{"vulnerability": "CVE-2024-1067", "sightings": [{"uuid": "17b794d5-ef20-4453-a759-0daa79ad1f5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10674", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113450840932108032", "content": "", "creation_timestamp": "2024-11-09T03:20:51.442033Z"}, {"uuid": "9fccd9a9-7056-4c4b-8f68-8bd5ae177fb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10673", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113450840914677083", "content": "", "creation_timestamp": "2024-11-09T03:20:50.990408Z"}, {"uuid": "5f13d51e-5c27-4aef-a9e1-5bddf4fe0132", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10676", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113452283539652312", "content": "", "creation_timestamp": "2024-11-09T09:27:43.648617Z"}, {"uuid": "339750d1-7c0c-4282-9554-8ab945765d85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10672", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113467854447585533", "content": "", "creation_timestamp": "2024-11-12T03:27:36.830293Z"}, {"uuid": "6d068f7f-61b5-4b5e-a1c5-3c1e134d2aeb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10671", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113519338529264658", "content": "", "creation_timestamp": "2024-11-21T05:40:41.665986Z"}, {"uuid": "4fd3c2f2-4f5f-40cd-919e-7a869ca40ce9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10675", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113520028751464057", "content": "", "creation_timestamp": "2024-11-21T08:36:13.567162Z"}, {"uuid": "242c4ed6-bd07-44cd-a0bf-8b7a651c04cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10670", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113559953175996989", "content": "", "creation_timestamp": "2024-11-28T09:49:32.467590Z"}, {"uuid": "d10dfa07-b9ec-4d4e-aac6-462fb9339c38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10678", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113644024652935047", "content": "", "creation_timestamp": "2024-12-13T06:10:00.760551Z"}, {"uuid": "dfd7f5ba-cc76-44a9-836c-9c3a706691ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10679", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8616", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10679\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Quiz and Survey Master (QSM)  WordPress plugin before 9.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n\ud83d\udccf Published: 2025-03-25T06:00:09.267Z\n\ud83d\udccf Modified: 2025-03-25T06:00:09.267Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/001391eb-f181-441d-b777-d9ce098ba143/", "creation_timestamp": "2025-03-25T06:23:56.000000Z"}, {"uuid": "c3de5609-a7bf-4630-b005-1ac9f13d4dc9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10673", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lmuxxzcblo2x", "content": "", "creation_timestamp": "2025-04-15T21:02:23.020434Z"}, {"uuid": "3ced0540-fdb4-4168-9e31-b2891f14cb16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10674", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lmuxxzepen2t", "content": "", "creation_timestamp": "2025-04-15T21:02:23.629828Z"}, {"uuid": "8254b4df-a0fd-4dd9-9608-ebe35bf0acb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10678", "type": "seen", "source": "https://t.me/cvedetector/12837", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10678 - \"The Ultimate Blocks WordPress Stored Cross-Site Scripting Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-10678 \nPublished : Dec. 13, 2024, 6:15 a.m. | 40\u00a0minutes ago \nDescription : The Ultimate Blocks  WordPress plugin before 3.2.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-13T08:14:34.000000Z"}, {"uuid": "4f11bb8f-70f6-4a58-b406-ff549b563178", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10672", "type": "seen", "source": "https://t.me/cvedetector/10580", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10672 - WordPress MPG Plugin File Deletion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10672 \nPublished : Nov. 12, 2024, 4:15 a.m. | 37\u00a0minutes ago \nDescription : The Multiple Page Generator Plugin \u2013 MPG plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the mpg_upsert_project_source_block() function in all versions up to, and including, 4.0.2. This makes it possible for authenticated attackers, with editor-level access and above, to delete limited files on the server. \nSeverity: 2.7 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-12T06:19:42.000000Z"}, {"uuid": "435df645-f8c6-4706-a9df-706aab945962", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10676", "type": "seen", "source": "https://t.me/cvedetector/10312", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10676 - Wojciech Borowicz Conversion Helper Cross-site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-10676 \nPublished : Nov. 9, 2024, 10:15 a.m. | 41\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wojciech Borowicz Conversion Helper allows Reflected XSS.This issue affects Conversion Helper: from n/a through 1.12. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-09T12:27:25.000000Z"}, {"uuid": "35c61424-6401-40c1-92ca-4f3dab21d7b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10673", "type": "seen", "source": "https://t.me/cvedetector/10267", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10673 - WordPress Top Store Plugin Cross-Site Request Forgery (CSRF) and Authentication Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10673 \nPublished : Nov. 9, 2024, 4:15 a.m. | 26\u00a0minutes ago \nDescription : The Top Store theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the top_store_install_and_activate_callback() function in all versions up to, and including, 1.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins which can contain other exploitable vulnerabilities to elevate privileges and gain remote code execution. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-09T05:45:40.000000Z"}, {"uuid": "aa547430-d45e-42d5-821d-2250552be4df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10674", "type": "seen", "source": "https://t.me/cvedetector/10268", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10674 - \"Th Shop Mania WordPress Unvalidated File Upload\"\", \n  \"Content\": \"CVE ID : CVE-2024-10674 \nPublished : Nov. 9, 2024, 4:15 a.m. | 26\u00a0minutes ago \nDescription : The Th Shop Mania theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the th_shop_mania_install_and_activate_callback() function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install arbitrary plugins which can be leveraged to exploit other vulnerabilities and achieve remote code execution and privilege escalation. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-09T05:45:41.000000Z"}, {"uuid": "8dbe92cb-24bb-496b-88f4-cd513dc66b35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10674", "type": "published-proof-of-concept", "source": "Telegram/8yZyRTYv3K4cTYzSdaVvgO13wYslC7D_t5C4gF6dHB6V7jQ", "content": "", "creation_timestamp": "2025-03-13T12:00:27.000000Z"}, {"uuid": "59559a92-be51-4fdc-9c46-b5cd0b76535c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10674", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/14582", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udcc5 Date: 2025-03-14 03:37:25\n\ud83d\udea8 Title: Alleged disclosure of WordPress Th Shop Mania Theme 1.4.9 Missing Authorization Exploit\n\ud83d\udee1\ufe0f Victim Country: \n\ud83c\udfed Victim Industry: \n\ud83c\udfe2 Victim Organization: \n\ud83c\udf10 Victim Site: \n\ud83d\udcdc Category: Vulnerability\n\ud83d\udd75\ufe0f\u200d\u2642\ufe0f Threat Actor: Nxploited\n\ud83c\udf0d Network: openweb\n\ud83d\udd17 Claim: https://0day.today/exploit/description/39944\n\ud83d\udcdd Description: The threat actor claims to have revealed an exploit for the WordPress Th Shop Mania Theme version 1.4.9. The vulnerability stems from missing authorization controls, posing a medium security risk to PHP-based web applications. The exploit is associated with CVE-2024-10674.\n\n\u26a0\ufe0f Stay ahead of cyber threats! Subscribe to the Paid Threat Feed at https://t.me/DarkWebInformer_Bot for real-time updates (Website excluded). Want to pay via crypto? Visit https://darkwebinformer.com/crypto-payments.", "creation_timestamp": "2025-03-14T04:37:28.000000Z"}, {"uuid": "4bf4ddfa-e6e2-4dca-8b6e-55ee4266c14c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10673", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/14580", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udcc5 Date: 2025-03-14 03:32:55\n\ud83d\udea8 Title: Alleged disclosure of WordPress Top Store Theme 1.5.4 Privilege Escalation Exploit\n\ud83d\udee1\ufe0f Victim Country: \n\ud83c\udfed Victim Industry: \n\ud83c\udfe2 Victim Organization: \n\ud83c\udf10 Victim Site: \n\ud83d\udcdc Category: Vulnerability\n\ud83d\udd75\ufe0f\u200d\u2642\ufe0f Threat Actor: Nxploited\n\ud83c\udf0d Network: openweb\n\ud83d\udd17 Claim: https://0day.today/exploit/description/39946\n\ud83d\udcdd Description: The threat actor claims to have released an exploit targeting the WordPress Top Store Theme version 1.5.4. This vulnerability, identified as CVE-2024-10673, allows attackers to escalate privileges within affected PHP-based web applications, posing a high security risk.\n\n\u26a0\ufe0f Stay ahead of cyber threats! Subscribe to the Paid Threat Feed at https://t.me/DarkWebInformer_Bot for real-time updates (Website excluded). Want to pay via crypto? Visit https://darkwebinformer.com/crypto-payments.", "creation_timestamp": "2025-03-14T04:32:58.000000Z"}, {"uuid": "bb1c93a4-ba75-40cb-a0ce-47b03ff0a558", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10673", "type": "published-proof-of-concept", "source": "Telegram/jugsekZTROByY-lots9MBC6qUmVXrKpGjzxGk9sSuKN2Djo", "content": "", "creation_timestamp": "2025-03-12T16:00:08.000000Z"}, {"uuid": "2507e3e6-f9cb-4f24-90e9-631bc3fbc0ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10674", "type": "published-proof-of-concept", "source": "Telegram/qOzdN-Uct2FPXO_yeZs4Q0WHefgZgNsqjNIFH8ymESqNzWI", "content": "", "creation_timestamp": "2025-03-13T04:00:06.000000Z"}, {"uuid": "376c6e73-0c80-4ac9-ba25-ba56428db2ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10673", "type": "published-proof-of-concept", "source": "Telegram/E6R0RTFhRVkzL0XvyGJLYGLmtOVWOOq1YD8cIv5SyhOq51o", "content": "", "creation_timestamp": "2025-03-12T20:00:07.000000Z"}]}