{"vulnerability": "CVE-2024-1080", "sightings": [{"uuid": "5f6c2e05-9ea5-4ee5-a926-196b1092c0fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10801", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113451845325780689", "content": "", "creation_timestamp": "2024-11-09T07:36:17.176387Z"}, {"uuid": "608c753b-ffa7-45b2-a4ca-7adcaec3579a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10800", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113473774928210647", "content": "", "creation_timestamp": "2024-11-13T04:33:16.193362Z"}, {"uuid": "236ba727-5a17-4f0c-b3cf-0bd829e2faa5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10803", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113531133730281784", "content": "", "creation_timestamp": "2024-11-23T07:40:22.357596Z"}, {"uuid": "425ab64e-a2f2-4e7a-92b5-4f9bd111050f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10804", "type": "seen", "source": "Telegram/vIKFwTGY3sbfywu7KH3zgX_q94byk_vhw1AKV3z25wU-LQg0", "content": "", "creation_timestamp": "2025-03-08T04:34:56.000000Z"}, {"uuid": "4fbc0260-6a67-4689-a663-f1818b64e6e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10800", "type": "seen", "source": "https://t.me/cvedetector/10807", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10800 - \"WordPress User Extra Fields Privilege Escalation Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-10800 \nPublished : Nov. 13, 2024, 5:15 a.m. | 43\u00a0minutes ago \nDescription : The WordPress User Extra Fields plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the ajax_save_fields() function in all versions up to, and including, 16.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to add custom fields that can be updated and then use the check_and_overwrite_wp_or_woocommerce_fields function to update the wp_capabilities field to have administrator privileges. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-13T07:28:23.000000Z"}, {"uuid": "04530aa2-c042-4d51-9684-80748e68d5fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10804", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6817", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10804\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: The Ultimate Video Player WordPress & WooCommerce Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 10.0 via the content/downloader.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.\n\ud83d\udccf Published: 2025-03-07T08:21:24.771Z\n\ud83d\udccf Modified: 2025-03-07T08:21:24.771Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/5394abc6-836f-4b22-a7b6-79d092b93a7e?source=cve\n2. https://codecanyon.net/item/ultimate-video-player-wordpress-plugin/8374433", "creation_timestamp": "2025-03-07T08:35:04.000000Z"}, {"uuid": "d4d99b5f-babc-4b66-b424-061788a04d84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10801", "type": "seen", "source": "https://t.me/cvedetector/10283", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10801 - \"WordPress User Extra Fields Remote Code Execution via Unauthenticated File Upload\"\", \n  \"Content\": \"CVE ID : CVE-2024-10801 \nPublished : Nov. 9, 2024, 8:15 a.m. | 39\u00a0minutes ago \nDescription : The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_manage_file_chunk_upload() function in all versions up to, and including, 16.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. User registration must be enabled for this to be exploited. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-09T09:56:30.000000Z"}, {"uuid": "ab358ac8-ff09-46bd-9cb1-67d7547bbd81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10802", "type": "seen", "source": "https://t.me/cvedetector/10793", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10802 - WordPress Hash Elements Plugin Missing Capability Check Information Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10802 \nPublished : Nov. 13, 2024, 4:15 a.m. | 23\u00a0minutes ago \nDescription : The Hash Elements plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hash_elements_get_posts_title_by_id() function in all versions up to, and including, 1.4.7. This makes it possible for unauthenticated attackers to retrieve draft post titles that should not be accessible to unauthenticated users. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-13T05:47:59.000000Z"}, {"uuid": "8f842b0a-f35f-4f07-8433-69ae049ce8e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10808", "type": "seen", "source": "https://t.me/cvedetector/9815", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10808 - Apache Code-Projects E-Health Care System SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10808 \nPublished : Nov. 5, 2024, 2:15 a.m. | 29\u00a0minutes ago \nDescription : A vulnerability has been found in code-projects E-Health Care System 1.0 and classified as critical. This vulnerability affects unknown code of the file Admin/req_detail.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-05T03:49:43.000000Z"}, {"uuid": "c8e26bb8-166c-4030-8ded-5d1559ed1051", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10807", "type": "seen", "source": "https://t.me/cvedetector/9814", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10807 - PHPGurukul Hospital Management System Cross Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10807 \nPublished : Nov. 5, 2024, 2:15 a.m. | 29\u00a0minutes ago \nDescription : A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been rated as problematic. This issue affects some unknown processing of the file hms/doctor/search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 2.4 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-05T03:49:43.000000Z"}, {"uuid": "1d37f6ba-cc23-4ce4-8cea-34ba4812b26f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10809", "type": "seen", "source": "https://t.me/cvedetector/9812", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10809 - Code-projects E-Health Care System SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10809 \nPublished : Nov. 5, 2024, 2:15 a.m. | 29\u00a0minutes ago \nDescription : A vulnerability was found in code-projects E-Health Care System 1.0 and classified as critical. This issue affects some unknown processing of the file /Doctor/chat.php. The manipulation of the argument name/message leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter \"name\" to be affected. But it must be assumed that the parameter \"message\" is affected as well. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-05T03:49:41.000000Z"}, {"uuid": "ebf5983f-c74c-4d43-b83c-13216893c6a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10806", "type": "seen", "source": "https://t.me/cvedetector/9810", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10806 - PHPGurukul Hospital Management System Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10806 \nPublished : Nov. 5, 2024, 1:15 a.m. | 38\u00a0minutes ago \nDescription : A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been declared as problematic. This vulnerability affects unknown code of the file betweendates-detailsreports.php. The manipulation of the argument fromdate/todate leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 2.4 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-05T02:59:35.000000Z"}, {"uuid": "a77a6568-505c-4c89-9629-a1e99c69ec65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10805", "type": "seen", "source": "https://t.me/cvedetector/9801", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10805 - Code-Projects University Event Management System SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10805 \nPublished : Nov. 4, 2024, 11:15 p.m. | 39\u00a0minutes ago \nDescription : A vulnerability was found in code-projects University Event Management System 1.0. It has been classified as critical. This affects an unknown part of the file doedit.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions a confusing product name to be affected. Other parameters might be affected as well. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-05T01:19:13.000000Z"}]}