{"vulnerability": "CVE-2024-1243", "sightings": [{"uuid": "2f8df0b0-c314-458a-9453-393362cd1f0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12432", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113671780726183194", "content": "", "creation_timestamp": "2024-12-18T03:48:45.064357Z"}, {"uuid": "ed20bd42-c9b2-4add-8f44-6d0650de15c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12438", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf4zpod3ge2q", "content": "", "creation_timestamp": "2025-01-07T06:33:17.911497Z"}, {"uuid": "9c40d209-fa0c-4bfe-8092-8f0e970ab845", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12439", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf4zpolz2r2q", "content": "", "creation_timestamp": "2025-01-07T06:33:19.054552Z"}, {"uuid": "892b142c-d7d0-4679-9cb7-16678e9de282", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12437", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113785725707848489", "content": "", "creation_timestamp": "2025-01-07T06:46:27.446627Z"}, {"uuid": "e3666622-678f-4808-aed9-5dc1a85dba1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12430", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf65mljqyn2e", "content": "", "creation_timestamp": "2025-01-07T17:15:43.764312Z"}, {"uuid": "69f145ff-549e-439a-a4d5-87e6f53f9822", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12437", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf5445onan2m", "content": "", "creation_timestamp": "2025-01-07T07:15:58.747112Z"}, {"uuid": "a326731f-b0dd-40db-82ff-f819d1f6b632", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12437", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf5445onan2m", "content": "", "creation_timestamp": "2025-01-07T07:15:58.752899Z"}, {"uuid": "71a8b8ce-65b6-4827-bb52-4e8c4e95f557", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12430", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf67hpzlcm2r", "content": "", "creation_timestamp": "2025-01-07T17:48:49.128617Z"}, {"uuid": "615ffa01-194d-465d-bb2a-46a020293973", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12431", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113794654216478642", "content": "", "creation_timestamp": "2025-01-08T20:37:06.251407Z"}, {"uuid": "1fe39a1d-d753-44c3-a408-57dbd8bb484d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12435", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf4vhubryw25", "content": "", "creation_timestamp": "2025-01-07T05:17:15.207725Z"}, {"uuid": "2898ce4c-9b01-475a-853a-2f5f52f5bc67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12431", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113793610252558322", "content": "", "creation_timestamp": "2025-01-08T16:11:36.203775Z"}, {"uuid": "d8a86b73-86bd-4a32-941b-7c6096439423", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12431", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfb3ifhorh2i", "content": "", "creation_timestamp": "2025-01-08T21:15:34.823327Z"}, {"uuid": "bc62d877-718e-4134-8d33-ec60e9684d72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12431", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfb5czoh4p2b", "content": "", "creation_timestamp": "2025-01-08T21:48:22.073546Z"}, {"uuid": "4b606d5c-b54b-4c20-92de-4bdd5f1d185f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12435", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf4xi2ho7k2g", "content": "", "creation_timestamp": "2025-01-07T05:53:09.652024Z"}, {"uuid": "f3bceefd-17b0-4933-a53c-1780a95c0478", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12439", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113785558213640255", "content": "", "creation_timestamp": "2025-01-07T06:03:52.580192Z"}, {"uuid": "ef2490eb-97da-4547-812b-a557e946a272", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12438", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113785558196609609", "content": "", "creation_timestamp": "2025-01-07T06:03:52.483863Z"}, {"uuid": "efaba094-cf08-4d81-b497-5a208ca5f081", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12438", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf4yr6qkkm2i", "content": "", "creation_timestamp": "2025-01-07T06:16:09.385946Z"}, {"uuid": "d22cb561-5793-4596-87d8-792e15efbe34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12439", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf4yrbbpae2i", "content": "", "creation_timestamp": "2025-01-07T06:16:12.001222Z"}, {"uuid": "4b488596-fca4-48ea-87fa-abe7d233686a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12430", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113788073102479974", "content": "", "creation_timestamp": "2025-01-07T16:43:26.922135Z"}, {"uuid": "c68ec829-d7fa-4cd4-a670-0b1e234a5374", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12436", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgpc2yqdjg2p", "content": "", "creation_timestamp": "2025-01-27T06:15:49.781338Z"}, {"uuid": "8dd08944-0306-4ea4-be2d-4fd25023db81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12436", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgpdxitiio2i", "content": "", "creation_timestamp": "2025-01-27T06:49:42.331983Z"}, {"uuid": "5021d739-8c90-4c2b-a780-899cb406a549", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1243", "type": "published-proof-of-concept", "source": "Telegram/P3uzVteJIOiG3Gg-zKek4C3h9lNxS0xZPtAdcuiBiGsp_Ws", "content": "", "creation_timestamp": "2025-06-11T11:03:44.000000Z"}, {"uuid": "3f8ae9c2-5f11-4a12-92c1-1869bcf089e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12433", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lksmhgh6qx2m", "content": "", "creation_timestamp": "2025-03-20T11:40:30.457887Z"}, {"uuid": "8357b3d8-e4ff-4b07-b1e8-b247f57106fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12436", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113898798720190607", "content": "", "creation_timestamp": "2025-01-27T06:02:24.772553Z"}, {"uuid": "e7142345-b4ff-4eb3-ab26-ba9aefb318e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12436", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113898815688137258", "content": "", "creation_timestamp": "2025-01-27T06:06:45.907971Z"}, {"uuid": "c3fe6d1b-0465-48c7-97b6-d4941006ea28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1243", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lrcplnttgq2q", "content": "", "creation_timestamp": "2025-06-11T05:50:18.205601Z"}, {"uuid": "88500a1e-c4ff-428f-9111-ca1fdc6b477f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12435", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/299", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12435\n\ud83d\udd39 Description: The Compare Products for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018s_feature\u2019 parameter in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-01-07T04:22:23.499Z\n\ud83d\udccf Modified: 2025-01-07T04:22:23.499Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/f74c419a-56de-4190-925d-876d32f712e1?source=cve\n2. https://plugins.trac.wordpress.org/browser/woocommerce-compare-products/trunk/admin/classes/class-wc-compare-fields.php#L392\n3. https://plugins.trac.wordpress.org/browser/woocommerce-compare-products/trunk/admin/classes/class-wc-compare-fields.php#L397", "creation_timestamp": "2025-01-07T04:36:18.000000Z"}, {"uuid": "0b7b97c2-d4cf-4093-90d3-5ac6b784a9d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12438", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/337", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12438\n\ud83d\udd39 Description: The WooCommerce Digital Content Delivery (incl. DRM) \u2013 FlickRocket plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'start_date\u2019 and 'end_date' parameters in all versions up to, and including, 4.74 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-01-07T05:23:56.544Z\n\ud83d\udccf Modified: 2025-01-07T05:23:56.544Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/aa3909f6-fd2f-44e7-83b5-51c8cda4b20f?source=cve\n2. https://plugins.trac.wordpress.org/browser/woocommerce-digital-content-delivery-with-drm-flickrocket/trunk/woocommerce-flickrocket.php#L613\n3. https://plugins.trac.wordpress.org/browser/woocommerce-digital-content-delivery-with-drm-flickrocket/trunk/woocommerce-flickrocket.php#L614\n4. https://plugins.trac.wordpress.org/browser/woocommerce-digital-content-delivery-with-drm-flickrocket/trunk/woocommerce-flickrocket.php#L629\n5. https://plugins.trac.wordpress.org/browser/woocommerce-digital-content-delivery-with-drm-flickrocket/trunk/woocommerce-flickrocket.php#L632\n6. https://plugins.trac.wordpress.org/browser/woocommerce-digital-content-delivery-with-drm-flickrocket/trunk/woocommerce-flickrocket.php#L655\n7. https://plugins.trac.wordpress.org/browser/woocommerce-digital-content-delivery-with-drm-flickrocket/trunk/woocommerce-flickrocket.php#L658", "creation_timestamp": "2025-01-07T05:38:16.000000Z"}, {"uuid": "5c5378e8-258a-4497-b890-ca846b6e29b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12439", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/342", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12439\n\ud83d\udd39 Description: The Marketplace Items plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'marketplace' shortcode in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-01-07T05:23:54.216Z\n\ud83d\udccf Modified: 2025-01-07T05:23:54.216Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/602ae805-a6a6-48bd-bd2a-00fafadfdce4?source=cve\n2. https://plugins.trac.wordpress.org/browser/marketplace-items/trunk/marketplace-items.php\n3. https://wordpress.org/plugins/marketplace-items/", "creation_timestamp": "2025-01-07T05:38:47.000000Z"}, {"uuid": "e957c5ba-25da-46f4-9ab7-78a0a0be9382", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1243", "type": "seen", "source": "Telegram/buh-ut9DiubPByy1siFNTwRZbQngXllC1XVuRrrneGPkxJk", "content": "", "creation_timestamp": "2025-06-11T11:03:35.000000Z"}, {"uuid": "038374e2-8c80-4979-ab8f-e9ec23c78690", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12437", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/367", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12437\n\ud83d\udd39 Description: The Marketplace Items plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'envato' shortcode in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-01-07T06:40:59.643Z\n\ud83d\udccf Modified: 2025-01-07T06:40:59.643Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/e055c319-1aeb-4a97-98d1-3b38e61f30f0?source=cve\n2. https://plugins.trac.wordpress.org/browser/marketplace-items/trunk/marketplace-items.php#L94\n3. https://wordpress.org/plugins/marketplace-items", "creation_timestamp": "2025-01-07T07:37:13.000000Z"}, {"uuid": "9c78b19a-677b-41d1-90c9-71a0c9d1e42c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12431", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/846", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12431\n\ud83d\udd39 Description: An issue was discovered in GitLab CE/EE affecting all versions starting from 15.5 before 17.5.5, 17.6 before 17.6.3, and 17.7 before 17.7.1, in which unauthorized users could manipulate the status of issues in public projects.\n\ud83d\udccf Published: 2025-01-08T20:30:42.896Z\n\ud83d\udccf Modified: 2025-01-08T20:30:42.896Z\n\ud83d\udd17 References:\n1. https://gitlab.com/gitlab-org/gitlab/-/issues/508742\n2. https://about.gitlab.com/releases/2025/01/08/patch-release-gitlab-17-7-1-released/#unauthorized-user-can-manipulate-status-of-issues-in-public-projects\n3. https://hackerone.com/reports/2877710", "creation_timestamp": "2025-01-08T21:14:36.000000Z"}, {"uuid": "9274c6ca-5013-41b4-b8d9-25e48f5a3638", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1243", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18039", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-1243\n\ud83d\udd25 CVSS Score: 9.5 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H)\n\ud83d\udd39 Description: Improper input validation in the Wazuh agent for Windows prior to version 4.8.0 allows an attacker with control over the Wazuh server or agent key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine account NetNTLMv2 hash, which can be relayed for remote code execution or used to escalate privileges to SYSTEM via AD CS certificate forging and other similar attacks.\n\ud83d\udccf Published: 2025-06-11T01:15:13.116Z\n\ud83d\udccf Modified: 2025-06-11T01:15:13.116Z\n\ud83d\udd17 References:\n1. https://pentraze.com/\n2. https://pentraze.com/vulnerability-reports/CVE-2024-1243/\n3. https://github.com/wazuh/wazuh/security/advisories/GHSA-3crh-39qv-fxj7", "creation_timestamp": "2025-06-11T02:37:03.000000Z"}, {"uuid": "aa453117-7718-4289-b330-6107c9d5b28e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12430", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/526", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12430\n\ud83d\udd39 Description: An attacker who successfully exploited these vulnerabilities could cause enable command execution. A vulnerability exists in the AC500 V3 version mentioned. After successfully exploiting CVE-2024-12429 (directory traversal), a successfully authenticated attacker can inject arbitrary commands into a specifically crafted file, which then will be executed by root user.\nAll AC500 V3 products (PM5xxx) with firmware version earlier than 3.8.0 are affected by this vulnerability.\n\ud83d\udccf Published: 2025-01-07T16:28:41.952Z\n\ud83d\udccf Modified: 2025-01-07T17:56:26.206Z\n\ud83d\udd17 References:\n1. https://search.abb.com/library/Download.aspx?DocumentID=3ADR011377&LanguageCode=en&DocumentPartId=&Action=Launch", "creation_timestamp": "2025-01-07T18:40:32.000000Z"}, {"uuid": "73e525c1-0916-425e-a54a-1d5cd79c6562", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12431", "type": "seen", "source": "https://t.me/cvedetector/14742", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12431 - GitLab Unauthorized Issue Status Manipulation\", \n  \"Content\": \"CVE ID : CVE-2024-12431 \nPublished : Jan. 8, 2025, 9:15 p.m. | 36\u00a0minutes ago \nDescription : An issue was discovered in GitLab CE/EE affecting all versions starting from 15.5 before 17.5.5, 17.6 before 17.6.3, and 17.7 before 17.7.1, in which unauthorized users could manipulate the status of issues in public projects. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-08T23:21:27.000000Z"}, {"uuid": "2538c4ae-88cc-46c1-b79f-2b27ac39f16e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12436", "type": "seen", "source": "https://t.me/cvedetector/16441", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12436 - WordPress Customer Area CSRF Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12436 \nPublished : Jan. 27, 2025, 6:15 a.m. | 2\u00a0hours, 12\u00a0minutes ago \nDescription : The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-27T10:08:23.000000Z"}, {"uuid": "1d641c54-1a37-47a0-80ed-5fcab0be0fbb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12435", "type": "seen", "source": "https://t.me/cvedetector/14455", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12435 - WooCommerce Compare Products Reflected Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-12435 \nPublished : Jan. 7, 2025, 5:15 a.m. | 40\u00a0minutes ago \nDescription : The Compare Products for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018s_feature\u2019 parameter in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-07T07:10:15.000000Z"}, {"uuid": "aba62103-6cd7-4075-85ec-658460005457", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12439", "type": "seen", "source": "https://t.me/cvedetector/14478", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12439 - WordPress Marketplace Items Stored Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2024-12439 \nPublished : Jan. 7, 2025, 6:15 a.m. | 41\u00a0minutes ago \nDescription : The Marketplace Items plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'marketplace' shortcode in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-07T08:00:44.000000Z"}, {"uuid": "1abf7d5d-a164-43fb-addc-bd3d645416ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12437", "type": "seen", "source": "https://t.me/cvedetector/14487", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12437 - WordPress Marketplace Items Stored Cross-Site Scripting Attack\", \n  \"Content\": \"CVE ID : CVE-2024-12437 \nPublished : Jan. 7, 2025, 7:15 a.m. | 30\u00a0minutes ago \nDescription : The Marketplace Items plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'envato' shortcode in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-07T08:51:00.000000Z"}, {"uuid": "004a0a62-40a2-4497-b056-0e624ff8b525", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12438", "type": "seen", "source": "https://t.me/cvedetector/14477", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12438 - WooCommerce FlickRocket Reflected Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-12438 \nPublished : Jan. 7, 2025, 6:15 a.m. | 41\u00a0minutes ago \nDescription : The WooCommerce Digital Content Delivery (incl. DRM) \u2013 FlickRocket plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'start_date\u2019 and 'end_date' parameters in all versions up to, and including, 4.74 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-07T08:00:43.000000Z"}, {"uuid": "1ee7ccee-18e8-4333-92fc-ee721bdeb8c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12432", "type": "seen", "source": "https://t.me/cvedetector/13157", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12432 - WPC Shop WooCommerce Plugin for WordPress Unsecured Authentication\", \n  \"Content\": \"CVE ID : CVE-2024-12432 \nPublished : Dec. 18, 2024, 4:15 a.m. | 43\u00a0minutes ago \nDescription : The WPC Shop as a Customer for WooCommerce plugin for WordPress is vulnerable to account takeover and privilege escalation in all versions up to, and including, 1.2.8. This is due to the 'generate_key' function not producing a sufficiently random value. This makes it possible for authenticated attackers, with Subscriber-level access and above, to log in as site administrators, granted they have triggered the ajax_login() function which generates a unique key that can be used to log in. \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-18T06:09:56.000000Z"}]}