cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-3958,https://securityvulnerability.io/vulnerability/CVE-2023-3958,Server Side Request Forgery in WP Remote Users Sync Plugin for WordPress,"The WP Remote Users Sync plugin for WordPress allows authenticated attackers with subscriber-level permissions or higher to perform Server Side Request Forgery (SSRF) attacks via the 'notify_ping_remote' AJAX function. This vulnerability enables the attackers to send web requests to arbitrary locations from the web application, potentially exposing sensitive information and leading to unauthorized actions on internal services. This issue has been partially addressed in version 1.2.12 and fully resolved in version 1.2.13.",Wordpress,WP Remote Users Sync,5.4,MEDIUM,0.0015200000489130616,false,,false,false,false,,false,false,2023-08-16T05:15:00.000Z,0
CVE-2023-4374,https://securityvulnerability.io/vulnerability/CVE-2023-4374,Unauthorized Data Access in WP Remote Users Sync Plugin for WordPress,"The WP Remote Users Sync plugin for WordPress is susceptible to unauthorized data access due to a missing capability check in the 'refresh_logs_async' function. This vulnerability impacts versions up to 1.2.11 and allows authenticated users with subscriber privileges or higher to access sensitive logs, potentially leading to unauthorized viewing and manipulation of data.",Wordpress,WP Remote Users Sync,4.3,MEDIUM,0.0006399999838322401,false,,false,false,false,,false,false,2023-08-16T05:15:00.000Z,0