cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2024-2969,https://securityvulnerability.io/vulnerability/CVE-2024-2969,Cross-Site Request Forgery Vulnerability in WP-Eggdrop Plugin,"The WP-Eggdrop plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1. This is due to missing or incorrect nonce validation on the wpegg_updateOptions() function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",Wordpress,WP-eggdrop,5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-03-29T06:43:57.155Z,0 CVE-2024-2968,https://securityvulnerability.io/vulnerability/CVE-2024-2968,Stored Cross-Site Scripting Vulnerability Affects WordPress Multi-Site Installations,"The WP-Eggdrop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",Wordpress,WP-eggdrop,4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-03-29T06:43:56.023Z,0