cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-11605,https://securityvulnerability.io/vulnerability/CVE-2024-11605,Cross-Site Scripting Vulnerability in wp-publications WordPress Plugin,"The wp-publications plugin for WordPress, through version 1.2, is susceptible to a vulnerability that results from improper handling of filenames. This issue arises when the plugin fails to escape filenames before displaying them on web pages. As a result, this oversight may permit users with elevated privileges, such as administrators, to execute stored cross-site scripting (XSS) attacks. This vulnerability is particularly concerning in environments where unfiltered HTML inputs are restricted, such as in multisite setups, thereby highlighting the need for prompt action to mitigate potential exploits.",Wordpress,WP-publications,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-12-27T06:00:09.008Z,0
CVE-2021-38360,https://securityvulnerability.io/vulnerability/CVE-2021-38360,wp-publications <= 0.0 Local File Include,"The wp-publications WordPress plugin is vulnerable to restrictive local file inclusion via the Q_FILE parameter found in the ~/bibtexbrowser.php file which allows attackers to include local zip files and achieve remote code execution, in versions up to and including 0.0.",Wordpress,WP-publications,8.3,HIGH,0.008449999615550041,false,,false,false,false,,false,false,2021-09-10T14:15:00.000Z,0