cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-2601,https://securityvulnerability.io/vulnerability/CVE-2023-2601,WP Brutal AI < 2.0.0 - SQL Injection via CSRF,"The WP Brutal AI plugin for WordPress, prior to version 2.0.0, is susceptible to SQL injection due to improper sanitization and escaping of a parameter utilized in an SQL statement. This vulnerability can be exploited by an administrator via Cross-Site Request Forgery (CSRF), potentially allowing unauthorized access to the database and associated data manipulation. Operators of WordPress sites using this plugin should apply the latest updates to mitigate the risks associated with this vulnerability.",Wordpress,WPbrutalai,9.8,CRITICAL,0.007029999978840351,false,,false,false,false,,false,false,2023-06-27T14:15:00.000Z,0
CVE-2023-2605,https://securityvulnerability.io/vulnerability/CVE-2023-2605,WP Brutal AI < 2.0.1 - Admin+ Reflected XSS,"The wpbrutalai WordPress plugin before 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin.",Wordpress,WPbrutalai,6.1,MEDIUM,0.0019199999514967203,false,,false,false,false,,false,false,2023-06-27T14:15:00.000Z,0