{"vulnerability": "CVE-2024-1144", "sightings": [{"uuid": "087ec14d-5862-4cc6-a16a-a1a78f332032", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11447", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113518973652771553", "content": "", "creation_timestamp": "2024-11-21T04:07:54.151882Z"}, {"uuid": "3afa70a3-1c02-47a4-b9ca-11b6b9d4a6d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11440", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113518973639139161", "content": "", "creation_timestamp": "2024-11-21T04:07:54.914230Z"}, {"uuid": "34985739-2745-45d1-869a-25a301475874", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11444", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113605140741219209", "content": "", "creation_timestamp": "2024-12-06T09:21:20.593533Z"}, {"uuid": "3284f549-a8b0-47f7-8226-60fb0a55fb8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11446", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113530984885888216", "content": "", "creation_timestamp": "2024-11-23T07:02:31.630595Z"}, {"uuid": "3088d266-a7a4-422d-a5f8-f145a1ed3604", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11442", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113637866584162501", "content": "", "creation_timestamp": "2024-12-12T04:03:56.279650Z"}, {"uuid": "6148c5e4-3c65-4c19-b740-ee115040f748", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11443", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113637866599862304", "content": "", "creation_timestamp": "2024-12-12T04:03:56.475797Z"}, {"uuid": "1e4ca548-7406-4d1d-bffb-2806fbed7fcb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11445", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf4vfkcx4u25", "content": "", "creation_timestamp": "2025-01-07T05:15:57.640183Z"}, {"uuid": "ba5b519c-bc5a-4ccd-827e-c46a2ed224eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11445", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/468", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11445\n\ud83d\udd39 Description: The Image Magnify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'image_magnify' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-01-07T04:21:59.744Z\n\ud83d\udccf Modified: 2025-01-07T16:23:47.156Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/55838de5-0795-429b-be87-a0d57b29e471?source=cve\n2. https://plugins.trac.wordpress.org/browser/image-magnify/trunk/image-magnify.php\n3. https://wordpress.org/plugins/image-magnify/", "creation_timestamp": "2025-01-07T16:41:39.000000Z"}, {"uuid": "246e8430-046f-4887-8cad-9f12cb58bb17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11441", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8269", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11441\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: A stored cross-site scripting (XSS) vulnerability exists in Serge version 0.9.0. The vulnerability is due to improper neutralization of input during web page generation in the chat prompt. An attacker can exploit this vulnerability by sending a crafted message containing malicious HTML/JavaScript code, which will be stored and executed whenever the chat is accessed, leading to unintended content being shown to the user and potential phishing attacks.\n\ud83d\udccf Published: 2025-03-20T10:08:46.700Z\n\ud83d\udccf Modified: 2025-03-20T19:04:15.261Z\n\ud83d\udd17 References:\n1. https://huntr.com/bounties/ae76d1ea-21a4-456d-bef2-331aef3ea376", "creation_timestamp": "2025-03-20T19:18:35.000000Z"}, {"uuid": "891074b2-6649-4280-a946-28a2232dc05f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11443", "type": "seen", "source": "https://t.me/cvedetector/12693", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11443 - WordPress Debranding Plugin Unauthenticated Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11443 \nPublished : Dec. 12, 2024, 4:15 a.m. | 36\u00a0minutes ago \nDescription : The de:branding plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the debranding_save() function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T06:17:29.000000Z"}, {"uuid": "8ba8a5b5-c6c9-4b65-bfe0-6ae808905d3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11442", "type": "seen", "source": "https://t.me/cvedetector/12692", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11442 - WordPress Horizontal-Scroll-Image-Slideshow Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11442 \nPublished : Dec. 12, 2024, 4:15 a.m. | 36\u00a0minutes ago \nDescription : The Horizontal scroll image slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'horizontal-scroll-image-slideshow' shortcode in all versions up to, and including, 10.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T06:17:28.000000Z"}, {"uuid": "83e18a75-0346-468a-846b-266545a5b04a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11444", "type": "seen", "source": "https://t.me/cvedetector/12193", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11444 - The CLUEVO LMS, E-Learning Platform plugin for Wor\", \n  \"Content\": \"CVE ID : CVE-2024-11444 \nPublished : Dec. 6, 2024, 9:15 a.m. | 19\u00a0minutes ago \nDescription : The CLUEVO LMS, E-Learning Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.13.2. This is due to missing or incorrect nonce validation on the cluevo_render_module_ui() function. This makes it possible for unauthenticated attackers to delete modules via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-06T10:36:11.000000Z"}, {"uuid": "869966b8-6241-46aa-b42e-14866aeb2427", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1144", "type": "seen", "source": "https://t.me/ctinow/211463", "content": "https://ift.tt/smKq8Te\nCVE-2024-1144", "creation_timestamp": "2024-03-19T13:31:18.000000Z"}, {"uuid": "604aa373-3172-40f5-bfeb-184b0d83391f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1144", "type": "seen", "source": "https://t.me/ctinow/211444", "content": "https://ift.tt/smKq8Te\nCVE-2024-1144", "creation_timestamp": "2024-03-19T13:26:44.000000Z"}]}