cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-0895,https://securityvulnerability.io/vulnerability/CVE-2023-0895,SQL Injection Vulnerability in WP Coder Plugin for WordPress,"The WP Coder plugin for WordPress, which allows users to add custom HTML, CSS, and JavaScript code, has a serious security vulnerability related to time-based SQL Injection. This occurs through the 'id' parameter in versions up to and including 2.5.3. Due to inadequate parameter escaping and a lack of proper SQL query preparation, authenticated attackers with administrative privileges can exploit this flaw. By appending additional SQL commands to existing queries, they can potentially retrieve sensitive information stored in the database, thereby posing significant risks to web applications that utilize this plugin.",Wordpress,"WP Coder – add custom html, css and js code",4.9,MEDIUM,0.0006300000241026282,false,,false,false,false,,false,false,2023-02-17T17:15:00.000Z,0
CVE-2022-2388,https://securityvulnerability.io/vulnerability/CVE-2022-2388,WP Coder < 2.5.3 - Code Deletion via CSRF,"The WP Coder WordPress plugin before 2.5.3 does not have CSRF check in place when deleting code created by the plugin, which could allow attackers to make a logged in admin delete arbitrary ones via a CSRF attack",Wordpress,"WP Coder – Add Custom Html, Css And Js Code",6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,false,false,2022-08-22T15:02:35.000Z,0
CVE-2021-25053,https://securityvulnerability.io/vulnerability/CVE-2021-25053,WP Coder < 2.5.2 - RFI leading to RCE via CSRF,"The WP Coder WordPress plugin before 2.5.2 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE.",Wordpress,"WP Coder – Add Custom Html, Css And Js Code",8.8,HIGH,0.0018599999602884054,false,,false,false,false,,false,false,2022-01-10T15:30:36.000Z,0