{"vulnerability": "CVE-2024-1245", "sightings": [{"uuid": "4b0961a6-82d5-4174-bbab-320c458dacfc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12458", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113649603222187923", "content": "", "creation_timestamp": "2024-12-14T05:48:43.281422Z"}, {"uuid": "29c95e7b-e03e-4aff-adf6-ae163c8df287", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12454", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113673114784020002", "content": "", "creation_timestamp": "2024-12-18T09:28:01.412281Z"}, {"uuid": "ce5e37c0-a7fd-4eed-a121-7b44f167fbbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12457", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf4vi3p6zx2f", "content": "", "creation_timestamp": "2025-01-07T05:17:22.996003Z"}, {"uuid": "c417f93d-95dc-49fb-b49c-cdd396cc45ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12453", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf4vhzclbm2e", "content": "", "creation_timestamp": "2025-01-07T05:17:20.480437Z"}, {"uuid": "f1e47abf-c6be-4cd4-b8fc-e8d34754903c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12451", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113917730446370008", "content": "", "creation_timestamp": "2025-01-30T14:16:59.969262Z"}, {"uuid": "6d1753c5-e4f9-4753-9ef8-e6780b7e52df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12452", "type": "seen", "source": "https://t.me/cvedetector/18643", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12452 - Ziggeo WordPress Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12452 \nPublished : Feb. 21, 2025, 10:15 a.m. | 2\u00a0hours ago \nDescription : The Ziggeo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ziggeo_event' shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-21T13:55:29.000000Z"}, {"uuid": "d6f45064-b58e-4bac-98d0-fd3d3fcc2df4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12451", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgxodpm6at2c", "content": "", "creation_timestamp": "2025-01-30T14:16:44.446921Z"}, {"uuid": "59f92166-0aea-4103-a6be-25406184b8ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12452", "type": "seen", "source": "MISP/9ca82492-7deb-4197-a6f1-191e121eef96", "content": "", "creation_timestamp": "2025-08-25T13:32:05.000000Z"}, {"uuid": "0b252c58-8829-41d3-978c-8fb33565a1f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1245", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/33", "content": "\ud83d\udccc CVE ID: GHSA-7r95-6mr9-6f86\n\ud83d\udd39 Summary: No summary available.\n\ud83d\udd17 More Info: https://nvd.nist.gov/vuln/detail/CVE-2024-1245", "creation_timestamp": "2025-01-05T01:28:46.000000Z"}, {"uuid": "29f452a4-9260-4c4a-b4f5-e81d269687e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12453", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/321", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12453\n\ud83d\udd39 Description: The Uptodown APK Download Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'utd-widget' shortcode in all versions up to, and including, 0.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-01-07T04:22:15.374Z\n\ud83d\udccf Modified: 2025-01-07T04:22:15.374Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/78c2d5fc-240a-4fed-92ae-b9f84de3e119?source=cve\n2. https://plugins.trac.wordpress.org/browser/uptodown-apk-download-widget/trunk/uptodown_wp_widget.php#L47\n3. https://wordpress.org/plugins/uptodown-apk-download-widget", "creation_timestamp": "2025-01-07T04:38:50.000000Z"}, {"uuid": "3386c5e8-1a25-46ca-893e-898bd9afd385", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12457", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/322", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12457\n\ud83d\udd39 Description: The Chat Support for Viber \u2013 Chat Bubble and Chat Button for Gutenberg, Elementor and Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vchat' shortcode in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-01-07T04:22:14.769Z\n\ud83d\udccf Modified: 2025-01-07T04:22:14.769Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/7834c0be-3051-4d97-928e-cf5295c93463?source=cve\n2. https://plugins.trac.wordpress.org/browser/chat-viber/tags/1.7.2/inc/class-custom-buttons-templates.php#L51", "creation_timestamp": "2025-01-07T04:38:59.000000Z"}, {"uuid": "3c5eb629-42f3-4fc7-abef-9e4a93db294f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12452", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4870", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12452\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Ziggeo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ziggeo_event' shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-02-21T09:21:06.824Z\n\ud83d\udccf Modified: 2025-02-21T09:21:06.824Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/be82095d-2b15-432e-a667-523286fa9629?source=cve\n2. https://plugins.trac.wordpress.org/browser/ziggeo/tags/3.1/core/events.php#L52\n3. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3242184%40ziggeo&new=3242184%40ziggeo&sfp_email=&sfph_mail=", "creation_timestamp": "2025-02-21T10:20:17.000000Z"}, {"uuid": "f80db626-4590-47a6-8e0d-1e96da1b06fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12453", "type": "seen", "source": "https://t.me/cvedetector/14448", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12453 - \"Uptodown WordPress APK Download Widget Stored Cross-Site Scripting\"\", \n  \"Content\": \"CVE ID : CVE-2024-12453 \nPublished : Jan. 7, 2025, 5:15 a.m. | 40\u00a0minutes ago \nDescription : The Uptodown APK Download Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'utd-widget' shortcode in all versions up to, and including, 0.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-07T07:10:04.000000Z"}, {"uuid": "8b374c2a-fb5d-4b9d-929d-a462108bc150", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12450", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10424", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12450\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: In infiniflow/ragflow versions 0.12.0, the `web_crawl` function in `document_app.py` contains multiple vulnerabilities. The function does not filter URL parameters, allowing attackers to exploit Full Read SSRF by accessing internal network addresses and viewing their content through the generated PDF files. Additionally, the lack of restrictions on the file protocol enables Arbitrary File Read, allowing attackers to read server files. Furthermore, the use of an outdated Chromium headless version with --no-sandbox mode enabled makes the application susceptible to Remote Code Execution (RCE) via known Chromium v8 vulnerabilities. These issues are resolved in version 0.14.0.\n\ud83d\udccf Published: 2025-03-20T10:11:05.133Z\n\ud83d\udccf Modified: 2025-04-04T08:45:39.429Z\n\ud83d\udd17 References:\n1. https://huntr.com/bounties/da06360c-87c3-4ba9-be67-29f6eff9d44a\n2. https://github.com/infiniflow/ragflow/commit/3faae0b2c2f8a26233ee1442ba04874b3406f6e9", "creation_timestamp": "2025-04-04T09:35:55.000000Z"}, {"uuid": "ff47fcc0-7ba8-410a-a410-5b0561dbc876", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12457", "type": "seen", "source": "https://t.me/cvedetector/14449", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12457 - Viber for WordPress Stored Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-12457 \nPublished : Jan. 7, 2025, 5:15 a.m. | 40\u00a0minutes ago \nDescription : The Chat Support for Viber \u2013 Chat Bubble and Chat Button for Gutenberg, Elementor and Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vchat' shortcode in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-07T07:10:05.000000Z"}, {"uuid": "a268611b-e390-464e-bf83-e37a6d85329e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12454", "type": "seen", "source": "https://t.me/cvedetector/13178", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12454 - SliceWP Affiliates Cross-Site Request Forgery Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12454 \nPublished : Dec. 18, 2024, 10:15 a.m. | 42\u00a0minutes ago \nDescription : The Affiliate Program Suite \u2014 SliceWP Affiliates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-18T12:01:13.000000Z"}, {"uuid": "8df81cc7-3aaf-4030-bc3f-ef5aedf3f100", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12458", "type": "seen", "source": "https://t.me/cvedetector/12910", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12458 - WordPress Smart PopUp Blaster Stored Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-12458 \nPublished : Dec. 14, 2024, 5:15 a.m. | 27\u00a0minutes ago \nDescription : The Smart PopUp Blaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spb-button' shortcode in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-14T06:49:33.000000Z"}, {"uuid": "f0579335-cc1c-4544-a371-7372b5717bfc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12459", "type": "seen", "source": "https://t.me/cvedetector/12932", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12459 - Ganohrs Toggle Shortcode Stored Cross-Site Scripting Vulnerability in WordPress\", \n  \"Content\": \"CVE ID : CVE-2024-12459 \nPublished : Dec. 14, 2024, 6:15 a.m. | 16\u00a0minutes ago \nDescription : The Ganohrs Toggle Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'toggle' shortcode in all versions up to, and including, 0.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-14T07:40:05.000000Z"}, {"uuid": "b2068c5f-d4d1-4283-8a10-73fc8523d031", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1245", "type": "seen", "source": "https://t.me/ctinow/182249", "content": "https://ift.tt/oR7pyuJ\nCVE-2024-1245", "creation_timestamp": "2024-02-09T21:32:09.000000Z"}, {"uuid": "237494d3-5029-4cca-9cee-c97c8cab8eec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12452", "type": "seen", "source": "Telegram/hJCZIrNDw1f28FLtqTOtqNVJBULTdfIuueU2sIbqFi6s6dun", "content": "", "creation_timestamp": "2025-02-21T12:35:18.000000Z"}, {"uuid": "96ffffae-798f-4cad-a8c1-1df9ac35e10e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1245", "type": "seen", "source": "https://t.me/ctinow/198637", "content": "https://ift.tt/8DISciz\nCVE-2024-1245 | Concrete CMS up to 9.2.4 Attributes Page cross site scripting", "creation_timestamp": "2024-03-03T09:46:44.000000Z"}]}