{"vulnerability": "CVE-2024-1253", "sightings": [{"uuid": "a65ee16a-535e-4f85-87ba-d742891cffed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12536", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113637204182051809", "content": "", "creation_timestamp": "2024-12-12T01:15:29.013248Z"}, {"uuid": "7e0baf4f-1fdb-403f-8786-0c4552cc4df3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12539", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113670150654187068", "content": "", "creation_timestamp": "2024-12-17T20:54:12.157582Z"}, {"uuid": "97ca268d-94c4-41de-91c1-3ea444e4a4a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12539", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113670268893584009", "content": "", "creation_timestamp": "2024-12-17T21:24:16.244830Z"}, {"uuid": "d690e9b9-e3d7-46e1-a240-961029773172", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12535", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113785617281381888", "content": "", "creation_timestamp": "2025-01-07T06:18:53.560667Z"}, {"uuid": "53810789-dda5-4ee4-94dd-d5deede4342b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12535", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf4zpopd7k2g", "content": "", "creation_timestamp": "2025-01-07T06:33:19.542241Z"}, {"uuid": "a9dc866c-20e3-4be9-ac09-fa29558176ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12538", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113785064291904237", "content": "", "creation_timestamp": "2025-01-07T03:58:15.074348Z"}, {"uuid": "c4b48393-f945-442f-9ec2-6b6eac372c42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12535", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113785733275961310", "content": "", "creation_timestamp": "2025-01-07T06:48:23.180514Z"}, {"uuid": "13ee998c-694a-446c-9940-04594514d43a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12532", "type": "seen", "source": "https://bsky.app/profile/wiretor.bsky.social/post/3lf5uzns2gk2g", "content": "", "creation_timestamp": "2025-01-07T14:42:05.442370Z"}, {"uuid": "a95e8599-4327-48a2-9156-47d0663a1db6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12538", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf4rzzbyr62m", "content": "", "creation_timestamp": "2025-01-07T04:15:49.449312Z"}, {"uuid": "83910d0a-80d9-444e-8ec2-efce2e76cc1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12532", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf5muozicb2l", "content": "", "creation_timestamp": "2025-01-07T12:16:02.033405Z"}, {"uuid": "09a9a928-3926-4f0e-8e16-fab1ad0a858f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12532", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf5oxre4ce2i", "content": "", "creation_timestamp": "2025-01-07T12:53:33.719842Z"}, {"uuid": "31de0e08-3374-47bb-9bca-0757a89e0bf2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12535", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf4yrl6ygx2i", "content": "", "creation_timestamp": "2025-01-07T06:16:22.390262Z"}, {"uuid": "389acd4f-74e3-4347-9451-ae4fbf240e18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12535", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lg7ad5yyeg2t", "content": "", "creation_timestamp": "2025-01-20T21:02:06.581166Z"}, {"uuid": "e1e05745-abcc-4b22-b538-93bb5ac70882", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12538", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/281", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12538\n\ud83d\udd39 Description: The Duplicate Post, Page and Any Custom Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.3 via the 'dpp_duplicate_as_draft' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract potentially sensitive data from draft, scheduled (future), private, and password protected posts.\n\ud83d\udccf Published: 2025-01-07T03:21:59.599Z\n\ud83d\udccf Modified: 2025-01-07T03:21:59.599Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/f38543ff-1074-4273-be33-8142d59e904f?source=cve\n2. https://plugins.trac.wordpress.org/browser/duplicate-pp/trunk/duplicate-pp.php#L22", "creation_timestamp": "2025-01-07T03:36:02.000000Z"}, {"uuid": "e306db21-d452-43b4-a159-b03e62510519", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12537", "type": "seen", "source": "MISP/3e4b778d-5810-4171-a915-f1d106684af4", "content": "", "creation_timestamp": "2025-08-11T18:27:49.000000Z"}, {"uuid": "b286823b-779f-4a4a-9ba4-ae564b45cc6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12532", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/392", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12532\n\ud83d\udd39 Description: The BWD Elementor Addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.18 in widgets/bwdeb-content-switcher.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.\n\ud83d\udccf Published: 2025-01-07T11:11:11.537Z\n\ud83d\udccf Modified: 2025-01-07T11:11:11.537Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/8bdf6a52-7316-440b-9d36-d405a672dce1?source=cve\n2. https://plugins.trac.wordpress.org/changeset/3211460/bwd-elementor-addons", "creation_timestamp": "2025-01-07T11:37:18.000000Z"}, {"uuid": "a74121ff-93a4-47ba-96e2-75f37f0fced4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12530", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114354482967202522", "content": "", "creation_timestamp": "2025-04-17T17:28:54.622916Z"}, {"uuid": "cf137e1f-95f5-45ae-8488-217ed37a25de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12533", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lp2rlp3ficr2", "content": "", "creation_timestamp": "2025-05-13T15:31:06.059999Z"}, {"uuid": "5e6931b8-3ef6-477c-86a2-5d8297e105cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12535", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/339", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12535\n\ud83d\udd39 Description: The Host PHP Info plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to read configuration settings and predefined variables on the site's server. The plugin does not need to be activated for the vulnerability to be exploited.\n\ud83d\udccf Published: 2025-01-07T05:23:55.768Z\n\ud83d\udccf Modified: 2025-01-07T05:23:55.768Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/88d27385-9b92-419c-9e03-687d7192bbb5?source=cve\n2. https://plugins.trac.wordpress.org/browser/host-php-info/trunk/info.php#L2", "creation_timestamp": "2025-01-07T05:38:26.000000Z"}, {"uuid": "4af2ae64-8bc4-4aed-8c43-62cccb396d88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1253", "type": "seen", "source": "https://t.me/ctinow/184295", "content": "https://ift.tt/0TXxBbv\nCVE-2024-1253 Exploit", "creation_timestamp": "2024-02-13T23:16:48.000000Z"}, {"uuid": "9c6222f7-cb60-4151-8639-b671480f7bb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12537", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10423", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12537\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: In version 0.3.32 of open-webui/open-webui, the absence of authentication mechanisms allows any unauthenticated attacker to access the `api/v1/utils/code/format` endpoint. If a malicious actor sends a POST request with an excessively high volume of content, the server could become completely unresponsive. This could lead to severe performance issues, causing the server to become unresponsive or experience significant degradation, ultimately resulting in service interruptions for legitimate users.\n\ud83d\udccf Published: 2025-03-20T10:09:10.774Z\n\ud83d\udccf Modified: 2025-04-04T08:45:40.046Z\n\ud83d\udd17 References:\n1. https://huntr.com/bounties/edabd06c-acc0-428c-a481-271f333755bc", "creation_timestamp": "2025-04-04T09:35:54.000000Z"}, {"uuid": "f505545b-8046-4866-8ae3-ac875d5e3a82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12538", "type": "seen", "source": "https://t.me/cvedetector/14436", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12538 - WordPress Duplicate Post Plugin Sensitive Information Exposure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12538 \nPublished : Jan. 7, 2025, 4:15 a.m. | 39\u00a0minutes ago \nDescription : The Duplicate Post, Page and Any Custom Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.3 via the 'dpp_duplicate_as_draft' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract potentially sensitive data from draft, scheduled (future), private, and password protected posts. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-07T06:19:45.000000Z"}, {"uuid": "194e245e-dd6a-430b-90b9-b1d0796ca17c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12532", "type": "seen", "source": "https://t.me/cvedetector/14532", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12532 - Elementor Addons for WordPress Sensitive Information Exposure\", \n  \"Content\": \"CVE ID : CVE-2024-12532 \nPublished : Jan. 7, 2025, 12:15 p.m. | 29\u00a0minutes ago \nDescription : The BWD Elementor Addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.18 in widgets/bwdeb-content-switcher.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-07T13:52:33.000000Z"}, {"uuid": "4fd872c1-2f34-48bc-b013-8ab98969daa9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12539", "type": "seen", "source": "https://t.me/cvedetector/13135", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12539 - Elasticsearch Auth Bypass Document Level Security Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12539 \nPublished : Dec. 17, 2024, 9:15 p.m. | 42\u00a0minutes ago \nDescription : An issue was discovered where improper authorization controls affected certain queries that could allow a malicious actor to circumvent Document Level Security in Elasticsearch and get access to documents that their roles would normally not allow. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-17T23:28:31.000000Z"}, {"uuid": "39226ff1-4bbf-4afe-bf45-cc202c28f376", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1253", "type": "seen", "source": "https://t.me/ctinow/197333", "content": "https://ift.tt/tAlIpRz\nCVE-2024-1253 | Beijing Baichuo Smart S40 Management Platform up to 20240126 Import /useratte/web.php file_upload unrestricted upload", "creation_timestamp": "2024-03-01T07:07:53.000000Z"}, {"uuid": "fe6d23fd-af8f-4b9e-a0bf-253ef33c6297", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1253", "type": "seen", "source": "https://t.me/ctinow/180209", "content": "https://ift.tt/hoGAwsO\nCVE-2024-1253", "creation_timestamp": "2024-02-06T18:27:03.000000Z"}, {"uuid": "f69cbe0a-63e4-4b9f-b213-19859c65491a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12533", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16143", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12533\n\ud83d\udd25 CVSS Score: 3.3 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)\n\ud83d\udd39 Description: Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore Technology 4 allows Input Data Manipulation.This issue affects SecureCore Technology 4: from 4.0.1.0 before 4.0.1.1018, from 4.1.0.1 before 4.1.0.573, from 4.2.0.1 before 4.2.0.338, from 4.2.1.1 before 4.2.1.300, from 4.3.0.1 before 4.3.0.244, from 4.3.1.1 before 4.3.1.187, from 4.4.0.1 before 4.4.0.299, from 4.5.0.1 before 4.5.0.231, from 4.5.1.1 before 4.5.1.103, from 4.5.5.1 before 4.5.5.36, from 4.6.0.1 before 4.6.0.67.\n\ud83d\udccf Published: 2025-05-13T14:56:41.235Z\n\ud83d\udccf Modified: 2025-05-13T15:15:09.100Z\n\ud83d\udd17 References:\n1. https://www.phoenix.com/security-notifications/cve-2024-12533", "creation_timestamp": "2025-05-13T15:31:17.000000Z"}, {"uuid": "1ef6c2bf-1390-44c4-9798-0b3133a148bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12535", "type": "seen", "source": "https://t.me/cvedetector/14470", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12535 - \"WordPress Host PHP Info Plugin Unauthenticated Arbitrary Configuration Disclosure\"\", \n  \"Content\": \"CVE ID : CVE-2024-12535 \nPublished : Jan. 7, 2025, 6:15 a.m. | 41\u00a0minutes ago \nDescription : The Host PHP Info plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to read configuration settings and predefined variables on the site's server. The plugin does not need to be activated for the vulnerability to be exploited. \nSeverity: 8.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-07T08:00:35.000000Z"}]}