{"vulnerability": "CVE-2024-1277", "sightings": [{"uuid": "9a57482f-9ede-4c67-8394-a753ced66db1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12771", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ldse6f7fhc2m", "content": "", "creation_timestamp": "2024-12-21T07:15:54.847648Z"}, {"uuid": "870a3e76-97dd-4d30-bafa-cdc3eccce7dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12771", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113689695602544719", "content": "", "creation_timestamp": "2024-12-21T07:44:44.449025Z"}, {"uuid": "6fc06084-9d18-458d-bfed-1476a2e91f8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12772", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113921455048136997", "content": "", "creation_timestamp": "2025-01-31T06:04:12.703228Z"}, {"uuid": "0d497f23-b3a3-4e35-90f2-b2d37bf27ec5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12772", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgzdwoiofc2p", "content": "", "creation_timestamp": "2025-01-31T06:15:49.236208Z"}, {"uuid": "233d3b49-9385-4109-92ad-6b4a4ad3cf22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12773", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgpc33rp6r2e", "content": "", "creation_timestamp": "2025-01-27T06:15:52.497849Z"}, {"uuid": "1e11ff40-22ea-4fec-b0e7-3bb1645ee71d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12774", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgpc36dxao2i", "content": "", "creation_timestamp": "2025-01-27T06:15:55.296810Z"}, {"uuid": "4c1b0eb1-1956-4d36-8fbe-de200933a7ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12774", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113898874756198477", "content": "", "creation_timestamp": "2025-01-27T06:21:44.929661Z"}, {"uuid": "2125c0fe-7251-497e-b152-061b0e815d64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12773", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgpdximm7r2u", "content": "", "creation_timestamp": "2025-01-27T06:49:41.245286Z"}, {"uuid": "00225ad8-e7c6-49dd-88d5-90510901c6d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12774", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgpdxjgtds2r", "content": "", "creation_timestamp": "2025-01-27T06:49:45.204603Z"}, {"uuid": "b87acce2-5842-4a34-85d7-1805d076908d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12773", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113898798754392142", "content": "", "creation_timestamp": "2025-01-27T06:02:25.265963Z"}, {"uuid": "b6d7941f-7593-4388-9350-1ac1df06fb5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12773", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113898815721237909", "content": "", "creation_timestamp": "2025-01-27T06:06:45.066273Z"}, {"uuid": "5ad34fd8-87e0-421f-820d-e8e28acfbaae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12773", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3158", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: GHSA-v9f7-mhwh-hfh9\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Altra Side Menu WordPress plugin through 2.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks\n\ud83d\udccf Published: 2025-01-27T06:30:26Z\n\ud83d\udccf Modified: 2025-01-27T06:30:26Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-12773\n2. https://wpscan.com/vulnerability/fab64105-599f-49a4-b01d-c873ff34b590", "creation_timestamp": "2025-01-27T07:07:46.000000Z"}, {"uuid": "4dad3493-1911-44d9-af2e-b534e63a0d79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12774", "type": "seen", "source": "https://t.me/cvedetector/16445", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12774 - Altra Side Menu CSRF Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12774 \nPublished : Jan. 27, 2025, 6:15 a.m. | 2\u00a0hours, 12\u00a0minutes ago \nDescription : The Altra Side Menu WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary menu via a CSRF attack \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-27T10:08:29.000000Z"}, {"uuid": "3cb69d8f-cbf4-46ea-b642-d2897f593122", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12772", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3622", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12772\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Ninja Tables  WordPress plugin before 5.0.17 does not sanitize and escape a parameter before outputting it back in the page when importing a CSV, leading to a Cross Site Scripting vulnerability.\n\ud83d\udccf Published: 2025-01-31T06:30:53Z\n\ud83d\udccf Modified: 2025-01-31T06:30:53Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-12772\n2. https://wpscan.com/vulnerability/7b6d0f95-6632-4079-8c1b-517a8d02c330", "creation_timestamp": "2025-01-31T08:15:16.000000Z"}, {"uuid": "e5034346-4b01-4831-930c-485d229c6190", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12779", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8198", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12779\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: A Server-Side Request Forgery (SSRF) vulnerability exists in infiniflow/ragflow version 0.12.0. The vulnerability is present in the `POST /v1/llm/add_llm` and `POST /v1/conversation/tts` endpoints. Attackers can specify an arbitrary URL as the `api_base` when adding an `OPENAITTS` model, and subsequently access the `tts` REST API endpoint to read contents from the specified URL. This can lead to unauthorized access to internal web resources.\n\ud83d\udccf Published: 2025-03-20T10:11:28.705Z\n\ud83d\udccf Modified: 2025-03-20T10:11:28.705Z\n\ud83d\udd17 References:\n1. https://huntr.com/bounties/3cc748ba-2afb-4bfe-8553-10eb6d6dd4f0", "creation_timestamp": "2025-03-20T10:19:42.000000Z"}, {"uuid": "8530320e-a241-4392-add6-79a4057bb020", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12773", "type": "seen", "source": "https://t.me/cvedetector/16442", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12773 - Altra Side Menu WordPress SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12773 \nPublished : Jan. 27, 2025, 6:15 a.m. | 2\u00a0hours, 12\u00a0minutes ago \nDescription : The Altra Side Menu WordPress plugin through 2.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-27T10:08:24.000000Z"}, {"uuid": "f615741b-7225-41ac-84e0-abb431ef7c09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12771", "type": "seen", "source": "https://t.me/cvedetector/13484", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12771 - WordPress eCommerce Product Catalog Cross-Site Request Forgery (CSRF)\", \n  \"Content\": \"CVE ID : CVE-2024-12771 \nPublished : Dec. 21, 2024, 7:15 a.m. | 15\u00a0minutes ago \nDescription : The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.43. This is due to missing or incorrect nonce validation on the 'customer_panel_password_reset' function. This makes it possible for unauthenticated attackers to reset the password of any administrator or customer account via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-21T08:38:37.000000Z"}, {"uuid": "5b385b76-bda5-456a-bd8c-818ed6054451", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1277", "type": "seen", "source": "https://t.me/ctinow/203182", "content": "https://ift.tt/ZS0aTJ4\nCVE-2024-1277 | Ocean Extra Plugin up to 2.2.4 on WordPress cross site scripting", "creation_timestamp": "2024-03-08T09:51:53.000000Z"}]}