{"vulnerability": "CVE-2024-1211", "sightings": [{"uuid": "94b315e9-345f-471b-8e7a-9098ca8fefac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12115", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113609184987241947", "content": "", "creation_timestamp": "2024-12-07T02:29:49.767632Z"}, {"uuid": "b6224584-0193-4c8d-848e-4cf39afc7739", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12110", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113605258890415406", "content": "", "creation_timestamp": "2024-12-06T09:51:22.223874Z"}, {"uuid": "4b606977-6a61-4a88-a2a8-42a8f047e3c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12111", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ldoosd5my22v", "content": "", "creation_timestamp": "2024-12-19T20:15:22.705690Z"}, {"uuid": "d376c2c2-964c-422d-b168-42f2c30d11e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12111", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113681311720588385", "content": "", "creation_timestamp": "2024-12-19T20:12:36.350511Z"}, {"uuid": "9704f4e1-3462-4c01-bee9-eaf8ac5a66e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12116", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113808596738632070", "content": "", "creation_timestamp": "2025-01-11T07:42:51.842549Z"}, {"uuid": "dcad7990-da88-4df8-b64a-de844e066a79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12116", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfhbd2urb62d", "content": "", "creation_timestamp": "2025-01-11T08:15:56.663442Z"}, {"uuid": "2158fe76-3ac2-4f2b-a3ca-e527582730b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12116", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfhd6bd5742e", "content": "", "creation_timestamp": "2025-01-11T08:49:03.189192Z"}, {"uuid": "32ca0881-f033-45f0-ade0-33a139470aa0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12112", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf7ciujp5l22", "content": "", "creation_timestamp": "2025-01-08T04:15:47.116591Z"}, {"uuid": "c2289c0d-e526-489a-95f1-d679bf21b45d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12113", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113887813166815092", "content": "", "creation_timestamp": "2025-01-25T07:28:38.389142Z"}, {"uuid": "aeb27978-d4a9-46ca-a1a9-f5bc534b9901", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12117", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgct36qrsa2e", "content": "", "creation_timestamp": "2025-01-22T07:15:32.855900Z"}, {"uuid": "3f94c766-cdcb-451b-bf17-c772f4466d59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12117", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgcuxqdxoq2r", "content": "", "creation_timestamp": "2025-01-22T07:49:25.120234Z"}, {"uuid": "2b9a707e-5afa-49d7-8b92-26580f371b79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12118", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgfudjzlud2f", "content": "", "creation_timestamp": "2025-01-23T12:16:05.841516Z"}, {"uuid": "36ae78d3-6d48-4335-9950-13aedd3fa07f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12118", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgfvnyroae2g", "content": "", "creation_timestamp": "2025-01-23T12:39:52.854004Z"}, {"uuid": "544d248a-68c5-431c-9401-a5e46c6a32fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12116", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1285", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12116\n\ud83d\udd39 Description: The Unlimited Theme Addon For Elementor and WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.1 via the 'uta-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.\n\ud83d\udccf Published: 2025-01-11T07:21:52.245Z\n\ud83d\udccf Modified: 2025-01-11T07:21:52.245Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/9dbdb6cc-2a00-4d34-9c11-62f3d1b51c73?source=cve\n2. https://wordpress.org/plugins/unlimited-theme-addons/", "creation_timestamp": "2025-01-11T08:04:10.000000Z"}, {"uuid": "2fbc3cee-89ee-41f8-ab8e-44b3116a3f7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1211", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgypuw6doj2c", "content": "", "creation_timestamp": "2025-01-31T00:16:55.260771Z"}, {"uuid": "00968e93-140f-4518-a44e-c14a3d389e33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12114", "type": "seen", "source": "https://t.me/cvedetector/19887", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12114 - FooGallery WordPress Insecure Direct Object Reference\", \n  \"Content\": \"CVE ID : CVE-2024-12114 \nPublished : March 8, 2025, 6:15 a.m. | 1\u00a0hour, 30\u00a0minutes ago \nDescription : The FooGallery \u2013 Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.29 via the foogallery_attachment_modal_save AJAX action due to missing validation on a user controlled key (img_id). This makes it possible for authenticated attackers, with granted access and above, to update arbitrary post and page content. This requires the Gallery Creator Role setting to be a value lower than 'Editor' for there to be any real impact. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-08T09:20:13.000000Z"}, {"uuid": "8ccfb062-fc2c-4e1b-aea6-5f847e60ff98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12112", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/621", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12112\n\ud83d\udd39 Description: The Easy Form Builder \u2013 WordPress plugin form builder: contact form, survey form, payment form, and custom form builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter of the 'add_form_Emsfb' AJAX action in all versions up to, and including, 3.8.8 due to insufficient input sanitization and output escaping and missing authorization checks. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-01-08T03:18:11.056Z\n\ud83d\udccf Modified: 2025-01-08T03:18:11.056Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/a71e72dd-574c-41fc-a000-7a4cf658f3d7?source=cve\n2. https://plugins.trac.wordpress.org/changeset/3215764/easy-form-builder/trunk/includes/admin/class-Emsfb-create.php", "creation_timestamp": "2025-01-08T03:39:11.000000Z"}, {"uuid": "ee1624fe-cf37-40a9-9482-674ad4502025", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1211", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113919969169827912", "content": "", "creation_timestamp": "2025-01-30T23:46:20.072818Z"}, {"uuid": "53928745-6984-419d-9e24-e9a599604f01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1211", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgz2xz5iws2r", "content": "", "creation_timestamp": "2025-01-31T03:35:30.252936Z"}, {"uuid": "f7775670-d7be-4829-b771-eeebc34786e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12119", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ljucwvmh7q2e", "content": "", "creation_timestamp": "2025-03-08T10:30:20.328766Z"}, {"uuid": "7af28504-0d33-4e9f-949e-64aea57e9ec2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12114", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ljucwvxveh26", "content": "", "creation_timestamp": "2025-03-08T10:30:21.982931Z"}, {"uuid": "42120143-7232-4adb-b9aa-7bdc3f7cdc8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12119", "type": "seen", "source": "https://t.me/cvedetector/19883", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12119 - FooGallery WordPress Stored Cross-Site Scripting (XSS) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12119 \nPublished : March 8, 2025, 6:15 a.m. | 1\u00a0hour, 30\u00a0minutes ago \nDescription : The FooGallery \u2013 Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the default_gallery_title_size parameter in all versions up to, and including, 2.4.29 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with granted gallery and album creator roles, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-08T09:20:06.000000Z"}, {"uuid": "026d5706-3b4b-4b5c-8d5b-5ac1a3585973", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12113", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3061", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12113\n\ud83d\udd39 Description: The Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_user_review() and delete_review() functions in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete other user's reviews.\n\ud83d\udccf Published: 2025-01-25T07:24:16.273Z\n\ud83d\udccf Modified: 2025-01-25T07:24:16.273Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/977e407c-0650-454f-98bd-b39bb8c8c61f?source=cve\n2. https://wordpress.org/plugins/youzify/", "creation_timestamp": "2025-01-25T08:05:41.000000Z"}, {"uuid": "679b340c-b65d-4db4-bf59-b7c156a5bc69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12118", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2722", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12118\n\ud83d\udd39 Description: The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Event Calendar Link Widget through the html_tag attribute in all versions up to, and including, 6.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-01-23T11:13:29.698Z\n\ud83d\udccf Modified: 2025-01-23T11:13:29.698Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/d67de4f2-b680-49f8-be95-c2464b70f7d0?source=cve\n2. https://plugins.trac.wordpress.org/browser/the-events-calendar/tags/6.8.1/src/Events/Integrations/Plugins/Elementor/Widgets/Event_Calendar_Link.php#L90\n3. https://plugins.trac.wordpress.org/changeset/3227009/the-events-calendar/tags/6.9.1/src/views/integrations/elementor/widgets/event-calendar-link.php", "creation_timestamp": "2025-01-23T12:03:32.000000Z"}, {"uuid": "65e925a7-7fe2-4824-869d-f57e02d34865", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12117", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2528", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12117\n\ud83d\udd39 Description: The Stackable \u2013 Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter of the Button block in all versions up to, and including, 3.13.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-01-22T07:03:52.799Z\n\ud83d\udccf Modified: 2025-01-22T07:03:52.799Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/bedc2254-29aa-46c5-8f85-47dd6affb42b?source=cve\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3223387%40stackable-ultimate-gutenberg-blocks&new=3223387%40stackable-ultimate-gutenberg-blocks&sfp_email=&sfph_mail=", "creation_timestamp": "2025-01-22T08:02:06.000000Z"}, {"uuid": "da933382-eb28-4ea0-a7c7-0a40a8770182", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12113", "type": "seen", "source": "https://t.me/cvedetector/16379", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12113 - Youzify BuddyPress Review Deletion Arbitrary Update\", \n  \"Content\": \"CVE ID : CVE-2024-12113 \nPublished : Jan. 25, 2025, 8:15 a.m. | 42\u00a0minutes ago \nDescription : The Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_user_review() and delete_review() functions in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete other user's reviews. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-25T10:28:59.000000Z"}, {"uuid": "0b7ca5d4-567a-4384-b227-275bc911d821", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1211", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3539", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-1211\n\ud83d\udd25 CVSS Score: 6.4 (CVSS_V3)\n\ud83d\udd39 Description: An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 in which cross-site request forgery may have been possible on GitLab instances configured to use JWT as an OmniAuth provider.\n\ud83d\udccf Published: 2025-01-31T00:30:44Z\n\ud83d\udccf Modified: 2025-01-31T00:30:44Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-1211\n2. https://hackerone.com/reports/2323594\n3. https://gitlab.com/gitlab-org/gitlab/-/issues/440313", "creation_timestamp": "2025-01-31T01:12:21.000000Z"}, {"uuid": "df8588b9-d09b-4142-a456-5d0e0f281b0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12119", "type": "seen", "source": "Telegram/MXQZagIS9OnBFo4i9lg3Xai5eXW-ccasASAKldM9p2SWjPt6", "content": "", "creation_timestamp": "2025-03-08T16:29:00.000000Z"}, {"uuid": "a685993b-d0df-423f-9d16-889cf58c7832", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12114", "type": "seen", "source": "Telegram/kaNleqMgU56cumemK-4CcRekin1DWBZNtSih4DQiBVp8gs2l", "content": "", "creation_timestamp": "2025-03-08T16:29:00.000000Z"}, {"uuid": "922ca932-93ed-4a4b-ad4b-f620931f155c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12119", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6926", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12119\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The FooGallery \u2013 Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the default_gallery_title_size parameter in all versions up to, and including, 2.4.29 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with granted gallery and album creator roles, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-03-08T05:30:08.997Z\n\ud83d\udccf Modified: 2025-03-08T05:30:08.997Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/2070c6e6-d830-4d1c-9408-5cb2254a00e5?source=cve\n2. https://github.com/fooplugins/foogallery/blob/master/extensions/albums/album-default.php#L26\n3. https://plugins.trac.wordpress.org/browser/foogallery/tags/2.4.27/extensions/albums/album-default.php#L26", "creation_timestamp": "2025-03-08T06:35:48.000000Z"}, {"uuid": "92b6bbe9-4be6-4237-86db-e0b40f75d201", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12114", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6925", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12114\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: The FooGallery \u2013 Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.29 via the foogallery_attachment_modal_save AJAX action due to missing validation on a user controlled key (img_id). This makes it possible for authenticated attackers, with granted access and above, to update arbitrary post and page content. This requires the Gallery Creator Role setting to be a value lower than 'Editor' for there to be any real impact.\n\ud83d\udccf Published: 2025-03-08T05:30:09.469Z\n\ud83d\udccf Modified: 2025-03-08T05:30:09.469Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/f4fe3ad9-247f-4e5d-8c79-0970afaa7729?source=cve\n2. https://github.com/fooplugins/foogallery/blob/master/includes/admin/class-gallery-attachment-modal.php#L242\n3. https://plugins.trac.wordpress.org/changeset/3250684/foogallery/tags/2.4.30/includes/admin/class-gallery-attachment-modal.php?old=3229839&old_path=foogallery%2Ftags%2F2.4.29%2Fincludes%2Fadmin%2Fclass-gallery-attachment-modal.php", "creation_timestamp": "2025-03-08T06:35:47.000000Z"}, {"uuid": "8f76af15-9030-40ed-9665-1891dd489f8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1211", "type": "seen", "source": "https://t.me/cvedetector/16861", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-1211 - GitLab CSRF Vulnerability (CSFR)\", \n  \"Content\": \"CVE ID : CVE-2024-1211 \nPublished : Jan. 31, 2025, 12:15 a.m. | 1\u00a0hour, 6\u00a0minutes ago \nDescription : An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 in which cross-site request forgery may have been possible on GitLab instances configured to use JWT as an OmniAuth provider. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-31T02:49:20.000000Z"}, {"uuid": "cf3e2b6f-e711-4797-8e3c-6dd8c584d308", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12118", "type": "seen", "source": "https://t.me/cvedetector/16183", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12118 - WordPress The Events Calendar Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12118 \nPublished : Jan. 23, 2025, 12:15 p.m. | 45\u00a0minutes ago \nDescription : The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Event Calendar Link Widget through the html_tag attribute in all versions up to, and including, 6.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-23T14:08:11.000000Z"}, {"uuid": "4c7cafea-6e2c-43a2-b0d0-d3e08c3600a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12116", "type": "seen", "source": "https://t.me/cvedetector/15053", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12116 - Elementor WooCommerce Unlimited Theme Addon Information Exposure\", \n  \"Content\": \"CVE ID : CVE-2024-12116 \nPublished : Jan. 11, 2025, 8:15 a.m. | 33\u00a0minutes ago \nDescription : The Unlimited Theme Addon For Elementor and WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.1 via the 'uta-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-11T09:54:22.000000Z"}, {"uuid": "9586cff2-c0e2-4ef1-9d32-2e7c2aeb50d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12112", "type": "seen", "source": "https://t.me/cvedetector/14649", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12112 - WordPress Easy Form Builder Stored Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-12112 \nPublished : Jan. 8, 2025, 4:15 a.m. | 29\u00a0minutes ago \nDescription : The Easy Form Builder \u2013 WordPress plugin form builder: contact form, survey form, payment form, and custom form builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter of the 'add_form_Emsfb' AJAX action in all versions up to, and including, 3.8.8 due to insufficient input sanitization and output escaping and missing authorization checks. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-08T05:46:57.000000Z"}, {"uuid": "7feca722-7c63-416e-bf48-61787fc0e89a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12117", "type": "seen", "source": "https://t.me/cvedetector/16080", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12117 - The Stackable Gutenberg Blocks Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12117 \nPublished : Jan. 22, 2025, 7:15 a.m. | 30\u00a0minutes ago \nDescription : The Stackable \u2013 Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter of the Button block in all versions up to, and including, 3.13.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-22T08:52:25.000000Z"}, {"uuid": "a3a4d911-222c-4981-a94c-16367bc8a421", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12115", "type": "seen", "source": "https://t.me/cvedetector/12306", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12115 - The Poll Maker \u2013 Versus Polls, Anonymous Polls, Im\", \n  \"Content\": \"CVE ID : CVE-2024-12115 \nPublished : Dec. 7, 2024, 2:15 a.m. | 37\u00a0minutes ago \nDescription : The Poll Maker \u2013 Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.4. This is due to missing or incorrect nonce validation on the duplicate_poll() function. This makes it possible for unauthenticated attackers to duplicate polls via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-07T04:10:47.000000Z"}, {"uuid": "888049df-9d3c-421c-8471-b5abae81b03a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12111", "type": "seen", "source": "https://t.me/cvedetector/13372", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12111 - OpenText Privileged Access Manager LDAP Authentication Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-12111 \nPublished : Dec. 19, 2024, 8:15 p.m. | 41\u00a0minutes ago \nDescription : In a specific scenario a LDAP user can abuse the authentication process in OpenText\u00a0Privileged Access Manager that allows authentication bypass.\u00a0This issue affects Privileged Access Manager version 23.3(4.4); 24.3(4.5) \nSeverity: 8.0 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-19T22:20:55.000000Z"}, {"uuid": "a8e5058f-4911-47b4-96c7-c4ead91fcf5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12110", "type": "seen", "source": "https://t.me/cvedetector/12177", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12110 - The Gold Addons for Elementor plugin for WordPress\", \n  \"Content\": \"CVE ID : CVE-2024-12110 \nPublished : Dec. 6, 2024, 9:15 a.m. | 19\u00a0minutes ago \nDescription : The Gold Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activate() and deactivate() functions in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate and deactivate licenses. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-06T10:35:49.000000Z"}]}