{"vulnerability": "CVE-2024-1150", "sightings": [{"uuid": "eec4a153-c83f-44a5-b9fd-b715b93a1c17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11507", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-24-1604/", "content": "", "creation_timestamp": "2024-11-21T05:00:00.000000Z"}, {"uuid": "41152635-d6ee-4cb6-9056-5acb7a6386a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11508", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-24-1603/", "content": "", "creation_timestamp": "2024-11-21T05:00:00.000000Z"}, {"uuid": "96f714f8-5f32-4967-94d2-9d0ebedc328e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11509", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-24-1602/", "content": "", "creation_timestamp": "2024-11-21T05:00:00.000000Z"}, {"uuid": "62e947e0-16c5-46b1-81e4-53788bb520a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11506", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-24-1594/", "content": "", "creation_timestamp": "2024-11-21T05:00:00.000000Z"}, {"uuid": "e0819830-d6c3-4ee3-a0d0-9eae07b110d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11501", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113611255381393670", "content": "", "creation_timestamp": "2024-12-07T11:16:21.559205Z"}, {"uuid": "01e1ee11-6a69-4f9f-a0c8-8fa46caa6f2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11503", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8612", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11503\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The WP Tabs  WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n\ud83d\udccf Published: 2025-03-25T06:00:10.786Z\n\ud83d\udccf Modified: 2025-03-25T06:00:10.786Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/25592b6c-b9ab-4d9e-b314-091594ce9189/", "creation_timestamp": "2025-03-25T06:23:50.000000Z"}, {"uuid": "dbded1ce-ed2c-4c46-a3d3-203ab5b32712", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11502", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17059", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11502\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Planning Center Online Giving WordPress plugin through 1.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.\n\ud83d\udccf Published: 2025-05-15T20:06:50.205Z\n\ud83d\udccf Modified: 2025-05-20T19:33:58.874Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/d9bea52e-af32-449f-97b6-1dcfb2051bda/", "creation_timestamp": "2025-05-20T19:42:55.000000Z"}, {"uuid": "56d9a71c-9369-494d-ae2e-0fbedd0e0e0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11504", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9349", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11504\n\ud83d\udd25 CVSS Score: 8.6 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: Input from multiple fields in\u00a0Streamsoft Presti\u017c is not sanitized properly, leading to an SQL injection vulnerability, which might be exploited by an authenticated remote attacker.\u00a0\nThis issue was fixed in\u00a018.1.376.37 version of the software.\n\ud83d\udccf Published: 2025-03-28T12:54:11.472Z\n\ud83d\udccf Modified: 2025-03-28T12:54:11.472Z\n\ud83d\udd17 References:\n1. https://cert.pl/en/posts/2025/03/CVE-2024-7407/\n2. https://www.streamsoft.pl/streamsoft-prestiz/", "creation_timestamp": "2025-03-28T13:28:08.000000Z"}, {"uuid": "2b05a9bc-17a0-456b-9342-297bc4993864", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11504", "type": "seen", "source": "https://t.me/cvedetector/21417", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11504 - Streamsoft Presti\u017c SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2024-11504 \nPublished : March 28, 2025, 1:15 p.m. | 1\u00a0hour, 6\u00a0minutes ago \nDescription : Input from multiple fields in\u00a0Streamsoft Presti\u017c is not sanitized properly, leading to an SQL injection vulnerability, which might be exploited by an authenticated remote attacker.\u00a0  \nThis issue was fixed in\u00a018.1.376.37 version of the software. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-28T16:04:39.000000Z"}, {"uuid": "740cfcce-39f3-4c77-9629-3252da3cf381", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11501", "type": "seen", "source": "https://t.me/cvedetector/12323", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11501 - WordPress Gallery PHP Object Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11501 \nPublished : Dec. 7, 2024, 12:15 p.m. | 43\u00a0minutes ago \nDescription : The Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3 via deserialization of untrusted input from wd_gallery_$id parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-07T14:12:35.000000Z"}, {"uuid": "4936e914-ad6f-4a57-b591-6fec0b199937", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1150", "type": "seen", "source": "https://t.me/ctinow/181387", "content": "https://ift.tt/6QUcMwP\nCVE-2024-1150", "creation_timestamp": "2024-02-08T14:21:55.000000Z"}, {"uuid": "b320bec5-5416-48d8-b4f5-54aefa58a86d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1150", "type": "seen", "source": "https://t.me/ctinow/198313", "content": "https://ift.tt/DZSKWFd\nCVE-2024-1150 | Snow Inventory Agent up to 7.3.1 on Unix signature verification", "creation_timestamp": "2024-03-02T10:41:22.000000Z"}]}