{"vulnerability": "CVE-2024-1240", "sightings": [{"uuid": "3491a4a9-6ee7-4cb4-94e1-481a87ab657b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12401", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113639063448885845", "content": "", "creation_timestamp": "2024-12-12T09:08:18.988761Z"}, {"uuid": "9d9ea26a-c9c1-492f-a9c4-4da4e8afe213", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12408", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113690099399569893", "content": "", "creation_timestamp": "2024-12-21T09:27:25.967864Z"}, {"uuid": "a7f5f7bd-e981-4100-9787-0e03c52669ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12408", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ldso7bgxby2i", "content": "", "creation_timestamp": "2024-12-21T10:15:21.767374Z"}, {"uuid": "cc5149af-6cbe-4964-9939-5427dc37c15b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12405", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113706203913779612", "content": "", "creation_timestamp": "2024-12-24T05:43:01.117804Z"}, {"uuid": "ebe988ce-5ab0-4e06-a3bc-9b01ba44d4fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12405", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ldzs7xvozp22", "content": "", "creation_timestamp": "2024-12-24T06:15:58.558613Z"}, {"uuid": "99b12f97-e984-420c-8f23-dbb25420c15a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12402", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113785005203464416", "content": "", "creation_timestamp": "2025-01-07T03:43:13.493073Z"}, {"uuid": "ed14e77e-57a0-4d38-a101-11dc7d49fff1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12403", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfrmbnoe6s2q", "content": "", "creation_timestamp": "2025-01-15T10:58:37.947089Z"}, {"uuid": "eef028f5-0936-47fb-8748-53ea22ecbcdf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12404", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfgta3nfqg2e", "content": "", "creation_timestamp": "2025-01-11T04:03:44.396495Z"}, {"uuid": "178f2a29-9c0e-4111-b633-0ecbd76c83de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12402", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113785261692193487", "content": "", "creation_timestamp": "2025-01-07T04:48:27.496630Z"}, {"uuid": "9084cdbd-6278-42d1-bbaf-33cb2ec21aff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12407", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113808596752364339", "content": "", "creation_timestamp": "2025-01-11T07:42:51.973685Z"}, {"uuid": "97ecabb0-54e0-436e-9cd3-08de9f44e1c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12407", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfhbd5crif2x", "content": "", "creation_timestamp": "2025-01-11T08:15:59.371995Z"}, {"uuid": "3fc0c1c1-0f9f-481c-99e7-a6dce5c1788f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12407", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfhd6bgjhq25", "content": "", "creation_timestamp": "2025-01-11T08:49:03.733559Z"}, {"uuid": "1d891694-2573-4197-9a19-8208fd67fe76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12404", "type": "seen", "source": "https://infosec.exchange/users/random_robbie/statuses/113826808277247317", "content": "", "creation_timestamp": "2025-01-14T12:54:17.524135Z"}, {"uuid": "9bfdf63b-aaad-4add-9d08-47d1b834361b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12403", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113831661336637777", "content": "", "creation_timestamp": "2025-01-15T09:28:29.460289Z"}, {"uuid": "d5bb83fb-f670-4abe-b2ce-15627e452444", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12404", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113807419166580049", "content": "", "creation_timestamp": "2025-01-11T02:43:23.489024Z"}, {"uuid": "bbb12c0c-4110-46d2-88a9-cc1192169952", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12403", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfrjv4gk2g2r", "content": "", "creation_timestamp": "2025-01-15T10:15:49.579706Z"}, {"uuid": "17a8050f-71aa-480a-913b-88fb69fa190b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12404", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfgqkkzvlg2m", "content": "", "creation_timestamp": "2025-01-11T03:15:55.934323Z"}, {"uuid": "62c87c10-3494-4ae2-8552-37b8c06317b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12404", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lg7ad5ujkv2c", "content": "", "creation_timestamp": "2025-01-20T21:02:05.327323Z"}, {"uuid": "29fcc802-ac1a-4843-bdd5-9f42dda42ef1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12409", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgxs5ko3uf2y", "content": "", "creation_timestamp": "2025-01-30T15:24:53.470477Z"}, {"uuid": "e50cc159-af47-425d-a04e-6530b1013029", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12400", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113915812673966819", "content": "", "creation_timestamp": "2025-01-30T06:09:16.856492Z"}, {"uuid": "f57cf38a-5829-4938-987c-33805a9781d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12400", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgwthuotr42j", "content": "", "creation_timestamp": "2025-01-30T06:15:53.269315Z"}, {"uuid": "1e9c5b4c-e982-4afa-a2e5-289649f05ccc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12400", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgxeq2hea72w", "content": "", "creation_timestamp": "2025-01-30T11:24:42.057121Z"}, {"uuid": "ad8e2f88-2b50-486b-9eca-0398cbff6df7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12409", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113917016488019763", "content": "", "creation_timestamp": "2025-01-30T11:15:25.788427Z"}, {"uuid": "38f432de-2d96-4f8a-9f50-d899ee8a6f99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12409", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgxea5diyt2b", "content": "", "creation_timestamp": "2025-01-30T11:15:47.326031Z"}, {"uuid": "3e168c9b-acc9-4429-bd80-411dfbb5358b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12409", "type": "seen", "source": "MISP/ca7dfd4e-d0b5-4d10-8982-36d9f6e53c8e", "content": "", "creation_timestamp": "2025-09-01T13:53:38.000000Z"}, {"uuid": "f2e68036-5180-459b-b86f-9f9991adb238", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12402", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/294", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12402\n\ud83d\udd39 Description: The Themes Coder \u2013 Create Android & iOS Apps For Your Woocommerce Site plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.4. This is due to the plugin not properly validating a user's identity prior to updating their password through the update_user_profile() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.\n\ud83d\udccf Published: 2025-01-07T03:21:53.748Z\n\ud83d\udccf Modified: 2025-01-07T03:21:53.748Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/1ec14b1e-6d1a-4451-9fce-ac064623d92f?source=cve\n2. https://plugins.trac.wordpress.org/browser/tc-ecommerce/trunk/controller/app_user.php#L338", "creation_timestamp": "2025-01-07T03:37:22.000000Z"}, {"uuid": "ad809268-8422-468c-bda0-73f871f156b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12403", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1716", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12403\n\ud83d\udd39 Description: The Image Gallery \u2013 Responsive Photo Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'awsmgallery' parameter in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-01-15T09:25:55.266Z\n\ud83d\udccf Modified: 2025-01-15T09:25:55.266Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/ca11e840-04bd-4731-bfa9-3bf8ed98e155?source=cve\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3221064%40awesome-responsive-photo-gallery&new=3221064%40awesome-responsive-photo-gallery&sfp_email=&sfph_mail=\n3. https://plugins.trac.wordpress.org/browser/awesome-responsive-photo-gallery/trunk/inc/arpg-process-options.php?rev=1877314", "creation_timestamp": "2025-01-15T10:11:57.000000Z"}, {"uuid": "2b23b85c-8c88-4010-9f0a-0e0b6d7bf101", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12404", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1264", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12404\n\ud83d\udd39 Description: The CF Internal Link Shortcode plugin for WordPress is vulnerable to SQL Injection via the 'post_title' parameter in all versions up to, and including, 1.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n\ud83d\udccf Published: 2025-01-11T02:20:53.175Z\n\ud83d\udccf Modified: 2025-01-11T02:20:53.175Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/1661bb28-e5b4-4319-84bb-6cbeac266147?source=cve\n2. https://plugins.trac.wordpress.org/browser/internal-link-shortcode/trunk/internal-link-shortcode.php#L82", "creation_timestamp": "2025-01-11T03:04:20.000000Z"}, {"uuid": "706a1046-7e19-41b5-a1cc-c74ecb2fd235", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12407", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1278", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12407\n\ud83d\udd39 Description: The Push Notification for Post and BuddyPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pushnotificationid' parameter in all versions up to, and including, 2.06 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-01-11T07:21:54.994Z\n\ud83d\udccf Modified: 2025-01-11T07:21:54.994Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/de7be653-4d5b-4cbe-ad9c-6c2748f533bb?source=cve\n2. https://plugins.trac.wordpress.org/browser/push-notification-for-post-and-buddypress/trunk/admin/pnfpb_admin_ondemand_notification_settings.php#L711", "creation_timestamp": "2025-01-11T08:03:52.000000Z"}, {"uuid": "b369db8a-70ef-419c-8392-2973e066f3e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12401", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7675", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12401\n\ud83d\udd25 CVSS Score: 4.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service (DoS) vector for the cert-manager in the cluster.\n\ud83d\udccf Published: 2024-12-12T09:06:03.612Z\n\ud83d\udccf Modified: 2025-03-15T05:58:20.676Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/security/cve/CVE-2024-12401\n2. https://bugzilla.redhat.com/show_bug.cgi?id=2327929\n3. https://github.com/cert-manager/cert-manager/pull/7400\n4. https://github.com/cert-manager/cert-manager/pull/7401\n5. https://github.com/cert-manager/cert-manager/pull/7402\n6. https://github.com/cert-manager/cert-manager/pull/7403\n7. https://github.com/cert-manager/cert-manager/security/advisories/GHSA-r4pg-vg54-wxx4\n8. https://go.dev/issue/50116", "creation_timestamp": "2025-03-15T06:46:43.000000Z"}, {"uuid": "be6afa36-4525-4fe5-b6c5-62cb19b39373", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12400", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3451", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12400\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The tourmaster WordPress plugin before 5.3.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.\n\ud83d\udccf Published: 2025-01-30T06:30:49Z\n\ud83d\udccf Modified: 2025-01-30T06:30:49Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-12400\n2. https://wpscan.com/vulnerability/3542315c-93c3-41dd-a99e-02a38cfd58fb", "creation_timestamp": "2025-01-30T07:11:29.000000Z"}, {"uuid": "9702c979-f72f-42c2-b3d4-ba62d2a1f0d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12400", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3461", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12400\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-01-30T06:15:29.223\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/3542315c-93c3-41dd-a99e-02a38cfd58fb/", "creation_timestamp": "2025-01-30T07:18:51.000000Z"}, {"uuid": "269cdf18-c233-4ef8-90e8-44f1f42b1c07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12409", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3482", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12409\n\ud83d\udd25 CVSS Score: 6.2 (CVSS_V3)\n\ud83d\udd39 Description: The Simple:Press Forum plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 6.10.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-01-30T12:31:18Z\n\ud83d\udccf Modified: 2025-01-30T12:31:18Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-12409\n2. https://plugins.trac.wordpress.org/browser/simplepress/trunk/admin/panel-plugins/forms/spa-plugins-list-form.php\n3. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3230289%40simplepress&new=3230289%40simplepress&sfp_email=&sfph_mail=\n4. https://www.wordfence.com/threat-intel/vulnerabilities/id/b9ebeb96-2f39-488e-aef6-d5af0a37c24a?source=cve", "creation_timestamp": "2025-01-30T13:11:28.000000Z"}, {"uuid": "3cee5368-5b44-4576-8a1e-6e3c688290f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12401", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15558", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12401\n\ud83d\udd25 CVSS Score: 4.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service (DoS) vector for the cert-manager in the cluster.\n\ud83d\udccf Published: 2024-12-12T09:06:03.612Z\n\ud83d\udccf Modified: 2025-05-08T15:59:14.670Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/security/cve/CVE-2024-12401\n2. https://bugzilla.redhat.com/show_bug.cgi?id=2327929\n3. https://github.com/cert-manager/cert-manager/pull/7400\n4. https://github.com/cert-manager/cert-manager/pull/7401\n5. https://github.com/cert-manager/cert-manager/pull/7402\n6. https://github.com/cert-manager/cert-manager/pull/7403\n7. https://github.com/cert-manager/cert-manager/security/advisories/GHSA-r4pg-vg54-wxx4\n8. https://go.dev/issue/50116", "creation_timestamp": "2025-05-08T16:23:57.000000Z"}, {"uuid": "9aff0ef1-0ec5-4d10-8a4a-bc386f59c955", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12400", "type": "seen", "source": "https://t.me/cvedetector/16736", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12400 - Tourmaster WordPress Reflected Cross-Site Scripting Voorbelasting\", \n  \"Content\": \"CVE ID : CVE-2024-12400 \nPublished : Jan. 30, 2025, 6:15 a.m. | 32\u00a0minutes ago \nDescription : The tourmaster WordPress plugin before 5.3.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-30T08:24:37.000000Z"}, {"uuid": "8c263384-dc1e-4cd3-8fb9-5d73497b978a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12409", "type": "seen", "source": "https://t.me/cvedetector/16769", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12409 - Simple:Press Forum WordPress Reflected Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-12409 \nPublished : Jan. 30, 2025, 11:15 a.m. | 1\u00a0hour, 39\u00a0minutes ago \nDescription : The Simple:Press Forum plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 6.10.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-30T14:16:09.000000Z"}, {"uuid": "9c16dd2c-44cf-4339-81cd-10e6903270f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12403", "type": "seen", "source": "https://t.me/cvedetector/15418", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12403 - \"Apache Word Press Image Gallery Reflected Cross-Site Scripting Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-12403 \nPublished : Jan. 15, 2025, 10:15 a.m. | 26\u00a0minutes ago \nDescription : The Image Gallery \u2013 Responsive Photo Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'awsmgallery' parameter in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-15T11:45:48.000000Z"}, {"uuid": "0098b093-54b7-465a-a3aa-bd57fdd7e3c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12404", "type": "seen", "source": "https://t.me/cvedetector/15025", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12404 - WordPress CF Internal Link Shortcode SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12404 \nPublished : Jan. 11, 2025, 3:15 a.m. | 28\u00a0minutes ago \nDescription : The CF Internal Link Shortcode plugin for WordPress is vulnerable to SQL Injection via the 'post_title' parameter in all versions up to, and including, 1.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-11T04:53:19.000000Z"}, {"uuid": "f25b7586-7314-4054-8ff2-4c40619de859", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12402", "type": "seen", "source": "https://t.me/cvedetector/14441", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12402 - WooCommerce Themes Coder \u2013 WordPress Plugin Privilege Escalation\", \n  \"Content\": \"CVE ID : CVE-2024-12402 \nPublished : Jan. 7, 2025, 4:15 a.m. | 39\u00a0minutes ago \nDescription : The Themes Coder \u2013 Create Android & iOS Apps For Your Woocommerce Site plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.4. This is due to the plugin not properly validating a user's identity prior to updating their password through the update_user_profile() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-07T06:19:52.000000Z"}, {"uuid": "768481af-b630-4625-8d84-6d4f09758f4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1240", "type": "seen", "source": "https://t.me/cvedetector/11057", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-1240 - Pyload Open Redirection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-1240 \nPublished : Nov. 15, 2024, 11:15 a.m. | 36\u00a0minutes ago \nDescription : An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other malicious activities. The issue is fixed in pyload-ng 0.5.0b3.dev79. \nSeverity: 4.6 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-15T13:15:29.000000Z"}, {"uuid": "4f41923b-777d-4870-855d-1ca33caffb2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12407", "type": "seen", "source": "https://t.me/cvedetector/15045", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12407 - WordPress Push Notification for Post and BuddyPress Reflected Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-12407 \nPublished : Jan. 11, 2025, 8:15 a.m. | 33\u00a0minutes ago \nDescription : The Push Notification for Post and BuddyPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pushnotificationid' parameter in all versions up to, and including, 2.06 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-11T09:54:09.000000Z"}, {"uuid": "adabc369-48d1-40d4-ada9-97efc2dfe768", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12401", "type": "seen", "source": "https://t.me/cvedetector/12760", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12401 - \"Cert-manager DoS Denial-of-Service Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-12401 \nPublished : Dec. 12, 2024, 9:15 a.m. | 43\u00a0minutes ago \nDescription : A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service (DoS) vector for the cert-manager in the cluster. \nSeverity: 4.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T11:20:16.000000Z"}, {"uuid": "65f13edf-b5cb-4848-9229-71290a675acd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12406", "type": "seen", "source": "https://t.me/cvedetector/12709", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12406 - WordPress Manage e-Digital Books Library Plugin SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2024-12406 \nPublished : Dec. 12, 2024, 5:15 a.m. | 43\u00a0minutes ago \nDescription : The Library Management System \u2013 Manage e-Digital Books Library plugin for WordPress is vulnerable to SQL Injection via the 'owt7_borrow_books_id' parameter in all versions up to, and including, 3.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T07:07:54.000000Z"}, {"uuid": "e3632b16-4f1b-4b40-bdd1-7a756f93b0c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12408", "type": "seen", "source": "https://t.me/cvedetector/13497", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12408 - \"Amazon Web Services (AWS) WordPress Reflected Cross-Site Scripting (XSS)\"\", \n  \"Content\": \"CVE ID : CVE-2024-12408 \nPublished : Dec. 21, 2024, 10:15 a.m. | 41\u00a0minutes ago \nDescription : The WP on AWS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_POST data in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-21T11:59:18.000000Z"}, {"uuid": "41ed4f2a-309b-4a06-960d-c9c2c4ca76f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12405", "type": "seen", "source": "https://t.me/cvedetector/13562", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12405 - \"WordPress Export Customers Data Plugin Reflected Cross-Site Scripting\"\", \n  \"Content\": \"CVE ID : CVE-2024-12405 \nPublished : Dec. 24, 2024, 6:15 a.m. | 17\u00a0minutes ago \nDescription : The Export Customers Data plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 't' parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-24T07:42:38.000000Z"}]}