https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sun, 28 Jun 2026 06:00:01 +0000 https://vulnerability.circl.lu/sighting/c214462e-e0d7-47aa-8fdf-f99aa8ea3b60/export {"uuid": "c214462e-e0d7-47aa-8fdf-f99aa8ea3b60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10789", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1912", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10789\n\ud83d\udd39 Description: The WP User Profile Avatar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the wpupa_user_admin() function. This makes it possible for unauthenticated attackers to update the plugins setting which controls access to the functionality via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-01-16T03:27:22.549Z\n\ud83d\udccf Modified: 2025-01-16T03:27:22.549Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/b056cc98-3bd8-493a-bbf4-9bcee2e52d24?source=cve\n2. https://plugins.trac.wordpress.org/changeset/3222923/", "creation_timestamp": "2025-01-16T03:55:18.000000Z"} {"uuid": "c214462e-e0d7-47aa-8fdf-f99aa8ea3b60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10789", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1912", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10789\n\ud83d\udd39 Description: The WP User Profile Avatar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the wpupa_user_admin() function. This makes it possible for unauthenticated attackers to update the plugins setting which controls access to the functionality via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-01-16T03:27:22.549Z\n\ud83d\udccf Modified: 2025-01-16T03:27:22.549Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/b056cc98-3bd8-493a-bbf4-9bcee2e52d24?source=cve\n2. https://plugins.trac.wordpress.org/changeset/3222923/", "creation_timestamp": "2025-01-16T03:55:18.000000Z"} https://vulnerability.circl.lu/sighting/c214462e-e0d7-47aa-8fdf-f99aa8ea3b60/export Thu, 16 Jan 2025 03:55:18 +0000 https://vulnerability.circl.lu/sighting/6dd04ca6-ca12-4d7a-aede-b02ad7495e99/export {"uuid": "6dd04ca6-ca12-4d7a-aede-b02ad7495e99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10789", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lftg7qwu4i2c", "content": "", "creation_timestamp": "2025-01-16T04:15:31.403837Z"} {"uuid": "6dd04ca6-ca12-4d7a-aede-b02ad7495e99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10789", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lftg7qwu4i2c", "content": "", "creation_timestamp": "2025-01-16T04:15:31.403837Z"} https://vulnerability.circl.lu/sighting/6dd04ca6-ca12-4d7a-aede-b02ad7495e99/export Thu, 16 Jan 2025 04:15:31 +0000 https://vulnerability.circl.lu/sighting/9a2aa713-7417-4343-a8c1-8a0a87a5394a/export {"uuid": "9a2aa713-7417-4343-a8c1-8a0a87a5394a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10789", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lftiey4fb62g", "content": "", "creation_timestamp": "2025-01-16T04:54:14.081798Z"} {"uuid": "9a2aa713-7417-4343-a8c1-8a0a87a5394a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10789", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lftiey4fb62g", "content": "", "creation_timestamp": "2025-01-16T04:54:14.081798Z"} https://vulnerability.circl.lu/sighting/9a2aa713-7417-4343-a8c1-8a0a87a5394a/export Thu, 16 Jan 2025 04:54:14 +0000 https://vulnerability.circl.lu/sighting/f75de9bf-eb72-4c23-8ea5-f98c457b5606/export {"uuid": "f75de9bf-eb72-4c23-8ea5-f98c457b5606", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10789", "type": "seen", "source": "https://t.me/cvedetector/15568", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-10789 - \"WordPress WP User Profile Avatar CSRF\"\", \n \"Content\": \"CVE ID : CVE-2024-10789 \nPublished : Jan. 16, 2025, 4:15 a.m. | 36\u00a0minutes ago \nDescription : The WP User Profile Avatar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the wpupa_user_admin() function. This makes it possible for unauthenticated attackers to update the plugins setting which controls access to the functionality via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"16 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-16T06:11:54.000000Z"} {"uuid": "f75de9bf-eb72-4c23-8ea5-f98c457b5606", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10789", "type": "seen", "source": "https://t.me/cvedetector/15568", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-10789 - \"WordPress WP User Profile Avatar CSRF\"\", \n \"Content\": \"CVE ID : CVE-2024-10789 \nPublished : Jan. 16, 2025, 4:15 a.m. | 36\u00a0minutes ago \nDescription : The WP User Profile Avatar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the wpupa_user_admin() function. This makes it possible for unauthenticated attackers to update the plugins setting which controls access to the functionality via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"16 Jan 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-16T06:11:54.000000Z"} https://vulnerability.circl.lu/sighting/f75de9bf-eb72-4c23-8ea5-f98c457b5606/export Thu, 16 Jan 2025 06:11:54 +0000 https://vulnerability.circl.lu/sighting/d228c12e-6caf-4632-9aa4-78444ee47f06/export {"uuid": "d228c12e-6caf-4632-9aa4-78444ee47f06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10783", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-10783.yaml", "content": "", "creation_timestamp": "2025-03-24T14:32:29.000000Z"} {"uuid": "d228c12e-6caf-4632-9aa4-78444ee47f06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10783", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-10783.yaml", "content": "", "creation_timestamp": "2025-03-24T14:32:29.000000Z"} https://vulnerability.circl.lu/sighting/d228c12e-6caf-4632-9aa4-78444ee47f06/export Mon, 24 Mar 2025 14:32:29 +0000 https://vulnerability.circl.lu/sighting/b6cb3d55-7afd-485a-a3eb-523dab41f67c/export {"uuid": "b6cb3d55-7afd-485a-a3eb-523dab41f67c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10783", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3llcon67kys2t", "content": "", "creation_timestamp": "2025-03-26T21:02:12.253640Z"} {"uuid": "b6cb3d55-7afd-485a-a3eb-523dab41f67c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10783", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3llcon67kys2t", "content": "", "creation_timestamp": "2025-03-26T21:02:12.253640Z"} https://vulnerability.circl.lu/sighting/b6cb3d55-7afd-485a-a3eb-523dab41f67c/export Wed, 26 Mar 2025 21:02:12 +0000 https://vulnerability.circl.lu/sighting/52c78841-1d48-4b2b-8ef2-672882c2fe85/export {"uuid": "52c78841-1d48-4b2b-8ef2-672882c2fe85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10783", "type": "published-proof-of-concept", "source": "https://t.me/realcodeb0ss/99", "content": "This vuln is only exp when the plugin has not been connected to a MainWP Dashboard and the (Require unique sec ID) option is not enabled it is disabled by default.", "creation_timestamp": "2025-10-05T22:23:34.000000Z"} {"uuid": "52c78841-1d48-4b2b-8ef2-672882c2fe85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10783", "type": "published-proof-of-concept", "source": "https://t.me/realcodeb0ss/99", "content": "This vuln is only exp when the plugin has not been connected to a MainWP Dashboard and the (Require unique sec ID) option is not enabled it is disabled by default.", "creation_timestamp": "2025-10-05T22:23:34.000000Z"} https://vulnerability.circl.lu/sighting/52c78841-1d48-4b2b-8ef2-672882c2fe85/export Sun, 05 Oct 2025 22:23:34 +0000 https://vulnerability.circl.lu/sighting/a19c277d-fe2f-4fbc-bb96-e3655e88b057/export {"uuid": "a19c277d-fe2f-4fbc-bb96-e3655e88b057", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10783", "type": "published-proof-of-concept", "source": "Telegram/i5Zrlju0KAZ8aHUCjq1Q43eeSfN56M-sSk9BtLB59qYPcpxTKw", "content": "", "creation_timestamp": "2025-10-06T07:03:22.000000Z"} {"uuid": "a19c277d-fe2f-4fbc-bb96-e3655e88b057", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10783", "type": "published-proof-of-concept", "source": "Telegram/i5Zrlju0KAZ8aHUCjq1Q43eeSfN56M-sSk9BtLB59qYPcpxTKw", "content": "", "creation_timestamp": "2025-10-06T07:03:22.000000Z"} https://vulnerability.circl.lu/sighting/a19c277d-fe2f-4fbc-bb96-e3655e88b057/export Mon, 06 Oct 2025 07:03:22 +0000 https://vulnerability.circl.lu/sighting/c66e3c44-a806-4b7e-99d6-ee27bacd9881/export {"uuid": "c66e3c44-a806-4b7e-99d6-ee27bacd9881", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10783", "type": "published-proof-of-concept", "source": "Telegram/iObTnhRKbaYnOfdcum70MuIyrQNxigsQBPmPgPLvD6uhQUk_FpY", "content": "", "creation_timestamp": "2025-10-06T07:03:23.000000Z"} {"uuid": "c66e3c44-a806-4b7e-99d6-ee27bacd9881", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10783", "type": "published-proof-of-concept", "source": "Telegram/iObTnhRKbaYnOfdcum70MuIyrQNxigsQBPmPgPLvD6uhQUk_FpY", "content": "", "creation_timestamp": "2025-10-06T07:03:23.000000Z"} https://vulnerability.circl.lu/sighting/c66e3c44-a806-4b7e-99d6-ee27bacd9881/export Mon, 06 Oct 2025 07:03:23 +0000 https://vulnerability.circl.lu/sighting/c740ef2f-7a79-42bb-8450-6cd630459459/export {"uuid": "c740ef2f-7a79-42bb-8450-6cd630459459", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10783", "type": "published-proof-of-concept", "source": "Telegram/jA_DVqzBvok8aKl8FI4XVxK1MiLBtMNjqSSXDCz-9nD09y8V", "content": "", "creation_timestamp": "2025-10-06T07:03:35.000000Z"} {"uuid": "c740ef2f-7a79-42bb-8450-6cd630459459", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10783", "type": "published-proof-of-concept", "source": "Telegram/jA_DVqzBvok8aKl8FI4XVxK1MiLBtMNjqSSXDCz-9nD09y8V", "content": "", "creation_timestamp": "2025-10-06T07:03:35.000000Z"} https://vulnerability.circl.lu/sighting/c740ef2f-7a79-42bb-8450-6cd630459459/export Mon, 06 Oct 2025 07:03:35 +0000