cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-1436,https://securityvulnerability.io/vulnerability/CVE-2022-1436,WPCargo Track & Trace < 6.9.5 - Reflected Cross Site Scripting,"The WPCargo Track & Trace WordPress plugin before 6.9.5 does not sanitise and escape the wpcargo_tracking_number parameter before outputting it back in the page, which could allow attackers to perform reflected Cross-Site Scripting attacks.",Wordpress,WPcargo Track & Trace,6.1,MEDIUM,0.0007999999797903001,false,,false,false,false,,false,false,2022-05-16T14:31:05.000Z,0
CVE-2022-1435,https://securityvulnerability.io/vulnerability/CVE-2022-1435,WPCargo Track & Trace < 6.9.5 - Admin+ Stored Cross Site Scripting,"The WPCargo Track & Trace WordPress plugin before 6.9.5 does not sanitize and escapes some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.",Wordpress,WPcargo Track & Trace,4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2022-05-16T14:31:03.000Z,0
CVE-2021-25003,https://securityvulnerability.io/vulnerability/CVE-2021-25003,WPCargo < 6.9.0 - Unauthenticated RCE,"The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow unauthenticated attackers to write a PHP file anywhere on the web server, leading to RCE",Wordpress,WPcargo Track & Trace,9.8,CRITICAL,0.08436000347137451,false,,false,false,true,true,false,false,2022-03-14T14:41:11.000Z,0