{"vulnerability": "CVE-2024-1054", "sightings": [{"uuid": "c86f6088-463c-48e0-b864-a87f349a84e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10543", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113434669687004902", "content": "", "creation_timestamp": "2024-11-06T06:48:17.776234Z"}, {"uuid": "ea9465b1-4b72-497f-9a47-2ab982021e99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10543", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113434682275255258", "content": "", "creation_timestamp": "2024-11-06T06:51:29.647059Z"}, {"uuid": "62de7894-7cb3-436c-b484-5ea1c4385eac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10547", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113451845298617004", "content": "", "creation_timestamp": "2024-11-09T07:36:16.618642Z"}, {"uuid": "a922ddc4-28d3-4900-b20c-d2211eb34e9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10542", "type": "seen", "source": "https://infosec.exchange/users/jbhall56/statuses/113549601738257414", "content": "", "creation_timestamp": "2024-11-26T13:57:01.457355Z"}, {"uuid": "39510477-fe2b-4a7f-96a3-7a6bc7f2c6b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10542", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113547632635979131", "content": "", "creation_timestamp": "2024-11-26T05:36:16.020474Z"}, {"uuid": "1b926f7e-393c-4fe5-9a02-86252ca1293b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10542", "type": "seen", "source": "https://mstdn.ca/users/rfwaveio/statuses/113555661056371693", "content": "", "creation_timestamp": "2024-11-27T15:38:09.096993Z"}, {"uuid": "486842a9-6069-403b-b921-2f6f9d818baf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10542", "type": "seen", "source": "https://thehackernews.com/2024/11/critical-wordpress-anti-spam-plugin.html", "content": "", "creation_timestamp": "2024-11-26T12:23:00.000000Z"}, {"uuid": "760a2623-7070-48a0-bf4b-9a520b95e19d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10548", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113677125826957444", "content": "", "creation_timestamp": "2024-12-19T02:28:04.813810Z"}, {"uuid": "67348950-0289-4ccd-8b83-1734b9323b51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10541", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf6kzhlpuf2m", "content": "", "creation_timestamp": "2025-01-07T21:15:34.221729Z"}, {"uuid": "ae053408-70aa-47b3-8291-6e35ef134f42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10541", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf6mbjrfpj2e", "content": "", "creation_timestamp": "2025-01-07T21:37:58.814878Z"}, {"uuid": "f9c08749-02ab-4d9d-bc04-428bdce5036b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10542", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9202", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-10542 Missing Authorization (CWE-862)\nURL\uff1ahttps://github.com/FoKiiin/CVE-2024-10542\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-11-27T16:55:04.000000Z"}, {"uuid": "d9d79453-54ec-4258-b86d-7e045efabdef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10541", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/573", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10541\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: N/A\n\ud83d\udccf Modified: 2025-01-07T21:07:43.205Z\n\ud83d\udd17 References:\nNo references available.", "creation_timestamp": "2025-01-07T21:38:18.000000Z"}, {"uuid": "62fb8d3e-7e6a-41c1-bf7f-d97d43143034", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10545", "type": "seen", "source": "https://t.me/cvedetector/18854", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10545 - The Photo Gallery WordPress Stored Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-10545 \nPublished : Feb. 25, 2025, 6:15 a.m. | 1\u00a0hour, 13\u00a0minutes ago \nDescription : The Photo Gallery, Sliders, Proofing and   WordPress plugin before 3.59.9 does not sanitise and escape some of its Image settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-25T09:00:52.000000Z"}, {"uuid": "a8d1aca7-ff4a-4fd8-872d-c6cc0e49185a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1054", "type": "seen", "source": "Telegram/x1X6-OsI51GwsoabuNJvUM0mruycu5pkpyjsoPdXy4EPRZxl", "content": "", "creation_timestamp": "2025-02-06T02:44:19.000000Z"}, {"uuid": "2d62dc7f-fdb7-4f3a-ac3b-77d408e270b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10545", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5252", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10545\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Photo Gallery, Sliders, Proofing and   WordPress plugin before 3.59.9 does not sanitise and escape some of its Image settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)\n\ud83d\udccf Published: 2025-02-25T06:00:05.291Z\n\ud83d\udccf Modified: 2025-02-25T06:00:05.291Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/e969e5f8-17cb-489b-988d-cae31719da36/", "creation_timestamp": "2025-02-25T06:22:09.000000Z"}, {"uuid": "52b87648-6f2d-40c7-96fd-a6dfb0e3b1d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10549", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8191", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10549\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: A vulnerability in the `/3/Parse` endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service (DoS) attack. The endpoint uses a user-specified string to construct a regular expression, which is then applied to another user-specified string. By sending multiple simultaneous requests, an attacker can exhaust all available threads, leading to a complete denial of service.\n\ud83d\udccf Published: 2025-03-20T10:11:32.621Z\n\ud83d\udccf Modified: 2025-03-20T10:11:32.621Z\n\ud83d\udd17 References:\n1. https://huntr.com/bounties/ce7bd2d6-fd38-440d-a91a-dd8f3fc06bc2", "creation_timestamp": "2025-03-20T10:19:33.000000Z"}, {"uuid": "9a7c5cf7-485b-497f-b0e5-4b5c5c42e08d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10548", "type": "seen", "source": "https://t.me/cvedetector/13301", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10548 - WordPress Project Manager Sensitive Information Exposure\", \n  \"Content\": \"CVE ID : CVE-2024-10548 \nPublished : Dec. 19, 2024, 2:15 a.m. | 40\u00a0minutes ago \nDescription : The WP Project Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.15 via the Project Task List ('/wp-json/pm/v2/projects/1/task-lists') REST API endpoint. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive data including the hashed passwords of project owners (e.g. adminstrators). \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-19T03:55:47.000000Z"}, {"uuid": "69415879-e20e-4bc5-9988-fe27af3ee13a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10547", "type": "seen", "source": "https://t.me/cvedetector/10284", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10547 - \"Wordpress WP Membership Unauthenticated Arbitrary File Upload Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-10547 \nPublished : Nov. 9, 2024, 8:15 a.m. | 39\u00a0minutes ago \nDescription : The WP Membership plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the user_profile_image_upload() function in all versions up to, and including, 1.6.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-09T09:56:30.000000Z"}, {"uuid": "fb3936c4-48ee-49cf-8cc3-8efd06c687c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10540", "type": "seen", "source": "https://t.me/cvedetector/9637", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10540 - BookingPress WordPress SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10540 \nPublished : Nov. 2, 2024, 2:15 a.m. | 29\u00a0minutes ago \nDescription : The Appointment Booking Calendar Plugin and Scheduling Plugin \u2013 BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'service' parameter of the bookingpress_form shortcode in all versions up to, and including, 1.1.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-02T03:53:51.000000Z"}, {"uuid": "089a16a6-3724-4f04-b258-db51c6e4f840", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10548", "type": "seen", "source": "Telegram/N4A9VuK0ADqwvHYUPXWRCxQuIuIQkIUvTt939nvqx2pacEbQ", "content": "", "creation_timestamp": "2025-02-06T02:44:19.000000Z"}, {"uuid": "a6533ff4-c702-470b-be8b-0ecd11e8fb38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10546", "type": "seen", "source": "https://t.me/cvedetector/9460", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10546 - Open-scratch Teaching V2 SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10546 \nPublished : Oct. 30, 2024, 8:15 p.m. | 24\u00a0minutes ago \nDescription : A vulnerability classified as critical was found in open-scratch Teaching \u5728\u7ebf\u6559\u5b66\u5e73\u53f0 up to 2.7. This vulnerability affects unknown code of the file /api/sys/ng-alain/getDictItemsByTable/ of the component URL Handler. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-30T21:43:21.000000Z"}, {"uuid": "6f29f43e-11f4-4db1-918c-8c8b46c2b91d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10544", "type": "seen", "source": "https://t.me/cvedetector/9484", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10544 - Woo Manage Fraud Orders WordPress Sensitive Information Exposure\", \n  \"Content\": \"CVE ID : CVE-2024-10544 \nPublished : Oct. 31, 2024, 2:15 a.m. | 43\u00a0minutes ago \nDescription : The Woo Manage Fraud Orders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.1.7 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information about users contained in the exposed log files. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-31T04:24:29.000000Z"}, {"uuid": "be1ebef5-ec0b-4911-852d-50153e233be6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10543", "type": "seen", "source": "https://t.me/cvedetector/9990", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10543 - WordPress Tumult Hype Animations Authenticated Data Access Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10543 \nPublished : Nov. 6, 2024, 7:15 a.m. | 40\u00a0minutes ago \nDescription : The Tumult Hype Animations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hypeanimations_getcontent function in all versions up to, and including, 1.9.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve animation information. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-06T09:08:39.000000Z"}, {"uuid": "987d1afc-d2eb-44cc-aac5-d379e38d208b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10542", "type": "seen", "source": "https://t.me/true_secator/6476", "content": "Defiant \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u043e \u0434\u0432\u0443\u0445 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u0445 \u0432 \u0430\u043d\u0442\u0438\u0441\u043f\u0430\u043c-\u043f\u043b\u0430\u0433\u0438\u043d\u0435 CleanTalk \u0434\u043b\u044f WordPress, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044f \u0431\u043e\u043b\u0435\u0435 200 000 \u0441\u0430\u0439\u0442\u043e\u0432.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u043a\u0430\u043a CVE-2024-10542 \u0438 CVE-2024-10781 \u0438 \u0438\u043c\u0435\u044e\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 9,8.\n\n\u041e\u0431\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c, \u043d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0438\u043c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043f\u043b\u0430\u0433\u0438\u043d\u044b, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f RCE.\n\nDefiant \u043f\u043e\u044f\u0441\u043d\u044f\u0435\u0442, \u0447\u0442\u043e CVE-2024-10542 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u043e\u0431\u0445\u043e\u0434 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438, \u0432\u043b\u0438\u044f\u044e\u0449\u0438\u0439 \u043d\u0430 \u0444\u0443\u043d\u043a\u0446\u0438\u044e \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0445 \u0432\u044b\u0437\u043e\u0432\u043e\u0432 \u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u043f\u043b\u0430\u0433\u0438\u043d\u043e\u0432, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u044e\u0449\u0438\u0439 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u044e \u0442\u043e\u043a\u0435\u043d\u043e\u0432 \u0434\u043b\u044f \u044d\u0442\u0438\u0445 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0439.\n\n\u0414\u0432\u0435 \u0434\u0440\u0443\u0433\u0438\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0438\u0441\u0445\u043e\u0434\u043d\u043e\u0433\u043e IP-\u0430\u0434\u0440\u0435\u0441\u0430 \u0438 \u0434\u043e\u043c\u0435\u043d\u043d\u043e\u0433\u043e \u0438\u043c\u0435\u043d\u0438, \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u0434\u043b\u044f \u043f\u043e\u0434\u043c\u0435\u043d\u044b IP \u0438 DNS, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0443\u043a\u0430\u0437\u0430\u0442\u044c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u0439 \u0438\u043c\u0438 IP-\u0430\u0434\u0440\u0435\u0441 \u0438 \u043f\u043e\u0434\u0434\u043e\u043c\u0435\u043d \u0438 \u043e\u0431\u043e\u0439\u0442\u0438 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u044e.\n\n\u0417\u0430\u0442\u0435\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043b\u044e\u0431\u043e\u0435 \u0438\u0437 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0439, \u0441\u0442\u043e\u044f\u0449\u0438\u0445 \u0437\u0430 \u044d\u0442\u043e\u0439 \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u0435\u043c\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0443, \u0430\u043a\u0442\u0438\u0432\u0430\u0446\u0438\u044e, \u0434\u0435\u0430\u043a\u0442\u0438\u0432\u0430\u0446\u0438\u044e \u0438\u043b\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u043f\u043b\u0430\u0433\u0438\u043d\u0430.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0432 \u043a\u043e\u043d\u0446\u0435 \u043e\u043a\u0442\u044f\u0431\u0440\u044f \u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 1 \u043d\u043e\u044f\u0431\u0440\u044f \u0441 \u0432\u044b\u043f\u0443\u0441\u043a\u043e\u043c \u0432\u0435\u0440\u0441\u0438\u0438 6.44.\n\n\u041e\u0434\u043d\u0430\u043a\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f \u0432\u0435\u0440\u0441\u0438\u044f \u043e\u043a\u0430\u0437\u0430\u043b\u0430\u0441\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439 \u043a CVE-2024-10781, \u0434\u0440\u0443\u0433\u043e\u043c\u0443 \u043c\u0435\u0442\u043e\u0434\u0443 \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 \u0442\u043e\u043a\u0435\u043d\u0430.\n\n\u041f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0442\u043e\u043a\u0435\u043d \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d \u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e\u043c \u0441\u0440\u0430\u0432\u043d\u0435\u043d\u0438\u044f \u0445\u044d\u0448\u0430 \u0441 \u043a\u043b\u044e\u0447\u043e\u043c API, \u0435\u0441\u043b\u0438 \u0432\u0435\u0431-\u0441\u0430\u0439\u0442 \u043d\u0435 \u043d\u0430\u0441\u0442\u0440\u043e\u0438\u043b \u043a\u043b\u044e\u0447 API \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0442\u043e\u043a\u0435\u043d, \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0439 \u043f\u0443\u0441\u0442\u043e\u043c\u0443 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044e \u0445\u044d\u0448\u0430.\n\n\u041a\u0430\u043a \u0438 \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u0441 \u043f\u0435\u0440\u0432\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e, \u0443\u0441\u043f\u0435\u0448\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f CVE-2024-10781 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u0438 \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043f\u043b\u0430\u0433\u0438\u043d\u044b, \u0430 \u0437\u0430\u0442\u0435\u043c \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0438\u0445 \u0434\u043b\u044f RCE.\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u0430\u044f \u0432\u0435\u0440\u0441\u0438\u044f 6.45 \u0441 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f\u043c\u0438 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u0431\u044b\u043b\u0430 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u0430 14 \u043d\u043e\u044f\u0431\u0440\u044f.\n\n\u0422\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435, \u043f\u043e\u00a0\u0434\u0430\u043d\u043d\u044b\u043c WordPress, \u0434\u043e \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0433\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u0438 \u043f\u0440\u0438\u043c\u0435\u0440\u043d\u043e \u043f\u043e\u043b\u043e\u0432\u0438\u043d\u0430 \u0430\u043a\u0442\u0438\u0432\u043d\u044b\u0445 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043e\u043a \u043f\u043b\u0430\u0433\u0438\u043d\u0430 \u043d\u0435 \u0438\u043c\u0435\u044e\u0442 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438.\n\n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 6.45 \u0438\u043b\u0438 \u0436\u0435 \u0441\u0442\u0430\u0442\u044c \u0447\u0430\u0441\u0442\u044c\u044e \u043d\u0430\u043c\u0435\u0447\u0430\u044e\u0449\u0435\u0439\u0441\u044f \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043c\u0443\u0434\u0430\u043a\u043e\u0432.", "creation_timestamp": "2024-11-26T19:00:06.000000Z"}, {"uuid": "1c38272f-6fb3-4e21-b0e2-31aff8a3a67e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1054", "type": "seen", "source": "https://t.me/ctinow/199020", "content": "https://ift.tt/Cw3XbTY\nCVE-2024-1054 | Booster for WooCommerce Plugin up to 7.1.6 on WordPress cross site scripting", "creation_timestamp": "2024-03-04T06:42:05.000000Z"}, {"uuid": "b2466b55-d9e7-441b-b026-42d9e1bbec20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10542", "type": "published-proof-of-concept", "source": "Telegram/ir8fz_LeIMyJdioGXHcZ5flDUiy-bVJJMbt_K53XI6bhxA", "content": "", "creation_timestamp": "2024-11-27T01:06:36.000000Z"}]}