The edit/ URI in Datenstrom Yellow 0.7.3 has CSRF via a delete action that can delete articles. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
CSRF
Yellow
NVD
GitHub
CVSS 3.0
6.5
EPSS
0.5%
The Tagregator plugin 0.6 for WordPress has stored XSS via the title field in an Add New action. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
WordPress
XSS
Tagregator
NVD
Exploit-DB
CVSS 3.0
4.8
EPSS
1.9%