cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12206,https://securityvulnerability.io/vulnerability/CVE-2024-12206,Cross-Site Request Forgery Vulnerability in Pearl Header Builder Plugin for WordPress,"The Pearl Header Builder Plugin for WordPress is susceptible to a Cross-Site Request Forgery flaw that affects all versions up to 1.3.8. This vulnerability stems from inadequate nonce validation on the stm_header_builder page. As a result, unauthenticated attackers could potentially delete arbitrary headers by tricking a site administrator into executing a harmful action, such as clicking a malicious link.",Wordpress,WordPress Header Builder Plugin – Pearl,4.3,MEDIUM,0.0004600000102072954,false,,false,false,false,false,false,false,2025-01-09T11:10:57.161Z,0
CVE-2024-5468,https://securityvulnerability.io/vulnerability/CVE-2024-5468,Unauthorized Option Deletion Vulnerability in Pearl's Header Builder Plugin Could Lead to Denial of Service Attacks,"The WordPress Header Builder Plugin – Pearl plugin for WordPress is vulnerable to unauthorized site option deletion due to a missing validation and capability checks on the stm_hb_delete() function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to delete arbitrary options that can be used to perform a denial of service attack on a site.",Wordpress,WordPress Header Builder Plugin – Pearl,6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-06-12T08:33:19.554Z,0
CVE-2024-4000,https://securityvulnerability.io/vulnerability/CVE-2024-4000,Stored Cross-Site Scripting Vulnerability in Pearl's Header Builder Plugin,"The WordPress Header Builder Plugin – Pearl plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stm_hb' shortcode in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,WordPress Header Builder Plugin – Pearl,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-02T16:52:34.856Z,0
CVE-2022-38356,https://securityvulnerability.io/vulnerability/CVE-2022-38356,WordPress Pearl Plugin <= 1.3.4 is vulnerable to Cross Site Request Forgery (CSRF),Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes WordPress Header Builder Plugin – Pearl plugin <= 1.3.4 versions.,Wordpress,WordPress Header Builder Plugin – Pearl,5.4,MEDIUM,0.000859999970998615,false,,false,false,false,,false,false,2023-05-25T10:25:12.133Z,0