{"vulnerability": "CVE-2024-1331", "sightings": [{"uuid": "f22de709-5bc3-492c-9339-5365accee25a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13312", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113800364278246336", "content": "", "creation_timestamp": "2025-01-09T20:49:14.311094Z"}, {"uuid": "0e851688-aaa5-4919-9829-b2c043b1f747", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13311", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113800364263646320", "content": "", "creation_timestamp": "2025-01-09T20:49:14.753849Z"}, {"uuid": "c8f600b8-b4bd-4e80-8a7b-13aedc127694", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13312", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfdlzfmfj42x", "content": "", "creation_timestamp": "2025-01-09T21:16:44.548884Z"}, {"uuid": "1ff093c4-157e-4fff-a896-7dad66257747", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13311", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfdlzcqtmp2m", "content": "", "creation_timestamp": "2025-01-09T21:16:41.567341Z"}, {"uuid": "6a04a5f1-61b5-4b04-bd5e-5c8b8e6b3a63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13310", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfdlzagvme2x", "content": "", "creation_timestamp": "2025-01-09T21:16:39.071169Z"}, {"uuid": "83aedaac-b6d3-4034-8f96-e88f4d2fb0c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13310", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfdnayelqe2g", "content": "", "creation_timestamp": "2025-01-09T21:38:53.175084Z"}, {"uuid": "0183235f-d85d-4ee7-95f9-cff10bdbcf32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13311", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfdnayzy5r2h", "content": "", "creation_timestamp": "2025-01-09T21:38:56.228161Z"}, {"uuid": "1fc5ac2c-5afe-4581-997a-ce7176aa81ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13318", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113803774203068144", "content": "", "creation_timestamp": "2025-01-10T11:16:25.654604Z"}, {"uuid": "fa48f225-1fec-4d09-8db6-c4689e7749fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13318", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lff6bgcjap25", "content": "", "creation_timestamp": "2025-01-10T12:16:00.831994Z"}, {"uuid": "9741ba99-318b-4710-a8bd-7ae3170d7cc7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13318", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lff7k63lvc2e", "content": "", "creation_timestamp": "2025-01-10T12:38:48.872587Z"}, {"uuid": "a71a3683-e1f8-4751-9f24-e4e54095c5e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13310", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113800305263655085", "content": "", "creation_timestamp": "2025-01-09T20:34:14.367378Z"}, {"uuid": "2a06412c-d4fe-4de6-8f0c-24d2952e0281", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13317", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113848098371491612", "content": "", "creation_timestamp": "2025-01-18T07:08:39.017617Z"}, {"uuid": "58610e7a-aed8-497f-b91a-fbf02c688a70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13317", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfyr7swum52f", "content": "", "creation_timestamp": "2025-01-18T07:15:42.996840Z"}, {"uuid": "fa8a29ea-014a-4a48-841f-2e8a91ab5cb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13317", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfysjvyd4c2w", "content": "", "creation_timestamp": "2025-01-18T07:39:15.752362Z"}, {"uuid": "b03941fa-6ced-493a-895d-81f4c50ce8dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13319", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgcwgvmivg2j", "content": "", "creation_timestamp": "2025-01-22T08:15:46.916235Z"}, {"uuid": "236f2438-eaed-43db-8e1a-f6d53ec5d9a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13319", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgcym2au2l2k", "content": "", "creation_timestamp": "2025-01-22T08:54:28.683931Z"}, {"uuid": "ad0d679a-18ce-4a86-8b82-1ba3bae9e542", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13315", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ligmcsy5wg2t", "content": "", "creation_timestamp": "2025-02-18T06:15:35.050454Z"}, {"uuid": "7a02ac3e-54ec-4ef8-b380-c7a712ef2124", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13315", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114024022728440880", "content": "", "creation_timestamp": "2025-02-18T08:48:31.691905Z"}, {"uuid": "f6279e99-9f33-441d-ad2d-2e31e19b1335", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13316", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ligwehm5vl2y", "content": "", "creation_timestamp": "2025-02-18T09:15:27.271862Z"}, {"uuid": "4586e183-cf4a-4cc5-9cd5-617c87f5ea34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13315", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ligxjwdyqb2v", "content": "", "creation_timestamp": "2025-02-18T09:36:24.288410Z"}, {"uuid": "20066e9b-ec07-4eed-bae1-0ea139f8ad77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13314", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3liobh2kaz62l", "content": "", "creation_timestamp": "2025-02-21T07:22:24.495528Z"}, {"uuid": "41ac9ece-8513-4875-bd30-f197e1ba3061", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13315", "type": "seen", "source": "https://t.me/cvedetector/18277", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13315 - Shopwarden WooCommerce Cross-Site Request Forgery (CSRF)\", \n  \"Content\": \"CVE ID : CVE-2024-13315 \nPublished : Feb. 18, 2025, 6:15 a.m. | 1\u00a0hour, 15\u00a0minutes ago \nDescription : The Shopwarden \u2013 Automated WooCommerce monitoring & testing plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.11. This is due to missing or incorrect nonce validation on the save_setting() function. This makes it possible for unauthenticated attackers to update arbitrary options and achieve privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-18T09:16:47.000000Z"}, {"uuid": "f4945e7b-7f95-4f4a-8b8c-2b40105066b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13314", "type": "seen", "source": "https://t.me/cvedetector/18634", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13314 - WP Carousel Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13314 \nPublished : Feb. 21, 2025, 6:15 a.m. | 1\u00a0hour, 50\u00a0minutes ago \nDescription : The Carousel, Slider, Gallery by WP Carousel  WordPress plugin before 2.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-21T09:44:58.000000Z"}, {"uuid": "91c6a96e-09d9-477f-8adf-f2d4ba06e1ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13316", "type": "seen", "source": "https://t.me/cvedetector/18295", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13316 - WordPress Scratch & Win Coupon Creation Remote Authentication Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13316 \nPublished : Feb. 18, 2025, 9:15 a.m. | 17\u00a0minutes ago \nDescription : The Scratch & Win \u2013 Giveaways and Contests. Boost subscribers, traffic, repeat visits,  referrals, sales and more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the apmswn_create_discount() function in all versions up to, and including, 2.8.0. This makes it possible for unauthenticated attackers to create coupons. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-18T10:57:29.000000Z"}, {"uuid": "74862cea-6321-468d-af8c-bd9374f676e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13310", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1091", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13310\n\ud83d\udd39 Description: Vulnerability in Drupal Git Utilities for Drupal.This issue affects Git Utilities for Drupal: *.*.\n\ud83d\udccf Published: 2025-01-09T20:27:59.058Z\n\ud83d\udccf Modified: 2025-01-09T20:27:59.058Z\n\ud83d\udd17 References:\n1. https://www.drupal.org/sa-contrib-2024-074", "creation_timestamp": "2025-01-09T21:17:29.000000Z"}, {"uuid": "adebc223-5d09-453e-94b9-2be220b5ef6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13311", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1090", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13311\n\ud83d\udd39 Description: Vulnerability in Drupal Allow All File Extensions for file fields.This issue affects Allow All File Extensions for file fields: *.*.\n\ud83d\udccf Published: 2025-01-09T20:28:24.722Z\n\ud83d\udccf Modified: 2025-01-09T20:28:24.722Z\n\ud83d\udd17 References:\n1. https://www.drupal.org/sa-contrib-2024-075", "creation_timestamp": "2025-01-09T21:17:25.000000Z"}, {"uuid": "b30ec988-e9c0-461c-83b1-38167f62f0e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13312", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1089", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13312\n\ud83d\udd39 Description: Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 11.8.0 before 12.3.10, from 12.4.0 before 12.4.9.\n\ud83d\udccf Published: 2025-01-09T20:28:53.431Z\n\ud83d\udccf Modified: 2025-01-09T20:28:53.431Z\n\ud83d\udd17 References:\n1. https://www.drupal.org/sa-contrib-2024-076", "creation_timestamp": "2025-01-09T21:17:22.000000Z"}, {"uuid": "db79ec88-4063-4237-92ca-0911c85e957d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13318", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1126", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13318\n\ud83d\udd39 Description: The Essential WP Real Estate plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cl_delete_listing_func() function in all versions up to, and including, 1.1.3. This makes it possible for unauthenticated attackers to delete arbitrary pages and posts.\n\ud83d\udccf Published: 2025-01-10T11:10:45.380Z\n\ud83d\udccf Modified: 2025-01-10T11:10:45.380Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/6a1a9e22-d174-43fc-aab6-f6968067a290?source=cve\n2. https://plugins.trac.wordpress.org/browser/essential-wp-real-estate/trunk/src/Common/Ajax/Ajax.php#L724", "creation_timestamp": "2025-01-10T12:05:18.000000Z"}, {"uuid": "0c39cd4a-a7c3-4706-87c7-f061a0ddcd22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13319", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2524", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13319\n\ud83d\udd39 Description: The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.6.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-01-22T07:29:40.540Z\n\ud83d\udccf Modified: 2025-01-22T07:29:40.540Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/69ac1e37-4e31-4dce-a2d6-07a4299995c5?source=cve\n2. https://plugins.trac.wordpress.org/changeset/3224684/themify-builder/trunk/themify/themify-admin.php", "creation_timestamp": "2025-01-22T08:02:00.000000Z"}, {"uuid": "8ac92d6d-8137-4cb4-9df3-fec11c72014b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13317", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2286", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13317\n\ud83d\udd39 Description: The ShipWorks Connector for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.5. This is due to missing or incorrect nonce validation on the 'shipworks-wordpress' page. This makes it possible for unauthenticated attackers to update the services username and password via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-01-18T07:05:07.700Z\n\ud83d\udccf Modified: 2025-01-18T07:05:07.700Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/503c00f5-59e5-4ca2-ac3d-a3f38a993f0d?source=cve\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3223835%40shipworks-e-commerce-bridge&new=3223835%40shipworks-e-commerce-bridge&sfp_email=&sfph_mail=", "creation_timestamp": "2025-01-18T07:57:24.000000Z"}, {"uuid": "b3f006d5-7726-4f7d-a012-8f74652b10bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13315", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4751", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13315\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The Shopwarden \u2013 Automated WooCommerce monitoring & testing plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.11. This is due to missing or incorrect nonce validation on the save_setting() function. This makes it possible for unauthenticated attackers to update arbitrary options and achieve privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-02-18T05:22:27.675Z\n\ud83d\udccf Modified: 2025-02-18T05:22:27.675Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/b11ed628-f736-4262-80a2-62b32948a3a4?source=cve\n2. https://plugins.trac.wordpress.org/browser/shopwarden/trunk/shopwarden.php#L112\n3. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3238978%40shopwarden&new=3238978%40shopwarden&sfp_email=&sfph_mail=", "creation_timestamp": "2025-02-18T08:00:35.000000Z"}, {"uuid": "44e6307a-bae9-4faa-b23e-d29d816023b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13314", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4863", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13314\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Carousel, Slider, Gallery by WP Carousel  WordPress plugin before 2.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n\ud83d\udccf Published: 2025-02-21T06:00:05.306Z\n\ud83d\udccf Modified: 2025-02-21T06:00:05.306Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/ae234bbe-a4af-49f5-8e0a-4fb960821e05/", "creation_timestamp": "2025-02-21T06:17:13.000000Z"}, {"uuid": "af391eda-28bd-464d-818d-1f52a8a06f3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13310", "type": "seen", "source": "https://t.me/cvedetector/14931", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13310 - Drupal Git Utilities Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13310 \nPublished : Jan. 9, 2025, 9:15 p.m. | 28\u00a0minutes ago \nDescription : Vulnerability in Drupal Git Utilities for Drupal.This issue affects Git Utilities for Drupal: *.*. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-09T22:48:08.000000Z"}, {"uuid": "55e706a2-21b8-462f-868e-5b9fae31a75a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13317", "type": "seen", "source": "https://t.me/cvedetector/15791", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13317 - \"ShipWorks Connector for Woocommerce CSRF Vulnerability in WordPress\"\", \n  \"Content\": \"CVE ID : CVE-2024-13317 \nPublished : Jan. 18, 2025, 7:15 a.m. | 18\u00a0minutes ago \nDescription : The ShipWorks Connector for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.5. This is due to missing or incorrect nonce validation on the 'shipworks-wordpress' page. This makes it possible for unauthenticated attackers to update the services username and password via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-18T08:42:31.000000Z"}, {"uuid": "30ec1fae-14a1-457d-b417-719e9658f4fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13319", "type": "seen", "source": "https://t.me/cvedetector/16083", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13319 - Themify Builder WordPress Reflected Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-13319 \nPublished : Jan. 22, 2025, 8:15 a.m. | 20\u00a0minutes ago \nDescription : The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.6.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-22T09:42:31.000000Z"}, {"uuid": "3d7f5ba6-c991-4f62-bc31-b82ab96a4d00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13318", "type": "seen", "source": "https://t.me/cvedetector/14953", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13318 - \"WP Real Estate Unauthorized Access Denial of Service\"\", \n  \"Content\": \"CVE ID : CVE-2024-13318 \nPublished : Jan. 10, 2025, 12:15 p.m. | 26\u00a0minutes ago \nDescription : The Essential WP Real Estate plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cl_delete_listing_func() function in all versions up to, and including, 1.1.3. This makes it possible for unauthenticated attackers to delete arbitrary pages and posts. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-10T13:50:03.000000Z"}, {"uuid": "d5da35a5-2d57-404c-b289-e052e2b25c21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13311", "type": "seen", "source": "https://t.me/cvedetector/14932", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13311 - Drupal File Extension Filtering Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13311 \nPublished : Jan. 9, 2025, 9:15 p.m. | 28\u00a0minutes ago \nDescription : Vulnerability in Drupal Allow All File Extensions for file fields.This issue affects Allow All File Extensions for file fields: *.*. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-09T22:48:10.000000Z"}, {"uuid": "e4f82b1b-554a-43e0-b45b-547f998a26df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13312", "type": "seen", "source": "https://t.me/cvedetector/14921", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13312 - Drupal Open Social Missing Authorization Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13312 \nPublished : Jan. 9, 2025, 9:15 p.m. | 28\u00a0minutes ago \nDescription : Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 11.8.0 before 12.3.10, from 12.4.0 before 12.4.9. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-09T22:47:55.000000Z"}, {"uuid": "4aa4b3d0-df1d-4c21-a733-63ca3d39042c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13315", "type": "seen", "source": "Telegram/PuOlwh0J0qNQZk1dYPtIj8nQrq6SUfS2MjAVjkShuVKAUTzx", "content": "", "creation_timestamp": "2025-02-18T11:39:00.000000Z"}, {"uuid": "e96a8eb7-45f9-4d7e-ad38-5b52c1e61843", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13314", "type": "seen", "source": "Telegram/N9kUoPvSIpapB6YrEsPyZSJUM7EghVzdPCT10LaEG5INNDmC", "content": "", "creation_timestamp": "2025-02-21T08:03:24.000000Z"}, {"uuid": "3810daf8-426e-4bc6-8b2c-167b3f9b7037", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1331", "type": "seen", "source": "https://t.me/ctinow/210755", "content": "https://ift.tt/kSO5I7K\nCVE-2024-1331", "creation_timestamp": "2024-03-18T17:26:52.000000Z"}, {"uuid": "d53a67c2-6f43-407a-bf25-58a5e948aed3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1331", "type": "seen", "source": "https://t.me/ctinow/210769", "content": "https://ift.tt/kSO5I7K\nCVE-2024-1331", "creation_timestamp": "2024-03-18T17:31:57.000000Z"}]}