cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-13115,https://securityvulnerability.io/vulnerability/CVE-2024-13115,Cross-Site Request Forgery and XSS Vulnerabilities in WP Projects Portfolio Plugin,"The WP Projects Portfolio with Client Testimonials plugin lacks proper CSRF checks in certain areas, alongside deficiencies in data sanitisation and escaping mechanisms. This security shortfall can potentially allow attackers to exploit authenticated admin sessions, enabling them to inject Stored XSS payloads through crafted CSRF attacks. Such vulnerabilities underscore the importance of implementing robust security measures to safeguard against unauthorized actions and data manipulation within WordPress environments.",WordPress,WP Projects Portfolio With Client Testimonials,6.1,MEDIUM,0.01,false,,false,false,true,2025-02-04T06:00:03.000Z,true,false,false,,2025-02-04T06:00:03.687Z,0
CVE-2024-13114,https://securityvulnerability.io/vulnerability/CVE-2024-13114,Reflected Cross-Site Scripting Vulnerability in WP Projects Portfolio Plugin by WordPress,"The WP Projects Portfolio with Client Testimonials plugin for WordPress, version 3.0, contains a vulnerability due to improper sanitization and escaping of parameters. This flaw allows an attacker to inject malicious scripts into the output, potentially targeting high privilege users, including administrators. Exploiting this vulnerability could lead to the execution of arbitrary scripts in the context of a victim's browser session, creating a risk of data theft or unintended actions on behalf of the user.",WordPress,WP Projects Portfolio With Client Testimonials,6.1,MEDIUM,0.01,false,,false,false,true,2025-02-04T06:00:02.000Z,true,false,false,,2025-02-04T06:00:02.307Z,0