<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Fri, 03 Jul 2026 19:23:49 +0000</lastBuildDate>
    <item>
      <title>d3373243-7045-4ef7-a799-fb78f3d2c58b</title>
      <link>https://vulnerability.circl.lu/sighting/d3373243-7045-4ef7-a799-fb78f3d2c58b/export</link>
      <description>{"uuid": "d3373243-7045-4ef7-a799-fb78f3d2c58b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12044", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8212", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12044\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: A remote code execution vulnerability exists in open-mmlab/mmdetection version v3.3.0. The vulnerability is due to the use of the `pickle.loads()` function in the `all_reduce_dict()` distributed training API without proper sanitization. This allows an attacker to execute arbitrary code by broadcasting a malicious payload to the distributed training network.\n\ud83d\udccf Published: 2025-03-20T10:10:03.510Z\n\ud83d\udccf Modified: 2025-03-20T14:36:03.940Z\n\ud83d\udd17 References:\n1. https://huntr.com/bounties/f7e4fc32-e167-49fb-9fc7-f092b9c27e8a", "creation_timestamp": "2025-03-20T15:18:24.000000Z"}</description>
      <content:encoded>{"uuid": "d3373243-7045-4ef7-a799-fb78f3d2c58b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12044", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8212", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12044\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: A remote code execution vulnerability exists in open-mmlab/mmdetection version v3.3.0. The vulnerability is due to the use of the `pickle.loads()` function in the `all_reduce_dict()` distributed training API without proper sanitization. This allows an attacker to execute arbitrary code by broadcasting a malicious payload to the distributed training network.\n\ud83d\udccf Published: 2025-03-20T10:10:03.510Z\n\ud83d\udccf Modified: 2025-03-20T14:36:03.940Z\n\ud83d\udd17 References:\n1. https://huntr.com/bounties/f7e4fc32-e167-49fb-9fc7-f092b9c27e8a", "creation_timestamp": "2025-03-20T15:18:24.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/d3373243-7045-4ef7-a799-fb78f3d2c58b/export</guid>
      <pubDate>Thu, 20 Mar 2025 15:18:24 +0000</pubDate>
    </item>
    <item>
      <title>8335ef12-3ff9-4955-ae57-05dc6a405cb7</title>
      <link>https://vulnerability.circl.lu/sighting/8335ef12-3ff9-4955-ae57-05dc6a405cb7/export</link>
      <description>{"uuid": "8335ef12-3ff9-4955-ae57-05dc6a405cb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12044", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lksmheps2e2v", "content": "", "creation_timestamp": "2025-03-20T11:40:29.037075Z"}</description>
      <content:encoded>{"uuid": "8335ef12-3ff9-4955-ae57-05dc6a405cb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12044", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lksmheps2e2v", "content": "", "creation_timestamp": "2025-03-20T11:40:29.037075Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/8335ef12-3ff9-4955-ae57-05dc6a405cb7/export</guid>
      <pubDate>Thu, 20 Mar 2025 11:40:29 +0000</pubDate>
    </item>
    <item>
      <title>e8de8ba7-4f65-43f8-8e55-db8f910d59c6</title>
      <link>https://vulnerability.circl.lu/sighting/e8de8ba7-4f65-43f8-8e55-db8f910d59c6/export</link>
      <description>{"uuid": "e8de8ba7-4f65-43f8-8e55-db8f910d59c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12048", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8199", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12048\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: An IDOR (Insecure Direct Object Reference) vulnerability exists in transformeroptimus/superagi version v0.0.14. The application fails to properly check authorization for multiple API endpoints, allowing attackers to view, edit, and delete other users' information without proper authorization. Affected endpoints include but are not limited to /get/project/{project_id}, /get/schedule_data/{agent_id}, /delete/{agent_id}, /get/organisation/{organisation_id}, and /get/user/{user_id}.\n\ud83d\udccf Published: 2025-03-20T10:11:27.726Z\n\ud83d\udccf Modified: 2025-03-20T10:11:27.726Z\n\ud83d\udd17 References:\n1. https://huntr.com/bounties/6def3e3a-c443-44bb-b20e-3e69b48f37dc", "creation_timestamp": "2025-03-20T10:19:42.000000Z"}</description>
      <content:encoded>{"uuid": "e8de8ba7-4f65-43f8-8e55-db8f910d59c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12048", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8199", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12048\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: An IDOR (Insecure Direct Object Reference) vulnerability exists in transformeroptimus/superagi version v0.0.14. The application fails to properly check authorization for multiple API endpoints, allowing attackers to view, edit, and delete other users' information without proper authorization. Affected endpoints include but are not limited to /get/project/{project_id}, /get/schedule_data/{agent_id}, /delete/{agent_id}, /get/organisation/{organisation_id}, and /get/user/{user_id}.\n\ud83d\udccf Published: 2025-03-20T10:11:27.726Z\n\ud83d\udccf Modified: 2025-03-20T10:11:27.726Z\n\ud83d\udd17 References:\n1. https://huntr.com/bounties/6def3e3a-c443-44bb-b20e-3e69b48f37dc", "creation_timestamp": "2025-03-20T10:19:42.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/e8de8ba7-4f65-43f8-8e55-db8f910d59c6/export</guid>
      <pubDate>Thu, 20 Mar 2025 10:19:42 +0000</pubDate>
    </item>
    <item>
      <title>ea7e5fae-e9d9-44dd-946b-e780d50d5d81</title>
      <link>https://vulnerability.circl.lu/sighting/ea7e5fae-e9d9-44dd-946b-e780d50d5d81/export</link>
      <description>{"uuid": "ea7e5fae-e9d9-44dd-946b-e780d50d5d81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12043", "type": "seen", "source": "Telegram/YMCv5dMQxodcWu4TdnyjLFwpFk0jY6Qur6jrHl0dBqx_tOWG", "content": "", "creation_timestamp": "2025-02-06T02:44:20.000000Z"}</description>
      <content:encoded>{"uuid": "ea7e5fae-e9d9-44dd-946b-e780d50d5d81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12043", "type": "seen", "source": "Telegram/YMCv5dMQxodcWu4TdnyjLFwpFk0jY6Qur6jrHl0dBqx_tOWG", "content": "", "creation_timestamp": "2025-02-06T02:44:20.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/ea7e5fae-e9d9-44dd-946b-e780d50d5d81/export</guid>
      <pubDate>Thu, 06 Feb 2025 02:44:20 +0000</pubDate>
    </item>
    <item>
      <title>b1c26d75-4b91-4b0b-9abf-590d2427ec7c</title>
      <link>https://vulnerability.circl.lu/sighting/b1c26d75-4b91-4b0b-9abf-590d2427ec7c/export</link>
      <description>{"uuid": "b1c26d75-4b91-4b0b-9abf-590d2427ec7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12046", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhdmj5taqt2b", "content": "", "creation_timestamp": "2025-02-04T08:15:56.452087Z"}</description>
      <content:encoded>{"uuid": "b1c26d75-4b91-4b0b-9abf-590d2427ec7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12046", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhdmj5taqt2b", "content": "", "creation_timestamp": "2025-02-04T08:15:56.452087Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/b1c26d75-4b91-4b0b-9abf-590d2427ec7c/export</guid>
      <pubDate>Tue, 04 Feb 2025 08:15:56 +0000</pubDate>
    </item>
    <item>
      <title>e2cc80b3-5201-4528-bffe-a9ab5d5218b3</title>
      <link>https://vulnerability.circl.lu/sighting/e2cc80b3-5201-4528-bffe-a9ab5d5218b3/export</link>
      <description>{"uuid": "e2cc80b3-5201-4528-bffe-a9ab5d5218b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12046", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113944437736684051", "content": "", "creation_timestamp": "2025-02-04T07:29:00.757521Z"}</description>
      <content:encoded>{"uuid": "e2cc80b3-5201-4528-bffe-a9ab5d5218b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12046", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113944437736684051", "content": "", "creation_timestamp": "2025-02-04T07:29:00.757521Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/e2cc80b3-5201-4528-bffe-a9ab5d5218b3/export</guid>
      <pubDate>Tue, 04 Feb 2025 07:29:00 +0000</pubDate>
    </item>
    <item>
      <title>2c9aad92-5900-41f4-9c38-fdd25287afb6</title>
      <link>https://vulnerability.circl.lu/sighting/2c9aad92-5900-41f4-9c38-fdd25287afb6/export</link>
      <description>{"uuid": "2c9aad92-5900-41f4-9c38-fdd25287afb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12041", "type": "seen", "source": "https://t.me/cvedetector/16996", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12041 - Directorist WordPress Business Directory Plugin Information Exposure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12041 \nPublished : Feb. 1, 2025, 6:15 a.m. | 21\u00a0minutes ago \nDescription : The Directorist: AI-Powered WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 8.0.12 via the /wp-json/directorist/v1/users/ endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including including usernames, email addresses, names, and more information about users. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-01T08:07:22.000000Z"}</description>
      <content:encoded>{"uuid": "2c9aad92-5900-41f4-9c38-fdd25287afb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12041", "type": "seen", "source": "https://t.me/cvedetector/16996", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12041 - Directorist WordPress Business Directory Plugin Information Exposure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12041 \nPublished : Feb. 1, 2025, 6:15 a.m. | 21\u00a0minutes ago \nDescription : The Directorist: AI-Powered WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 8.0.12 via the /wp-json/directorist/v1/users/ endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including including usernames, email addresses, names, and more information about users. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-01T08:07:22.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/2c9aad92-5900-41f4-9c38-fdd25287afb6/export</guid>
      <pubDate>Sat, 01 Feb 2025 08:07:22 +0000</pubDate>
    </item>
    <item>
      <title>795ec7f1-3f1f-4825-9a6f-133dd7ba39e6</title>
      <link>https://vulnerability.circl.lu/sighting/795ec7f1-3f1f-4825-9a6f-133dd7ba39e6/export</link>
      <description>{"uuid": "795ec7f1-3f1f-4825-9a6f-133dd7ba39e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12041", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lh3z46xisq2u", "content": "", "creation_timestamp": "2025-02-01T07:40:03.553196Z"}</description>
      <content:encoded>{"uuid": "795ec7f1-3f1f-4825-9a6f-133dd7ba39e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12041", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lh3z46xisq2u", "content": "", "creation_timestamp": "2025-02-01T07:40:03.553196Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/795ec7f1-3f1f-4825-9a6f-133dd7ba39e6/export</guid>
      <pubDate>Sat, 01 Feb 2025 07:40:03 +0000</pubDate>
    </item>
    <item>
      <title>fdc9d759-e8d8-45af-a9be-e5e70da003ee</title>
      <link>https://vulnerability.circl.lu/sighting/fdc9d759-e8d8-45af-a9be-e5e70da003ee/export</link>
      <description>{"uuid": "fdc9d759-e8d8-45af-a9be-e5e70da003ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12041", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3742", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12041\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-01T06:15:29.527\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/changeset/3208874/directorist/tags/8.0.9/includes/rest-api/Version1/class-users-controller.php\n2. https://plugins.trac.wordpress.org/changeset/3231156/directorist/tags/8.1/includes/rest-api/Version1/class-users-controller.php\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/0d9817ff-ca56-4941-97bc-f26defe7ddd5?source=cve", "creation_timestamp": "2025-02-01T07:25:46.000000Z"}</description>
      <content:encoded>{"uuid": "fdc9d759-e8d8-45af-a9be-e5e70da003ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12041", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3742", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12041\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-01T06:15:29.527\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/changeset/3208874/directorist/tags/8.0.9/includes/rest-api/Version1/class-users-controller.php\n2. https://plugins.trac.wordpress.org/changeset/3231156/directorist/tags/8.1/includes/rest-api/Version1/class-users-controller.php\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/0d9817ff-ca56-4941-97bc-f26defe7ddd5?source=cve", "creation_timestamp": "2025-02-01T07:25:46.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/fdc9d759-e8d8-45af-a9be-e5e70da003ee/export</guid>
      <pubDate>Sat, 01 Feb 2025 07:25:46 +0000</pubDate>
    </item>
    <item>
      <title>f4aa832b-75d8-460b-8b10-73c224bfd84a</title>
      <link>https://vulnerability.circl.lu/sighting/f4aa832b-75d8-460b-8b10-73c224bfd84a/export</link>
      <description>{"uuid": "f4aa832b-75d8-460b-8b10-73c224bfd84a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12041", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3721", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12041\n\ud83d\udd25 CVSS Score: 5.3 (CVSS_V3)\n\ud83d\udd39 Description: The Directorist: AI-Powered WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 8.0.12 via the /wp-json/directorist/v1/users/ endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including including usernames, email addresses, names, and more information about users.\n\ud83d\udccf Published: 2025-02-01T06:31:01Z\n\ud83d\udccf Modified: 2025-02-01T06:31:01Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-12041\n2. https://plugins.trac.wordpress.org/changeset/3208874/directorist/tags/8.0.9/includes/rest-api/Version1/class-users-controller.php\n3. https://plugins.trac.wordpress.org/changeset/3231156/directorist/tags/8.1/includes/rest-api/Version1/class-users-controller.php\n4. https://www.wordfence.com/threat-intel/vulnerabilities/id/0d9817ff-ca56-4941-97bc-f26defe7ddd5?source=cve", "creation_timestamp": "2025-02-01T07:16:13.000000Z"}</description>
      <content:encoded>{"uuid": "f4aa832b-75d8-460b-8b10-73c224bfd84a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12041", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3721", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12041\n\ud83d\udd25 CVSS Score: 5.3 (CVSS_V3)\n\ud83d\udd39 Description: The Directorist: AI-Powered WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 8.0.12 via the /wp-json/directorist/v1/users/ endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including including usernames, email addresses, names, and more information about users.\n\ud83d\udccf Published: 2025-02-01T06:31:01Z\n\ud83d\udccf Modified: 2025-02-01T06:31:01Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-12041\n2. https://plugins.trac.wordpress.org/changeset/3208874/directorist/tags/8.0.9/includes/rest-api/Version1/class-users-controller.php\n3. https://plugins.trac.wordpress.org/changeset/3231156/directorist/tags/8.1/includes/rest-api/Version1/class-users-controller.php\n4. https://www.wordfence.com/threat-intel/vulnerabilities/id/0d9817ff-ca56-4941-97bc-f26defe7ddd5?source=cve", "creation_timestamp": "2025-02-01T07:16:13.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/f4aa832b-75d8-460b-8b10-73c224bfd84a/export</guid>
      <pubDate>Sat, 01 Feb 2025 07:16:13 +0000</pubDate>
    </item>
  </channel>
</rss>
