{"vulnerability": "CVE-2024-1217", "sightings": [{"uuid": "4dd343cf-685e-4a1a-a45e-29b0d99ee6e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12175", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-24-1714/", "content": "", "creation_timestamp": "2024-12-19T05:00:00.000000Z"}, {"uuid": "18e82945-1f1e-42b0-8ed1-cc42ae5a0f65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12172", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113638371610329553", "content": "", "creation_timestamp": "2024-12-12T06:12:22.535628Z"}, {"uuid": "bb765711-c54a-43e4-93c1-058e1679a6cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12175", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113681488674330513", "content": "", "creation_timestamp": "2024-12-19T20:57:37.130599Z"}, {"uuid": "07c463fe-0580-4e9a-bf78-2e140b07c12b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12178", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-24-1703/", "content": "", "creation_timestamp": "2024-12-19T05:00:00.000000Z"}, {"uuid": "451b2cad-db96-4984-884d-0e753ca312e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12179", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-24-1707/", "content": "", "creation_timestamp": "2024-12-19T05:00:00.000000Z"}, {"uuid": "6f5232a1-01d1-4b83-aecc-71bf3c5c5f77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12175", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ldos5tq4pt27", "content": "", "creation_timestamp": "2024-12-19T21:15:31.668522Z"}, {"uuid": "990acfe1-118a-4f91-91b8-43579018f6e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12178", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113668837686562894", "content": "", "creation_timestamp": "2024-12-17T15:20:17.779624Z"}, {"uuid": "20800715-8f77-4b46-a70e-e0858bc1e75d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12179", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113668837701255024", "content": "", "creation_timestamp": "2024-12-17T15:20:18.045942Z"}, {"uuid": "541c3e96-322a-41a6-aa17-b3a91354bd12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12172", "type": "seen", "source": "https://infosec.exchange/users/random_robbie/statuses/113783259603194493", "content": "", "creation_timestamp": "2025-01-06T20:19:17.524304Z"}, {"uuid": "67c51a12-1c4f-43ba-9dcd-1ce46faf12bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12170", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf4vgj2vx62i", "content": "", "creation_timestamp": "2025-01-07T05:16:30.037507Z"}, {"uuid": "dcb2c9d7-f094-4f17-9e88-b63626edc649", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12176", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf4vglpjtk2k", "content": "", "creation_timestamp": "2025-01-07T05:16:32.613931Z"}, {"uuid": "dcd6a668-ac29-45b5-9a85-f293c1cd3c72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12171", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lh3s4isdo42r", "content": "", "creation_timestamp": "2025-02-01T05:34:56.467390Z"}, {"uuid": "5edd95d6-9741-42f1-a6fe-b4eaac1e02f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12171", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113927290831369673", "content": "", "creation_timestamp": "2025-02-01T06:48:20.212830Z"}, {"uuid": "adecee58-981d-46fb-afcc-0db7988c60cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12177", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113917671388922378", "content": "", "creation_timestamp": "2025-01-30T14:01:58.789579Z"}, {"uuid": "23897171-3919-401c-a68c-23eb1a976823", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12177", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgxoddyphn27", "content": "", "creation_timestamp": "2025-01-30T14:16:32.252265Z"}, {"uuid": "e3867a62-f539-46db-893e-f68524a863a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12171", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lh3np2z4qf2c", "content": "", "creation_timestamp": "2025-02-01T04:15:50.717944Z"}, {"uuid": "ec2e8c3f-4b3e-49b8-a85d-128d5e5c0c96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12173", "type": "seen", "source": "https://t.me/cvedetector/18408", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12173 - Master Slider Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12173 \nPublished : Feb. 19, 2025, 6:15 a.m. | 2\u00a0hours ago \nDescription : The Master Slider  WordPress plugin before 3.10.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-19T09:32:36.000000Z"}, {"uuid": "8c537602-6d5d-4039-991f-0d33d7f59230", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12173", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lij4skwnyj23", "content": "", "creation_timestamp": "2025-02-19T06:16:02.971793Z"}, {"uuid": "55cf6bb3-1bd1-42aa-8b37-c259b340e657", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12173", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lijcz4wvwq23", "content": "", "creation_timestamp": "2025-02-19T08:07:06.086795Z"}, {"uuid": "9ce9a056-2726-4cff-9d9d-75385813071b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1217", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13239", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-1217\n\ud83d\udd25 CVSS Score: 7.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L)\n\ud83d\udd39 Description: The Contact Form builder with drag & drop for WordPress \u2013 Kali Forms plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the await_plugin_deactivation function in all versions up to, and including, 2.3.41. This makes it possible for authenticated attackers, with subscriber access or higher, to deactivate any active plugins.\n\ud83d\udccf Published: 2024-02-20T18:56:35.250Z\n\ud83d\udccf Modified: 2025-04-24T15:03:23.203Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/7be75b0a-737d-4f0d-b024-e207af4573cd?source=cve\n2. https://plugins.trac.wordpress.org/changeset/3036466/kali-forms/trunk?contextall=1&old=3029334&old_path=%2Fkali-forms%2Ftrunk", "creation_timestamp": "2025-04-24T15:06:27.000000Z"}, {"uuid": "ffdb0edb-2eb4-48fa-92e4-43e6edd21c58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12176", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/311", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12176\n\ud83d\udd39 Description: The WordLift \u2013 AI powered SEO \u2013 Schema plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'wl_config_plugin' AJAX action in all versions up to, and including, 3.54.0. This makes it possible for unauthenticated attackers to update the plugin's settings.\n\ud83d\udccf Published: 2025-01-07T04:22:19.089Z\n\ud83d\udccf Modified: 2025-01-07T04:22:19.089Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/ca6bdde6-f381-4ccb-8984-519cf9aca0b1?source=cve\n2. https://wordpress.org/plugins/wordlift/", "creation_timestamp": "2025-01-07T04:37:32.000000Z"}, {"uuid": "3eb7a867-d549-4e95-923c-f03fc5fe45c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12170", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/469", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12170\n\ud83d\udd39 Description: The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.15. This is due to missing or incorrect nonce validation on the 'Viewmedica-Admin' page. This makes it possible for unauthenticated attackers to inject arbitrary SQL queries via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-01-07T04:22:00.143Z\n\ud83d\udccf Modified: 2025-01-07T16:23:35.566Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/58209530-9e68-4d2c-a723-e6a164db7f46?source=cve\n2. https://wordpress.org/plugins/viewmedica/", "creation_timestamp": "2025-01-07T16:41:46.000000Z"}, {"uuid": "b815d6ac-d7a5-4d84-8843-c352be54b0de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12173", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4770", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12173\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Master Slider  WordPress plugin before 3.10.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n\ud83d\udccf Published: 2025-02-19T06:00:03.134Z\n\ud83d\udccf Modified: 2025-02-19T06:00:03.134Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/0f35be0e-0f63-4e33-aa4d-c47b1f1e0595/", "creation_timestamp": "2025-02-19T08:38:48.000000Z"}, {"uuid": "6e7b03a1-4a91-4d2e-a913-3f5aea995e75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12171", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3729", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12171\n\ud83d\udd25 CVSS Score: 8.7 (CVSS_V3)\n\ud83d\udd39 Description: The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'eh_crm_agent_add_user' AJAX action in all versions up to, and including, 3.2.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create new administrative user accounts.\n\ud83d\udccf Published: 2025-02-01T06:31:00Z\n\ud83d\udccf Modified: 2025-02-01T06:31:00Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-12171\n2. https://plugins.trac.wordpress.org/changeset/3227859/elex-helpdesk-customer-support-ticket-system/trunk/includes/class-crm-ajax-functions-one.php\n3. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3213791%40elex-helpdesk-customer-support-ticket-system&new=3213791%40elex-helpdesk-customer-support-ticket-system&sfp_email=&sfph_mail=\n4. https://www.wordfence.com/threat-intel/vulnerabilities/id/cbcd978b-e81f-4c39-b2f7-adc948d21b1b?source=cve", "creation_timestamp": "2025-02-01T07:16:25.000000Z"}, {"uuid": "09ed600f-718f-44ec-853d-b5c697be69d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12171", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3715", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12171\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-01T04:15:30.303\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/changeset/3227859/elex-helpdesk-customer-support-ticket-system/trunk/includes/class-crm-ajax-functions-one.php\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3213791%40elex-helpdesk-customer-support-ticket-system&new=3213791%40elex-helpdesk-customer-support-ticket-system&sfp_email=&sfph_mail=\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/cbcd978b-e81f-4c39-b2f7-adc948d21b1b?source=cve", "creation_timestamp": "2025-02-01T05:25:51.000000Z"}, {"uuid": "47ecab51-05e9-49ab-817f-e1d109b63f84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12175", "type": "seen", "source": "https://t.me/cvedetector/13377", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12175 - Rockwell Automation Arena Use After Free Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12175 \nPublished : Dec. 19, 2024, 9:15 p.m. | 40\u00a0minutes ago \nDescription : Another \u201cuse after free\u201d\u00a0code execution vulnerability exists in the Rockwell Automation\u00a0Arena\u00ae\u00a0that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-19T23:11:00.000000Z"}, {"uuid": "e1869448-5f07-4e8e-b667-38424e2f30b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12171", "type": "seen", "source": "https://t.me/cvedetector/17004", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12171 - ELEX WordPress HelpDesk Privilege Escalation\", \n  \"Content\": \"CVE ID : CVE-2024-12171 \nPublished : Feb. 1, 2025, 4:15 a.m. | 2\u00a0hours, 21\u00a0minutes ago \nDescription : The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'eh_crm_agent_add_user' AJAX action in all versions up to, and including, 3.2.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create new administrative user accounts. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-01T08:07:34.000000Z"}, {"uuid": "a58870a7-53e8-45a1-9cab-7b08af99faf6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12174", "type": "seen", "source": "https://t.me/cvedetector/12452", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12174 - Tenable Security Center Certificate Validation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12174 \nPublished : Dec. 9, 2024, 10:15 p.m. | 37\u00a0minutes ago \nDescription : An Improper Certificate Validation vulnerability exists in Tenable Security Center where an authenticated, privileged attacker could intercept email messages sent from Security Center via a rogue SMTP server. \nSeverity: 2.7 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-09T23:54:38.000000Z"}, {"uuid": "cead8cae-c498-4f16-85ba-e61b573975a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1217", "type": "seen", "source": "https://t.me/ctinow/203626", "content": "https://ift.tt/H3V4lYm\nCVE-2024-1217 | kaliforms Contact Form Builder with Drag & Drop Plugin up to 2.3.41 on WordPress Deactivation await_plugin_deactivation authorization (ID 3036466)", "creation_timestamp": "2024-03-08T22:31:46.000000Z"}, {"uuid": "6651c1e6-83b7-482b-98de-a2993b845ff0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12172", "type": "seen", "source": "https://t.me/cvedetector/12731", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12172 - \"Wordpress WP Courses LMS Unauthorized Access Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-12172 \nPublished : Dec. 12, 2024, 6:15 a.m. | 42\u00a0minutes ago \nDescription : The WP Courses LMS \u2013 Online Courses Builder, eLearning Courses, Courses Solution, Education Courses plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpc_update_user_meta_option() function in all versions up to, and including, 3.2.21. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary user's metadata which can be levereged to block an administrator from accessing their site when wp_capabilities is set to 0. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T07:58:30.000000Z"}, {"uuid": "58ca4f1b-7a79-4718-9a12-5e43a699f104", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12179", "type": "seen", "source": "https://t.me/cvedetector/13114", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12179 - Autodesk Navisworks Heap-based Overflow vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12179 \nPublished : Dec. 17, 2024, 4:15 p.m. | 19\u00a0minutes ago \nDescription : A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage\u00a0this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-17T17:37:05.000000Z"}, {"uuid": "7719cbb8-b91d-4e23-bdc9-1cb4b198135b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12178", "type": "seen", "source": "https://t.me/cvedetector/13112", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12178 - Autodesk Navisworks DWFX File Memory Corruption Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12178 \nPublished : Dec. 17, 2024, 4:15 p.m. | 19\u00a0minutes ago \nDescription : A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-17T17:37:00.000000Z"}, {"uuid": "61ef594c-2c75-499d-b7fc-595d2faae0ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12173", "type": "seen", "source": "Telegram/Vj1TNfaxa_A-ifacp4G2Co4PJ9Y6Iti9rQPmBErmx1utlAGh", "content": "", "creation_timestamp": "2025-02-19T15:39:50.000000Z"}]}