{"vulnerability": "CVE-2024-1056", "sightings": [{"uuid": "5a9806d1-39d6-4df5-a735-56c2bc89e90f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10567", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113593635849560507", "content": "", "creation_timestamp": "2024-12-04T08:35:28.804513Z"}, {"uuid": "39d32f9d-fee2-4594-a90f-1cd6dc53a7f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10562", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf4zpmlcfz2k", "content": "", "creation_timestamp": "2025-01-07T06:33:10.486647Z"}, {"uuid": "8aa86e52-9650-4f7d-829b-0380bb5ccafe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10562", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/360", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10562\n\ud83d\udd39 Description: The Form Maker by 10Web  WordPress plugin before 1.15.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n\ud83d\udccf Published: 2025-01-07T06:00:03.350Z\n\ud83d\udccf Modified: 2025-01-07T06:00:03.350Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/317f6cb7-774f-4381-a855-858c051aa1d5/", "creation_timestamp": "2025-01-07T06:36:59.000000Z"}, {"uuid": "fb3731d7-b99a-4803-913f-d6d98a2b289b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10563", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5472", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10563\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The WooCommerce Cart Count Shortcode WordPress plugin before 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.\n\ud83d\udccf Published: 2025-02-26T06:00:06.364Z\n\ud83d\udccf Modified: 2025-02-26T06:00:06.364Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/08ed69f6-9c9b-4548-9dbb-05b602530ef7/", "creation_timestamp": "2025-02-26T06:25:26.000000Z"}, {"uuid": "9228e23f-eea3-4bcb-ab94-2c7900cc7a42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10569", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8254", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10569\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: A vulnerability in the dataframe component of gradio-app/gradio (version git 98cbcae) allows for a zip bomb attack. The component uses pd.read_csv to process input values, which can accept compressed files. An attacker can exploit this by uploading a maliciously crafted zip bomb, leading to a server crash and causing a denial of service.\n\ud83d\udccf Published: 2025-03-20T10:10:57.236Z\n\ud83d\udccf Modified: 2025-03-20T17:53:15.263Z\n\ud83d\udd17 References:\n1. https://huntr.com/bounties/7192bcbb-08a3-4d22-a321-9c6d19dbfc74", "creation_timestamp": "2025-03-20T18:20:52.000000Z"}, {"uuid": "63b07850-e484-4c23-adbe-1c90ba67f7d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10562", "type": "seen", "source": "https://t.me/cvedetector/14484", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10562 - 10Web Form Maker WordPress Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10562 \nPublished : Jan. 7, 2025, 6:15 a.m. | 41\u00a0minutes ago \nDescription : The Form Maker by 10Web  WordPress plugin before 1.15.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-07T08:00:51.000000Z"}, {"uuid": "ba6aabeb-d22f-4922-9f60-59f6781b497e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10567", "type": "seen", "source": "https://t.me/cvedetector/11962", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10567 - TI WooCommerce Wishlist Unauthorized Data Modification Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10567 \nPublished : Dec. 4, 2024, 9:15 a.m. | 37\u00a0minutes ago \nDescription : The TI WooCommerce Wishlist plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wizard' function in all versions up to, and including, 2.9.1. This makes it possible for unauthenticated attackers to create new pages, modify plugin settings, and perform limited options updates. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-04T10:53:57.000000Z"}, {"uuid": "0d9ffe28-f75b-4072-82b0-f90e966862f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10561", "type": "seen", "source": "https://t.me/cvedetector/9486", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10561 - Codezips Pet Shop Management System SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2024-10561 \nPublished : Oct. 31, 2024, 2:15 a.m. | 43\u00a0minutes ago \nDescription : A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been classified as critical. This affects an unknown part of the file birdsupdate.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-31T04:24:30.000000Z"}, {"uuid": "917cf554-9e18-4f01-af2b-ff720ac2a11d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1056", "type": "seen", "source": "https://t.me/cvedetector/4400", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-1056 - \"FunnelKit Funnel Builder Pro - Stored Cross-Site Scripting Vulnerability in WordPress\"\", \n  \"Content\": \"CVE ID : CVE-2024-1056 \nPublished : Aug. 29, 2024, 2:15 p.m. | 46\u00a0minutes ago \nDescription : The FunnelKit Funnel Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'allow_iframe_tag_in_post' function which uses the 'wp_kses_allowed_html' filter to globally allow script and iframe tags in posts in all versions up to, and including, 3.4.5. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-29T17:03:23.000000Z"}]}