{"vulnerability": "CVE-2024-1192", "sightings": [{"uuid": "0ef099d0-e79c-48db-a69c-9f58029f1600", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11925", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113559348625412673", "content": "", "creation_timestamp": "2024-11-28T07:15:47.415999Z"}, {"uuid": "7791eeee-ae73-4914-b8d8-b500c4e66939", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11928", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113628229653021559", "content": "", "creation_timestamp": "2024-12-10T11:13:08.409742Z"}, {"uuid": "49c20e29-57c4-497a-873f-022a339e9bb1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11929", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfckgiehnb2a", "content": "", "creation_timestamp": "2025-01-09T11:15:36.386896Z"}, {"uuid": "49844d83-33f9-43bb-9c32-f525fe8b32e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11921", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lebdmg67pr25", "content": "", "creation_timestamp": "2024-12-27T06:15:48.084727Z"}, {"uuid": "8578ccaf-29ff-4bd2-a519-0799580bfd33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11921", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113723363080725026", "content": "", "creation_timestamp": "2024-12-27T06:26:51.785363Z"}, {"uuid": "2fbb32e2-97e0-4546-a469-36383011d71f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11929", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113798164161224704", "content": "", "creation_timestamp": "2025-01-09T11:29:43.156862Z"}, {"uuid": "1771301e-4151-405b-bab5-30408594f862", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11923", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113846368789005804", "content": "", "creation_timestamp": "2025-01-17T23:48:47.438697Z"}, {"uuid": "b0c900a7-741d-484b-a1de-639604e52c3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11923", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfxzrwy2nw2p", "content": "", "creation_timestamp": "2025-01-18T00:16:22.773243Z"}, {"uuid": "d9704d7d-1ed2-4d7f-88fd-a6aabaf83655", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11923", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lgccgzembc2x", "content": "", "creation_timestamp": "2025-01-22T02:17:56.329069Z"}, {"uuid": "46b9dee6-393e-4686-9340-2c83a9108027", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11922", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114417777496345746", "content": "", "creation_timestamp": "2025-04-28T21:45:32.425205Z"}, {"uuid": "bbd9ac94-cf7b-42f9-b87b-5b7180f2c442", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11924", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmyj7gpdmc2l", "content": "", "creation_timestamp": "2025-04-17T06:48:41.664329Z"}, {"uuid": "270f6437-c6ac-4d58-812d-cfe8994445e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11922", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnvx5unhrg2l", "content": "", "creation_timestamp": "2025-04-28T23:45:35.579840Z"}, {"uuid": "394e86de-96d6-4ca1-9879-ef47cfb843b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11923", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2251", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11923\n\ud83d\udd39 Description: Under certain log settings the IAM or CORE service will log credentials in the iam logfile in\u00a0Fortra Application Hub (Formerly named Helpsystems One) prior to version 1.3\n\ud83d\udccf Published: 2025-01-17T23:44:06.075Z\n\ud83d\udccf Modified: 2025-01-17T23:44:06.075Z\n\ud83d\udd17 References:\n1. https://www.fortra.com/security/advisories/product-security/fi-2025-003", "creation_timestamp": "2025-01-17T23:57:01.000000Z"}, {"uuid": "04f2678f-19d1-4c5c-89cb-1fe7a9f8ea39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11922", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13741", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11922\n\ud83d\udd25 CVSS Score: 6.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)\n\ud83d\udd39 Description: Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker with permission to trigger emails to\u00a0insert arbitrary HTML or JavaScript into an email.\n\ud83d\udccf Published: 2025-04-28T20:57:37.388Z\n\ud83d\udccf Modified: 2025-04-28T20:57:37.388Z\n\ud83d\udd17 References:\n1. https://www.fortra.com/security/advisories/product-security/fi-2025-005", "creation_timestamp": "2025-04-28T21:11:05.000000Z"}, {"uuid": "26c60391-0650-4c06-8f74-3151256dc421", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11920", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3m5kuzetrz42s", "content": "", "creation_timestamp": "2025-11-14T04:51:06.267162Z"}, {"uuid": "68bdf6be-5bc5-4f8d-b791-dbd44f194c58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11920", "type": "seen", "source": "https://gist.github.com/Darkcrai86/66525269f0b512a3365ed4918a570e79", "content": "", "creation_timestamp": "2025-11-14T07:37:19.000000Z"}, {"uuid": "10be4f3f-7702-43ca-82b4-fc27ad7a1a4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11929", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/943", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11929\n\ud83d\udd39 Description: The Responsive FlipBook Plugin Wordpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the rfbwp_save_settings() functionin all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-01-09T11:10:58.270Z\n\ud83d\udccf Modified: 2025-01-09T11:10:58.270Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/53b24f9a-f225-40b5-9937-f7449d4832df?source=cve\n2. https://codecanyon.net/item/responsive-flipbook-plugin/2372863", "creation_timestamp": "2025-01-09T12:16:24.000000Z"}, {"uuid": "4a550ce0-51f6-40f1-b08f-e31f81efb5f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11924", "type": "seen", "source": "https://t.me/cvedetector/23222", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11924 - WordPress Icegram Express Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11924 \nPublished : April 17, 2025, 6:15 a.m. | 1\u00a0hour, 56\u00a0minutes ago \nDescription : The Icegram Express formerly known as Email Subscribers  WordPress plugin before 5.7.52 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-17T10:28:18.000000Z"}, {"uuid": "c78541f0-e17c-4ff3-b067-3128613e2c24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11924", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12198", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11924\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Icegram Express formerly known as Email Subscribers  WordPress plugin before 5.7.52 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n\ud83d\udccf Published: 2025-04-17T06:00:07.902Z\n\ud83d\udccf Modified: 2025-04-17T06:00:07.902Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/70288369-132d-4211-bca0-0411736df747/", "creation_timestamp": "2025-04-17T06:57:21.000000Z"}, {"uuid": "548deed6-32e8-4c46-8b4e-d0635d9c2922", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11922", "type": "seen", "source": "https://t.me/cvedetector/23944", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11922 - Fortra GoAnywhere Email Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11922 \nPublished : April 28, 2025, 9:15 p.m. | 34\u00a0minutes ago \nDescription : Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker with permission to trigger emails to\u00a0insert arbitrary HTML or JavaScript into an email. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-29T00:06:17.000000Z"}, {"uuid": "40485936-0a39-4f24-a54b-4e149ae8b9d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11923", "type": "seen", "source": "https://t.me/cvedetector/15771", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11923 - Fortra Application Hub (Helpsystems One) Credentials Log Exposure\", \n  \"Content\": \"CVE ID : CVE-2024-11923 \nPublished : Jan. 18, 2025, 12:15 a.m. | 37\u00a0minutes ago \nDescription : Under certain log settings the IAM or CORE service will log credentials in the iam logfile in\u00a0Fortra Application Hub (Formerly named Helpsystems One) prior to version 1.3 \nSeverity: 5.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-18T02:00:58.000000Z"}, {"uuid": "a7fbcff3-57a3-423e-99f2-71e8f7a5a005", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1192", "type": "seen", "source": "https://t.me/ctinow/177980", "content": "https://ift.tt/ml70eBx\nCVE-2024-1192 | South River WebDrive 18.00.5057 New Secure WebDAV denial of service", "creation_timestamp": "2024-02-02T08:36:45.000000Z"}, {"uuid": "44106870-065e-4a1c-addd-3db8a1675464", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11926", "type": "seen", "source": "https://t.me/cvedetector/13196", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11926 - WordPress Travel Booking Theme Unauthenticated Data Manipulation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11926 \nPublished : Dec. 18, 2024, 12:15 p.m. | 23\u00a0minutes ago \nDescription : The Travel Booking WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '__stPartnerCreateServiceRental',  'st_delete_order_item', '_st_partner_approve_booking', 'save_order_item', and '__userDenyEachInfo' functions in all versions up to, and including, 3.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify posts, delete posts and pages, approve arbitrary orders, insert orders with arbitrary prices, and deny user information. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-18T13:41:54.000000Z"}, {"uuid": "e277f358-1a44-405f-89fd-4c0681c2f084", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11921", "type": "seen", "source": "https://t.me/cvedetector/13719", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11921 - GiveWP WordPress Plugin Reflected Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11921 \nPublished : Dec. 27, 2024, 6:15 a.m. | 15\u00a0minutes ago \nDescription : The GiveWP  WordPress plugin before 3.19.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-27T07:37:36.000000Z"}, {"uuid": "4b46be22-f345-4ae4-adfa-e65be511ee80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11928", "type": "seen", "source": "https://t.me/cvedetector/12492", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11928 - iChart WordPress - Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11928 \nPublished : Dec. 10, 2024, 11:15 a.m. | 41\u00a0minutes ago \nDescription : The iChart \u2013 Easy Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018width\u2019 parameter in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-10T13:17:26.000000Z"}]}