Riverforest-wp Simple Blog Card — known CVE vulnerabilities
Every CVE whose affected-product data names Riverforest-wp Simple Blog Card, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2023-4035 — CVSS 5.4 (medium): The Simple Blog Card WordPress plugin before 1.31 does not validate and escape some of its shortcode attributes before outputting them back…
CVE-2023-4036 — CVSS 4.3 (medium): The Simple Blog Card WordPress plugin before 1.32 does not ensure that posts to be displayed via a shortcode are public, allowing any…