{"vulnerability": "CVE-2024-1058", "sightings": [{"uuid": "ee67717a-6695-470f-9244-6c734370c48d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10589", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113451845312224748", "content": "", "creation_timestamp": "2024-11-09T07:36:16.829611Z"}, {"uuid": "58d82ba1-6c97-4b1b-a907-d36af6bed99b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10586", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113450679777028980", "content": "", "creation_timestamp": "2024-11-09T02:39:52.242964Z"}, {"uuid": "e44c7678-3627-4176-a497-7e1ae9a849fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10588", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113450738777582133", "content": "", "creation_timestamp": "2024-11-09T02:54:52.509176Z"}, {"uuid": "60dfebdb-f2a0-44f2-afdb-d12e4193c758", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10582", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113485333690055101", "content": "", "creation_timestamp": "2024-11-15T05:32:49.021879Z"}, {"uuid": "30138570-46c9-4831-9e2d-82527c6d7374", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10587", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113592288850997599", "content": "", "creation_timestamp": "2024-12-04T02:52:55.228155Z"}, {"uuid": "180186ae-4970-4696-80c2-5ea138d980cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10580", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113553563433513432", "content": "", "creation_timestamp": "2024-11-27T06:44:32.266808Z"}, {"uuid": "707f36b3-ced9-488f-ad64-1a9e6805fe4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10583", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113638525137406719", "content": "", "creation_timestamp": "2024-12-12T06:51:25.006827Z"}, {"uuid": "bfa01a31-a775-4675-aa96-b8c9cc72aea4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10584", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113707496947756711", "content": "", "creation_timestamp": "2024-12-24T11:11:51.306369Z"}, {"uuid": "8ecb1305-78c5-452c-bb00-dd661fafaf14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10584", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3le2cxlujee2m", "content": "", "creation_timestamp": "2024-12-24T11:15:32.079856Z"}, {"uuid": "006e3803-bdfa-4134-ab72-e348cc66ea35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10585", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113791068761981093", "content": "", "creation_timestamp": "2025-01-08T05:25:15.932693Z"}, {"uuid": "28c6c2ff-b299-456e-b355-d285601e75ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10585", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf7j7at4tw25", "content": "", "creation_timestamp": "2025-01-08T06:15:40.581140Z"}, {"uuid": "d2dead7b-42e6-4756-acce-e6e84467a3c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10585", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf7khz4pts2g", "content": "", "creation_timestamp": "2025-01-08T06:38:28.552984Z"}, {"uuid": "246821be-4a16-4b51-aac9-009608156e40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10581", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/114007668628837902", "content": "", "creation_timestamp": "2025-02-15T11:29:27.678499Z"}, {"uuid": "d6650d28-0a07-4bdc-9e4f-a923f0c0153d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10581", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li7p2domhr2i", "content": "", "creation_timestamp": "2025-02-15T12:15:53.612573Z"}, {"uuid": "5108b9ea-5c59-41cd-9e91-5f7548beadce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10581", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3li7yrlzqbm2v", "content": "", "creation_timestamp": "2025-02-15T15:09:57.741280Z"}, {"uuid": "03c81bb8-e0da-4076-80b0-3bfaa26ff1c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10586", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lugeqffnk32w", "content": "", "creation_timestamp": "2025-07-20T21:02:23.429753Z"}, {"uuid": "c3cd7893-0c8a-45bf-91e5-0e95b325a25b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10586", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-07-23)", "content": "", "creation_timestamp": "2025-07-23T00:00:00.000000Z"}, {"uuid": "dc7bbe85-5b12-48a4-995d-a483c5488e0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10586", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-07-24)", "content": "", "creation_timestamp": "2025-07-24T00:00:00.000000Z"}, {"uuid": "34da078c-d4ab-4fa7-8505-1eb716c5519d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10586", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-24)", "content": "", "creation_timestamp": "2025-07-24T00:00:00.000000Z"}, {"uuid": "045b73c7-ac0c-41a7-b7e6-e1ebed645393", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10586", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-07-25)", "content": "", "creation_timestamp": "2025-07-25T00:00:00.000000Z"}, {"uuid": "c5fb9f5e-adf5-48c1-9182-853dee39ab16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10586", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-07-26)", "content": "", "creation_timestamp": "2025-07-26T00:00:00.000000Z"}, {"uuid": "a9019587-6594-4bb8-8114-e5e912666740", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10586", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-07-27)", "content": "", "creation_timestamp": "2025-07-27T00:00:00.000000Z"}, {"uuid": "267365e6-5e91-45e5-bd41-b73d1f1e61ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10586", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-07-28)", "content": "", "creation_timestamp": "2025-07-28T00:00:00.000000Z"}, {"uuid": "d4df72c7-f23f-414c-a9e9-ef58a809c152", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10586", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-07-29)", "content": "", "creation_timestamp": "2025-07-29T00:00:00.000000Z"}, {"uuid": "6f8a8dea-b9d5-4146-91df-3c4b83ade4fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10586", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-07-30)", "content": "", "creation_timestamp": "2025-07-30T00:00:00.000000Z"}, {"uuid": "41a017e3-23c0-4f07-9f19-e8fe8046e0cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10586", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-08-11)", "content": "", "creation_timestamp": "2025-08-11T00:00:00.000000Z"}, {"uuid": "bd7fe907-1adb-4bf3-ae89-250fe76a127b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10586", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-09-08)", "content": "", "creation_timestamp": "2025-09-08T00:00:00.000000Z"}, {"uuid": "c404042b-b8ce-46a2-b146-8b4377f86e11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10585", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/642", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10585\n\ud83d\udd39 Description: The InfiniteWP Client plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.13.0 via the 'historyID' parameter of the ~/debug-chart/index.php file. This makes it possible for unauthenticated attackers to read .txt files outside of the intended directory.\n\ud83d\udccf Published: 2025-01-08T05:19:22.264Z\n\ud83d\udccf Modified: 2025-01-08T05:19:22.264Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/4d2518f6-3647-4bee-a98c-ce7f30375a62?source=cve\n2. https://plugins.svn.wordpress.org/iwp-client/tags/1.13.0/debug-chart/index.php\n3. https://plugins.trac.wordpress.org/changeset/3202851/iwp-client/trunk/debug-chart/index.php", "creation_timestamp": "2025-01-08T05:37:45.000000Z"}, {"uuid": "42f0d01b-7e25-4916-ba37-1a36ae6e6912", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10581", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4557", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10581\n\ud83d\udd25 CVSS Score: 4.2 (CVSS_V3)\n\ud83d\udd39 Description: The DirectoryPress Frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.9. This is due to missing or incorrect nonce validation on the dpfl_listingStatusChange() function. This makes it possible for unauthenticated attackers to update listing statuses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-02-15T12:30:50Z\n\ud83d\udccf Modified: 2025-02-15T12:30:50Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-10581\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3239657%40directorypress-frontend&new=3239657%40directorypress-frontend&sfp_email=&sfph_mail=\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/36986585-7aaa-4c49-b426-fb9078fbb9ae?source=cve", "creation_timestamp": "2025-02-15T13:11:17.000000Z"}, {"uuid": "fc03c4b7-bd00-44fb-9821-bc9ab6a479bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10581", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4564", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10581\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-15T12:15:28.900\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3239657%40directorypress-frontend&new=3239657%40directorypress-frontend&sfp_email=&sfph_mail=\n2. https://www.wordfence.com/threat-intel/vulnerabilities/id/36986585-7aaa-4c49-b426-fb9078fbb9ae?source=cve", "creation_timestamp": "2025-02-15T13:11:28.000000Z"}, {"uuid": "0359f6b1-8cd0-4251-959d-5c638efa6d68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10581", "type": "seen", "source": "https://t.me/cvedetector/18174", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10581 - WordPress DirectoryPress Frontend CSRF\", \n  \"Content\": \"CVE ID : CVE-2024-10581 \nPublished : Feb. 15, 2025, 12:15 p.m. | 1\u00a0hour, 7\u00a0minutes ago \nDescription : The DirectoryPress Frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.9. This is due to missing or incorrect nonce validation on the dpfl_listingStatusChange() function. This makes it possible for unauthenticated attackers to update listing statuses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-15T15:12:02.000000Z"}, {"uuid": "8cbb97e6-366c-4306-9ab9-0fae2033a2ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10581", "type": "seen", "source": "Telegram/DzbhjEpBDrvXGljKSSpmXHgdyU6mU_J3F6T1ghXXKs3d9Zr_", "content": "", "creation_timestamp": "2025-02-24T14:08:42.000000Z"}, {"uuid": "f6c14eed-aa0f-49d3-a86d-f9291bcf1445", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10585", "type": "seen", "source": "https://t.me/cvedetector/14659", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10585 - InfiniteWP Client WordPress Path Traversal\", \n  \"Content\": \"CVE ID : CVE-2024-10585 \nPublished : Jan. 8, 2025, 6:15 a.m. | 40\u00a0minutes ago \nDescription : The InfiniteWP Client plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.13.0 via the 'historyID' parameter of the ~/debug-chart/index.php file. This makes it possible for unauthenticated attackers to read .txt files outside of the intended directory. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-08T08:17:25.000000Z"}, {"uuid": "c087520b-f391-4b66-af59-8b5c2ef0b759", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10584", "type": "seen", "source": "https://t.me/cvedetector/13585", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10584 - DirectoryPress - WordPress Stored Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2024-10584 \nPublished : Dec. 24, 2024, 11:15 a.m. | 25\u00a0minutes ago \nDescription : The DirectoryPress \u2013 Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.6.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. When DirectoryPress Frontend is installed, this can be exploited by unauthenticated users. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-24T12:43:57.000000Z"}, {"uuid": "5d80dc10-37e2-4272-b96c-bccc52e1428e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10583", "type": "seen", "source": "https://t.me/cvedetector/12752", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10583 - Popup Maker for WordPress - Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10583 \nPublished : Dec. 12, 2024, 7:15 a.m. | 33\u00a0minutes ago \nDescription : The Popup Maker \u2013 Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018post_title\u2019 parameter in all versions up to, and including, 1.20.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T08:48:57.000000Z"}, {"uuid": "a724d3f2-2b17-4f8b-b557-d1bade883597", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10587", "type": "seen", "source": "https://t.me/cvedetector/11940", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10587 - The Interactive Contact Form and Multi Step Form B\", \n  \"Content\": \"CVE ID : CVE-2024-10587 \nPublished : Dec. 4, 2024, 3:15 a.m. | 39\u00a0minutes ago \nDescription : The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor \u2013 Funnelforms Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.7.4.1 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-04T05:02:39.000000Z"}, {"uuid": "95c1e5b5-4a61-4c42-883e-f372f82e9efd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10586", "type": "seen", "source": "https://t.me/cvedetector/10263", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10586 - WordPress Debug Tool Plugin Remote File Creation RCE\", \n  \"Content\": \"CVE ID : CVE-2024-10586 \nPublished : Nov. 9, 2024, 3:15 a.m. | 37\u00a0minutes ago \nDescription : The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the dbt_pull_image() function and missing file type validation in all versions up to, and including, 2.2. This makes it possible for unauthenticated attackers to to create arbitrary files such as .php files that can be leveraged for remote code execution. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-09T04:55:27.000000Z"}, {"uuid": "6198d909-07ac-4df6-9413-cbfa44b8eb68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10589", "type": "seen", "source": "https://t.me/cvedetector/10285", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10589 - WordPress Offload Media Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10589 \nPublished : Nov. 9, 2024, 8:15 a.m. | 39\u00a0minutes ago \nDescription : The Leopard - WordPress Offload Media plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the import_settings() function in all versions up to, and including, 3.1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-09T09:56:31.000000Z"}, {"uuid": "23535413-8663-4616-b189-acb7c5719caa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10588", "type": "seen", "source": "https://t.me/cvedetector/10257", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10588 - Wordpress Debug Tool Unauthenticated Info Disclosure\", \n  \"Content\": \"CVE ID : CVE-2024-10588 \nPublished : Nov. 9, 2024, 3:15 a.m. | 37\u00a0minutes ago \nDescription : The Debug Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the info() function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to obtain information from phpinfo(). When WP_DEBUG is enabled, this can be exploited by unauthenticated users as well. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-09T04:55:20.000000Z"}, {"uuid": "2204af79-58ad-461c-8054-d3a972c80e8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10582", "type": "seen", "source": "https://t.me/cvedetector/11040", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10582 - Elementor Music Player for WordPress Unchecked Capability Template Import Vuln\", \n  \"Content\": \"CVE ID : CVE-2024-10582 \nPublished : Nov. 15, 2024, 6:15 a.m. | 21\u00a0minutes ago \nDescription : The Music Player for Elementor \u2013 Audio Player & Podcast Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the import_mpfe_template() function in all versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import templates. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-15T07:43:29.000000Z"}, {"uuid": "9d4da51b-f7bd-433c-a86e-769a36306ce9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10581", "type": "seen", "source": "Telegram/sviFtjl5d48HCJGwMYEJQUYs39rN5YTyYuCVj_9HXCjxdYOG", "content": "", "creation_timestamp": "2025-02-15T23:50:18.000000Z"}, {"uuid": "3a9f7616-36d1-4792-8ae9-264399a76fc1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1058", "type": "seen", "source": "https://t.me/ctinow/198846", "content": "https://ift.tt/aJEWQ8i\nCVE-2024-1058 | SiteOrigin Widgets Bundle Plugin up to 1.58.3 on WordPress cross site scripting", "creation_timestamp": "2024-03-03T17:51:30.000000Z"}]}