar Removal via CSRF,"The Word Balloon WordPress plugin before 4.20.3 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to trick a logged in user to delete arbitrary avatars by clicking a link.",Wordpress,Word Balloon,6.5,MEDIUM,0.0011599999852478504,false,,false,false,false,,false,false,2023-12-04T22:15:00.000Z,0
CVE-2022-4751,https://securityvulnerability.io/vulnerability/CVE-2022-4751,Word Balloon < 4.19.3 - Contributor+ Stored XSS via Shortcode,"The Word Balloon WordPress plugin before 4.19.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.",Wordpress,Word Balloon,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2023-01-23T14:31:40.487Z,0