{"vulnerability": "CVE-2024-1226", "sightings": [{"uuid": "c2920f49-f9ca-4ded-8ae2-3a765bfabed6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12260", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113637984660456930", "content": "", "creation_timestamp": "2024-12-12T04:33:59.628021Z"}, {"uuid": "cc0b5ab6-1983-4e50-ab6d-27b55cfbc187", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12263", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113638430631222337", "content": "", "creation_timestamp": "2024-12-12T06:27:28.452431Z"}, {"uuid": "20a613e3-e873-4150-a8db-d7db3d361206", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12265", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113638430645601613", "content": "", "creation_timestamp": "2024-12-12T06:27:28.527044Z"}, {"uuid": "7b77bcd0-b4ba-4e96-a417-45bd683a9d56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12262", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ldse5xqq5a2i", "content": "", "creation_timestamp": "2024-12-21T07:15:41.023764Z"}, {"uuid": "d539ebad-25b8-4158-9073-0bd6cf161862", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12262", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113689636551845442", "content": "", "creation_timestamp": "2024-12-21T07:29:43.521499Z"}, {"uuid": "d9409578-bd7d-452f-abc3-d43cbf5ae6a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12266", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113705931125851703", "content": "", "creation_timestamp": "2024-12-24T04:33:38.795389Z"}, {"uuid": "c2f21d37-2929-4298-8c25-7c6ceb3b3fff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12266", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113705944355832590", "content": "", "creation_timestamp": "2024-12-24T04:37:00.574078Z"}, {"uuid": "5b70adda-151a-478f-a6c5-d03a1f888f9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12266", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ldzotk7pkg25", "content": "", "creation_timestamp": "2024-12-24T05:15:20.791377Z"}, {"uuid": "3dc16d99-32e3-4813-acec-59c77911c631", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12268", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113707496994951486", "content": "", "creation_timestamp": "2024-12-24T11:11:52.127245Z"}, {"uuid": "29583d63-0229-4788-87fc-7ca9ed57b6e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12268", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3le2cxt3kgj25", "content": "", "creation_timestamp": "2024-12-24T11:15:38.670226Z"}, {"uuid": "27c149b8-29ab-41ef-89bd-584a7ba7e6bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12261", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf4zpnhjfa2b", "content": "", "creation_timestamp": "2025-01-07T06:33:14.064873Z"}, {"uuid": "ddef0635-999c-4159-9332-2216f1c312ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12264", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf4vh3q6mz2m", "content": "", "creation_timestamp": "2025-01-07T05:16:49.433721Z"}, {"uuid": "689acf40-6f66-4ba4-8bdd-95883bbe0772", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12264", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113785496399684077", "content": "", "creation_timestamp": "2025-01-07T05:48:08.498441Z"}, {"uuid": "80a055a2-7938-4c7b-bd03-af7f8413359c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12261", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113785499166691620", "content": "", "creation_timestamp": "2025-01-07T05:48:50.750874Z"}, {"uuid": "f297cff2-1862-44b0-abba-1cfb6b45f427", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12261", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf4yqwykfn25", "content": "", "creation_timestamp": "2025-01-07T06:16:01.474579Z"}, {"uuid": "191dff34-2d55-4241-a07d-7d30bdeb1363", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12267", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgzuouktwn2b", "content": "", "creation_timestamp": "2025-01-31T11:15:40.629202Z"}, {"uuid": "069f1944-0832-42e0-aa59-bfc243234e00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12269", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113917671403718538", "content": "", "creation_timestamp": "2025-01-30T14:01:58.901623Z"}, {"uuid": "c8af38a7-bf22-4e54-bd6f-6621c36cd7f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12269", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgxodg4naa2c", "content": "", "creation_timestamp": "2025-01-30T14:16:34.552432Z"}, {"uuid": "9256242b-b8f1-4380-8627-a834bd87d6cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12267", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3650", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12267\n\ud83d\udd25 CVSS Score: 5.3 (CVSS_V3)\n\ud83d\udd39 Description: The Drag and Drop Multiple File Upload \u2013 Contact Form 7 plugin for WordPress is vulnerable to limited arbitrary file deletion due to insufficient file path validation in the dnd_codedropz_upload_delete() function in all versions up to, and including, 1.3.8.5. This makes it possible for unauthenticated attackers to delete limited arbitrary files on the server. It is not possible to delete files like wp-config.php that would make RCE possible.\n\ud83d\udccf Published: 2025-01-31T12:33:02Z\n\ud83d\udccf Modified: 2025-01-31T12:33:02Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-12267\n2. https://plugins.trac.wordpress.org/changeset/3231973/drag-and-drop-multiple-file-upload-contact-form-7/trunk/inc/dnd-upload-cf7.php\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/00ec7251-3be1-411a-b38e-1782d1691e18?source=cve", "creation_timestamp": "2025-01-31T13:15:01.000000Z"}, {"uuid": "baccbb5d-2699-4596-b6bc-2f1f3f679761", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12264", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/314", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12264\n\ud83d\udd39 Description: The PayU CommercePro Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.8.3. This is due to /wp-json/payu/v1/generate-user-token and /wp-json/payu/v1/get-shipping-cost  REST API endpoints not properly verifying a user's identity prior to setting the users ID and auth cookies. This makes it possible for unauthenticated attackers to create new administrative user accounts.\n\ud83d\udccf Published: 2025-01-07T04:22:17.945Z\n\ud83d\udccf Modified: 2025-01-07T04:22:17.945Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/bf037e4a-2dd7-4296-b86b-635901d2d68f?source=cve\n2. https://plugins.trac.wordpress.org/browser/payu-india/tags/3.8.3/includes/class-payu-shipping-tax-api-calculation.php#L187", "creation_timestamp": "2025-01-07T04:37:53.000000Z"}, {"uuid": "c92084d9-6825-4f07-a512-13891bac9084", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12261", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/341", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12261\n\ud83d\udd39 Description: The SmartEmailing.cz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'se-lists-updated' parameter in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-01-07T05:23:54.620Z\n\ud83d\udccf Modified: 2025-01-07T05:23:54.620Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/7332c21a-3501-4066-b7b7-34914a228d8f?source=cve\n2. https://wordpress.org/plugins/smartemailing/", "creation_timestamp": "2025-01-07T05:38:39.000000Z"}, {"uuid": "6988b23c-3c8f-467f-b4a3-9f39fda15ac9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12266", "type": "seen", "source": "https://t.me/cvedetector/13555", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12266 - ELEX WooCommerce Dynamic Pricing and Discounts Unauthenticated File Archive Inclusion and PHP Information Disclosure\", \n  \"Content\": \"CVE ID : CVE-2024-12266 \nPublished : Dec. 24, 2024, 5:15 a.m. | 35\u00a0minutes ago \nDescription : The ELEX WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the elex_dp_export_rules() and elex_dp_import_rules() functions in all versions up to, and including, 2.1.7. This makes it possible for unauthenticated attackers to import and export product rules along with obtaining phpinfo() data \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-24T06:52:26.000000Z"}, {"uuid": "da4b64f4-5050-4c4c-9306-3d2671c63bd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12267", "type": "seen", "source": "https://t.me/cvedetector/16926", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12267 - Contact Form 7 WordPress Limited Arbitrary File Deletion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12267 \nPublished : Jan. 31, 2025, 11:15 a.m. | 33\u00a0minutes ago \nDescription : The Drag and Drop Multiple File Upload \u2013 Contact Form 7 plugin for WordPress is vulnerable to limited arbitrary file deletion due to insufficient file path validation in the dnd_codedropz_upload_delete() function in all versions up to, and including, 1.3.8.5. This makes it possible for unauthenticated attackers to delete limited arbitrary files on the server. It is not possible to delete files like wp-config.php that would make RCE possible. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-31T12:52:02.000000Z"}, {"uuid": "3728bc0d-3b05-4a26-b75e-b60710f0ab57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12261", "type": "seen", "source": "https://t.me/cvedetector/14481", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12261 - SmartEmailing.cz WordPress Reflected Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12261 \nPublished : Jan. 7, 2025, 6:15 a.m. | 41\u00a0minutes ago \nDescription : The SmartEmailing.cz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'se-lists-updated' parameter in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-07T08:00:49.000000Z"}, {"uuid": "7403e0d5-28d5-4df7-a780-2d0c8365a72d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12264", "type": "seen", "source": "https://t.me/cvedetector/14459", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12264 - PayU CommercePro Plugin WordPress Privilege Escalation\", \n  \"Content\": \"CVE ID : CVE-2024-12264 \nPublished : Jan. 7, 2025, 5:15 a.m. | 40\u00a0minutes ago \nDescription : The PayU CommercePro Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.8.3. This is due to /wp-json/payu/v1/generate-user-token and /wp-json/payu/v1/get-shipping-cost  REST API endpoints not properly verifying a user's identity prior to setting the users ID and auth cookies. This makes it possible for unauthenticated attackers to create new administrative user accounts. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-07T07:10:18.000000Z"}, {"uuid": "9af135e4-de44-4caa-be01-26bd44d3faea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12262", "type": "seen", "source": "https://t.me/cvedetector/13480", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12262 - WordPress Ebook Store Reflected Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-12262 \nPublished : Dec. 21, 2024, 7:15 a.m. | 15\u00a0minutes ago \nDescription : The Ebook Store plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'step' parameter in all versions up to, and including, 5.8001 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-21T08:38:35.000000Z"}, {"uuid": "9659f09e-d431-405f-ad85-b366c20610c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12268", "type": "seen", "source": "https://t.me/cvedetector/13584", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12268 - WordPress Gutenberg Blocks Stored Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-12268 \nPublished : Dec. 24, 2024, 11:15 a.m. | 25\u00a0minutes ago \nDescription : The Responsive Blocks \u2013 WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'responsive-block-editor-addons/portfolio' block in all versions up to, and including, 1.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-24T12:43:56.000000Z"}, {"uuid": "ae8e8a6d-60ae-4961-9106-e80af4306977", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1226", "type": "seen", "source": "https://t.me/ctinow/205824", "content": "https://ift.tt/t9g8vdi\nCVE-2024-1226", "creation_timestamp": "2024-03-12T16:32:10.000000Z"}, {"uuid": "0ef59e2f-06ff-41d0-9a96-5ae5ff896b0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12263", "type": "seen", "source": "https://t.me/cvedetector/12733", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12263 - Orbisius WordPress Child Theme Creator Unauthenticated Data Manipulation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12263 \nPublished : Dec. 12, 2024, 6:15 a.m. | 42\u00a0minutes ago \nDescription : The Child Theme Creator by Orbisius plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cloud_delete() and cloud_update() functions in all versions up to, and including, 1.5.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update and delete cloud snippets. Please note that this vulnerability was present in the Cloud Library Addon used by the plugin and not in the plugin itself, the cloud library has been removed entirely. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T07:58:32.000000Z"}, {"uuid": "b612aa42-5593-4013-9223-f489999eee36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12265", "type": "seen", "source": "https://t.me/cvedetector/12725", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12265 - \"DePay WooCommerce for WordPress Debug Information Unauthorized Access Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-12265 \nPublished : Dec. 12, 2024, 6:15 a.m. | 42\u00a0minutes ago \nDescription : The Web3 Crypto Payments by DePay for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/depay/wc/debug REST API endpoint in all versions up to, and including, 2.12.17. This makes it possible for unauthenticated attackers to retrieve debug infromation. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T07:58:23.000000Z"}, {"uuid": "9be7fe5c-6eff-4213-a813-ff023bfa738e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12260", "type": "seen", "source": "https://t.me/cvedetector/12689", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12260 - WordPress Ultimate Endpoints With Rest Api Reflected Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-12260 \nPublished : Dec. 12, 2024, 4:15 a.m. | 36\u00a0minutes ago \nDescription : The Ultimate Endpoints With Rest Api plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T06:17:23.000000Z"}, {"uuid": "224a3bcd-6527-44c9-a02a-0e783bfbf22f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1226", "type": "seen", "source": "https://t.me/ctinow/205808", "content": "https://ift.tt/t9g8vdi\nCVE-2024-1226", "creation_timestamp": "2024-03-12T16:26:41.000000Z"}]}