{"vulnerability": "CVE-2024-1176", "sightings": [{"uuid": "c2be9994-d42c-437b-bc57-c2e60efd17b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11761", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113559779012091323", "content": "", "creation_timestamp": "2024-11-28T09:05:14.732020Z"}, {"uuid": "db7102cb-2e83-403c-8154-f0a21ff2962d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11769", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113593482703123911", "content": "", "creation_timestamp": "2024-12-04T07:56:32.044571Z"}, {"uuid": "2ccb6d86-592f-4f3d-bc57-1443792c54f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11765", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113638253470588398", "content": "", "creation_timestamp": "2024-12-12T05:42:20.194736Z"}, {"uuid": "f3882007-1189-4068-b60a-bbffcab0064b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11766", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113638253486339991", "content": "", "creation_timestamp": "2024-12-12T05:42:20.551566Z"}, {"uuid": "3aaa3b5d-7f44-475c-a3c1-3fc0b6af5da9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11760", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113638930498221732", "content": "", "creation_timestamp": "2024-12-12T08:34:30.229888Z"}, {"uuid": "0f1742be-da60-4f98-ad1a-a86cab85d7b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11767", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113643643610428491", "content": "", "creation_timestamp": "2024-12-13T04:33:06.627518Z"}, {"uuid": "425528bb-be96-40cf-a232-2f34bf014250", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11767", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113643656396189469", "content": "", "creation_timestamp": "2024-12-13T04:36:21.680674Z"}, {"uuid": "d4757bfe-79d8-432b-9029-879603034dbd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11763", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113649366985416021", "content": "", "creation_timestamp": "2024-12-14T04:48:38.633012Z"}, {"uuid": "e8c85e22-1803-422d-ae26-e1effdeffcc9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11768", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113677846740743284", "content": "", "creation_timestamp": "2024-12-19T05:31:25.090730Z"}, {"uuid": "646be00a-19b1-45b7-aeeb-8546d645a881", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11764", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113785725693099056", "content": "", "creation_timestamp": "2025-01-07T06:46:27.394995Z"}, {"uuid": "df307b72-e1aa-455a-807f-2039328ca6d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11764", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf5442xe5q22", "content": "", "creation_timestamp": "2025-01-07T07:15:56.137528Z"}, {"uuid": "3f0e784b-5c23-4d92-a31f-448f6c4e1b93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11764", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf5442xe5q22", "content": "", "creation_timestamp": "2025-01-07T07:15:56.154296Z"}, {"uuid": "02887e03-1096-4e95-9d58-f382ac060009", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11764", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/369", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11764\n\ud83d\udd39 Description: The Solar Wizard Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'solar_wizard' shortcode in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-01-07T06:40:58.883Z\n\ud83d\udccf Modified: 2025-01-07T06:40:58.883Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/adcab262-08ca-448d-b1fd-295d421b82a3?source=cve\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3215301%40solar-wizard-lite&new=3215301%40solar-wizard-lite&sfp_email=&sfph_mail=", "creation_timestamp": "2025-01-07T07:37:27.000000Z"}, {"uuid": "b2678b3e-658f-4c47-8c26-e41626007b08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11768", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3402", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11768\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2024-12-19T06:15:23.007\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/__/Apply.php#L376\n2. https://www.wordfence.com/threat-intel/vulnerabilities/id/feb915f4-66d6-4f46-949c-5354e414319b?source=cve", "creation_timestamp": "2025-01-29T21:18:17.000000Z"}, {"uuid": "410d6239-e77e-42a3-9c72-b1908a3c73a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11760", "type": "seen", "source": "https://t.me/cvedetector/12756", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11760 - WordPress Currency Converter Widget PRO: Stored Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-11760 \nPublished : Dec. 12, 2024, 9:15 a.m. | 43\u00a0minutes ago \nDescription : The Currency Converter Widget \u26a1 PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'currency-converter-widget-pro' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T11:19:22.000000Z"}, {"uuid": "2d048cf1-acae-4ad9-bbde-08e8bff72e0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11766", "type": "seen", "source": "https://t.me/cvedetector/12742", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11766 - WordPress Book Plugin Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11766 \nPublished : Dec. 12, 2024, 6:15 a.m. | 42\u00a0minutes ago \nDescription : The WordPress Book Plugin for Displaying Books in Grid, Flip, Slider, Popup Layout and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gs_book_showcase' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T07:58:44.000000Z"}, {"uuid": "36c035ba-0e13-463d-a979-fe3929337a00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11765", "type": "seen", "source": "https://t.me/cvedetector/12741", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11765 - WordPress Portfolio Plugin Stored Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-11765 \nPublished : Dec. 12, 2024, 6:15 a.m. | 42\u00a0minutes ago \nDescription : The WordPress Portfolio Plugin \u2013 A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gs_portfolio' shortcode in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T07:58:44.000000Z"}, {"uuid": "24ab896e-15e0-44af-a2b5-514928126a2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11769", "type": "seen", "source": "https://t.me/cvedetector/11957", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11769 - The Flower Delivery by Florist One plugin for Word\", \n  \"Content\": \"CVE ID : CVE-2024-11769 \nPublished : Dec. 4, 2024, 8:15 a.m. | 44\u00a0minutes ago \nDescription : The Flower Delivery by Florist One plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'flower-delivery' shortcode in all versions up to, and including, 3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-04T10:03:42.000000Z"}, {"uuid": "a773f50c-751f-486f-ab1c-e2d644cdfdad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11768", "type": "seen", "source": "Telegram/5dg4aLIn-QVuEuToYWw6ryqwPs2S3n1xoWgLqK_bxc0TLYm6", "content": "", "creation_timestamp": "2025-01-30T02:17:48.000000Z"}, {"uuid": "9c2aec00-4442-4fe1-a146-f2ac6eea77b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11764", "type": "seen", "source": "https://t.me/cvedetector/14493", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11764 - WordPress Solar Wizard Lite Stored Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-11764 \nPublished : Jan. 7, 2025, 7:15 a.m. | 30\u00a0minutes ago \nDescription : The Solar Wizard Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'solar_wizard' shortcode in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-07T08:51:08.000000Z"}, {"uuid": "c13fde0d-d956-46ff-86bf-fb436cd8e9bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11768", "type": "seen", "source": "https://t.me/cvedetector/13309", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11768 - \"Amped Solutions WordPress Download Manager Password Protection Bypass vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-11768 \nPublished : Dec. 19, 2024, 6:15 a.m. | 1\u00a0hour, 37\u00a0minutes ago \nDescription : The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up to, and including, 3.3.03. This makes it possible for unauthenticated attackers to download password-protected files. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-19T08:57:55.000000Z"}, {"uuid": "48c10b33-75ed-496f-8966-60290d513027", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11767", "type": "seen", "source": "https://t.me/cvedetector/12827", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11767 - NewsmanApp for WordPress - Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11767 \nPublished : Dec. 13, 2024, 5:15 a.m. | 41\u00a0minutes ago \nDescription : The NewsmanApp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'newsman_subscribe_widget' shortcode in all versions up to, and including, 2.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-13T07:24:15.000000Z"}]}