{"vulnerability": "CVE-2024-1018", "sightings": [{"uuid": "5c32650f-3c67-4ee4-98ae-752881f8580f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10186", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113436087340349314", "content": "", "creation_timestamp": "2024-11-06T12:50:02.316627Z"}, {"uuid": "a625926e-34ae-486d-adad-42233b1b2fc6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10187", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113446653826192720", "content": "", "creation_timestamp": "2024-11-08T09:36:01.038053Z"}, {"uuid": "47ee8c30-1fc4-48c4-ad90-c687cbc7be30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10184", "type": "seen", "source": "https://t.me/cvedetector/9292", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10184 - StreamWeasels Kick Integration WordPress Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10184 \nPublished : Oct. 29, 2024, 11:15 a.m. | 41\u00a0minutes ago \nDescription : The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sw-kick-embed shortcode in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-29T13:05:56.000000Z"}, {"uuid": "10e05451-277d-4efb-9e6c-0e4853dca3c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10182", "type": "seen", "source": "https://t.me/cvedetector/12724", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10182 - Apache Cognito Forms Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10182 \nPublished : Dec. 12, 2024, 5:15 a.m. | 43\u00a0minutes ago \nDescription : The Cognito Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 2.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T07:08:14.000000Z"}, {"uuid": "7b9f6ae1-af9e-429f-a20a-05b2631e58c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10185", "type": "seen", "source": "https://t.me/cvedetector/9291", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10185 - StreamWeasels YouTube Integration Plugin Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10185 \nPublished : Oct. 29, 2024, 11:15 a.m. | 41\u00a0minutes ago \nDescription : The StreamWeasels YouTube Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sw-youtube-embed shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-29T13:05:56.000000Z"}, {"uuid": "59972566-e2e5-4531-8c1b-db98fa26bb52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10189", "type": "seen", "source": "https://t.me/cvedetector/8605", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10189 - Spotify for Podcasters Anchor Episodes Index Stored Cross-Site Scripting Vulnerability in WordPress Plugin\", \n  \"Content\": \"CVE ID : CVE-2024-10189 \nPublished : Oct. 22, 2024, 10:15 a.m. | 36\u00a0minutes ago \nDescription : The Anchor Episodes Index (Spotify for Podcasters) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's anchor_episodes shortcode in all versions up to, and including, 2.1.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-22T12:56:47.000000Z"}, {"uuid": "ffc89cad-ae85-459d-acb0-493387a86f50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10187", "type": "seen", "source": "https://t.me/cvedetector/10191", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10187 - MyCred Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10187 \nPublished : Nov. 8, 2024, 10:15 a.m. | 39\u00a0minutes ago \nDescription : The myCred \u2013 Loyalty Points and Rewards plugin for WordPress and WooCommerce \u2013 Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mycred_link shortcode in all versions up to, and including, 2.7.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-08T12:10:22.000000Z"}, {"uuid": "23b92cd5-f95d-4c99-a233-0fbf6dc47116", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10180", "type": "seen", "source": "https://t.me/cvedetector/8801", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10180 - WordPress Contact Form 7 - Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10180 \nPublished : Oct. 24, 2024, 1:15 p.m. | 40\u00a0minutes ago \nDescription : The Contact Form 7 \u2013 Repeatable Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's field_group shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-24T15:58:57.000000Z"}, {"uuid": "5dc7750f-81e5-42b7-9703-05c030be6487", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10181", "type": "seen", "source": "https://t.me/cvedetector/9306", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10181 - \"WordPress Newsletters Plugin Stored Cross-Site Scripting Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-10181 \nPublished : Oct. 29, 2024, 12:15 p.m. | 33\u00a0minutes ago \nDescription : The Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's newsletters_video shortcode in all versions up to, and including, 4.9.9.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-29T13:56:24.000000Z"}, {"uuid": "a721d1dc-aa4c-48e2-9643-74db60e9be98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10186", "type": "seen", "source": "https://t.me/cvedetector/10004", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10186 - WordPress Event Post Stored Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2024-10186 \nPublished : Nov. 6, 2024, 1:15 p.m. | 40\u00a0minutes ago \nDescription : The Event post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's events_cal shortcode in all versions up to, and including, 5.9.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-06T14:59:45.000000Z"}, {"uuid": "4180ad2c-921c-493c-b412-5ebbb8b35536", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1018", "type": "seen", "source": "https://t.me/ctinow/189561", "content": "https://ift.tt/Rp3QrY1\nCVE-2024-1018 | PbootCMS 3.2.5-20230421 name cross site scripting", "creation_timestamp": "2024-02-21T13:07:06.000000Z"}, {"uuid": "e6cd157e-db33-4a91-aa0c-35c96d24d492", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10183", "type": "seen", "source": "https://t.me/cvedetector/8639", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10183 - Jamf Pro: Privilege Escalation Vulnerability in Jamf Remote Assist Tool\", \n  \"Content\": \"CVE ID : CVE-2024-10183 \nPublished : Oct. 22, 2024, 6:15 p.m. | 44\u00a0minutes ago \nDescription : A vulnerability in Jamf Pro's Jamf Remote Assist tool allows a local, non-privileged user to escalate their privileges to root on MacOS systems. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-22T21:18:51.000000Z"}, {"uuid": "e3943dd5-4f89-45de-a2a6-afbd7fdf3f14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1018", "type": "seen", "source": "https://t.me/ctinow/175537", "content": "https://ift.tt/AzQp0hU\nCVE-2024-1018", "creation_timestamp": "2024-01-29T21:21:37.000000Z"}, {"uuid": "a0735689-0aa3-4ae3-abdd-a2cd3ca69048", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1018", "type": "seen", "source": "https://t.me/ctinow/179498", "content": "https://ift.tt/Ilq7S2V\nCVE-2024-1018 Exploit", "creation_timestamp": "2024-02-05T21:16:40.000000Z"}]}