{"vulnerability": "CVE-2024-1203", "sightings": [{"uuid": "76ff009d-90ff-4dc2-be75-00d8f64b8038", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12034", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113706144883033970", "content": "", "creation_timestamp": "2024-12-24T05:28:01.239444Z"}, {"uuid": "a9164a18-0c67-4b8b-8908-914cbe735f79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12034", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ldzs7onqo32f", "content": "", "creation_timestamp": "2024-12-24T06:15:48.874950Z"}, {"uuid": "16b7cb8c-4b6b-43b3-a9f8-752f03848ad8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12031", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113707092022211221", "content": "", "creation_timestamp": "2024-12-24T09:28:52.654235Z"}, {"uuid": "34fd905d-faaa-4a1f-a7c0-29f0d6bb8d37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12031", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3le27maewy22a", "content": "", "creation_timestamp": "2024-12-24T10:15:28.846800Z"}, {"uuid": "aab473e8-1f23-4882-a236-c1b6c4848545", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12033", "type": "seen", "source": "https://bsky.app/profile/wiretor.bsky.social/post/3lf5v4w46qk2g", "content": "", "creation_timestamp": "2025-01-07T14:43:53.314746Z"}, {"uuid": "ab92d453-9848-4acc-ae0a-1c1a83eb70be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12032", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113711319937158435", "content": "", "creation_timestamp": "2024-12-25T03:24:05.483933Z"}, {"uuid": "6e4a3959-6558-4334-9115-3cd221d30228", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12032", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3le43xhu7nl2f", "content": "", "creation_timestamp": "2024-12-25T04:15:30.361239Z"}, {"uuid": "0186f1de-2929-4b49-be5c-e8b9d8e40988", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12033", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf5muickv22i", "content": "", "creation_timestamp": "2025-01-07T12:15:55.247777Z"}, {"uuid": "d0bf88d2-3464-4749-b8f0-55fd02cb35d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12033", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf5oxpxotc2k", "content": "", "creation_timestamp": "2025-01-07T12:53:30.966649Z"}, {"uuid": "7f24f508-5207-4bcc-af29-02ad85186d77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12030", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113790854135598769", "content": "", "creation_timestamp": "2025-01-08T04:30:41.406498Z"}, {"uuid": "95fd3644-772c-4a7f-a072-1105c63a90d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12030", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf7ftkezt22f", "content": "", "creation_timestamp": "2025-01-08T05:15:26.779698Z"}, {"uuid": "92a762ab-c5fe-4a09-a354-d0f9154e9e0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12030", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf7h4oqolg2w", "content": "", "creation_timestamp": "2025-01-08T05:38:31.848944Z"}, {"uuid": "1c486b05-d864-47ca-ae7d-61a3fa32c96d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12037", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgzuos4cvj2t", "content": "", "creation_timestamp": "2025-01-31T11:15:38.168310Z"}, {"uuid": "ad8ea68d-76d7-4c8d-84c8-aa129c18e1c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12035", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114120991550927514", "content": "", "creation_timestamp": "2025-03-07T11:48:58.427305Z"}, {"uuid": "29430855-3e7d-4093-a7e4-690363ba0454", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12038", "type": "seen", "source": "https://t.me/cvedetector/18707", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12038 - WordPress BuddyForms Stored Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-12038 \nPublished : Feb. 22, 2025, 5:15 a.m. | 1\u00a0hour, 49\u00a0minutes ago \nDescription : The Post Form \u2013 Registration Form \u2013 Profile Form for User Profiles \u2013 Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'buddyforms_nav' shortcode in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-22T08:18:42.000000Z"}, {"uuid": "ca3a632b-d380-468f-96e1-92c45a1825f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12036", "type": "seen", "source": "Telegram/5DH5ilSd4__R4ze5EYOKfUhPPUcJxZRjCY3XeLfM2cIR-nQC", "content": "", "creation_timestamp": "2025-03-08T04:34:56.000000Z"}, {"uuid": "558d361a-94b2-4b2a-805a-1ed661028c5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12035", "type": "seen", "source": "Telegram/bAo67O6QE5J9Tg-PcXiLII4KDPIAKxCqJXrh7wX9OFrKATyS", "content": "", "creation_timestamp": "2025-03-08T04:34:56.000000Z"}, {"uuid": "feb38743-27cf-4381-bc7b-464e73d851ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12030", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/639", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12030\n\ud83d\udd39 Description: The MDTF \u2013 Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'key' attribute of the 'mdf_value' shortcode in all versions up to, and including, 1.3.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n\ud83d\udccf Published: 2025-01-08T04:17:59.363Z\n\ud83d\udccf Modified: 2025-01-08T04:17:59.363Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/d2ead824-2722-4b09-8387-e064dee371c1?source=cve\n2. https://plugins.trac.wordpress.org/browser/wp-meta-data-filter-and-taxonomy-filter/trunk/classes/shortcodes.php?rev=3204774#L874\n3. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3210333%40wp-meta-data-filter-and-taxonomy-filter&new=3210333%40wp-meta-data-filter-and-taxonomy-filter&sfp_email=&sfph_mail=", "creation_timestamp": "2025-01-08T04:38:17.000000Z"}, {"uuid": "0d5fff2e-cf2e-410f-865d-b2c39d172bf1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12033", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/393", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12033\n\ud83d\udd39 Description: The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the sync_libraries() function in all versions up to, and including, 4.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to sync libraries\n\ud83d\udccf Published: 2025-01-07T11:11:11.179Z\n\ud83d\udccf Modified: 2025-01-07T11:11:11.179Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/7e452aa0-bfb9-4805-b2ed-53464a4b5308?source=cve\n2. https://plugins.trac.wordpress.org/changeset/3214798/jupiterx-core/trunk/includes/extensions/raven/includes/plugin.php", "creation_timestamp": "2025-01-07T11:37:23.000000Z"}, {"uuid": "818d0e9d-1d86-4fc7-affd-89982f6173a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12037", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3655", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12037\n\ud83d\udd25 CVSS Score: 6.2 (CVSS_V3)\n\ud83d\udd39 Description: The Post Form \u2013 Registration Form \u2013 Profile Form for User Profiles \u2013 Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bf_new_submission_link' shortcode in all versions up to, and including, 2.8.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-01-31T12:33:02Z\n\ud83d\udccf Modified: 2025-01-31T12:33:02Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-12037\n2. https://plugins.trac.wordpress.org/changeset/3231602/buddyforms/trunk/includes/shortcodes.php\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/accd4f34-4e10-4c83-96c3-c2a078ecd5cc?source=cve", "creation_timestamp": "2025-01-31T13:15:09.000000Z"}, {"uuid": "376be30a-aabe-4c59-a99c-a3b2a01cbe4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12038", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5013", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12038\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Post Form \u2013 Registration Form \u2013 Profile Form for User Profiles \u2013 Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'buddyforms_nav' shortcode in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-02-22T04:21:16.997Z\n\ud83d\udccf Modified: 2025-02-22T04:21:16.997Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/ff0568e2-3a1e-4ed6-835a-37e3d07d7b63?source=cve\n2. https://plugins.trac.wordpress.org/changeset/3244167/buddyforms/trunk/includes/shortcodes.php", "creation_timestamp": "2025-02-22T05:18:48.000000Z"}, {"uuid": "ba0b65e7-5c56-4ec6-bc34-68d16991ef3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12036", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6816", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12036\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: The CS Framework plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 6.9 via the get_widget_settings_json() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.\n\ud83d\udccf Published: 2025-03-07T08:21:25.162Z\n\ud83d\udccf Modified: 2025-03-07T08:21:25.162Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/5ed1978e-1dd7-45d3-829a-1a75c1789827?source=cve\n2. https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636", "creation_timestamp": "2025-03-07T08:35:00.000000Z"}, {"uuid": "fc2be48d-1f2c-4f05-bc6a-a0047c1ca396", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12035", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6819", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12035\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The CS Framework plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the cs_widget_file_delete() function in all versions up to, and including, 6.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).\n\ud83d\udccf Published: 2025-03-07T08:21:21.608Z\n\ud83d\udccf Modified: 2025-03-07T08:21:21.608Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/31093664-c45e-4e87-b72f-5cdf8e8e9f67?source=cve\n2. https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636", "creation_timestamp": "2025-03-07T08:35:06.000000Z"}, {"uuid": "b20592d0-e939-4cf7-921f-8160aadab924", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12033", "type": "seen", "source": "https://t.me/cvedetector/14537", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12033 - Jupiter X Core WordPress Unauthenticated Remote Code Execution (RCE)\", \n  \"Content\": \"CVE ID : CVE-2024-12033 \nPublished : Jan. 7, 2025, 12:15 p.m. | 29\u00a0minutes ago \nDescription : The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the sync_libraries() function in all versions up to, and including, 4.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to sync libraries \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-07T13:52:40.000000Z"}, {"uuid": "929e94dc-814c-41e7-ae2d-eae8786a7a28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12037", "type": "seen", "source": "https://t.me/cvedetector/16929", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12037 - WordPress Stored Cross-Site Scripting in User Profiles Forms by Frontend Content Forms\", \n  \"Content\": \"CVE ID : CVE-2024-12037 \nPublished : Jan. 31, 2025, 11:15 a.m. | 33\u00a0minutes ago \nDescription : The Post Form \u2013 Registration Form \u2013 Profile Form for User Profiles \u2013 Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bf_new_submission_link' shortcode in all versions up to, and including, 2.8.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-31T12:52:04.000000Z"}, {"uuid": "71d4a372-d1f4-480e-8ddc-1f2ff2d7a0c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12030", "type": "seen", "source": "https://t.me/cvedetector/14656", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12030 - WordPress MDTF SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12030 \nPublished : Jan. 8, 2025, 5:15 a.m. | 21\u00a0minutes ago \nDescription : The MDTF \u2013 Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'key' attribute of the 'mdf_value' shortcode in all versions up to, and including, 1.3.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-08T06:37:09.000000Z"}, {"uuid": "99916eb1-6f9d-488a-ab77-2a0fe1333c3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12034", "type": "seen", "source": "https://t.me/cvedetector/13571", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12034 - \"Google reCAPTCHA WordPress IP Unblocking Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-12034 \nPublished : Dec. 24, 2024, 6:15 a.m. | 17\u00a0minutes ago \nDescription : The Advanced Google reCAPTCHA plugin for WordPress is vulnerable to IP unblocking in all versions up to, and including, 1.25. This is due to the plugin not utilizing a strong unique key when generating an unblock request. This makes it possible for unauthenticated attackers to unblock their IP after being locked out due to too many bad password attempts \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-24T07:42:50.000000Z"}, {"uuid": "61f16855-bfdd-4b8e-9013-07ca3751a615", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12032", "type": "seen", "source": "https://t.me/cvedetector/13615", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12032 - Tourfic - WooCommerce Booking SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12032 \nPublished : Dec. 25, 2024, 4:15 a.m. | 38\u00a0minutes ago \nDescription : The Tourfic \u2013 Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking plugin for WordPress is vulnerable to SQL Injection via the 'enquiry_id' parameter of the 'tf_enquiry_reply_email_callback' function in all versions up to, and including, 2.15.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-25T06:17:23.000000Z"}, {"uuid": "7f3d3b03-2098-4b94-99f1-f13a428d2b2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12031", "type": "seen", "source": "https://t.me/cvedetector/13580", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12031 - \"WordPress Advanced Floating Content Plugin SQL Injection Flaw\"\", \n  \"Content\": \"CVE ID : CVE-2024-12031 \nPublished : Dec. 24, 2024, 10:15 a.m. | 36\u00a0minutes ago \nDescription : The Advanced Floating Content plugin for WordPress is vulnerable to SQL Injection via the 'floating_content_duplicate_post' function in all versions up to, and including, 3.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-24T11:53:45.000000Z"}]}