{"vulnerability": "CVE-2024-1216", "sightings": [{"uuid": "00133244-0772-4d38-b213-6560b7b2efe0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12165", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113609185002950467", "content": "", "creation_timestamp": "2024-12-07T02:29:50.393456Z"}, {"uuid": "477bac9e-6ac5-43a0-983c-6fe1d7f7acc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12166", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113609185016813797", "content": "", "creation_timestamp": "2024-12-07T02:29:50.448500Z"}, {"uuid": "8b9c7c23-1579-4490-985c-7570e4006391", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12167", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113609185030208713", "content": "", "creation_timestamp": "2024-12-07T02:29:50.694755Z"}, {"uuid": "ab88675b-4946-4e63-9074-6cbe7569e7e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12160", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113638930513060838", "content": "", "creation_timestamp": "2024-12-12T08:34:31.421678Z"}, {"uuid": "b3d5b9a3-c914-4ce1-976e-a620195f9913", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12163", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3454", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12163\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The goodlayers-core WordPress plugin before 2.1.3 allows users with a subscriber role and above to upload SVGs containing malicious payloads.\n\ud83d\udccf Published: 2025-01-30T06:30:49Z\n\ud83d\udccf Modified: 2025-01-30T06:30:49Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-12163\n2. https://wpscan.com/vulnerability/ea704054-fb66-4014-89bd-1c61074f64e5", "creation_timestamp": "2025-01-30T07:11:31.000000Z"}, {"uuid": "323faae2-9756-4063-b743-1201a070b6b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12163", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113915812639179134", "content": "", "creation_timestamp": "2025-01-30T06:09:16.344064Z"}, {"uuid": "7000f347-687a-4e35-b5a0-8b00287e9e46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12163", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgwthi4uei2c", "content": "", "creation_timestamp": "2025-01-30T06:15:39.956608Z"}, {"uuid": "7f1fc7ea-59b9-40e3-98fd-4509ff395862", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12163", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgxeq32bj32e", "content": "", "creation_timestamp": "2025-01-30T11:24:44.920710Z"}, {"uuid": "21568050-3223-4157-af82-1a3f8178a46f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12161", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhulrc6jzn2q", "content": "", "creation_timestamp": "2025-02-11T02:17:51.252453Z"}, {"uuid": "549d7486-7b47-49a3-81c8-498cd89403f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12169", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-093-01", "content": "", "creation_timestamp": "2025-04-03T10:00:00.000000Z"}, {"uuid": "148f797a-a8ec-4f8c-80ce-0ffbb3ec478d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12168", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114614296629933284", "content": "", "creation_timestamp": "2025-06-02T14:42:56.357248Z"}, {"uuid": "4090f446-4735-4263-9f4a-d7b62ccd7a80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12164", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113989033099527274", "content": "", "creation_timestamp": "2025-02-12T04:30:12.366216Z"}, {"uuid": "a60dbeb8-7b16-497a-b728-23e494174dea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12164", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhxg67s6nb2p", "content": "", "creation_timestamp": "2025-02-12T05:15:41.791993Z"}, {"uuid": "d1d154ae-3955-4fcf-8a07-b2e513614c78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12168", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqmusfk3e6a2", "content": "", "creation_timestamp": "2025-06-02T13:28:24.174799Z"}, {"uuid": "520a9bfb-e7b3-4060-abe8-c2d93b3d8802", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12163", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3462", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12163\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-01-30T06:15:29.113\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/ea704054-fb66-4014-89bd-1c61074f64e5/", "creation_timestamp": "2025-01-30T07:18:55.000000Z"}, {"uuid": "5217c1f9-0b6d-4475-a462-a6994f6782b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12169", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8645", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12169\n\ud83d\udd25 CVSS Score: 8.7 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/R:A)\n\ud83d\udd39 Description: A vulnerability exists in RTU500 IEC 60870-5-104 controlled station functionality and IEC 61850 functionality, that allows an attacker performing a specific attack sequence to restart the affected CMU. This vulnerability only applies, if secure communication using IEC 62351-3 (TLS) is enabled.\n\ud83d\udccf Published: 2025-03-25T12:36:02.457Z\n\ud83d\udccf Modified: 2025-03-25T13:11:20.584Z\n\ud83d\udd17 References:\n1. https://publisher.hitachienergy.com/preview?DocumentId=8DBD000207&languageCode=en&Preview=true", "creation_timestamp": "2025-03-25T13:23:51.000000Z"}, {"uuid": "48d4949d-5d55-4e49-a23c-cd7d3549c48d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12164", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4025", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12164\n\ud83d\udd25 CVSS Score: 4.2 (CVSS_V3)\n\ud83d\udd39 Description: The WPSyncSheets Lite For WPForms \u2013 WPForms Google Spreadsheet Addon plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpsslwp_reset_settings() function in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset the plugin's settings.\n\ud83d\udccf Published: 2025-02-12T06:30:32Z\n\ud83d\udccf Modified: 2025-02-12T06:30:32Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-12164\n2. https://plugins.trac.wordpress.org/browser/wpsyncsheets-wpforms/tags/1.5/includes/class-wpsslwp-service.php#L779\n3. https://plugins.trac.wordpress.org/browser/wpsyncsheets-wpforms/tags/1.5/includes/class-wpsslwp-service.php#L92\n4. https://plugins.trac.wordpress.org/changeset/3234445/wpsyncsheets-wpforms/tags/1.6.1/includes/class-wpsslwp-service.php?old=3232281&old_path=wpsyncsheets-wpforms%2Ftags%2F1.6%2Fincludes%2Fclass-wpsslwp-service.php\n5. https://www.wordfence.com/threat-intel/vulnerabilities/id/83bd48fb-f5f9-4d3d-8fc4-a06adfa5a225?source=cve", "creation_timestamp": "2025-02-12T07:09:58.000000Z"}, {"uuid": "3926e182-71c4-4122-9831-5cd1bdcc7be0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12163", "type": "seen", "source": "https://t.me/cvedetector/16734", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12163 - Apache GoodLayers Core SVG Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12163 \nPublished : Jan. 30, 2025, 6:15 a.m. | 32\u00a0minutes ago \nDescription : The goodlayers-core WordPress plugin before 2.1.3 allows users with a subscriber role and above to upload SVGs containing malicious payloads. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-30T08:24:36.000000Z"}, {"uuid": "3bd5a895-ceb4-446b-bd35-ad9cca46a25b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12164", "type": "seen", "source": "https://t.me/cvedetector/17825", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12164 - WPForms Google Spreadsheet Addon Unauthenticated Setting Reset Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12164 \nPublished : Feb. 12, 2025, 5:15 a.m. | 1\u00a0hour, 26\u00a0minutes ago \nDescription : The WPSyncSheets Lite For WPForms \u2013 WPForms Google Spreadsheet Addon plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpsslwp_reset_settings() function in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset the plugin's settings. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-12T08:30:37.000000Z"}, {"uuid": "3785eb82-7491-496d-ac5d-e1a19d062902", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12166", "type": "seen", "source": "https://t.me/cvedetector/12308", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12166 - The Shortcodes Blocks Creator Ultimate plugin for\", \n  \"Content\": \"CVE ID : CVE-2024-12166 \nPublished : Dec. 7, 2024, 2:15 a.m. | 37\u00a0minutes ago \nDescription : The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-07T04:10:51.000000Z"}, {"uuid": "6269aa0a-72ec-4590-97d1-0c690ea59535", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12169", "type": "seen", "source": "https://t.me/cvedetector/21093", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12169 - \"Cybersecure RTU500 CMU Restart Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-12169 \nPublished : March 25, 2025, 1:15 p.m. | 42\u00a0minutes ago \nDescription : A vulnerability exists in RTU500 IEC 60870-5-104 controlled station functionality and IEC 61850 functionality, that allows an attacker performing a specific attack sequence to restart the affected CMU. This vulnerability only applies, if secure communication using IEC 62351-3 (TLS) is enabled. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-25T15:18:48.000000Z"}, {"uuid": "e326be16-ddad-40d7-9482-316c25d58e1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12165", "type": "seen", "source": "https://t.me/cvedetector/12307", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12165 - The Mollie for Contact Form 7 plugin for WordPress\", \n  \"Content\": \"CVE ID : CVE-2024-12165 \nPublished : Dec. 7, 2024, 2:15 a.m. | 37\u00a0minutes ago \nDescription : The Mollie for Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 5.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-07T04:10:47.000000Z"}, {"uuid": "049458d8-cf87-4ae7-9cf0-32fc486fc865", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12167", "type": "seen", "source": "https://t.me/cvedetector/12298", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12167 - The Shortcodes Blocks Creator Ultimate plugin for\", \n  \"Content\": \"CVE ID : CVE-2024-12167 \nPublished : Dec. 7, 2024, 2:15 a.m. | 37\u00a0minutes ago \nDescription : The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the '_wpnonce' parameter in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-07T04:10:38.000000Z"}, {"uuid": "1cc62f42-24a5-46fb-a700-b2acaa868450", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1216", "type": "seen", "source": "https://t.me/ctinow/184136", "content": "https://ift.tt/bmWLD8n\nCVE-2024-1216", "creation_timestamp": "2024-02-13T20:22:11.000000Z"}, {"uuid": "1b229d6b-c3bb-480d-878a-aed70d4377c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12160", "type": "seen", "source": "https://t.me/cvedetector/12757", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12160 - \"WooCommerce Seraphinite XSS\"\", \n  \"Content\": \"CVE ID : CVE-2024-12160 \nPublished : Dec. 12, 2024, 9:15 a.m. | 43\u00a0minutes ago \nDescription : The Seraphinite Bulk Discounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.4.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T11:19:23.000000Z"}, {"uuid": "1a5d8fb0-7718-41da-9715-9fb160db684b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12162", "type": "seen", "source": "https://t.me/cvedetector/12712", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12162 - Ultimate Member WordPress Reflected Cross-Site Scripting in Video & Photo Gallery\", \n  \"Content\": \"CVE ID : CVE-2024-12162 \nPublished : Dec. 12, 2024, 5:15 a.m. | 43\u00a0minutes ago \nDescription : The Video & Photo Gallery for Ultimate Member plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T07:07:59.000000Z"}, {"uuid": "f27b4cf2-f79c-4539-a36c-03791e854ff5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12164", "type": "seen", "source": "Telegram/7O9Y543Gb-YKDw5A-C3--v8pzrSkQLMG9QABOQIXpw5ve9WJ", "content": "", "creation_timestamp": "2025-02-14T10:04:02.000000Z"}]}