{"vulnerability": "CVE-2024-1089", "sightings": [{"uuid": "bf1acbf8-8329-4ed2-bc6d-3674cbab9418", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10898", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113518737411581057", "content": "", "creation_timestamp": "2024-11-21T03:07:49.280054Z"}, {"uuid": "430eccb2-7931-4215-a784-15fc02840a64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10899", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113513943957082234", "content": "", "creation_timestamp": "2024-11-20T06:48:47.117684Z"}, {"uuid": "bdd772c3-dbdb-4275-b546-0ec67044e510", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10891", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113514635501875811", "content": "", "creation_timestamp": "2024-11-20T09:44:39.064683Z"}, {"uuid": "164764b9-7229-4359-81c7-a7421fe48a56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10897", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113485099274560838", "content": "", "creation_timestamp": "2024-11-15T04:33:11.943084Z"}, {"uuid": "b7fac457-2a97-4c85-a373-82a27cbfa732", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10891", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113514621020979330", "content": "", "creation_timestamp": "2024-11-20T09:40:58.152215Z"}, {"uuid": "6d968458-0bc0-4a58-8bf1-fa63eb6e383a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10890", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113519815681471528", "content": "", "creation_timestamp": "2024-11-21T07:42:02.407321Z"}, {"uuid": "5031603e-b953-436d-9202-02ebdb0d16a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10895", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113553563450194114", "content": "", "creation_timestamp": "2024-11-27T06:44:33.776827Z"}, {"uuid": "57ebaf12-e508-431b-93ae-3e46695d96ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10896", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113559074289451029", "content": "", "creation_timestamp": "2024-11-28T06:06:01.302322Z"}, {"uuid": "f2abb011-63b5-4fc6-ba8c-71d71570c9b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10892", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113672314007370554", "content": "", "creation_timestamp": "2024-12-18T06:04:22.264303Z"}, {"uuid": "c20ec4fc-8f11-4768-a382-1c7173d1e7fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10898", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mizfihcwag2v", "content": "", "creation_timestamp": "2026-04-08T23:00:15.347849Z"}, {"uuid": "d55bd240-9feb-407a-84d2-e25623fe104e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10894", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmh73th2ey2f", "content": "", "creation_timestamp": "2025-04-10T09:32:29.526079Z"}, {"uuid": "85db7653-89f7-4604-a7c3-18ab3b3c7ee4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10893", "type": "seen", "source": "https://t.me/cvedetector/11863", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10893 - WordPress WP Booking Calendar Stored Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-10893 \nPublished : Dec. 3, 2024, 6:15 a.m. | 37\u00a0minutes ago \nDescription : The WP Booking Calendar WordPress plugin before 10.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-03T08:08:27.000000Z"}, {"uuid": "718ed39d-e66b-4928-9bb0-803c7b3b140c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10891", "type": "seen", "source": "https://t.me/cvedetector/11574", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10891 - Pdfcrowd WordPress Save as PDF Plugin Stored Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-10891 \nPublished : Nov. 20, 2024, 10:15 a.m. | 38\u00a0minutes ago \nDescription : The Save as PDF Plugin by Pdfcrowd plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'save_as_pdf_pdfcrowd' shortcode in all versions up to, and including, 4.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-20T12:03:57.000000Z"}, {"uuid": "e1ef3f40-d75f-4bc9-a958-98fd8db4137f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10899", "type": "seen", "source": "https://t.me/cvedetector/11564", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10899 - WordPress WooCommerce Product Table Lite Arbitrary Shortcode Execution and Reflected Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10899 \nPublished : Nov. 20, 2024, 7:15 a.m. | 24\u00a0minutes ago \nDescription : The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. The same 'id' parameter is vulnerable to Reflected Cross-Site Scripting as well. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-20T08:43:26.000000Z"}, {"uuid": "b7294c61-8aa4-4e26-89c6-4d19287bf60d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10892", "type": "seen", "source": "https://t.me/cvedetector/13168", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10892 - WordPress Cost Calculator CSRF Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10892 \nPublished : Dec. 18, 2024, 6:15 a.m. | 24\u00a0minutes ago \nDescription : The Cost Calculator Builder WordPress plugin before 3.2.43 does not have CSRF checks in some AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-18T07:50:22.000000Z"}, {"uuid": "7f703b8b-9b93-4815-964f-c588573be0cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10897", "type": "seen", "source": "https://t.me/cvedetector/11038", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10897 - Tutor LMS Elementor Addons Unauthorized Plugin Installation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10897 \nPublished : Nov. 15, 2024, 5:15 a.m. | 33\u00a0minutes ago \nDescription : The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_etlms_dependency_plugin() function in all versions up to, and including, 2.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install Elementor or Tutor LMS. Please note the impact of this issue is incredibly limited due to the fact that these two plugins will likely already be installed as a dependency of the plugin. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-15T06:53:16.000000Z"}, {"uuid": "f053118e-05d3-4c86-aea7-1bcb44e9a1fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1089", "type": "seen", "source": "https://t.me/ctinow/198326", "content": "https://ift.tt/S4nTkle\nCVE-2024-1089 | ImageRecycle PDF & Image Compression Plugin up to 3.1.13 on WordPress Setting optimizeAllOn authorization (ID 3031424)", "creation_timestamp": "2024-03-02T11:41:54.000000Z"}]}