{"vulnerability": "CVE-2024-1347", "sightings": [{"uuid": "34a40d6a-9aa3-4d17-8384-61993a2be671", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13472", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgzrdohrw62b", "content": "", "creation_timestamp": "2025-01-31T10:15:44.241900Z"}, {"uuid": "d738e547-2dbe-4a24-a710-d9ffe92b9366", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13470", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113916114728274376", "content": "", "creation_timestamp": "2025-01-30T07:26:06.009466Z"}, {"uuid": "a75a4b35-017e-4440-9e88-0ea948fdbb40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13470", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgx26d563n2r", "content": "", "creation_timestamp": "2025-01-30T08:15:57.292943Z"}, {"uuid": "a56bb8e5-04e0-4fd1-9cf8-e5f0c706cf9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13473", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113990264140087358", "content": "", "creation_timestamp": "2025-02-12T09:43:18.944681Z"}, {"uuid": "d3ade03b-2908-4641-a573-b83d97ce351d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13475", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113990323144317416", "content": "", "creation_timestamp": "2025-02-12T09:58:16.533709Z"}, {"uuid": "ba63a910-5352-46cb-921b-c1f8015d3bec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13473", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhxwxb6oqn2i", "content": "", "creation_timestamp": "2025-02-12T10:16:01.967889Z"}, {"uuid": "ef6f568a-1baf-4007-b5d1-ff79393160e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13475", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhxwxdskd32a", "content": "", "creation_timestamp": "2025-02-12T10:16:04.791913Z"}, {"uuid": "e5bc9ebc-db18-4331-9dab-06917a940808", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13477", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113990650263536962", "content": "", "creation_timestamp": "2025-02-12T11:21:28.083551Z"}, {"uuid": "78804dc4-e87a-443d-bad1-330fb9987ee3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13477", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhy5nqj6pz2a", "content": "", "creation_timestamp": "2025-02-12T12:15:58.680607Z"}, {"uuid": "bf015ec4-b0bb-4cec-aab4-d0ce1f34c5ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13477", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lhyemc6kon2w", "content": "", "creation_timestamp": "2025-02-12T14:20:27.992370Z"}, {"uuid": "e4c31f38-0457-4082-9acb-aba136307b07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13479", "type": "seen", "source": "https://infosec.exchange/users/random_robbie/statuses/114059628495249085", "content": "", "creation_timestamp": "2025-02-24T15:43:32.169258Z"}, {"uuid": "e826ace9-2947-4ee3-b0d9-357b5469a49c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13478", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lijqvoocvk2y", "content": "", "creation_timestamp": "2025-02-19T12:15:42.338740Z"}, {"uuid": "4b26f998-1048-4f9e-a205-1ade53f1a841", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13479", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lijqvr23qc2k", "content": "", "creation_timestamp": "2025-02-19T12:15:44.475427Z"}, {"uuid": "119660e2-e799-46b1-8e5e-3903dee1e474", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13479", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lijxnjvfrl22", "content": "", "creation_timestamp": "2025-02-19T14:16:25.077177Z"}, {"uuid": "56c55587-212b-4552-8437-e4e1fa644dc8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13478", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lijxnkqhyd22", "content": "", "creation_timestamp": "2025-02-19T14:16:29.816369Z"}, {"uuid": "2ebe40c9-28b3-4e4b-9485-15b93544281a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13471", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ljndxykpxh2q", "content": "", "creation_timestamp": "2025-03-05T16:00:12.232087Z"}, {"uuid": "cd276b41-5235-472f-872e-95c40397dc1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13476", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3limctgpjo32c", "content": "", "creation_timestamp": "2025-02-20T12:41:56.928092Z"}, {"uuid": "16ca3b5e-76aa-43de-818e-5bea3e728cc7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13478", "type": "seen", "source": "https://infosec.exchange/users/random_robbie/statuses/114059628764944300", "content": "", "creation_timestamp": "2025-02-24T15:43:39.644269Z"}, {"uuid": "d2230c1c-6f3a-4168-99b3-308153f7e6c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13470", "type": "seen", "source": "MISP/ca7dfd4e-d0b5-4d10-8982-36d9f6e53c8e", "content": "", "creation_timestamp": "2025-09-01T13:53:38.000000Z"}, {"uuid": "341e8707-a1df-4a70-b368-903d0327bf25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13478", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lmuxy273wu2a", "content": "", "creation_timestamp": "2025-04-15T21:02:30.164425Z"}, {"uuid": "7f9be2fc-1db7-4587-b3e6-6f9da9988b3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13479", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lmuxy2bmf227", "content": "", "creation_timestamp": "2025-04-15T21:02:30.728731Z"}, {"uuid": "34c6cdcc-034f-4adb-b0e8-b8ac2f90d4d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13474", "type": "seen", "source": "https://t.me/cvedetector/18708", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13474 - Purolator LTL Freight Quotes WordPress Plugin SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13474 \nPublished : Feb. 22, 2025, 5:15 a.m. | 1\u00a0hour, 49\u00a0minutes ago \nDescription : The LTL Freight Quotes \u2013 Purolator Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 2.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-22T08:18:42.000000Z"}, {"uuid": "74d607c1-9d7b-4e8c-bfe6-5ff1e1290d80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13478", "type": "seen", "source": "https://t.me/cvedetector/18444", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13478 - TForce Edition WordPress LTL Freight Quotes Plugin SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13478 \nPublished : Feb. 19, 2025, 12:15 p.m. | 2\u00a0hours, 11\u00a0minutes ago \nDescription : The LTL Freight Quotes \u2013 TForce Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-19T16:14:12.000000Z"}, {"uuid": "a16325d9-d623-4e54-8002-2c7689a8412d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13476", "type": "seen", "source": "https://t.me/cvedetector/18532", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13476 - GlobalTranz WordPress LTL Freight Quotes SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2024-13476 \nPublished : Feb. 20, 2025, 10:15 a.m. | 1\u00a0hour, 3\u00a0minutes ago \nDescription : The LTL Freight Quotes \u2013 GlobalTranz Edition plugin for WordPress is vulnerable to SQL Injection via the 'engtz_wd_save_dropship' AJAX endpoint in all versions up to, and including, 2.3.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-20T13:09:07.000000Z"}, {"uuid": "919a58e6-7e5c-4421-81ef-7bead6c46632", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13479", "type": "seen", "source": "https://t.me/cvedetector/18443", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13479 - LTL Freight Quotes - SEFL Edition WordPress SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2024-13479 \nPublished : Feb. 19, 2025, 12:15 p.m. | 2\u00a0hours, 11\u00a0minutes ago \nDescription : The LTL Freight Quotes \u2013 SEFL Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.2.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-19T16:14:11.000000Z"}, {"uuid": "1b257376-e3e8-4f4e-91d4-618299a15c64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13472", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3643", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13472\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-01-31T10:15:07.630\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/browser/wc-product-table-lite/trunk/main.php#L1843\n2. https://plugins.trac.wordpress.org/changeset/3231930/\n3. https://wordpress.org/plugins/wc-product-table-lite/#developers\n4. https://www.wordfence.com/threat-intel/vulnerabilities/id/4f1a1171-3d7b-46a4-982e-fe318e3017b7?source=cve", "creation_timestamp": "2025-01-31T11:24:13.000000Z"}, {"uuid": "374ac50b-6b19-43f2-97a5-ef04292e2ce3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13474", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5016", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13474\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: The LTL Freight Quotes \u2013 Purolator Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 2.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n\ud83d\udccf Published: 2025-02-22T04:21:15.623Z\n\ud83d\udccf Modified: 2025-02-22T04:21:15.623Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/2db0b8c9-7908-484d-9a02-1c50f88efdd0?source=cve\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3244300%40ltl-freight-quotes-purolator-freight-edition&new=3244300%40ltl-freight-quotes-purolator-freight-edition&sfp_email=&sfph_mail=", "creation_timestamp": "2025-02-22T05:18:51.000000Z"}, {"uuid": "bc6d1b63-5a84-42c2-97ea-373fd462bf38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13473", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4071", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13473\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-12T10:15:11.610\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/browser/ltl-freight-quotes-worldwide-express-edition/trunk/warehouse-dropship/wild/includes/wwe-ltl-wild-delivery-save.php#L264\n2. https://plugins.trac.wordpress.org/browser/ltl-freight-quotes-worldwide-express-edition/trunk/warehouse-dropship/wild/includes/wwe-ltl-wild-delivery-save.php#L387\n3. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3215844%40ltl-freight-quotes-worldwide-express-edition&new=3215844%40ltl-freight-quotes-worldwide-express-edition&sfp_email=&sfph_mail=\n4. https://www.wordfence.com/threat-intel/vulnerabilities/id/4e72828e-a6f6-43fc-8a10-d9908004c0fc?source=cve", "creation_timestamp": "2025-02-12T11:11:12.000000Z"}, {"uuid": "b0d99da3-9b9c-49d8-98a0-eb4e88869290", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13475", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4070", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13475\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-12T10:15:11.777\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/changeset/3237693/\n2. https://www.wordfence.com/threat-intel/vulnerabilities/id/c62680b5-e9e0-497f-b957-9b223a623917?source=cve", "creation_timestamp": "2025-02-12T11:11:09.000000Z"}, {"uuid": "c5e9b19d-ebd9-48e3-bc77-0ab57deb60c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13475", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4095", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13475\n\ud83d\udd25 CVSS Score: 7.5 (CVSS_V3)\n\ud83d\udd39 Description: The Small Package Quotes \u2013 UPS Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' parameter in all versions up to, and including, 4.5.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n\ud83d\udccf Published: 2025-02-12T12:30:47Z\n\ud83d\udccf Modified: 2025-02-12T12:30:47Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13475\n2. https://plugins.trac.wordpress.org/changeset/3237693\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/c62680b5-e9e0-497f-b957-9b223a623917?source=cve", "creation_timestamp": "2025-02-12T13:11:29.000000Z"}, {"uuid": "074d5027-9642-4a66-a8c3-78a09367be46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13473", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4093", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13473\n\ud83d\udd25 CVSS Score: 7.5 (CVSS_V3)\n\ud83d\udd39 Description: The LTL Freight Quotes \u2013 Worldwide Express Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameter in all versions up to, and including, 5.0.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n\ud83d\udccf Published: 2025-02-12T12:30:47Z\n\ud83d\udccf Modified: 2025-02-12T12:30:47Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13473\n2. https://plugins.trac.wordpress.org/browser/ltl-freight-quotes-worldwide-express-edition/trunk/warehouse-dropship/wild/includes/wwe-ltl-wild-delivery-save.php#L264\n3. https://plugins.trac.wordpress.org/browser/ltl-freight-quotes-worldwide-express-edition/trunk/warehouse-dropship/wild/includes/wwe-ltl-wild-delivery-save.php#L387\n4. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3215844%40ltl-freight-quotes-worldwide-express-edition&new=3215844%40ltl-freight-quotes-worldwide-express-edition&sfp_email=&sfph_mail=\n5. https://www.wordfence.com/threat-intel/vulnerabilities/id/4e72828e-a6f6-43fc-8a10-d9908004c0fc?source=cve", "creation_timestamp": "2025-02-12T13:11:25.000000Z"}, {"uuid": "75ce6e64-88f3-4e87-a624-753c9c5ca26a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13470", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3469", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13470\n\ud83d\udd25 CVSS Score: 6.2 (CVSS_V3)\n\ud83d\udd39 Description: The Ninja Forms \u2013 The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.8.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-01-30T09:30:37Z\n\ud83d\udccf Modified: 2025-01-30T09:30:37Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13470\n2. https://plugins.trac.wordpress.org/browser/ninja-forms/tags/3.8.23/includes/Display/Render.php#L708\n3. https://plugins.trac.wordpress.org/browser/ninja-forms/tags/3.8.23/includes/Display/Shortcodes.php#L8\n4. https://plugins.trac.wordpress.org/browser/ninja-forms/tags/3.8.23/ninja-forms.php#L953\n5. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3229932%40ninja-forms%2Ftrunk&old=3226451%40ninja-forms%2Ftrunk&sfp_email=&sfph_mail=\n6. https://www.wordfence.com/threat-intel/vulnerabilities/id/6f2b46a9-d228-43b4-84af-d56218076087?source=cve", "creation_timestamp": "2025-01-30T10:11:42.000000Z"}, {"uuid": "976b0a41-6723-49bf-8119-d686873374b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13477", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4084", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13477\n\ud83d\udd25 CVSS Score: 7.5 (CVSS_V3)\n\ud83d\udd39 Description: The LTL Freight Quotes \u2013 Unishippers Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' parameter in all versions up to, and including, 2.5.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n\ud83d\udccf Published: 2025-02-12T12:30:47Z\n\ud83d\udccf Modified: 2025-02-12T12:30:48Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13477\n2. https://plugins.trac.wordpress.org/browser/ltl-freight-quotes-unishippers-edition/trunk/shipping-rules/shipping-rules-save.php#L84\n3. https://plugins.trac.wordpress.org/changeset/3237773\n4. https://www.wordfence.com/threat-intel/vulnerabilities/id/7df452c9-4e73-40d7-88a3-d38ae1309d8f?source=cve", "creation_timestamp": "2025-02-12T13:10:38.000000Z"}, {"uuid": "1dfbbec2-2f36-4013-93b3-970ec78a0c08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1347", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17233", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-1347\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain conditions, an attacker through a crafted email address may be able to bypass domain based restrictions on an instance or a group.\n\ud83d\udccf Published: 2024-04-25T11:02:25.923Z\n\ud83d\udccf Modified: 2025-05-22T04:11:09.962Z\n\ud83d\udd17 References:\n1. https://gitlab.com/gitlab-org/gitlab/-/issues/441093\n2. https://hackerone.com/reports/2355565", "creation_timestamp": "2025-05-22T04:43:03.000000Z"}, {"uuid": "14697ee4-13d7-40c1-9c5a-1f7e8c5b0bb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13471", "type": "seen", "source": "Telegram/JzO27mpsu7GBEskpLiq3jJ_e-mX1I656GHaqdh7SzAA4YszG", "content": "", "creation_timestamp": "2025-03-06T02:16:32.000000Z"}, {"uuid": "462b9ca0-e157-46f4-b8f9-6e35336b121a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13471", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6539", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13471\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: The DesignThemes Core Features plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the dt_process_imported_file function in all versions up to, and including, 4.7. This makes it possible for unauthenticated attackers to read arbitrary files on the underlying operating system.\n\ud83d\udccf Published: 2025-03-05T11:22:08.595Z\n\ud83d\udccf Modified: 2025-03-05T11:22:08.595Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/1729d0de-1f5f-4349-b592-5841d01ed33a?source=cve\n2. https://themeforest.net/item/lms-learning-management-system-education-lms-wordpress-theme/7867581", "creation_timestamp": "2025-03-05T11:37:42.000000Z"}, {"uuid": "15e520cf-8631-4b00-a8d5-cc62eeaf9372", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13477", "type": "seen", "source": "https://t.me/cvedetector/17860", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13477 - Unishippers LTL Freight Quotes WordPress Plugin SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13477 \nPublished : Feb. 12, 2025, 12:15 p.m. | 38\u00a0minutes ago \nDescription : The LTL Freight Quotes \u2013 Unishippers Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' parameter in all versions up to, and including, 2.5.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-12T14:22:21.000000Z"}, {"uuid": "bb18387b-83bd-4a9d-95d5-f91499a20670", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13475", "type": "seen", "source": "Telegram/mJJRjmVsfROqJxq2Ybh4jTvGorbwNALHlROpEfVlpq0HXcvS", "content": "", "creation_timestamp": "2025-02-20T23:26:55.000000Z"}, {"uuid": "deee508e-9f76-459c-a30a-7b201b27f913", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13475", "type": "seen", "source": "https://t.me/cvedetector/17843", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13475 - \"UPS WordPress Plugin SQL Injection Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-13475 \nPublished : Feb. 12, 2025, 10:15 a.m. | 37\u00a0minutes ago \nDescription : The Small Package Quotes \u2013 UPS Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' parameter in all versions up to, and including, 4.5.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-12T12:41:45.000000Z"}, {"uuid": "502773f8-7152-4f74-a5d1-5ede2fd9d6d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13473", "type": "seen", "source": "https://t.me/cvedetector/17842", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13473 - WordPress LTL Freight Quotes - Worldwide Express Edition SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2024-13473 \nPublished : Feb. 12, 2025, 10:15 a.m. | 37\u00a0minutes ago \nDescription : The LTL Freight Quotes \u2013 Worldwide Express Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameter in all versions up to, and including, 5.0.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-12T12:41:45.000000Z"}, {"uuid": "0ea67995-565c-407b-9d0a-ac138a9d9d20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13472", "type": "seen", "source": "https://t.me/cvedetector/16930", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13472 - WooCommerce Product Table Lite Plugin Arbitrary Shortcode Execution and Reflected Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13472 \nPublished : Jan. 31, 2025, 10:15 a.m. | 1\u00a0hour, 33\u00a0minutes ago \nDescription : The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.9.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. The same 'sc_attrs' parameter is vulnerable to Reflected Cross-Site Scripting as well. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-31T12:52:05.000000Z"}, {"uuid": "a27f0b29-22c8-4240-8624-6a64a14976e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13470", "type": "seen", "source": "https://t.me/cvedetector/16745", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13470 - Ninja Forms WordPress Stored Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-13470 \nPublished : Jan. 30, 2025, 8:15 a.m. | 32\u00a0minutes ago \nDescription : The Ninja Forms \u2013 The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.8.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-30T10:04:59.000000Z"}, {"uuid": "21d7bea9-5416-4fdd-bf57-8b4556839743", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13471", "type": "seen", "source": "https://t.me/cvedetector/19626", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13471 - DesignThemes WordPress File Disclosure\", \n  \"Content\": \"CVE ID : CVE-2024-13471 \nPublished : March 5, 2025, 12:15 p.m. | 51\u00a0minutes ago \nDescription : The DesignThemes Core Features plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the dt_process_imported_file function in all versions up to, and including, 4.7. This makes it possible for unauthenticated attackers to read arbitrary files on the underlying operating system. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-05T14:26:12.000000Z"}, {"uuid": "155227e6-65d7-41fe-84b0-a434e71e10eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13477", "type": "seen", "source": "Telegram/e16nnSARss0mhAasR2r4Yg1LbvzFamyndIy643evdXkW1-fJ", "content": "", "creation_timestamp": "2025-02-20T23:26:55.000000Z"}, {"uuid": "8ce58b27-130f-4f64-a577-52412dcc4e01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13477", "type": "seen", "source": "Telegram/8kvc95_Ky8p4_eeAqO8oA4q2-bx1vYeqFohEFq4oaskI5Xi0", "content": "", "creation_timestamp": "2025-02-14T10:04:58.000000Z"}, {"uuid": "64d93e5e-4d17-4632-83b3-c71d66523584", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13470", "type": "seen", "source": "Telegram/IgHyTAfJTwIJg-i6IcYTsvisjSI7PBkDm-e-wuEb3aktNVP_", "content": "", "creation_timestamp": "2025-02-06T02:42:29.000000Z"}, {"uuid": "d2610e6c-c5d2-4b1d-9278-9f9c6d797aee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13472", "type": "seen", "source": "Telegram/IYFfPtP47mjbmUV0KoLLsh4l94pyGzyve8qGndai0I40PUwc", "content": "", "creation_timestamp": "2025-02-14T10:04:01.000000Z"}, {"uuid": "58fb4f32-c291-447f-b1a5-5b2e5e6ac6da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13470", "type": "seen", "source": "Telegram/6YU6zLwio0ydpS74gilBextJk0w1pQ3BthFibM-JUYN2PYcy", "content": "", "creation_timestamp": "2025-02-06T02:41:39.000000Z"}, {"uuid": "febaacb1-1ad7-4400-9c2e-00f876c53c29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13478", "type": "published-proof-of-concept", "source": "Telegram/fqLvqvawPy0wHjcP9KYWuU804CLssO4ItWzY6I4Zad418gc", "content": "", "creation_timestamp": "2025-02-20T22:00:06.000000Z"}, {"uuid": "74797129-a476-4ace-a6da-96f035b5b260", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13479", "type": "published-proof-of-concept", "source": "Telegram/fqLvqvawPy0wHjcP9KYWuU804CLssO4ItWzY6I4Zad418gc", "content": "", "creation_timestamp": "2025-02-20T22:00:06.000000Z"}]}