{"vulnerability": "CVE-2024-1136", "sightings": [{"uuid": "65293765-fbb3-4a4c-94f9-1098aeafd4bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11365", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113518796473033617", "content": "", "creation_timestamp": "2024-11-21T03:22:50.498944Z"}, {"uuid": "68a9dcd5-cb5f-41c9-a9f8-8e29ac3d3c29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11360", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113518737474135000", "content": "", "creation_timestamp": "2024-11-21T03:07:50.259849Z"}, {"uuid": "409a4605-cf93-4861-ac48-2c6d5a9f86db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11367", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113610834230623764", "content": "", "creation_timestamp": "2024-12-07T09:29:15.586323Z"}, {"uuid": "3c7b8953-15d9-4cbf-8fbc-3b1d3701a33b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11368", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113605140726922516", "content": "", "creation_timestamp": "2024-12-06T09:21:20.367806Z"}, {"uuid": "e961d2b5-2b87-4eab-8fdf-2f5827274495", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11361", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113530475389513073", "content": "", "creation_timestamp": "2024-11-23T04:52:56.700201Z"}, {"uuid": "b949bbda-ee43-4479-84c5-3fcd2691fc18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11362", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113530285028171270", "content": "", "creation_timestamp": "2024-11-23T04:04:32.258465Z"}, {"uuid": "9bc383b1-b0e1-430e-9451-83ca6cc52235", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11366", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113559719952456899", "content": "", "creation_timestamp": "2024-11-28T08:50:13.314647Z"}, {"uuid": "a5f170a6-6d8a-4fda-9e3a-7acd8ec46e27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11364", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-24-1713/", "content": "", "creation_timestamp": "2024-12-19T05:00:00.000000Z"}, {"uuid": "7188d6fd-b2c6-4d6f-a017-704e3070f017", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11364", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-24-1716/", "content": "", "creation_timestamp": "2024-12-19T05:00:00.000000Z"}, {"uuid": "fe3c2b5b-7c91-4209-b622-3c8690d51638", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11364", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113681549631926108", "content": "", "creation_timestamp": "2024-12-19T21:13:06.566640Z"}, {"uuid": "b8d9b0c5-d550-44e5-b382-05fc1e0eec15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11364", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ldos5qi6dk2z", "content": "", "creation_timestamp": "2024-12-19T21:15:27.791068Z"}, {"uuid": "558e1baf-483b-41c8-a6f3-9e9e6a726ee0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11369", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf4zpndphb2i", "content": "", "creation_timestamp": "2025-01-07T06:33:13.573232Z"}, {"uuid": "c59283a9-f347-4845-85e1-d95474caab61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11363", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf4vexs5yo25", "content": "", "creation_timestamp": "2025-01-07T05:15:38.246309Z"}, {"uuid": "02678398-8a44-4d2a-a939-b836b406a326", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11369", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113785425925136481", "content": "", "creation_timestamp": "2025-01-07T05:30:13.675301Z"}, {"uuid": "412f94fa-0f55-4c48-aa9c-ba12830534b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11369", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113785440083941138", "content": "", "creation_timestamp": "2025-01-07T05:33:49.163411Z"}, {"uuid": "809150e1-2ac0-42f2-bcb7-699e33a4eaa4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11369", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf4yqipmlh25", "content": "", "creation_timestamp": "2025-01-07T06:15:46.345313Z"}, {"uuid": "220c615c-09b4-4e63-91d4-7611429273ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11364", "type": "seen", "source": "MISP/acd0294c-4561-4286-a04e-5c02a1c67b1f", "content": "", "creation_timestamp": "2025-09-16T03:45:01.000000Z"}, {"uuid": "9e4d8a88-8b25-4447-bdd0-05efd4c0407e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11364", "type": "seen", "source": "MISP/acd0294c-4561-4286-a04e-5c02a1c67b1f", "content": "", "creation_timestamp": "2025-09-15T13:28:31.000000Z"}, {"uuid": "36ab6098-277b-49de-bdfc-5c7ce5192e0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11369", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/344", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11369\n\ud83d\udd39 Description: The Store credit / Gift cards for woocommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'coupon', 'start_date', and 'end_date' parameters in all versions up to, and including, 1.0.49.46 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-01-07T05:23:53.299Z\n\ud83d\udccf Modified: 2025-01-07T05:23:53.299Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/2e8527c0-a4b0-436d-901a-c07f93c7ec5e?source=cve\n2. https://plugins.trac.wordpress.org/browser/store-credit-for-woocommerce/tags/1.0.49.42/admin/report.php#L95\n3. https://plugins.trac.wordpress.org/browser/store-credit-for-woocommerce/tags/1.0.49.42/admin/report.php#L113\n4. https://plugins.trac.wordpress.org/browser/store-credit-for-woocommerce/tags/1.0.49.42/admin/report.php#L119\n5. https://plugins.trac.wordpress.org/changeset/3213698/store-credit-for-woocommerce/trunk/admin/report.php", "creation_timestamp": "2025-01-07T05:39:03.000000Z"}, {"uuid": "228aac7f-43f3-4a94-9618-3605c717456c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11363", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/320", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11363\n\ud83d\udd39 Description: The Same but Different \u2013 Related Posts by Taxonomy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.16. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-01-07T04:22:15.755Z\n\ud83d\udccf Modified: 2025-01-07T04:22:15.755Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/7d262a3b-6205-45b3-8d8e-da541e07de46?source=cve\n2. https://plugins.trac.wordpress.org/browser/same-but-different/tags/1.0.15/library/template-parts/tabs.php#L27", "creation_timestamp": "2025-01-07T04:38:38.000000Z"}, {"uuid": "64b22758-2f69-408f-83c1-412570ed8b70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1136", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12889", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-1136\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: The Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to unauthorized access of data due to an improperly implemented URL check in the wpsm_coming_soon_redirect function in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to view a site with maintenance mode or coming-soon mode enabled to view the site's content.\n\ud83d\udccf Published: 2024-02-28T08:33:13.484Z\n\ud83d\udccf Modified: 2025-04-22T15:58:35.494Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/e3c52d6e-b3f4-4ba8-aee4-b9f11704e1de?source=cve\n2. https://plugins.trac.wordpress.org/browser/responsive-coming-soon/trunk/redirect.php#L11", "creation_timestamp": "2025-04-22T16:03:32.000000Z"}, {"uuid": "b97608a3-f3d1-4258-8740-4e77f72069b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11364", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8245", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11364\n\ud83d\udd25 CVSS Score: 8.5 (cvssV4_0, Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: Another \u201cuninitialized variable\u201d code execution vulnerability exists in the Rockwell Automation\u00a0Arena\u00ae that could allow a threat actor to craft a DOE file and force the software to access a variable prior to it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.\n\ud83d\udccf Published: 2024-12-19T21:04:52.473Z\n\ud83d\udccf Modified: 2025-03-20T18:03:57.750Z\n\ud83d\udd17 References:\n1. https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html", "creation_timestamp": "2025-03-20T18:20:41.000000Z"}, {"uuid": "30c74fd9-0b4c-4111-9a05-948228d25017", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1136", "type": "seen", "source": "https://t.me/ctinow/208124", "content": "https://ift.tt/iFMwWSU\nCVE-2024-1136 | Coming Soon Page & Maintenance Mode Plugin up to 2.2.1 on WordPress access control", "creation_timestamp": "2024-03-14T20:32:12.000000Z"}, {"uuid": "5c5f8161-bf30-42c8-bfbf-24c4d150afa0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11367", "type": "seen", "source": "https://t.me/cvedetector/12317", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11367 - Elementor Forms Smoove Connector Reflected Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-11367 \nPublished : Dec. 7, 2024, 10:15 a.m. | 20\u00a0minutes ago \nDescription : The Smoove connector for Elementor forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-07T11:41:58.000000Z"}, {"uuid": "a1a8f738-ef3f-4779-aa0f-bfd8e3b6447b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11364", "type": "seen", "source": "https://t.me/cvedetector/13376", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11364 - Rockwell Automation Arena Uninitialized Variable Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11364 \nPublished : Dec. 19, 2024, 9:15 p.m. | 40\u00a0minutes ago \nDescription : Another \u201cuninitialized variable\u201d code execution vulnerability exists in the Rockwell Automation\u00a0Arena\u00ae that could allow a threat actor to craft a DOE file and force the software to access a variable prior to it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-19T23:11:00.000000Z"}, {"uuid": "18a06292-292b-49a7-957e-a8b601538ff5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11368", "type": "seen", "source": "https://t.me/cvedetector/12192", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11368 - The Splash Sync plugin for WordPress is vulnerable\", \n  \"Content\": \"CVE ID : CVE-2024-11368 \nPublished : Dec. 6, 2024, 9:15 a.m. | 19\u00a0minutes ago \nDescription : The Splash Sync plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-06T10:36:10.000000Z"}]}