{"vulnerability": "CVE-2024-1244", "sightings": [{"uuid": "08399acd-aebf-4b38-931d-ce664b2b68b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12447", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113649603175317845", "content": "", "creation_timestamp": "2024-12-14T05:48:42.423399Z"}, {"uuid": "50ff5e7d-8382-470f-8a10-984ee2c913de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12448", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113649603208423193", "content": "", "creation_timestamp": "2024-12-14T05:48:42.965099Z"}, {"uuid": "56ba19e9-0657-4ca7-843b-7eaf74d6cf8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12446", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113649903596329602", "content": "", "creation_timestamp": "2024-12-14T07:05:07.392106Z"}, {"uuid": "0ba2d0f6-63d3-4d09-84aa-9ad3a1656a4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12449", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113671780741097480", "content": "", "creation_timestamp": "2024-12-18T03:48:45.402974Z"}, {"uuid": "33bcbeaf-92fc-43c0-9202-94580dfec51e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12440", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf4zpnqlcr2u", "content": "", "creation_timestamp": "2025-01-07T06:33:15.141655Z"}, {"uuid": "f740bfee-e72f-4806-a676-84ce1570f249", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12445", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf4vhwgpgp2f", "content": "", "creation_timestamp": "2025-01-07T05:17:17.913276Z"}, {"uuid": "77059af0-ffeb-47b5-808e-51ba5e857536", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12445", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf4xi26g2g25", "content": "", "creation_timestamp": "2025-01-07T05:53:08.924451Z"}, {"uuid": "86b6becc-03d5-4cae-9c04-b0d9b5b1e706", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12440", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113785558250577517", "content": "", "creation_timestamp": "2025-01-07T06:03:52.383741Z"}, {"uuid": "87ad73f8-9e84-420d-8f3d-c4bb7be661cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12440", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf4yrdoa7u2k", "content": "", "creation_timestamp": "2025-01-07T06:16:14.624059Z"}, {"uuid": "a0e4f10c-aba5-43d3-ad93-fe6af0be8d31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12444", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgxodnhyp32f", "content": "", "creation_timestamp": "2025-01-30T14:16:42.244309Z"}, {"uuid": "d436f50b-3903-4abb-b12b-e8d901bc7813", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12444", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113917730431983422", "content": "", "creation_timestamp": "2025-01-30T14:16:59.754512Z"}, {"uuid": "f957115f-bb0d-46f4-b91f-37677e864bad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12445", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/301", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12445\n\ud83d\udd39 Description: The RightMessage WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rm_area' shortcode in all versions up to, and including, 0.9.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-01-07T04:22:22.734Z\n\ud83d\udccf Modified: 2025-01-07T04:22:22.734Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/efbbb33d-28ed-47f4-a8dd-2fc7564d9df2?source=cve\n2. https://plugins.trac.wordpress.org/browser/rightmessage/trunk/includes/class-rightmessage.php#L45\n3. https://wordpress.org/plugins/rightmessage", "creation_timestamp": "2025-01-07T04:36:38.000000Z"}, {"uuid": "b170de38-f024-420d-8e13-1043a1af1f6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1244", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lrcnthzptu2a", "content": "", "creation_timestamp": "2025-06-11T05:18:53.075688Z"}, {"uuid": "fccb8618-d748-4572-afa7-984e04698805", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12442", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3loqmlxvecis2", "content": "", "creation_timestamp": "2025-05-09T15:07:35.704146Z"}, {"uuid": "cb8ebc60-e401-4ac2-9154-d7277aa6056f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12442", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15727", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12442\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: EnerSys AMPA versions 24.04 through 24.16, inclusive, are vulnerable to command injection leading to privileged remote shell access.\n\ud83d\udccf Published: 2025-05-09T13:55:20.669Z\n\ud83d\udccf Modified: 2025-05-09T13:55:20.669Z\n\ud83d\udd17 References:\n1. https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2025/MNDT-2025-0002.md\n2. https://www.enersys.com/4996df/globalassets/documents/corporate/cve/enersys_cve-2024-12442-final.pdf", "creation_timestamp": "2025-05-09T14:26:11.000000Z"}, {"uuid": "a2825fc0-21f5-45ae-a073-3021b920c317", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12440", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/332", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12440\n\ud83d\udd39 Description: The Candifly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'candifly' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-01-07T05:23:58.291Z\n\ud83d\udccf Modified: 2025-01-07T05:23:58.291Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/bf173ccd-23bc-49ec-92e0-032feae0fa4a?source=cve\n2. https://plugins.trac.wordpress.org/browser/candifly/trunk/candifly.php\n3. https://wordpress.org/plugins/candifly/", "creation_timestamp": "2025-01-07T05:37:45.000000Z"}, {"uuid": "87015388-2289-47de-9687-3cfa9d9d8be5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1244", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18040", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-1244\n\ud83d\udd25 CVSS Score: 9.5 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H)\n\ud83d\udd39 Description: Improper input validation in the OSSEC HIDS agent for Windows prior to version 3.8.0 allows an attacker in with control over the OSSEC server or in possession of the agent's key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine account NetNTLMv2 hash, which can be relayed for remote code execution or used to escalate privileges to SYSTEM via AD CS certificate forging and other similar attacks.\n\ud83d\udccf Published: 2025-06-11T02:59:06.240Z\n\ud83d\udccf Modified: 2025-06-11T02:59:06.240Z\n\ud83d\udd17 References:\n1. https://pentraze.com/\n2. https://pentraze.com/vulnerability-reports/", "creation_timestamp": "2025-06-11T03:37:02.000000Z"}, {"uuid": "cd66b9d7-82c6-42c4-9c27-a818c29a7556", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1244", "type": "seen", "source": "Telegram/buh-ut9DiubPByy1siFNTwRZbQngXllC1XVuRrrneGPkxJk", "content": "", "creation_timestamp": "2025-06-11T11:03:35.000000Z"}, {"uuid": "4769b406-9a3c-40f5-bdc7-63fd3dffe26f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12448", "type": "seen", "source": "https://t.me/cvedetector/12919", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12448 - WooCommerce Posts and Products Views Stored Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-12448 \nPublished : Dec. 14, 2024, 5:15 a.m. | 27\u00a0minutes ago \nDescription : The Posts and Products Views for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'papvfwc_views' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-14T06:49:45.000000Z"}, {"uuid": "268c43a7-c137-4036-ae02-e74ea01a2354", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12440", "type": "seen", "source": "https://t.me/cvedetector/14475", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12440 - Candifly for WordPress - Stored Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-12440 \nPublished : Jan. 7, 2025, 6:15 a.m. | 41\u00a0minutes ago \nDescription : The Candifly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'candifly' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-07T08:00:42.000000Z"}, {"uuid": "b02eea13-cdfe-40fa-a15c-af5cbd2760b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12442", "type": "seen", "source": "https://t.me/cvedetector/24952", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12442 - EnerSys AMPA Command Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12442 \nPublished : May 9, 2025, 2:15 p.m. | 1\u00a0hour, 58\u00a0minutes ago \nDescription : EnerSys AMPA versions 24.04 through 24.16, inclusive, are vulnerable to command injection leading to privileged remote shell access. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-09T18:43:06.000000Z"}, {"uuid": "a3d0d093-638f-4a1f-84d2-c14b506fd59a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12445", "type": "seen", "source": "https://t.me/cvedetector/14447", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12445 - WordPress RightMessage Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12445 \nPublished : Jan. 7, 2025, 5:15 a.m. | 40\u00a0minutes ago \nDescription : The RightMessage WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rm_area' shortcode in all versions up to, and including, 0.9.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-07T07:10:04.000000Z"}, {"uuid": "c8ef5c8f-14ff-4319-bbb7-dc00408bafe3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12446", "type": "seen", "source": "https://t.me/cvedetector/12936", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12446 - \"WordPress Post to Pdf Stored Cross-Site Scripting Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-12446 \nPublished : Dec. 14, 2024, 7:15 a.m. | 39\u00a0minutes ago \nDescription : The Post to Pdf plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gmptp_single_post' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-14T09:20:24.000000Z"}, {"uuid": "86cc0dd8-529c-436d-a596-570734bdb951", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12443", "type": "seen", "source": "https://t.me/cvedetector/13050", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12443 - Zendesk HelpScout Stored Cross-Site Scripting in CRM Perks HelpDesk Plugin\", \n  \"Content\": \"CVE ID : CVE-2024-12443 \nPublished : Dec. 16, 2024, 11:15 p.m. | 34\u00a0minutes ago \nDescription : The CRM Perks \u2013 WordPress HelpDesk Integration \u2013 Zendesk, Freshdesk, HelpScout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'crm-perks-tickets' shortcode in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-17T00:53:53.000000Z"}, {"uuid": "26e94a9e-549c-4ad3-b09a-8d039fd818b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12447", "type": "seen", "source": "https://t.me/cvedetector/12918", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12447 - WordPress Get Post Content Shortcode Insecure Direct Object Reference Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12447 \nPublished : Dec. 14, 2024, 5:15 a.m. | 27\u00a0minutes ago \nDescription : The Get Post Content Shortcode plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.4 via the 'post-content' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the content of password-protected, private, draft, and pending posts. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-14T06:49:44.000000Z"}, {"uuid": "6dc49d15-6e14-4579-a6b8-cda0111a4fad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12441", "type": "seen", "source": "https://t.me/cvedetector/12710", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12441 - WordPress BP Email Assign Templates Reflected Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-12441 \nPublished : Dec. 12, 2024, 5:15 a.m. | 43\u00a0minutes ago \nDescription : The BP Email Assign Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T07:07:54.000000Z"}, {"uuid": "293a543b-cdbb-4855-acf8-c49a12127b81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12449", "type": "seen", "source": "https://t.me/cvedetector/13150", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12449 - WordPress Video Share VOD Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12449 \nPublished : Dec. 18, 2024, 4:15 a.m. | 43\u00a0minutes ago \nDescription : The Video Share VOD \u2013 Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_player_html' shortcode in all versions up to, and including, 2.6.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-18T06:09:48.000000Z"}]}