{"vulnerability": "CVE-2024-1252", "sightings": [{"uuid": "6732c923-8de2-450d-ad0f-88eb18fc25bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12523", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113649662249604096", "content": "", "creation_timestamp": "2024-12-14T06:03:43.927850Z"}, {"uuid": "6538aac0-e2b7-4bb7-b3bc-9668d798446e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12528", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113785064277532854", "content": "", "creation_timestamp": "2025-01-07T03:58:14.804417Z"}, {"uuid": "598642b9-88e9-4c51-a43a-6f21a41a0281", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12528", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf4rzx2f7l22", "content": "", "creation_timestamp": "2025-01-07T04:15:47.833510Z"}, {"uuid": "daa7b227-a92c-4ee1-b14d-fa8db7febb5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12520", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113808655784413287", "content": "", "creation_timestamp": "2025-01-11T07:57:52.736985Z"}, {"uuid": "412be86d-c876-460e-be17-18361733fc67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12527", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113808655798870020", "content": "", "creation_timestamp": "2025-01-11T07:57:52.923211Z"}, {"uuid": "5b6bb442-e5f4-4626-860e-34ffae817c67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12520", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfhbdfcjde2i", "content": "", "creation_timestamp": "2025-01-11T08:16:07.640196Z"}, {"uuid": "7055a386-ff01-4c64-9fcf-71fb3aff3a7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12527", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfhbdhvo3e2l", "content": "", "creation_timestamp": "2025-01-11T08:16:10.360269Z"}, {"uuid": "5f7987c7-1ae5-42cf-a516-ba83e28e3616", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12527", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfhd6bqtd22q", "content": "", "creation_timestamp": "2025-01-11T08:49:04.891259Z"}, {"uuid": "48199a02-d5b9-436a-b535-060c606d09fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12520", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfhd6ccnua25", "content": "", "creation_timestamp": "2025-01-11T08:49:07.143463Z"}, {"uuid": "3dcd800e-19dc-43d9-9e27-863efb772ed8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12521", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf7ciww3sx2e", "content": "", "creation_timestamp": "2025-01-08T04:15:49.543144Z"}, {"uuid": "15927dc4-ad7e-48e1-8949-4b4deb82a916", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12529", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113887872206305997", "content": "", "creation_timestamp": "2025-01-25T07:43:39.280564Z"}, {"uuid": "03042f94-e28e-416e-8181-0cb43af1e1e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12524", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgxs5lgvhn2q", "content": "", "creation_timestamp": "2025-01-30T15:24:56.774082Z"}, {"uuid": "6e47e061-87e8-4e1d-8372-a667a1d49b1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12524", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113917016503164733", "content": "", "creation_timestamp": "2025-01-30T11:15:26.991609Z"}, {"uuid": "0d25147d-5fe3-4a3b-9716-f5c01cca668b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12524", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgxea7og3o2c", "content": "", "creation_timestamp": "2025-01-30T11:15:50.108938Z"}, {"uuid": "d9e6a7e2-819f-4bb4-a3d1-869a60b65c2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12525", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ligixcvgzg2p", "content": "", "creation_timestamp": "2025-02-18T05:15:27.575549Z"}, {"uuid": "068c5319-a555-4d69-8d2b-eed2f67bf12a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12524", "type": "seen", "source": "MISP/ca7dfd4e-d0b5-4d10-8982-36d9f6e53c8e", "content": "", "creation_timestamp": "2025-09-01T13:53:38.000000Z"}, {"uuid": "2aaa3040-c718-4b1c-8b2b-6516b617a7b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12522", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lijdiiplye2g", "content": "", "creation_timestamp": "2025-02-19T08:15:40.753300Z"}, {"uuid": "cd149fce-a393-49c4-b0ff-7bcb2a89756b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12528", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/291", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12528\n\ud83d\udd39 Description: The WordPress Survey & Poll \u2013 Quiz, Survey and Poll Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpsurveypoll_results' shortcode in all versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-01-07T03:21:55.299Z\n\ud83d\udccf Modified: 2025-01-07T03:21:55.299Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/51cc6247-1948-4de1-b347-c7d818400777?source=cve\n2. https://plugins.trac.wordpress.org/browser/wp-survey-and-poll/trunk/wordpress-survey-and-poll.php#L49\n3. https://plugins.trac.wordpress.org/browser/wp-survey-and-poll/trunk/wordpress-survey-and-poll.php#L146", "creation_timestamp": "2025-01-07T03:37:03.000000Z"}, {"uuid": "d9fdf166-919e-43f6-9f63-c87bcd374cf4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12520", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1284", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12520\n\ud83d\udd39 Description: The Dominion \u2013 Domain Checker for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dominion_shortcodes_domain_search_6' shortcode in all versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-01-11T07:21:52.731Z\n\ud83d\udccf Modified: 2025-01-11T07:21:52.731Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/a684f597-da72-4697-9e37-ca45a30ca64d?source=cve\n2. https://plugins.trac.wordpress.org/browser/dominion-domain-checker-wpbakery-addon/trunk/modules/domain_search/domain_search_6/doamin_search_shortcodes.php#L91\n3. https://wordpress.org/plugins/dominion-domain-checker-wpbakery-addon", "creation_timestamp": "2025-01-11T08:04:07.000000Z"}, {"uuid": "d293921f-d6b7-4d48-b26f-71f56abf00c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12521", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/624", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12521\n\ud83d\udd39 Description: The Slotti Ajanvaraus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slotti-embed-ga' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-01-08T03:18:09.528Z\n\ud83d\udccf Modified: 2025-01-08T03:18:09.528Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/1d95ec4b-0cbc-49c6-821e-7050d8045159?source=cve\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3218204%40slotti-ajanvaraus&new=3218204%40slotti-ajanvaraus&sfp_email=&sfph_mail=", "creation_timestamp": "2025-01-08T03:39:31.000000Z"}, {"uuid": "02fe3733-c3e6-42c0-a9d7-e0ae15327200", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12527", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1280", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12527\n\ud83d\udd39 Description: The Perfect Portal Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'perfect_portal_intake_form' shortcode in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-01-11T07:21:54.236Z\n\ud83d\udccf Modified: 2025-01-11T07:21:54.236Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/bded6765-e994-46a4-8c88-c324a4fd6ee6?source=cve\n2. https://plugins.trac.wordpress.org/browser/perfect-portal-widgets/tags/3.0.3/perfect-portal-widgets.php#L330", "creation_timestamp": "2025-01-11T08:03:57.000000Z"}, {"uuid": "523a330c-5581-4a9d-90b8-bf43ef9e58e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12529", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3066", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12529\n\ud83d\udd39 Description: The brodos.net Onlineshop Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'BrodosCategory' shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-01-25T07:24:14.367Z\n\ud83d\udccf Modified: 2025-01-25T07:24:14.367Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/19a672c6-e911-46bb-a55b-c5788eedca3e?source=cve\n2. https://plugins.trac.wordpress.org/browser/brodos-net-onlineshop/tags/2.0.1/class.onlineshop-init.php#L113", "creation_timestamp": "2025-01-25T08:05:48.000000Z"}, {"uuid": "0f385cbc-66d0-4ae6-9f5a-ab742fb4aa1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12525", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4745", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12525\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Easy MLS Listings Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'homeasap-featured-listings' shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-02-18T04:21:16.077Z\n\ud83d\udccf Modified: 2025-02-18T04:21:16.077Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/6351a40d-523d-4edb-acba-5cf048a1014f?source=cve\n2. https://plugins.trac.wordpress.org/browser/easy-mls-listings-import/trunk/includes/class-homeasap-featured-listings-loader.php#L140", "creation_timestamp": "2025-02-18T07:56:56.000000Z"}, {"uuid": "8bff3b73-9cef-42e8-9f83-2357ebc2ee8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12524", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3485", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12524\n\ud83d\udd25 CVSS Score: 6.2 (CVSS_V3)\n\ud83d\udd39 Description: The Clinked Client Portal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'clinked-login-button' shortcode in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-01-30T12:31:18Z\n\ud83d\udccf Modified: 2025-01-30T12:31:18Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-12524\n2. https://plugins.trac.wordpress.org/browser/clinked-client-portal/trunk/clinked-wordpress-plugin.php#L87\n3. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3229331%40clinked-client-portal&new=3229331%40clinked-client-portal&sfp_email=&sfph_mail=\n4. https://www.wordfence.com/threat-intel/vulnerabilities/id/417b9dfe-2571-4816-af55-c7cb7dfa62c6?source=cve", "creation_timestamp": "2025-01-30T13:11:30.000000Z"}, {"uuid": "fc96d9bc-214a-4255-a767-1210b4dab41b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12529", "type": "seen", "source": "https://t.me/cvedetector/16381", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12529 - Brodos.net Onlineshop Plugin Stored Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-12529 \nPublished : Jan. 25, 2025, 8:15 a.m. | 42\u00a0minutes ago \nDescription : The brodos.net Onlineshop Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'BrodosCategory' shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-25T10:29:00.000000Z"}, {"uuid": "f7f9e289-7530-4714-aceb-7bfffe29c994", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12522", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4796", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12522\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Yay! Forms | Embed Custom Forms, Surveys, and Quizzes Easily plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'yayforms' shortcode in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-02-19T07:32:08.089Z\n\ud83d\udccf Modified: 2025-02-19T07:32:08.089Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/461ab75a-3ced-4296-9dc1-b8eee17a8299?source=cve\n2. https://plugins.trac.wordpress.org/browser/yayforms/tags/1.2.1/yayforms.php#L123", "creation_timestamp": "2025-02-19T08:41:18.000000Z"}, {"uuid": "39324ed5-f47b-45cb-b2db-df2ca7c5557f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12524", "type": "seen", "source": "https://t.me/cvedetector/16768", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12524 - Clinked Client Portal for WordPress Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12524 \nPublished : Jan. 30, 2025, 11:15 a.m. | 1\u00a0hour, 39\u00a0minutes ago \nDescription : The Clinked Client Portal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'clinked-login-button' shortcode in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-30T14:16:08.000000Z"}, {"uuid": "77a9ee78-8367-4a19-9fe0-4ca455b898a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12528", "type": "seen", "source": "https://t.me/cvedetector/14435", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12528 - WordPress Survey & Poll Stored Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2024-12528 \nPublished : Jan. 7, 2025, 4:15 a.m. | 39\u00a0minutes ago \nDescription : The WordPress Survey & Poll \u2013 Quiz, Survey and Poll Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpsurveypoll_results' shortcode in all versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-07T06:19:45.000000Z"}, {"uuid": "e2fcb615-6fc2-429f-98b5-40e8970e60da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12523", "type": "seen", "source": "https://t.me/cvedetector/12913", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12523 - Adobe States Map US WordPress Stored Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-12523 \nPublished : Dec. 14, 2024, 5:15 a.m. | 27\u00a0minutes ago \nDescription : The States Map US plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'states_map' shortcode in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-14T06:49:38.000000Z"}, {"uuid": "bf9fac26-be6f-4a00-a0ad-d6e0f690ec1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12527", "type": "seen", "source": "https://t.me/cvedetector/15049", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12527 - \"WordPress Perfect Portal Widgets Stored Cross-Site Scripting\"\", \n  \"Content\": \"CVE ID : CVE-2024-12527 \nPublished : Jan. 11, 2025, 8:15 a.m. | 33\u00a0minutes ago \nDescription : The Perfect Portal Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'perfect_portal_intake_form' shortcode in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-11T09:54:16.000000Z"}, {"uuid": "5db40ef9-3fa4-4b0b-a120-1deb6652644c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12520", "type": "seen", "source": "https://t.me/cvedetector/15048", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12520 - WordPress WPBakery - Stored Cross-Site Scripting in Dominion Domain Checker Shortcode\", \n  \"Content\": \"CVE ID : CVE-2024-12520 \nPublished : Jan. 11, 2025, 8:15 a.m. | 33\u00a0minutes ago \nDescription : The Dominion \u2013 Domain Checker for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dominion_shortcodes_domain_search_6' shortcode in all versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-11T09:54:15.000000Z"}, {"uuid": "58c77a3d-7c18-4767-8c64-dc5262d362c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12521", "type": "seen", "source": "https://t.me/cvedetector/14652", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12521 - WordPress Slotti Ajanvaraus Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12521 \nPublished : Jan. 8, 2025, 4:15 a.m. | 29\u00a0minutes ago \nDescription : The Slotti Ajanvaraus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slotti-embed-ga' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-08T05:47:02.000000Z"}, {"uuid": "1ffb8985-2bb3-4100-8dbd-7e6a2aac3ba9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12525", "type": "seen", "source": "Telegram/88kUvKzsCMqRP0cHDRv5CPS_kyuFqC1uAYFlqTqdmags3_kJ", "content": "", "creation_timestamp": "2025-02-18T11:39:00.000000Z"}, {"uuid": "9128c9f2-2459-42b0-a9fe-1a7a2480c1a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12526", "type": "seen", "source": "https://t.me/cvedetector/12708", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12526 - Arena.IM WordPress Live Blogging CSRF Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12526 \nPublished : Dec. 12, 2024, 5:15 a.m. | 43\u00a0minutes ago \nDescription : The Arena.IM \u2013 Live Blogging for real-time events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3.0. This is due to missing or incorrect nonce validation on the 'albfre_user_action' AJAX action. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T07:07:53.000000Z"}, {"uuid": "7920bb6d-f067-409b-b4f8-bc05d924c161", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1252", "type": "seen", "source": "https://t.me/ctinow/197332", "content": "https://ift.tt/dej2BN7\nCVE-2024-1252 | Tongda OA 2017 up to 11.9 delete.php ASK_DUTY_ID sql injection", "creation_timestamp": "2024-03-01T07:07:52.000000Z"}, {"uuid": "c3999278-12bf-40b0-a4c0-e8e9bd69848f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12522", "type": "seen", "source": "Telegram/kqlj6TnqgBp9U0pklx5wSD5tio30hHP6GJLJD0eDPv_CZugr", "content": "", "creation_timestamp": "2025-02-19T15:39:51.000000Z"}, {"uuid": "749c5995-4c8c-435d-bf44-052dabfe6146", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1252", "type": "seen", "source": "https://t.me/ctinow/184296", "content": "https://ift.tt/EOU2s7C\nCVE-2024-1252 Exploit", "creation_timestamp": "2024-02-13T23:16:49.000000Z"}, {"uuid": "dd274f97-4fcf-4b3e-b8b4-e63f2aa2c79d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1252", "type": "seen", "source": "https://t.me/ctinow/180208", "content": "https://ift.tt/v9PUjVn\nCVE-2024-1252", "creation_timestamp": "2024-02-06T18:27:02.000000Z"}]}