cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-11202,https://securityvulnerability.io/vulnerability/CVE-2024-11202,WordPress Plugins Vulnerable to Reflected Cross-Site Scripting,Multiple plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the cminds_free_guide shortcode in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.,Wordpress,"Cm WordPress Search And Replace Plugin,Video Lessons Manager – WordPress Lms Plugin,Cm Tooltip Glossary,Cm Pop-up Banners For WordPress,Cm Header & Footer Script Loader – Insert Script Plugin,Name: Cm E-mail Registration Blacklist,Cm Business Directory Plugin – Business Listing Directory",6.1,MEDIUM,0.0009200000204145908,false,,false,false,false,,false,false,2024-11-26T07:31:31.790Z,0
CVE-2024-31285,https://securityvulnerability.io/vulnerability/CVE-2024-31285,Stored XSS Vulnerability in Tooltip WordPress Tooltips Allows CSRF,"A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the WordPress Tooltips plugin, which could lead to Stored Cross-Site Scripting (XSS) attacks. This vulnerability threatens the integrity and security of websites utilizing the plugin by allowing an attacker to trick users into executing unwanted actions on their behalf. The issue impacts all versions of the WordPress Tooltips plugin through 9.5.3, necessitating prompt attention from site administrators to mitigate potential exploitation.",Wordpress,WordPress Tooltips,7.1,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-11T12:10:37.584Z,0
CVE-2024-30243,https://securityvulnerability.io/vulnerability/CVE-2024-30243,SQL Injection Vulnerability Affects WordPress Tooltips,"A vulnerability exists in Tomas WordPress Tooltips due to improper neutralization of special elements utilized in SQL commands, commonly referred to as SQL Injection. This flaw allows for unauthorized input into SQL queries, which can be exploited by attackers to manipulate database interactions. The issue has been identified in the versions prior to 9.4.5, posing a risk to websites utilizing the affected plugin. Administrators of affected installations are strongly recommended to update to the latest version to mitigate potential exploitation of this flaw.",Wordpress,WordPress Tooltips,8.5,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-03-28T04:33:22.419Z,0
CVE-2023-25985,https://securityvulnerability.io/vulnerability/CVE-2023-25985,WordPress WordPress Tooltips Plugin <= 8.2.5 is vulnerable to Cross Site Request Forgery (CSRF),"A Cross-Site Request Forgery (CSRF) vulnerability exists in the WordPress Tooltips plugin developed by Tomas. This flaw can potentially allow an attacker to perform unauthorized actions on behalf of users without their consent, exploiting the trust that a web application has in the user's browser. Affected versions range from n/a up to 8.2.5, highlighting the need for users to update their plugins to mitigate the risk of exploitation.",Wordpress,WordPress Tooltips,8.8,HIGH,0.0008699999889358878,false,,false,false,false,,false,false,2023-11-18T23:15:00.000Z,0