{"vulnerability": "CVE-2024-1256", "sightings": [{"uuid": "5662c01e-767f-4c71-bcfc-08ea2da45d4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12569", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ldnjyhdq7t2b", "content": "", "creation_timestamp": "2024-12-19T09:16:39.503364Z"}, {"uuid": "d3a71faf-7dd5-41e6-91ba-48ee64687cc9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12564", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113638746073551647", "content": "", "creation_timestamp": "2024-12-12T07:47:36.250461Z"}, {"uuid": "831c734e-3d90-4dfc-985b-3df4d07fb6f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12560", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113678240214070048", "content": "", "creation_timestamp": "2024-12-19T07:11:28.889949Z"}, {"uuid": "b3a4a11d-8f4c-4ae1-91fc-7494d8974630", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12566", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113819537157281010", "content": "", "creation_timestamp": "2025-01-13T06:05:09.115398Z"}, {"uuid": "b89d034c-ec9b-4935-9ad4-662b003e78a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12567", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113819537173124576", "content": "", "creation_timestamp": "2025-01-13T06:05:09.541985Z"}, {"uuid": "dd338051-86bb-4cf0-aaa4-874c5322b8d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12567", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113819557938681426", "content": "", "creation_timestamp": "2025-01-13T06:10:26.492242Z"}, {"uuid": "0ea773a6-d029-4491-a46a-089567613446", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12566", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113819557923596213", "content": "", "creation_timestamp": "2025-01-13T06:10:26.564320Z"}, {"uuid": "d5a9faf7-cc72-4858-8517-478d03a66c3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12566", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfm3k6kaxm2n", "content": "", "creation_timestamp": "2025-01-13T06:15:51.867589Z"}, {"uuid": "959d445c-a75d-43b7-aec4-293fdab8137e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12567", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfm3kasn5b2f", "content": "", "creation_timestamp": "2025-01-13T06:15:53.960403Z"}, {"uuid": "b25a3236-dd22-4448-9af6-94eb9b3e7d3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12568", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfm3kd2cdm2n", "content": "", "creation_timestamp": "2025-01-13T06:15:56.651606Z"}, {"uuid": "b6972a7b-a76d-4a93-a09a-20c7667ed434", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12568", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113819616971345552", "content": "", "creation_timestamp": "2025-01-13T06:25:26.962944Z"}, {"uuid": "680e63a0-cbce-4447-b12c-9b091831f7f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12568", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfm4qfvefj2k", "content": "", "creation_timestamp": "2025-01-13T06:37:14.725041Z"}, {"uuid": "a16644aa-6350-47ae-a5fe-e1caddd78004", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12567", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfm4qg573i2q", "content": "", "creation_timestamp": "2025-01-13T06:37:15.820643Z"}, {"uuid": "97bb1059-f8d2-4cff-9d79-b7f5d901b5a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12566", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfm4qgajd42w", "content": "", "creation_timestamp": "2025-01-13T06:37:16.328853Z"}, {"uuid": "8a4f35c9-8efa-4cf7-8893-09bb888a09ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12569", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-016-03", "content": "", "creation_timestamp": "2025-01-16T11:00:00.000000Z"}, {"uuid": "79807e93-ed3a-4866-808f-5ca242b17ba1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12562", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/114007194725422674", "content": "", "creation_timestamp": "2025-02-15T09:28:56.335295Z"}, {"uuid": "b64ac53e-d1dd-409e-a67e-8d17a1786781", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12562", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114007506812321016", "content": "", "creation_timestamp": "2025-02-15T10:48:18.832013Z"}, {"uuid": "e144aa42-67bc-4d9e-a505-6bd7fc61a34f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12562", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3li7le566hk2m", "content": "", "creation_timestamp": "2025-02-15T11:09:48.328614Z"}, {"uuid": "2c20f4b9-8e5b-4142-a33f-946c9ce52b58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12562", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3liawfnrvbv2e", "content": "", "creation_timestamp": "2025-02-16T00:00:12.056300Z"}, {"uuid": "57d8ede0-2215-4bd7-a726-453958237c91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12562", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lic6mzliav25", "content": "", "creation_timestamp": "2025-02-16T12:00:06.131124Z"}, {"uuid": "75d63161-f140-491a-b611-5c7c3d8556fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12562", "type": "seen", "source": "https://bsky.app/profile/dinosn.bsky.social/post/3ligecn6xl226", "content": "", "creation_timestamp": "2025-02-18T03:52:23.462134Z"}, {"uuid": "a451c8ba-6cef-4bfa-96f9-3001b7fe29e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-12562", "type": "seen", "source": "https://bsky.app/profile/kyosuke-tanaka.bsky.social/post/3ligf4y4msc2n", "content": "", "creation_timestamp": "2025-02-18T04:07:03.704056Z"}, {"uuid": "9ce05e40-a730-428e-bde6-d4589ba2d9a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12563", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114185635690153098", "content": "", "creation_timestamp": "2025-03-18T21:48:50.242952Z"}, {"uuid": "e4018742-3280-4c8f-a3fe-46ea255feba1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12562", "type": "seen", "source": "https://bsky.app/profile/bolhasec.com/post/3lihonr4tqw2i", "content": "", "creation_timestamp": "2025-02-18T16:30:09.759806Z"}, {"uuid": "8c599435-8604-4095-b7f5-9dd6b647779a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12563", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkot42i2lk2n", "content": "", "creation_timestamp": "2025-03-18T23:28:45.132058Z"}, {"uuid": "df70958d-9216-442b-9fc4-c732aab4de1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12569", "type": "seen", "source": "MISP/acd0294c-4561-4286-a04e-5c02a1c67b1f", "content": "", "creation_timestamp": "2025-09-15T13:28:32.000000Z"}, {"uuid": "50f1fe29-4e38-4668-b956-1627e81ad94d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12569", "type": "seen", "source": "MISP/acd0294c-4561-4286-a04e-5c02a1c67b1f", "content": "", "creation_timestamp": "2025-09-16T03:45:02.000000Z"}, {"uuid": "798a9b0b-1633-4dad-8053-e53a2e6a69f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12569", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/389", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12569\n\ud83d\udd39 Description: Disclosure\nof sensitive information in a Milestone XProtect Device Pack driver\u2019s log file for third-party cameras, allows an attacker to read camera\ncredentials stored in the Recording Server under specific conditions.\n\ud83d\udccf Published: 2024-12-19T08:41:33.342Z\n\ud83d\udccf Modified: 2025-01-07T09:58:47.238Z\n\ud83d\udd17 References:\n1. https://supportcommunity.milestonesys.com/KBRedir?art=000067740&lang=en_US", "creation_timestamp": "2025-01-07T10:36:32.000000Z"}, {"uuid": "93f9e07d-135a-425e-b266-c0c24d44d470", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12567", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1352", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12567\n\ud83d\udd39 Description: The Email Subscribers by Icegram Express  WordPress plugin before 5.7.45 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n\ud83d\udccf Published: 2025-01-13T06:00:10.180Z\n\ud83d\udccf Modified: 2025-01-13T06:00:10.180Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/82051ccc-c528-4ff3-900a-3b8e8ad34145/", "creation_timestamp": "2025-01-13T06:05:58.000000Z"}, {"uuid": "c18a9d51-7fee-4916-8b0e-d0fbf5d3c807", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12568", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1351", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12568\n\ud83d\udd39 Description: The Email Subscribers by Icegram Express  WordPress plugin before 5.7.45 does not sanitise and escape some of its Workflow settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n\ud83d\udccf Published: 2025-01-13T06:00:10.651Z\n\ud83d\udccf Modified: 2025-01-13T06:00:10.651Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/0ce9075a-754b-474e-9620-17da8ee29b56/", "creation_timestamp": "2025-01-13T06:05:55.000000Z"}, {"uuid": "d3faf6df-e163-4cf7-b8c0-978f2901d3ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12566", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1353", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12566\n\ud83d\udd39 Description: The Email Subscribers by Icegram Express  WordPress plugin before 5.7.45 does not sanitise and escape some of form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n\ud83d\udccf Published: 2025-01-13T06:00:07.508Z\n\ud83d\udccf Modified: 2025-01-13T06:00:07.508Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/9206064a-d54e-44ad-9670-65520ee166a6/", "creation_timestamp": "2025-01-13T06:06:01.000000Z"}, {"uuid": "07dcc82f-8943-42e6-827e-c35e61d18a6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12562", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4554", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12562\n\ud83d\udd25 CVSS Score: 9.8 (CVSS_V3)\n\ud83d\udd39 Description: The s2Member Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 241216 via deserialization of untrusted input from the 's2member_pro_remote_op' vulnerable parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.\n\ud83d\udccf Published: 2025-02-15T12:30:50Z\n\ud83d\udccf Modified: 2025-02-15T12:30:50Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-12562\n2. https://s2member.com/changelog\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/65192fdb-86db-475a-8c61-4db922920cfe?source=cve", "creation_timestamp": "2025-02-15T13:11:14.000000Z"}, {"uuid": "335ee6fd-76a6-4d2e-aa95-6758847632ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12562", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4548", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12562\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-15T10:15:08.197\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://s2member.com/changelog/\n2. https://www.wordfence.com/threat-intel/vulnerabilities/id/65192fdb-86db-475a-8c61-4db922920cfe?source=cve", "creation_timestamp": "2025-02-15T11:10:50.000000Z"}, {"uuid": "08874658-0679-42c1-96df-d64c013194cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12563", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7997", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12563\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The s2Member Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 250214 via the 'template' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution.\n\ud83d\udccf Published: 2025-03-18T20:21:44.690Z\n\ud83d\udccf Modified: 2025-03-18T20:38:55.295Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/d3326e9d-504f-444f-baf7-03989594f483?source=cve\n2. https://s2member.com/changelog/", "creation_timestamp": "2025-03-18T20:48:16.000000Z"}, {"uuid": "5bd3174f-d2d1-4857-924a-0e90c8e648bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12562", "type": "seen", "source": "https://t.me/cvedetector/18163", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12562 - WordPress s2Member Pro PHP Object Injection\", \n  \"Content\": \"CVE ID : CVE-2024-12562 \nPublished : Feb. 15, 2025, 10:15 a.m. | 1\u00a0hour, 4\u00a0minutes ago \nDescription : The s2Member Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 241216 via deserialization of untrusted input from the 's2member_pro_remote_op' vulnerable parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-15T12:41:22.000000Z"}, {"uuid": "8fc3de5d-ef1c-46ab-8c5d-6ecade2da165", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12562", "type": "seen", "source": "Telegram/MmhdZ478J5V7BjYfuWVQSUbCwRuwBDWKSNeHo7EBPZtcEGW8", "content": "", "creation_timestamp": "2025-02-24T14:08:42.000000Z"}, {"uuid": "ce0504ed-834f-49ba-9c05-72420915a186", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12562", "type": "seen", "source": "https://t.me/hackyourmom/10575", "content": "\ud83d\udd0d \u041a\u0440\u0438\u0442\u0438\u0447\u043d\u0430 \u0443\u0440\u0430\u0437\u043b\u0438\u0432\u0456\u0441\u0442\u044c \u0443 s2Member Pro \u0441\u0442\u0430\u0432\u0438\u0442\u044c \u043f\u0456\u0434 \u0437\u0430\u0433\u0440\u043e\u0437\u0443 \u043c\u0456\u043b\u044c\u0439\u043e\u043d\u0438 \u0441\u0430\u0439\u0442\u0456\u0432! \u0412\u0438\u044f\u0432\u043b\u0435\u043d\u043e CVE-2024-12562 (CVSS 9.8), \u0449\u043e \u0434\u043e\u0437\u0432\u043e\u043b\u044f\u0454 \u0432\u043f\u0440\u043e\u0432\u0430\u0434\u0436\u0443\u0432\u0430\u0442\u0438 \u0448\u043a\u0456\u0434\u043b\u0438\u0432\u0456 PHP-\u043e\u0431\u2019\u0454\u043a\u0442\u0438 \u0431\u0435\u0437 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0456\u0457 \ud83d\udc7e #cybernews", "creation_timestamp": "2025-02-18T16:22:49.000000Z"}, {"uuid": "991d1a7d-4223-4b9b-bf28-3e45963644db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12563", "type": "seen", "source": "https://t.me/cvedetector/20611", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12563 - WordPress s2Member Pro Local File Inclusion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12563 \nPublished : March 18, 2025, 9:15 p.m. | 1\u00a0hour, 24\u00a0minutes ago \nDescription : The s2Member Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 250214 via the 'template' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-19T00:26:16.000000Z"}, {"uuid": "107838ff-ac09-4e5c-b4cc-f12081aaa96c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12560", "type": "seen", "source": "https://t.me/cvedetector/13308", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12560 - Wordpress Button Block Sensitive Information Exposure\", \n  \"Content\": \"CVE ID : CVE-2024-12560 \nPublished : Dec. 19, 2024, 7:15 a.m. | 38\u00a0minutes ago \nDescription : The Button Block \u2013 Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.5 via the 'btn_block_duplicate_post' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract potentially sensitive data from draft, scheduled (future), private, and password protected posts. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-19T08:57:54.000000Z"}, {"uuid": "338755da-05db-41d4-9fe3-1acfa52f9d3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12569", "type": "seen", "source": "https://t.me/cvedetector/13315", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12569 - HikVision XProtect Device Pack Log File Disclosure\", \n  \"Content\": \"CVE ID : CVE-2024-12569 \nPublished : Dec. 19, 2024, 9:16 a.m. | 19\u00a0minutes ago \nDescription : Disclosure of sensitive information in HikVision camera driver's log file in XProtect Device Pack allows an attacker to read camera credentials stored in the Recording Server under specific conditions. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-19T10:38:16.000000Z"}, {"uuid": "ad97cf9b-a87b-4a25-85a7-7b3259ddb904", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12568", "type": "seen", "source": "https://t.me/cvedetector/15124", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12568 - Icegram Express WordPress Stored Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-12568 \nPublished : Jan. 13, 2025, 6:15 a.m. | 30\u00a0minutes ago \nDescription : The Email Subscribers by Icegram Express  WordPress plugin before 5.7.45 does not sanitise and escape some of its Workflow settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-13T07:52:28.000000Z"}, {"uuid": "b05222a6-7089-4f8c-b593-2479c3132192", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12567", "type": "seen", "source": "https://t.me/cvedetector/15123", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12567 - Icegram Express WordPress Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12567 \nPublished : Jan. 13, 2025, 6:15 a.m. | 30\u00a0minutes ago \nDescription : The Email Subscribers by Icegram Express  WordPress plugin before 5.7.45 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-13T07:52:28.000000Z"}, {"uuid": "4382eed4-944f-422f-831d-f842d8f76e2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12566", "type": "seen", "source": "https://t.me/cvedetector/15122", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12566 - Icegram Express WordPress Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12566 \nPublished : Jan. 13, 2025, 6:15 a.m. | 30\u00a0minutes ago \nDescription : The Email Subscribers by Icegram Express  WordPress plugin before 5.7.45 does not sanitise and escape some of form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-13T07:52:26.000000Z"}, {"uuid": "a38d60e4-674b-444b-8049-e7a725e2bb96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12564", "type": "seen", "source": "https://t.me/cvedetector/12753", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12564 - Open Design Alliance CDE Information Exposure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12564 \nPublished : Dec. 12, 2024, 8:15 a.m. | 21\u00a0minutes ago \nDescription : Exposure of Sensitive Information to an Unauthorized Actor vulnerability was discovered in Open Design Alliance CDE inWEB SDK before 2025.3. Installing CDE Server with default settings allows unauthorized users to visit prometheus metrics page. This can allow attackers to understand more things about the target application which may help in further investigation and exploitation. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T09:39:00.000000Z"}, {"uuid": "0b9594c9-fc47-4b0c-b0b2-d92e41221372", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12562", "type": "seen", "source": "Telegram/Fb_mBeNfRi5FKSAvr7kSbpuWfdEci1FShbjUFuY7Z82Rg5qm", "content": "", "creation_timestamp": "2025-02-15T23:50:18.000000Z"}, {"uuid": "faace5d4-88c5-4320-a15c-e5f8d60fd7fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12562", "type": "seen", "source": "https://t.me/CyberBulletin/2496", "content": "\u26a1CVE-2024-12562: Critical s2Member Pro Flaw Leaves Millions of WordPress Sites Vulnerable.\n\n#CyberBulletin", "creation_timestamp": "2025-03-06T02:39:05.000000Z"}, {"uuid": "7e322ab3-fa25-4981-84fc-5ad522e87f54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1256", "type": "seen", "source": "https://t.me/ctinow/197375", "content": "https://ift.tt/C0pPuo3\nCVE-2024-1256 | Jspxcms 10.2.0 filter_text.do cross site scripting", "creation_timestamp": "2024-03-01T08:11:29.000000Z"}, {"uuid": "15b24d08-ffc5-4c10-9b6c-cca1720f494b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1256", "type": "seen", "source": "https://t.me/ctinow/182464", "content": "https://ift.tt/KHkvPui\nCVE-2024-1256 Exploit", "creation_timestamp": "2024-02-10T08:16:28.000000Z"}, {"uuid": "6b79b29d-7242-4295-a0c9-66937edb3d0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1256", "type": "seen", "source": "https://t.me/ctinow/180331", "content": "https://ift.tt/TdC4eg7\nCVE-2024-1256", "creation_timestamp": "2024-02-06T21:26:37.000000Z"}]}