{"vulnerability": "CVE-2024-11849", "sightings": [{"uuid": "3c81bb00-58ac-47d4-a24c-61b3926d5069", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11849", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113779894266060216", "content": "", "creation_timestamp": "2025-01-06T06:03:26.742682Z"}, {"uuid": "d61172af-33a7-4866-adfd-45211e65c26b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11849", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf2ib3s42j2k", "content": "", "creation_timestamp": "2025-01-06T06:15:30.165451Z"}, {"uuid": "aabc2bc9-7a4e-4bc7-b8d2-aef96ba93265", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11849", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf2k2xk7eb2u", "content": "", "creation_timestamp": "2025-01-06T06:47:52.278761Z"}, {"uuid": "f67d1457-2257-4b8e-99a6-c24a1d501ea3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11849", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/161", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: GHSA-7mxj-3f68-p2v6\n\ud83d\udd17 Aliases: CVE-2024-11849\n\ud83d\udd39 Details: The Pods  WordPress plugin before 3.2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n\ud83d\uddd3\ufe0f Modified: 2025-01-06T06:30:45Z\n\ud83d\uddd3\ufe0f Published: 2025-01-06T06:30:45Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-11849\n2. https://wpscan.com/vulnerability/85b25a5b-c30b-4a2a-96c1-f05b4eba8a9b", "creation_timestamp": "2025-01-06T06:40:36.000000Z"}, {"uuid": "7ffca45c-e519-4537-a699-f7320e8fe888", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11849", "type": "seen", "source": "https://t.me/cvedetector/14337", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11849 - Pods WordPress Stored Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2024-11849 \nPublished : Jan. 6, 2025, 6:15 a.m. | 24\u00a0minutes ago \nDescription : The Pods  WordPress plugin before 3.2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-06T07:43:47.000000Z"}]}