{"vulnerability": "CVE-2024-1282", "sightings": [{"uuid": "036406c4-6fbc-429c-9578-880e5eb48fa7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12829", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-24-1717/", "content": "", "creation_timestamp": "2024-12-19T05:00:00.000000Z"}, {"uuid": "cb58a4c3-ee92-47a0-9d85-7fb2e1153941", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12828", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-24-1725/", "content": "", "creation_timestamp": "2024-12-20T05:00:00.000000Z"}, {"uuid": "49e34e33-c47a-417d-8700-274d36b11ef2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12829", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113682309281147356", "content": "", "creation_timestamp": "2024-12-20T00:26:18.039602Z"}, {"uuid": "08db2ed4-148e-4a7d-8a7f-ca7208f2e91d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12829", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ldp7lc5qer2m", "content": "", "creation_timestamp": "2024-12-20T01:15:40.131091Z"}, {"uuid": "ed12196d-a672-406d-8520-99d3210d399d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12828", "type": "seen", "source": "https://bsky.app/profile/dinosn.bsky.social/post/3ldzoh4acss2i", "content": "", "creation_timestamp": "2024-12-24T05:08:26.032651Z"}, {"uuid": "1db0278d-8a69-401a-8bf0-081fd8afee48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12828", "type": "seen", "source": "https://bsky.app/profile/bolhasec.com/post/3ldzyw5arpt2l", "content": "", "creation_timestamp": "2024-12-24T08:15:46.638731Z"}, {"uuid": "c4173911-1faf-4bf0-bcf0-d1c5e0f7ceb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12828", "type": "seen", "source": "https://infosec.exchange/users/edwardk/statuses/113708106021039311", "content": "", "creation_timestamp": "2024-12-24T13:46:44.905019Z"}, {"uuid": "2935df9e-141d-4e67-9103-8bccf4862960", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-12828", "type": "seen", "source": "https://bsky.app/profile/kyosuke-tanaka.bsky.social/post/3le46peaknc25", "content": "", "creation_timestamp": "2024-12-25T05:04:39.439727Z"}, {"uuid": "94cc5d9a-8e69-4cc3-8401-30833278b162", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12828", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113742818716870290", "content": "", "creation_timestamp": "2024-12-30T16:54:38.744237Z"}, {"uuid": "35f1017f-58d2-46e2-ad0e-7c8c3b1441c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12828", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113742833821256848", "content": "", "creation_timestamp": "2024-12-30T16:58:29.819303Z"}, {"uuid": "9ccc15c4-2366-4156-a0f6-933a60276bea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12826", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113887872251415497", "content": "", "creation_timestamp": "2025-01-25T07:43:40.042286Z"}, {"uuid": "6f544468-2207-4e6f-bac9-2281d3e15e73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12822", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113918327344863189", "content": "", "creation_timestamp": "2025-01-30T16:50:56.351142Z"}, {"uuid": "8e5c9ef8-0d9e-4901-b6db-87e025e6edc8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12821", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113918327255388884", "content": "", "creation_timestamp": "2025-01-30T16:50:56.710996Z"}, {"uuid": "9292ec08-5d71-4009-9bd6-493f591068ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12825", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lh433nwb6i2w", "content": "", "creation_timestamp": "2025-02-01T08:15:32.295752Z"}, {"uuid": "f905be10-4982-431a-b6fb-931a3976faf3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12825", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lh4gsmythy2g", "content": "", "creation_timestamp": "2025-02-01T11:45:13.710354Z"}, {"uuid": "7271726d-b951-43ef-8e30-b91993d6ffb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12822", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lh27nsbtri23", "content": "", "creation_timestamp": "2025-01-31T14:31:56.124955Z"}, {"uuid": "e6ca2bcb-5c92-48bb-b3ed-8aaf191e580f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12821", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgxodrrphc2i", "content": "", "creation_timestamp": "2025-01-30T14:16:46.746850Z"}, {"uuid": "974daae3-fe38-41f2-b475-b449f021ad8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12822", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgxodu27tl2t", "content": "", "creation_timestamp": "2025-01-30T14:16:49.250230Z"}, {"uuid": "088925cf-4966-4668-baea-f1667c0e1ea0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12822", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113917789464466680", "content": "", "creation_timestamp": "2025-01-30T14:32:02.479858Z"}, {"uuid": "871b8038-71f5-4f26-9877-5b6b9dffd130", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12821", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113917789448525935", "content": "", "creation_timestamp": "2025-01-30T14:32:02.719607Z"}, {"uuid": "5fd743b3-b514-42af-85b6-12c71164f468", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12828", "type": "published-proof-of-concept", "source": "Telegram/-SheSx5ksKpdA3MDPZPaYuWsFtJr9IdvewaeEwjO0RnecSM", "content": "", "creation_timestamp": "2025-12-05T09:00:05.000000Z"}, {"uuid": "1a97e011-cf56-4557-933a-b772f383a3f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12824", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3ljff5wxa5a2p", "content": "", "creation_timestamp": "2025-03-02T12:00:08.068197Z"}, {"uuid": "e03e411a-5ca5-4f0a-aeb6-7d0c22af3d13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12827", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lsliqczg7m2a", "content": "", "creation_timestamp": "2025-06-27T11:06:47.871631Z"}, {"uuid": "fb3ae83c-91f6-4e68-946b-4e31710178e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12824", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-12824.yaml", "content": "", "creation_timestamp": "2025-03-04T11:32:09.000000Z"}, {"uuid": "3d91550a-09a2-4ab3-b2ce-0c678305c717", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12824", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3ljnutmilca2v", "content": "", "creation_timestamp": "2025-03-05T21:02:00.584210Z"}, {"uuid": "c64e9288-858b-4e78-a104-af10416cb809", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12824", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114086542206132230", "content": "", "creation_timestamp": "2025-03-01T09:48:03.700130Z"}, {"uuid": "0c0daaa9-c1f1-48be-8db3-f719676233be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12828", "type": "seen", "source": "MISP/3445a876-cced-4346-bf37-e276ba39cff4", "content": "", "creation_timestamp": "2025-09-02T18:30:14.000000Z"}, {"uuid": "b5da697d-fea3-49e5-b9bc-6aa55cc7f48f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12824", "type": "seen", "source": "https://t.me/cvedetector/19227", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12824 - Nokri \u2013 Job Board WordPress Theme Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12824 \nPublished : March 1, 2025, 7:15 a.m. | 1\u00a0hour, 31\u00a0minutes ago \nDescription : The Nokri \u2013 Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.2. This is due to the plugin not properly checking for an empty token value prior updating their details like password. This makes it possible for unauthenticated attackers to change arbitrary user's password, including administrators, and leverage that to gain access to their account. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-01T10:35:46.000000Z"}, {"uuid": "5d69fcc2-2b6d-4d97-93fc-d6a0af724be1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12824", "type": "seen", "source": "Telegram/wQecxWgLDDEszHf_ZHcPN_MQrQQNon71J0p8rMZMNys_o6yH", "content": "", "creation_timestamp": "2025-03-02T11:46:31.000000Z"}, {"uuid": "87d4803a-2876-487d-8e9e-113f2ad73221", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12820", "type": "seen", "source": "https://t.me/cvedetector/19129", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12820 - Google Directions WordPress Plugin Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12820 \nPublished : Feb. 28, 2025, 6:15 a.m. | 1\u00a0hour, 46\u00a0minutes ago \nDescription : The MK Google Directions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'MKGD' shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-28T09:30:03.000000Z"}, {"uuid": "ce19597e-fdde-4ca5-9d98-61aa582747b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12820", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5842", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12820\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The MK Google Directions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'MKGD' shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-02-28T05:23:15.594Z\n\ud83d\udccf Modified: 2025-02-28T05:23:15.594Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/23b3570c-cd8e-4dec-bbad-6374c44530bd?source=cve\n2. https://plugins.trac.wordpress.org/changeset/3246361/google-distance-calculator/tags/3.1.1/mk-google-directions.php?old=3046209&old_path=google-distance-calculator%2Ftags%2F3.1%2Fmk-google-directions.php", "creation_timestamp": "2025-02-28T06:25:59.000000Z"}, {"uuid": "82e4ed7e-fde1-4d82-988a-4a16bb78e7db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12826", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3051", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12826\n\ud83d\udd39 Description: The GoHero Store Customizer for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wooh_action_settings_save_frontend() function in all versions up to, and including, 3.5. This makes it possible for unauthenticated attackers to update limited plugin settings.\n\ud83d\udccf Published: 2025-01-25T07:24:20.241Z\n\ud83d\udccf Modified: 2025-01-25T07:24:20.241Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/f65ee908-004f-4526-aeca-41b36522bb30?source=cve\n2. https://wordpress.org/plugins/personalize-woocommerce-cart-page/", "creation_timestamp": "2025-01-25T08:05:26.000000Z"}, {"uuid": "f85f2e53-c479-40c6-9c3c-23ce6a2b548e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12825", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3748", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12825\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-01T08:15:07.337\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3226283%40custom-related-posts&new=3226283%40custom-related-posts&sfp_email=&sfph_mail=\n2. https://www.wordfence.com/threat-intel/vulnerabilities/id/40ba98a0-2193-4201-8370-34fd438dadb3?source=cve", "creation_timestamp": "2025-02-01T09:26:08.000000Z"}, {"uuid": "25ad2df0-82f9-4d8a-b9e0-396105b3816c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12825", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3753", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12825\n\ud83d\udd25 CVSS Score: 5.3 (CVSS_V3)\n\ud83d\udd39 Description: The Custom Related Posts plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on three AJAX actions in all versions up to, and including, 1.7.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to search posts and link/unlink relations.\n\ud83d\udccf Published: 2025-02-01T09:30:28Z\n\ud83d\udccf Modified: 2025-02-01T09:30:28Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-12825\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3226283%40custom-related-posts&new=3226283%40custom-related-posts&sfp_email=&sfph_mail=\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/40ba98a0-2193-4201-8370-34fd438dadb3?source=cve", "creation_timestamp": "2025-02-01T10:15:43.000000Z"}, {"uuid": "76cd2d39-86aa-4754-8561-45a6bd9f66f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12827", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/19680", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12827\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The DWT - Directory & Listing WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3.6. This is due to the plugin not properly checking for an empty token value prior to resetting a user's password through the dwt_listing_reset_password() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.\n\ud83d\udccf Published: 2025-06-27T08:23:57.966Z\n\ud83d\udccf Modified: 2025-06-27T08:23:57.966Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/51fc7d47-2a0f-4713-9859-120321aa32dc?source=cve\n2. https://themeforest.net/item/dwt-listing-directory-listing-wordpress-theme/21976132", "creation_timestamp": "2025-06-27T08:52:06.000000Z"}, {"uuid": "938bd996-de53-48b2-972a-105baf9f5620", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12824", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6058", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12824\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The Nokri \u2013 Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.2. This is due to the plugin not properly checking for an empty token value prior updating their details like password. This makes it possible for unauthenticated attackers to change arbitrary user's password, including administrators, and leverage that to gain access to their account.\n\ud83d\udccf Published: 2025-03-01T06:39:26.867Z\n\ud83d\udccf Modified: 2025-03-01T06:39:26.867Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/60a7cce0-637f-49bd-aa4a-fd7023d99a64?source=cve\n2. https://themeforest.net/item/nokri-job-board-wordpress-theme/22677241", "creation_timestamp": "2025-03-01T07:27:02.000000Z"}, {"uuid": "9ae51c55-042f-49cf-8e01-a095fe60a993", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12822", "type": "seen", "source": "https://t.me/cvedetector/16787", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12822 - \"UserPro WordPress Media Manager Capability Check Bypass Exploit\"\", \n  \"Content\": \"CVE ID : CVE-2024-12822 \nPublished : Jan. 30, 2025, 2:15 p.m. | 46\u00a0minutes ago \nDescription : The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the add_capto_img() function in all versions up to, and including, 3.11.0. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-30T16:46:41.000000Z"}, {"uuid": "b462793b-6752-468c-9f83-7c6ebb5b9564", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12828", "type": "seen", "source": "https://t.me/CyberBulletin/1819", "content": "\u26a1\ufe0fCVE-2024-12828 (CVSS 9.9): Webmin Vulnerability Leaves a Million Servers Exposed to RCE.\n\n#CyberBulletin", "creation_timestamp": "2024-12-24T09:07:54.000000Z"}, {"uuid": "2e6c208a-3785-4cc2-9d89-6430d61eabbd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12820", "type": "seen", "source": "Telegram/LMtMxKxj53alsge1voq1G6D70nsURz1zvART2odGB2DxPLfr", "content": "", "creation_timestamp": "2025-03-02T11:44:22.000000Z"}, {"uuid": "9a260b5e-c344-4ebf-a25a-0a478e1655d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12829", "type": "seen", "source": "https://t.me/cvedetector/13392", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12829 - Arista NG Firewall ExecManagerImpl Command Injection Remote Root Execution\", \n  \"Content\": \"CVE ID : CVE-2024-12829 \nPublished : Dec. 20, 2024, 1:15 a.m. | 40\u00a0minutes ago \nDescription : Arista NG Firewall ExecManagerImpl Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Authentication is required to exploit this vulnerability.  \n  \nThe specific flaw exists within the ExecManagerImpl class. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24015. \nSeverity: 7.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-20T03:21:58.000000Z"}, {"uuid": "51216f58-0be3-4a17-9ddc-8b3c79d1bd20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12826", "type": "seen", "source": "https://t.me/cvedetector/16371", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12826 - GoHero Store Customizer for WooCommerce Unauthenticated Data Modification Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12826 \nPublished : Jan. 25, 2025, 8:15 a.m. | 42\u00a0minutes ago \nDescription : The GoHero Store Customizer for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wooh_action_settings_save_frontend() function in all versions up to, and including, 3.5. This makes it possible for unauthenticated attackers to update limited plugin settings. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-25T10:28:47.000000Z"}, {"uuid": "9c43474f-4b86-4606-bc90-535a8ac350a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12825", "type": "seen", "source": "https://t.me/cvedetector/17012", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12825 - Custom Related Posts Plugin for WordPress Unauthorized Access & Data Modification Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12825 \nPublished : Feb. 1, 2025, 8:15 a.m. | 23\u00a0minutes ago \nDescription : The Custom Related Posts plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on three AJAX actions in all versions up to, and including, 1.7.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to search posts and link/unlink relations. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-01T09:47:57.000000Z"}, {"uuid": "bdd873f9-6eb9-49d4-aade-7a55b32cb801", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1282", "type": "seen", "source": "https://t.me/ctinow/199110", "content": "https://ift.tt/PTGXFag\nCVE-2024-1282 | Email Encoder Plugin up to 2.2.0 on WordPress Shortcode cross site scripting", "creation_timestamp": "2024-03-04T09:41:37.000000Z"}, {"uuid": "1f5a2eca-565d-4616-8619-a1daaab7abb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12825", "type": "seen", "source": "Telegram/-XLKPYXdw1fvW30pxC6BHb4dPK0s6V-6GPKxTyRmB0tBbPAi", "content": "", "creation_timestamp": "2025-02-21T22:10:24.000000Z"}, {"uuid": "1347fb33-20de-4af1-9b34-c1ec22cb465e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12828", "type": "seen", "source": "https://t.me/cvedetector/13945", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12828 - Webmin CGI Command Injection Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12828 \nPublished : Dec. 30, 2024, 5:15 p.m. | 44\u00a0minutes ago \nDescription : Webmin CGI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. Authentication is required to exploit this vulnerability.   \n  \nThe specific flaw exists within the handling of CGI requests. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22346. \nSeverity: 9.9 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-30T19:18:39.000000Z"}, {"uuid": "b65ac049-1bfe-49e3-875d-3a3ce5961ab0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12822", "type": "seen", "source": "Telegram/ptS41WHYGkK8-7TNW1SKpJmQ2vi0J6QQM-GEvnKDNpxMF8Os", "content": "", "creation_timestamp": "2025-03-02T11:46:29.000000Z"}, {"uuid": "308746d8-4dc2-4e80-b93a-335edbd477ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12821", "type": "seen", "source": "Telegram/nxkekfYQh2Jd8u8Typs3jc_d9uXWkAISr8OFrX_w_-QWkHmk", "content": "", "creation_timestamp": "2025-03-02T11:46:29.000000Z"}, {"uuid": "3f9fcf43-5aa1-49a6-a7a2-154c02b636e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12828", "type": "seen", "source": "https://t.me/CyberBulletin/26904", "content": "\u26a1\ufe0fCVE-2024-12828 (CVSS 9.9): Webmin Vulnerability Leaves a Million Servers Exposed to RCE.\n\n#CyberBulletin", "creation_timestamp": "2024-12-24T09:07:54.000000Z"}]}