{"vulnerability": "CVE-2024-1164", "sightings": [{"uuid": "9dde485f-a033-494b-9c77-1b53bfcb0a1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11643", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113595269115048742", "content": "", "creation_timestamp": "2024-12-04T15:30:50.395163Z"}, {"uuid": "aeae3f71-2967-4772-953b-c2838e0c7cdd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11646", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113540555671489232", "content": "", "creation_timestamp": "2024-11-24T23:36:29.572509Z"}, {"uuid": "a02e389c-1eb4-45f1-b8d8-3562a8d7da8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11649", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113541040020873348", "content": "", "creation_timestamp": "2024-11-25T01:39:40.190427Z"}, {"uuid": "542f5ac7-a968-41ba-8d13-c7a946923271", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11648", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113540891039770163", "content": "", "creation_timestamp": "2024-11-25T01:01:46.845714Z"}, {"uuid": "6b4fb1aa-1b4e-428c-9e50-07904a7532dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11647", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113540784965417891", "content": "", "creation_timestamp": "2024-11-25T00:34:48.289570Z"}, {"uuid": "d41b3771-4e75-465e-bd22-9bdfd6738f95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11642", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113798105113337872", "content": "", "creation_timestamp": "2025-01-09T11:14:42.186421Z"}, {"uuid": "7c177b99-c231-46fc-8d6e-4e41a2214d19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11642", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfckg62ls72d", "content": "", "creation_timestamp": "2025-01-09T11:15:25.659289Z"}, {"uuid": "9109e794-a76f-4a4a-8c99-700eb1d130f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11645", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113723304061600264", "content": "", "creation_timestamp": "2024-12-27T06:11:48.772762Z"}, {"uuid": "f58ad923-5056-4848-9f22-fbc3a6e7e300", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11644", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113723304047472241", "content": "", "creation_timestamp": "2024-12-27T06:11:49.459577Z"}, {"uuid": "e14f6b96-5bbd-4035-ab3e-e01545d750ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11644", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lebdm6x3in2m", "content": "", "creation_timestamp": "2024-12-27T06:15:41.004633Z"}, {"uuid": "123d019c-9c80-4743-8aa2-a4cd489306d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11645", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lebdmbap452l", "content": "", "creation_timestamp": "2024-12-27T06:15:42.744275Z"}, {"uuid": "26967a91-8d83-4482-8410-33d0e4754a47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11643", "type": "seen", "source": "https://infosec.exchange/users/random_robbie/statuses/113783263765777003", "content": "", "creation_timestamp": "2025-01-06T20:20:20.953996Z"}, {"uuid": "3d294d6a-7abf-4dcb-8bf9-6164de54447e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11642", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113798237910336213", "content": "", "creation_timestamp": "2025-01-09T11:48:28.616981Z"}, {"uuid": "d8815d7b-cc8a-40f8-bc80-85f4c6e04c85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11643", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lg7ad5ob3o2n", "content": "", "creation_timestamp": "2025-01-20T21:02:03.632976Z"}, {"uuid": "8fad43a5-3384-43aa-bbde-17f13c6dbf68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11641", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113894369969710978", "content": "", "creation_timestamp": "2025-01-26T11:16:07.261365Z"}, {"uuid": "6563090b-3423-457a-9f23-7d94c9874ffb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11641", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgnfptvatp2j", "content": "", "creation_timestamp": "2025-01-26T12:15:50.860577Z"}, {"uuid": "90ce2f40-fef6-4751-9b6e-0906ff68170b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11641", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgno3rqdla2y", "content": "", "creation_timestamp": "2025-01-26T14:45:42.399480Z"}, {"uuid": "dbcb5d26-3bbe-4c81-935a-69b4c180dcff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11641", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgno3rtuxn2g", "content": "", "creation_timestamp": "2025-01-26T14:45:42.996898Z"}, {"uuid": "55c19ffb-db99-498c-8fb9-61cf2750a1b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11641", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113895204575449086", "content": "", "creation_timestamp": "2025-01-26T14:48:22.633332Z"}, {"uuid": "9e100848-068b-406c-9887-35e830cb6ed4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11640", "type": "seen", "source": "https://t.me/cvedetector/19904", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11640 - VikRentCar WordPress Car Rental Management System CSRF Arbitrary File Upload Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11640 \nPublished : March 8, 2025, 12:15 p.m. | 1\u00a0hour, 43\u00a0minutes ago \nDescription : The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for unauthenticated attackers to change plugin access privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Successful exploitation allows attackers with subscriber-level privileges and above to upload arbitrary files on the affected site's server which may make remote code execution possible. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-08T15:11:24.000000Z"}, {"uuid": "08643bb0-8ca6-4484-9deb-191998fdf664", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11640", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114127125396045176", "content": "", "creation_timestamp": "2025-03-08T13:48:53.632380Z"}, {"uuid": "368005d4-7165-4dfa-831a-469c4af0c0c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11642", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/931", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11642\n\ud83d\udd39 Description: The Post Grid Master \u2013 Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.4.12 via the 'locate_template' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included. The file included must have a .php extension.\n\ud83d\udccf Published: 2025-01-09T11:11:03.716Z\n\ud83d\udccf Modified: 2025-01-09T11:11:03.716Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/b299a932-8167-4547-845b-637c4971360d?source=cve\n2. https://plugins.trac.wordpress.org/browser/ajax-filter-posts/tags/3.4.12/inc/Shortcode.php#L624", "creation_timestamp": "2025-01-09T12:15:38.000000Z"}, {"uuid": "19459e43-a3f9-44dc-801c-bf6b69742b1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11641", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3137", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11641\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-01-26T12:15:27.137\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/changeset/3225861/vikbooking\n2. https://www.wordfence.com/threat-intel/vulnerabilities/id/6eb6611d-7a4b-4ca8-b9cc-c156437e89b5?source=cve", "creation_timestamp": "2025-01-26T13:14:26.000000Z"}, {"uuid": "7d8630ab-e2df-4799-92e5-32861dfdedb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11641", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3133", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: GHSA-3x37-4f59-7q93\n\ud83d\udd25 CVSS Score: N/A (CVSS_V3)\n\ud83d\udd39 Description: The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.2. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for unauthenticated attackers to change plugin access privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Successful exploitation allows attackers with subscriber-level privileges and above to upload arbitrary files on the affected site's server which may make remote code execution possible.\n\ud83d\udccf Published: 2025-01-26T12:30:31Z\n\ud83d\udccf Modified: 2025-01-26T12:30:31Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-11641\n2. https://plugins.trac.wordpress.org/changeset/3225861/vikbooking\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/6eb6611d-7a4b-4ca8-b9cc-c156437e89b5?source=cve", "creation_timestamp": "2025-01-26T13:06:18.000000Z"}, {"uuid": "d73434c9-4807-479b-8f45-122d8a25da99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11640", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6943", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11640\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for unauthenticated attackers to change plugin access privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Successful exploitation allows attackers with subscriber-level privileges and above to upload arbitrary files on the affected site's server which may make remote code execution possible.\n\ud83d\udccf Published: 2025-03-08T11:16:40.090Z\n\ud83d\udccf Modified: 2025-03-08T11:16:40.090Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/4a4c085a-1601-4c1a-ac17-0f2cf5d02489?source=cve\n2. https://plugins.trac.wordpress.org/changeset/3225040/vikrentcar", "creation_timestamp": "2025-03-08T11:36:22.000000Z"}, {"uuid": "0630ebcb-c9f6-4be4-9f9f-6e5038457eb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11641", "type": "seen", "source": "https://t.me/cvedetector/16417", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11641 - VikBooking WordPress CSRF - File Upload Abuse\", \n  \"Content\": \"CVE ID : CVE-2024-11641 \nPublished : Jan. 26, 2025, 12:15 p.m. | 1\u00a0hour, 49\u00a0minutes ago \nDescription : The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.2. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for unauthenticated attackers to change plugin access privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Successful exploitation allows attackers with subscriber-level privileges and above to upload arbitrary files on the affected site's server which may make remote code execution possible. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-26T15:44:39.000000Z"}, {"uuid": "3a890c56-7e14-449b-a4f9-89cbff74a507", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11640", "type": "seen", "source": "Telegram/eCPXI7rqHxM6NGJWLzheUYB82NEplrYO3q-QBlVDfqX5Czqf", "content": "", "creation_timestamp": "2025-03-08T16:29:02.000000Z"}, {"uuid": "8dcd8cfa-2707-4880-bb02-0f575f599e7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11644", "type": "seen", "source": "https://t.me/cvedetector/13717", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11644 - WordPress SVG Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11644 \nPublished : Dec. 27, 2024, 6:15 a.m. | 15\u00a0minutes ago \nDescription : The WP-SVG WordPress plugin through 0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-27T07:37:35.000000Z"}, {"uuid": "06d57db2-651b-44ee-b8b1-110a1c599233", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11645", "type": "seen", "source": "https://t.me/cvedetector/13715", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11645 - WordPress Float Block Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11645 \nPublished : Dec. 27, 2024, 6:15 a.m. | 15\u00a0minutes ago \nDescription : The float block WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-27T07:37:33.000000Z"}, {"uuid": "07a9ab88-a167-4511-abfb-56020a15c9ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11643", "type": "seen", "source": "https://t.me/cvedetector/12014", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11643 - Wordpress AllAccessible Plugin Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11643 \nPublished : Dec. 4, 2024, 4:15 p.m. | 18\u00a0minutes ago \nDescription : The Accessibility by AllAccessible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'AllAccessible_save_settings' function in all versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-04T17:36:00.000000Z"}, {"uuid": "eb71b245-8a71-47f3-8284-016bb1c9be2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11641", "type": "seen", "source": "Telegram/IS1jtXuwH0GBm1YB0agQ6RtESQM2CjCFi2dWYkrVprb0K71K", "content": "", "creation_timestamp": "2025-02-06T02:42:29.000000Z"}]}