{"vulnerability": "CVE-2024-1247", "sightings": [{"uuid": "f2af3951-e889-4f5f-b64c-e75732af7f70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12479", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113635658899727553", "content": "", "creation_timestamp": "2024-12-11T18:42:29.719663Z"}, {"uuid": "0105812a-a948-49bd-9024-0f13e15b8453", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12472", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfgqknisxw2m", "content": "", "creation_timestamp": "2025-01-11T03:15:57.823076Z"}, {"uuid": "278016ca-c665-407c-b5ab-6e26ba1cfd86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12471", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf4zpntwz72h", "content": "", "creation_timestamp": "2025-01-07T06:33:15.704207Z"}, {"uuid": "8fc7c1aa-bf34-417e-8a73-c2e271dae4e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12471", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113785733236191116", "content": "", "creation_timestamp": "2025-01-07T06:48:22.536194Z"}, {"uuid": "d4fbc791-36cf-43b7-bb38-4baf785703ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12472", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfgta45ppk2q", "content": "", "creation_timestamp": "2025-01-11T04:03:45.732664Z"}, {"uuid": "373e172b-ff03-4bb2-856f-761802b025d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12470", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf4vian6ao2i", "content": "", "creation_timestamp": "2025-01-07T05:17:28.399240Z"}, {"uuid": "f5b68ae3-f4e0-4f79-8cda-e7e1ed7a8a7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12473", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113801915599011221", "content": "", "creation_timestamp": "2025-01-10T03:23:45.480668Z"}, {"uuid": "9c0da31d-6b87-48c4-9551-6abe5492baad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12473", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfedhekzoj22", "content": "", "creation_timestamp": "2025-01-10T04:16:09.664180Z"}, {"uuid": "1c8baa65-52fe-4f91-a1af-2a2940ab0783", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12473", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfefavtvha2u", "content": "", "creation_timestamp": "2025-01-10T04:48:20.669241Z"}, {"uuid": "783bf622-7e6e-45f0-9358-b0ffb55e2527", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12470", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113785496552660982", "content": "", "creation_timestamp": "2025-01-07T05:48:10.965334Z"}, {"uuid": "9eb1f04b-a172-4dec-8608-71c84afc04c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12471", "type": "seen", "source": "https://infosec.exchange/users/random_robbie/statuses/113826826731641482", "content": "", "creation_timestamp": "2025-01-14T12:58:59.125190Z"}, {"uuid": "4fc1d250-4140-4422-b6e1-5dac0d04df1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12471", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113785617266493675", "content": "", "creation_timestamp": "2025-01-07T06:18:52.833958Z"}, {"uuid": "8e25ae79-6ba6-41bb-8f10-7d8121f35955", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12471", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf4yrijmdo2o", "content": "", "creation_timestamp": "2025-01-07T06:16:19.768212Z"}, {"uuid": "3d1432a5-24a2-4e31-a075-043de4c3b30c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12475", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113769818837566127", "content": "", "creation_timestamp": "2025-01-04T11:21:10.207013Z"}, {"uuid": "1c7c5e7e-cd3c-4acb-b731-04da310854e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12475", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lew3hdtofh2m", "content": "", "creation_timestamp": "2025-01-04T12:15:42.239722Z"}, {"uuid": "9b0f1abf-01c5-4056-bad9-04b0cce4549a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12475", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lew4x3zdad2q", "content": "", "creation_timestamp": "2025-01-04T12:42:25.076937Z"}, {"uuid": "0111453d-d44a-45be-9641-79605cef2901", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12472", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113807419180725614", "content": "", "creation_timestamp": "2025-01-11T02:43:23.739446Z"}, {"uuid": "8b63c026-cf65-4ec5-a2ac-b597f3c135f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12476", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113843049497825607", "content": "", "creation_timestamp": "2025-01-17T09:44:39.156305Z"}, {"uuid": "0993eb31-5047-449a-9694-dd1ee25c1a7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12476", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfwksecbhv2t", "content": "", "creation_timestamp": "2025-01-17T10:15:29.881611Z"}, {"uuid": "ec1c3c75-598d-4a26-a8a0-8b2d0bf45466", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12476", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfwmoeisrx2g", "content": "", "creation_timestamp": "2025-01-17T10:49:03.654177Z"}, {"uuid": "426987f0-f88e-4f09-bef1-51aa5d889e7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12476", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/113843982218783924", "content": "", "creation_timestamp": "2025-01-17T13:41:51.758018Z"}, {"uuid": "4852ca6d-3864-49bd-a034-a0f396e94938", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1247", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lg7ad5wnad27", "content": "", "creation_timestamp": "2025-01-20T21:02:05.911018Z"}, {"uuid": "9f62f0c6-3d55-433a-a47f-069399c615ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12477", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgefeprjpp2h", "content": "", "creation_timestamp": "2025-01-22T22:15:39.690301Z"}, {"uuid": "1fca6a3a-c65b-40d6-8c9e-7c5379cc3ee7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12477", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgegqhaiu72q", "content": "", "creation_timestamp": "2025-01-22T22:40:13.225691Z"}, {"uuid": "d534e42f-6395-44b0-a15a-5a8b310767bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12476", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-05", "content": "", "creation_timestamp": "2025-02-04T11:00:00.000000Z"}, {"uuid": "3e3aaff0-290b-4aca-be19-bb93d794e8e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12471", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/334", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12471\n\ud83d\udd39 Description: The Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator plugin for WordPress is vulnerable to arbitrary files uploads due to a missing capability check and file type validation on the add_image_to_library AJAX action function in all versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files that make remote code execution possible.\n\ud83d\udccf Published: 2025-01-07T05:23:57.597Z\n\ud83d\udccf Modified: 2025-01-07T05:23:57.597Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/bc17284e-65ea-4e67-aba9-3475f0174657?source=cve\n2. https://wordpress.org/plugins/post-saint/", "creation_timestamp": "2025-01-07T05:38:00.000000Z"}, {"uuid": "bdd79167-acaa-4b0c-b033-1814dc0c2743", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12470", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/305", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12470\n\ud83d\udd39 Description: The School Management System \u2013 SakolaWP plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.8. This is due to the registration function not properly limiting what roles a user can register as. This makes it possible for unauthenticated attackers to register as an administrative user.\n\ud83d\udccf Published: 2025-01-07T04:22:21.270Z\n\ud83d\udccf Modified: 2025-01-07T04:22:21.270Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/db1c581b-5cc9-46c0-ba5d-605642697729?source=cve\n2. https://wordpress.org/plugins/sakolawp-lite/", "creation_timestamp": "2025-01-07T04:36:56.000000Z"}, {"uuid": "758095c3-65b3-4e63-8d00-9c89aaac6d1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12473", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1114", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12473\n\ud83d\udd39 Description: The AI Scribe \u2013 SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) plugin for WordPress is vulnerable to SQL Injection via the 'template_id' parameter of the 'article_builder_generate_data' shortcode in all versions up to, and including, 2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n\ud83d\udccf Published: 2025-01-10T03:21:30.318Z\n\ud83d\udccf Modified: 2025-01-10T03:21:30.318Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/79125ac2-f3ed-40c9-a81b-340195fc8da5?source=cve\n2. https://plugins.trac.wordpress.org/browser/ai-scribe-the-chatgpt-powered-seo-content-creation-wizard/trunk/article_builder.php#L891", "creation_timestamp": "2025-01-10T04:15:11.000000Z"}, {"uuid": "57de8cf4-63a6-4879-89e5-da173b494595", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12472", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1263", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12472\n\ud83d\udd39 Description: The Post Duplicator plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the mtphr_duplicate_post() due to insufficient restrictions on which posts can be duplicated. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to by duplicating the post.\n\ud83d\udccf Published: 2025-01-11T02:20:53.726Z\n\ud83d\udccf Modified: 2025-01-11T02:20:53.726Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/3071b2dc-9673-4e30-bd04-7404eb6a1ed9?source=cve\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3219375%40post-duplicator&new=3219375%40post-duplicator&sfp_email=&sfph_mail=", "creation_timestamp": "2025-01-11T03:04:18.000000Z"}, {"uuid": "5dd96a8a-3978-4cfb-bb99-54276b1d71be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12476", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2111", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12476\n\ud83d\udd39 Description: CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could\ncause information disclosure, impacts workstation integrity and potential remote code execution on the\ncompromised computer, when specific crafted XML file is imported in the Web Designer configuration tool.\n\ud83d\udccf Published: 2025-01-17T09:42:47.616Z\n\ud83d\udccf Modified: 2025-01-17T09:42:47.616Z\n\ud83d\udd17 References:\n1. https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-014-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-014-04.pdf", "creation_timestamp": "2025-01-17T09:56:17.000000Z"}, {"uuid": "a10d5803-cae9-4346-89db-689ba4284c72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12475", "type": "seen", "source": "https://t.me/cvedetector/14275", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12475 - \"WordPress WP Multi Store Locator Stored Cross-Site Scripting Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-12475 \nPublished : Jan. 4, 2025, 12:15 p.m. | 32\u00a0minutes ago \nDescription : The WP Multi Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-04T13:55:21.000000Z"}, {"uuid": "6a47fe98-0b51-4671-aefc-dad41cd97378", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12471", "type": "seen", "source": "https://t.me/cvedetector/14469", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12471 - Dezgo AI Text & Image Generator Plugin for WordPress Arbitrary File Upload Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12471 \nPublished : Jan. 7, 2025, 6:15 a.m. | 41\u00a0minutes ago \nDescription : The Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator plugin for WordPress is vulnerable to arbitrary files uploads due to a missing capability check and file type validation on the add_image_to_library AJAX action function in all versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files that make remote code execution possible. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-07T08:00:31.000000Z"}, {"uuid": "4671aac0-3674-4d7d-a13d-91dd6b5c8ff9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12477", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2671", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12477\n\ud83d\udd39 Description: The Avada Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.11.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-01-22T21:21:53.814Z\n\ud83d\udccf Modified: 2025-01-22T21:21:53.814Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/7c54588f-6436-406f-93cb-b08965586d11?source=cve\n2. https://avada.com", "creation_timestamp": "2025-01-22T22:02:39.000000Z"}, {"uuid": "d2defda2-126f-4ee7-ab5d-10dd305a8cd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12476", "type": "seen", "source": "https://t.me/cvedetector/15695", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12476 - Adobe Web Designer XXE Injection\", \n  \"Content\": \"CVE ID : CVE-2024-12476 \nPublished : Jan. 17, 2025, 10:15 a.m. | 22\u00a0minutes ago \nDescription : CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could  \ncause information disclosure, impacts workstation integrity and potential remote code execution on the  \ncompromised computer, when specific crafted XML file is imported in the Web Designer configuration tool. \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-17T11:46:27.000000Z"}, {"uuid": "a5260453-5c93-4212-af9d-9bbc082a4f73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12470", "type": "seen", "source": "https://t.me/cvedetector/14446", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12470 - SakolaWP WordPress Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12470 \nPublished : Jan. 7, 2025, 5:15 a.m. | 40\u00a0minutes ago \nDescription : The School Management System \u2013 SakolaWP plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.8. This is due to the registration function not properly limiting what roles a user can register as. This makes it possible for unauthenticated attackers to register as an administrative user. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-07T07:10:03.000000Z"}, {"uuid": "481ef2ee-db06-43a8-960c-2042f080e171", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12473", "type": "seen", "source": "https://t.me/cvedetector/14949", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12473 - \"AI Scribe SQL Injection Vulnerability in WordPress Plugin\"\", \n  \"Content\": \"CVE ID : CVE-2024-12473 \nPublished : Jan. 10, 2025, 4:15 a.m. | 42\u00a0minutes ago \nDescription : The AI Scribe \u2013 SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) plugin for WordPress is vulnerable to SQL Injection via the 'template_id' parameter of the 'article_builder_generate_data' shortcode in all versions up to, and including, 2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-10T06:19:10.000000Z"}, {"uuid": "15035ca1-53ab-4fdd-bff7-2a6be89f1fe8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12477", "type": "seen", "source": "https://t.me/cvedetector/16145", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12477 - \"Avada Builder WordPress Stored Cross-Site Scripting\"\", \n  \"Content\": \"CVE ID : CVE-2024-12477 \nPublished : Jan. 22, 2025, 10:15 p.m. | 34\u00a0minutes ago \nDescription : The Avada Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.11.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-22T23:55:47.000000Z"}, {"uuid": "c5c1d2a2-4857-4966-9b48-3391f9c4d5da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12472", "type": "seen", "source": "https://t.me/cvedetector/15026", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12472 - WordPress Post Duplicator Information Exposure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12472 \nPublished : Jan. 11, 2025, 3:15 a.m. | 28\u00a0minutes ago \nDescription : The Post Duplicator plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the mtphr_duplicate_post() due to insufficient restrictions on which posts can be duplicated. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to by duplicating the post. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-11T04:53:19.000000Z"}, {"uuid": "6b92de8d-d415-4cb6-8742-5ad44ac6bd51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12479", "type": "seen", "source": "https://t.me/cvedetector/12660", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12479 - Wetech-CMS SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12479 \nPublished : Dec. 12, 2024, 1:40 a.m. | 10\u00a0minutes ago \nDescription : A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2 and classified as critical. This issue affects the function searchTopicByKeyword of the file wetech-cms-master\\wetech-core\\src\\main\\java\\tech\\wetech\\cms\\dao\\TopicDao.java. The manipulation of the argument keyword leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T02:56:39.000000Z"}, {"uuid": "ef178b56-44f3-4117-8e21-c40da91620b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12478", "type": "seen", "source": "https://t.me/cvedetector/12979", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12478 - InvoicePlane Remote Unrestricted File Upload Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12478 \nPublished : Dec. 16, 2024, 11:15 a.m. | 40\u00a0minutes ago \nDescription : A vulnerability was found in InvoicePlane up to 1.6.1. It has been declared as critical. This vulnerability affects the function upload_file of the file /index.php/upload/upload_file/1/1. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.2-beta-1 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-16T13:09:40.000000Z"}, {"uuid": "3838b939-fc4e-404c-9cd6-8f4c637e0e11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12474", "type": "seen", "source": "https://t.me/cvedetector/12929", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12474 - WordPress GeoDataSource Country Region DropDown Stored Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-12474 \nPublished : Dec. 14, 2024, 6:15 a.m. | 16\u00a0minutes ago \nDescription : The GeoDataSource Country Region DropDown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gds-country-dropdown' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-14T07:40:02.000000Z"}, {"uuid": "a6cec25e-5453-4c26-bcfc-da2dee1bfc46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1247", "type": "published-proof-of-concept", "source": "Telegram/cGlNk2XPqI5hfrvKJxbIt4B5c5ls0VW2CeJKCk0bOlVUG7A", "content": "", "creation_timestamp": "2025-01-15T16:00:09.000000Z"}, {"uuid": "b2c5ed9f-2ded-48c1-acac-9cdae7e84614", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1247", "type": "seen", "source": "https://t.me/ctinow/198636", "content": "https://ift.tt/8GQl1zr\nCVE-2024-1247 | Concrete CMS up to 9.2.4 Role Name cross site scripting", "creation_timestamp": "2024-03-03T09:46:43.000000Z"}]}