cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2023-6529,https://securityvulnerability.io/vulnerability/CVE-2023-6529,XSS Vulnerability in WP VR Plugin by WordPress,"The WP VR plugin for WordPress, prior to version 8.3.15, is susceptible to a serious vulnerability that allows unauthenticated users to bypass authorization and execute CSRF attacks. This flaw enables unauthorized individuals to downgrade the plugin to earlier versions, which are known to contain Cross-Site Scripting (XSS) vulnerabilities. As a result, threat actors may exploit this issue to inject malicious scripts that could either be reflected or stored, compromising the integrity of the affected site.",Wordpress,WP Vr,6.1,MEDIUM,0.0005099999834783375,false,,false,false,false,,false,false,2024-01-08T19:15:00.000Z,0 CVE-2023-1414,https://securityvulnerability.io/vulnerability/CVE-2023-1414,WP VR < 8.3.0 - Subscriber+ Arbitrary Tour Update,"The WP VR WordPress plugin before 8.3.0 does not have authorisation and CSRF checks in various AJAX actions, one in particular could allow any authenticated users, such as subscriber to update arbitrary tours",Wordpress,WP VR,4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2023-04-24T19:15:00.000Z,0 CVE-2023-1413,https://securityvulnerability.io/vulnerability/CVE-2023-1413,WP VR < 8.2.9 - Reflected XSS,"The WP VR WordPress plugin before 8.2.9 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin",Wordpress,WP VR,6.1,MEDIUM,0.0007600000244565308,false,,false,false,false,,false,false,2023-04-17T13:15:00.000Z,0 CVE-2023-25708,https://securityvulnerability.io/vulnerability/CVE-2023-25708,WordPress WP VR – 360 Panorama and Virtual Tour Builder For WordPress Plugin <= 8.2.7 is vulnerable to Cross Site Request Forgery (CSRF),"A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Rextheme WP VR – 360 Panorama and Virtual Tour Builder plugin, affecting all versions up to 8.2.7. This weakness allows attackers to send unauthorized commands on behalf of users without their consent, potentially compromising user data and site integrity. Users are encouraged to take immediate action by updating the plugin to safeguard their WordPress installations.",Wordpress,WP VR – 360 Panorama and Virtual Tour Builder For WordPress,8.8,HIGH,0.0010300000431016088,false,,false,false,false,,false,false,2023-03-15T11:15:00.000Z,0 CVE-2023-0174,https://securityvulnerability.io/vulnerability/CVE-2023-0174,WP VR < 8.2.7 - Contributor+ Stored XSS,"The WP VR WordPress plugin before 8.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.",Wordpress,WP VR,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2023-02-06T20:15:00.000Z,0