cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-1759,https://securityvulnerability.io/vulnerability/CVE-2024-1759,Stored Cross-Site Scripting Vulnerability in WP ULike Marketing Toolkit Plugin,"The WP ULike – Most Advanced WordPress Marketing Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,WP Ulike – Most Advanced WordPress Marketing Toolkit,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-02T16:52:44.047Z,0
CVE-2024-1797,https://securityvulnerability.io/vulnerability/CVE-2024-1797,SQL Injection Vulnerability in WP ULike Marketing Toolkit Plugin,"The WP ULike – Most Advanced WordPress Marketing Toolkit plugin for WordPress is susceptible to SQL Injection vulnerabilities through the 'status' and 'id' parameters in the 'wp_ulike_counter' and 'wp_ulike' shortcodes. This vulnerability affects all versions up to and including 4.6.9, stemming from inadequate parameter escaping and poor SQL query preparation. Consequently, authenticated users with contributor-level access can inject arbitrary SQL queries into existing queries, potentially leading to the extraction of sensitive information from the database.",Wordpress,WP Ulike – Most Advanced WordPress Marketing Toolkit,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-02T16:52:42.452Z,0
CVE-2024-1572,https://securityvulnerability.io/vulnerability/CVE-2024-1572,Stored Cross-Site Scripting Vulnerability in WP ULike by WordPress,"The WP ULike plugin for WordPress has a vulnerability that allows authenticated attackers with contributor-level access and above to exploit the 'wp_ulike' shortcode. Insufficient input sanitization and output escaping on the 'wrapper_class' attribute make it possible for attackers to inject malicious web scripts. These scripts can execute when a user visits an affected page, enabling various forms of attacks such as data theft and session hijacking.",Wordpress,WP Ulike – Most Advanced WordPress Marketing Toolkit,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-02T16:52:04.349Z,0
CVE-2023-45640,https://securityvulnerability.io/vulnerability/CVE-2023-45640,WordPress WP ULike Plugin <= 4.6.8 is vulnerable to Cross Site Scripting (XSS),Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TechnoWich WP ULike – Most Advanced WordPress Marketing Toolkit plugin <= 4.6.8 versions.,Wordpress,WP ULike – Most Advanced WordPress Marketing Toolkit,5.4,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2023-10-25T18:17:00.000Z,0