{"vulnerability": "CVE-2024-1292", "sightings": [{"uuid": "b9ed4526-7b8d-4a0f-b98b-7c3d7e012f0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12926", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113715256568829494", "content": "", "creation_timestamp": "2024-12-25T20:05:13.717629Z"}, {"uuid": "3aef6e90-5677-4e91-9ffc-e374e09ed7ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12926", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3le5rmggmuu22", "content": "", "creation_timestamp": "2024-12-25T20:15:42.020060Z"}, {"uuid": "bbd52c8e-44f6-448c-879a-620d8035719e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12927", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113715977860501002", "content": "", "creation_timestamp": "2024-12-25T23:08:39.739815Z"}, {"uuid": "1fcab569-2903-4587-a55f-4b460d71038f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12927", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3le63o75yqp2o", "content": "", "creation_timestamp": "2024-12-25T23:15:38.853424Z"}, {"uuid": "3e8ceb48-9f99-4099-b328-1033a8670029", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12928", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113716073111519975", "content": "", "creation_timestamp": "2024-12-25T23:32:53.138796Z"}, {"uuid": "f346e306-665e-42ad-bae0-04ca04e636b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12929", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113716200467474468", "content": "", "creation_timestamp": "2024-12-26T00:05:16.446709Z"}, {"uuid": "32f33a40-b491-4658-bac1-3eaa8e3430ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12928", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3le66zcokes25", "content": "", "creation_timestamp": "2024-12-26T00:15:32.841094Z"}, {"uuid": "0a647bd1-b80c-4dc8-b603-769c4bfc7507", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12929", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3le66zf7ikg2a", "content": "", "creation_timestamp": "2024-12-26T00:15:35.875157Z"}, {"uuid": "e9c2d904-65d2-4399-8fc6-46ce62cb6e7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12921", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113915640840193737", "content": "", "creation_timestamp": "2025-01-30T05:25:35.006764Z"}, {"uuid": "4e9ba69a-adfc-4eda-abdd-4927067ec21b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12921", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgwti7re2v2t", "content": "", "creation_timestamp": "2025-01-30T06:16:04.562874Z"}, {"uuid": "f8dd8eef-eedd-4420-81e7-6a514d592ed1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12921", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgxepzy35g2i", "content": "", "creation_timestamp": "2025-01-30T11:24:40.739711Z"}, {"uuid": "542f74f1-ac39-45ca-a61e-5a5253221262", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12922", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114188229040957227", "content": "", "creation_timestamp": "2025-03-19T08:48:21.219005Z"}, {"uuid": "9a0c00d7-d19c-4200-92a4-64d92af29fdb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12922", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lkpl7nx7xn2u", "content": "", "creation_timestamp": "2025-03-19T06:40:16.079268Z"}, {"uuid": "f7857e84-915e-458e-b8be-87d0f99238b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12922", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkpoa2gon326", "content": "", "creation_timestamp": "2025-03-19T07:34:11.319936Z"}, {"uuid": "687a4cfe-72fa-4f57-8b0c-e27ad4c8be09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12920", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkqfwsjo4w2x", "content": "", "creation_timestamp": "2025-03-19T14:38:29.724215Z"}, {"uuid": "d9726467-a336-4fcb-b4a8-7c152cd10491", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12922", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lkrbxr2ano2r", "content": "", "creation_timestamp": "2025-03-19T23:00:07.820716Z"}, {"uuid": "9b5c745c-740f-464a-b691-fc15dc0bab5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12920", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114189644467826611", "content": "", "creation_timestamp": "2025-03-19T14:48:18.827240Z"}, {"uuid": "c4ff8d0c-e8f5-4c25-95dd-b5b72813fa8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12922", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lksk76rcvy2r", "content": "", "creation_timestamp": "2025-03-20T11:00:05.536224Z"}, {"uuid": "8001fd25-7afd-44e3-987c-16602477e47b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12921", "type": "seen", "source": "MISP/ca7dfd4e-d0b5-4d10-8982-36d9f6e53c8e", "content": "", "creation_timestamp": "2025-09-01T13:53:38.000000Z"}, {"uuid": "731faf20-1484-4280-b973-2916f9b17b53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12921", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3446", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12921\n\ud83d\udd25 CVSS Score: 6.2 (CVSS_V3)\n\ud83d\udd39 Description: The EthereumICO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ethereum-ico shortcode in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-01-30T06:30:50Z\n\ud83d\udccf Modified: 2025-01-30T06:30:50Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-12921\n2. https://plugins.trac.wordpress.org/changeset/3230122/ethereumico\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/d964c99c-6ab6-453c-969f-66d5cd00dc8e?source=cve", "creation_timestamp": "2025-01-30T07:11:22.000000Z"}, {"uuid": "709e1020-865d-4f96-b200-ed0b48ebcef7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12922", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8024", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12922\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The Altair theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check within functions.php in all versions up to, and including, 5.2.4. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.\n\ud83d\udccf Published: 2025-03-19T05:22:52.303Z\n\ud83d\udccf Modified: 2025-03-19T05:22:52.303Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/e27971a3-f84c-4f13-81af-127e7560566a?source=cve\n2. https://themeforest.net/item/tour-travel-agency-altair-theme/9318575\n3. https://themeforest.net/item/tour-travel-agency-altair-theme/9318575#item-description__changelog", "creation_timestamp": "2025-03-19T05:51:44.000000Z"}, {"uuid": "c2e17198-287c-4130-8c72-6d1c0023719c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12921", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3457", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12921\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-01-30T06:15:29.653\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/changeset/3230122/ethereumico\n2. https://www.wordfence.com/threat-intel/vulnerabilities/id/d964c99c-6ab6-453c-969f-66d5cd00dc8e?source=cve", "creation_timestamp": "2025-01-30T07:18:48.000000Z"}, {"uuid": "278b951c-d644-4b04-8ab7-6e5f5048e8eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12928", "type": "seen", "source": "https://t.me/cvedetector/13639", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12928 - Code-Projects Simple Admin Panel Remote SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12928 \nPublished : Dec. 26, 2024, 12:15 a.m. | 43\u00a0minutes ago \nDescription : A vulnerability, which was classified as critical, was found in code-projects Simple Admin Panel 1.0. This affects an unknown part. The manipulation of the argument c_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-26T02:21:24.000000Z"}, {"uuid": "e5b249ba-f82b-491f-a9c8-64f6bab72e66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12921", "type": "seen", "source": "https://t.me/cvedetector/16739", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12921 - EthereumICO WordPress Stored Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-12921 \nPublished : Jan. 30, 2025, 6:15 a.m. | 32\u00a0minutes ago \nDescription : The EthereumICO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ethereum-ico shortcode in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-30T08:24:42.000000Z"}, {"uuid": "decfac1c-6243-45ca-98e4-435d3e8e3e17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12922", "type": "seen", "source": "https://t.me/cvedetector/20619", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12922 - Altair WordPress Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12922 \nPublished : March 19, 2025, 6:15 a.m. | 39\u00a0minutes ago \nDescription : The Altair theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check within functions.php in all versions up to, and including, 5.2.4. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-19T07:57:34.000000Z"}, {"uuid": "7f8a38da-24e7-4463-821f-00ee95d047a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12920", "type": "seen", "source": "https://t.me/cvedetector/20638", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12920 - FoodBakery | Delivery Restaurant Directory WordPress Theme Unauthenticated Data Access and Modification Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12920 \nPublished : March 19, 2025, 12:15 p.m. | 53\u00a0minutes ago \nDescription : The FoodBakery | Delivery Restaurant Directory WordPress Theme theme for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the foodbakery_var_backup_file_delete, foodbakery_widget_file_delete, theme_option_save, export_widget_settings, ajax_import_widget_data, foodbakery_var_settings_backup_generate, foodbakery_var_backup_file_restore, and theme_option_rest_all functions in all versions up to, and including, 4.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files, update theme options, export widget options, import widget options, generate backups, restore backups, and reset theme options. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-19T14:38:52.000000Z"}, {"uuid": "bdcb7b81-50c0-4fba-b689-4205d8a84c53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12926", "type": "seen", "source": "https://t.me/cvedetector/13636", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12926 - Codezips Project Management System SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12926 \nPublished : Dec. 25, 2024, 8:15 p.m. | 41\u00a0minutes ago \nDescription : A vulnerability classified as critical was found in Codezips Project Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/forms/advanced.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-25T22:10:30.000000Z"}, {"uuid": "49d1d5fb-14d3-454d-b5d5-78dac4b546e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12929", "type": "seen", "source": "https://t.me/cvedetector/13638", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12929 - Apache Code-projects Student Management System SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2024-12929 \nPublished : Dec. 26, 2024, 12:15 a.m. | 43\u00a0minutes ago \nDescription : A vulnerability has been found in code-projects Student Management System 1.0.00 and classified as critical. This vulnerability affects unknown code of the file /addCatController.php. The manipulation of the argument size leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-26T02:21:23.000000Z"}, {"uuid": "dce1dc86-5067-4ef1-afbe-6dccac10b1a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12927", "type": "seen", "source": "https://t.me/cvedetector/13637", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12927 - \"1000 Projects Attendance Tracking Management System SQL Injection Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-12927 \nPublished : Dec. 25, 2024, 11:15 p.m. | 23\u00a0minutes ago \nDescription : A vulnerability, which was classified as critical, has been found in 1000 Projects Attendance Tracking Management System 1.0. Affected by this issue is some unknown functionality of the file /faculty/check_faculty_login.php. The manipulation of the argument faculty_emailid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-26T00:41:02.000000Z"}]}