{"vulnerability": "CVE-2024-1055", "sightings": [{"uuid": "68aab142-f5dc-4db9-89cb-da9ed643f772", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10551", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113604384125649198", "content": "", "creation_timestamp": "2024-12-06T06:08:54.589290Z"}, {"uuid": "8fc6391a-34e7-4688-972b-5fe87ac5220a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10555", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113683628327672465", "content": "", "creation_timestamp": "2024-12-20T06:01:45.871316Z"}, {"uuid": "1b74472c-97f0-4e02-a50b-ee6ad1cbf4ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10555", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ldpqdpjsbe2b", "content": "", "creation_timestamp": "2024-12-20T06:15:40.028598Z"}, {"uuid": "dbf52966-9fa5-4653-8037-e7e0e390aea7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10552", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113887647758070907", "content": "", "creation_timestamp": "2025-01-25T06:46:35.450656Z"}, {"uuid": "d7f840b2-b46a-4436-b851-7a645044a12a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10558", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ll4kmpfvwv2m", "content": "", "creation_timestamp": "2025-03-24T10:34:19.784138Z"}, {"uuid": "198c6e53-91b8-479c-9912-d7eb93728a81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10553", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lyes4zoyps27", "content": "", "creation_timestamp": "2025-09-09T03:37:30.043636Z"}, {"uuid": "32c56716-ec5d-452e-b20d-d687858e2b21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10553", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lksmgyieme2u", "content": "", "creation_timestamp": "2025-03-20T11:40:14.712276Z"}, {"uuid": "8292ca87-d495-437c-b763-a59bca94feea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10553", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3ly2n3nag2s2b", "content": "", "creation_timestamp": "2025-09-05T02:40:36.964498Z"}, {"uuid": "a43f06eb-94bf-4547-9d93-b47433885add", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10555", "type": "seen", "source": "https://t.me/cvedetector/13411", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10555 - WordPress Button Plugin MaxButtons Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10555 \nPublished : Dec. 20, 2024, 6:15 a.m. | 42\u00a0minutes ago \nDescription : The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-20T08:23:01.000000Z"}, {"uuid": "52b2545f-cfdf-4c43-9748-e19485793ac7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10552", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3050", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10552\n\ud83d\udd39 Description: The Flexmls\u00ae IDX Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018api_key\u2019 and 'api_secret' parameters in all versions up to, and including, 3.14.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 3.14.25.\n\ud83d\udccf Published: 2025-01-25T06:40:38.087Z\n\ud83d\udccf Modified: 2025-01-25T06:40:38.087Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/0624108b-cd60-4278-802d-d4853f73ec6a?source=cve\n2. https://plugins.trac.wordpress.org/browser/flexmls-idx/trunk/views/admin-intro-api.php#L22\n3. https://plugins.trac.wordpress.org/browser/flexmls-idx/trunk/views/admin-intro-api.php#L30\n4. https://plugins.trac.wordpress.org/changeset/3226484/", "creation_timestamp": "2025-01-25T07:05:18.000000Z"}, {"uuid": "343841d8-11f4-43d4-9a7b-96d3042190c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10552", "type": "seen", "source": "https://t.me/cvedetector/16382", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10552 - Flexmls IDX Plugin WordPress Stored XSS\", \n  \"Content\": \"CVE ID : CVE-2024-10552 \nPublished : Jan. 25, 2025, 7:15 a.m. | 1\u00a0hour, 42\u00a0minutes ago \nDescription : The Flexmls\u00ae IDX Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018api_key\u2019 and 'api_secret' parameters in all versions up to, and including, 3.14.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 3.14.25. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-25T10:29:01.000000Z"}, {"uuid": "0158c0c6-0520-433e-b830-278d20c707de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10558", "type": "seen", "source": "https://t.me/cvedetector/20939", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10558 - \"10Web Form Maker Stored Cross-Site Scripting Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-10558 \nPublished : March 24, 2025, 6:15 a.m. | 43\u00a0minutes ago \nDescription : The Form Maker by 10Web  WordPress plugin before 1.15.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-24T08:22:02.000000Z"}, {"uuid": "0bc7d593-3f35-4084-ac72-1c04a0898ae8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1055", "type": "seen", "source": "https://t.me/ctinow/180566", "content": "https://ift.tt/LGvAXjK\nCVE-2024-1055", "creation_timestamp": "2024-02-07T08:31:55.000000Z"}, {"uuid": "df6f97ca-9a83-4ccf-87ec-9d50a7c734cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10551", "type": "seen", "source": "https://t.me/cvedetector/12169", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10551 - The Sticky Social Icons WordPress plugin through 1\", \n  \"Content\": \"CVE ID : CVE-2024-10551 \nPublished : Dec. 6, 2024, 6:15 a.m. | 44\u00a0minutes ago \nDescription : The Sticky Social Icons WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-06T08:05:25.000000Z"}, {"uuid": "0fbce5e1-2790-486d-9895-1bb104a8dbe4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10559", "type": "seen", "source": "https://t.me/cvedetector/9485", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10559 - SourceCodester Airport Booking Management System Buffer Overflow Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10559 \nPublished : Oct. 31, 2024, 2:15 a.m. | 43\u00a0minutes ago \nDescription : A vulnerability was found in SourceCodester Airport Booking Management System 1.0 and classified as critical. Affected by this issue is the function details of the component Passport Number Handler. The manipulation leads to buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-31T04:24:29.000000Z"}, {"uuid": "610111d3-bea9-48b8-ae1a-8c104657d54e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10557", "type": "seen", "source": "https://t.me/cvedetector/9481", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10557 - Code-projects Blood Bank Management System CSRF in updateprofile.php\", \n  \"Content\": \"CVE ID : CVE-2024-10557 \nPublished : Oct. 31, 2024, 1:15 a.m. | 21\u00a0minutes ago \nDescription : A vulnerability has been found in code-projects Blood Bank Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /file/updateprofile.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-31T02:44:12.000000Z"}, {"uuid": "46fbfc24-4a70-4ecf-a43a-187c8507c664", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10556", "type": "seen", "source": "https://t.me/cvedetector/9480", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10556 - Codezips Pet Shop Management System SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10556 \nPublished : Oct. 31, 2024, 1:15 a.m. | 21\u00a0minutes ago \nDescription : A vulnerability, which was classified as critical, was found in Codezips Pet Shop Management System 1.0. Affected is an unknown function of the file birdsadd.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-31T02:44:11.000000Z"}]}