{"vulnerability": "CVE-2024-1349", "sightings": [{"uuid": "e1b4d1fa-f6af-4513-8635-d6d6664c742a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13499", "type": "seen", "source": "https://bsky.app/profile/abrahack.bsky.social/post/3lgbxs2a7f22s", "content": "", "creation_timestamp": "2025-01-21T23:07:21.375587Z"}, {"uuid": "582e1e15-0390-48e2-b2bd-691f3fd33520", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13496", "type": "seen", "source": "https://bsky.app/profile/abrahack.bsky.social/post/3lgbxsnqgxs2s", "content": "", "creation_timestamp": "2025-01-21T23:07:42.266083Z"}, {"uuid": "17ee79cc-16ad-47b7-9f51-8d2a410b330d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13492", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lhl7zexbc527", "content": "", "creation_timestamp": "2025-02-07T08:53:41.265246Z"}, {"uuid": "bb0ca135-6cd7-43bd-9611-50e7799608c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13492", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113961122659898498", "content": "", "creation_timestamp": "2025-02-07T06:12:12.748323Z"}, {"uuid": "ff590eb6-5dc6-4be1-b781-dc47bba9f8d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13492", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhkxaxwgpu2v", "content": "", "creation_timestamp": "2025-02-07T06:16:51.239070Z"}, {"uuid": "b089e396-92d3-497c-9e51-4901a8ae0c19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13495", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgdainic6k2t", "content": "", "creation_timestamp": "2025-01-22T11:15:42.755551Z"}, {"uuid": "83fbf9fe-68b1-4452-a894-b9ead1d6a0bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13496", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgdaiqmrjn2j", "content": "", "creation_timestamp": "2025-01-22T11:15:46.154687Z"}, {"uuid": "9243a6af-1af9-4ca4-8493-a31e796873be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13499", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgdaiteuyb2b", "content": "", "creation_timestamp": "2025-01-22T11:15:49.063928Z"}, {"uuid": "d2c21601-5085-41e5-a6f2-756d25bf7067", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13496", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgdc4aooz42k", "content": "", "creation_timestamp": "2025-01-22T11:44:34.361398Z"}, {"uuid": "df5adf3f-c2bb-4aa5-9f3f-d46e3a528ab4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13495", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgdc4ay36p2u", "content": "", "creation_timestamp": "2025-01-22T11:44:34.923129Z"}, {"uuid": "bd04aebd-b5fb-4629-b464-a98068a6e321", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13499", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgdc4b6pum2g", "content": "", "creation_timestamp": "2025-01-22T11:44:35.920459Z"}, {"uuid": "51b52cee-1de4-4e8a-972a-4a389d2971da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13490", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113990323158713982", "content": "", "creation_timestamp": "2025-02-12T09:58:16.750397Z"}, {"uuid": "5f95c952-14c0-4717-beea-6cac0545dd30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13490", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhxwxgthvf2g", "content": "", "creation_timestamp": "2025-02-12T10:16:07.957190Z"}, {"uuid": "78b28a2b-5ed6-4c34-b54f-c8af620b271a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13494", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3liyivk6eq62k", "content": "", "creation_timestamp": "2025-02-25T09:02:24.008371Z"}, {"uuid": "6e33fcb9-1b43-4b15-83ec-39dbc8a02f5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13493", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/114000735493955219", "content": "", "creation_timestamp": "2025-02-14T06:06:16.390908Z"}, {"uuid": "a62a565f-97a0-4f3d-81c0-15f927713d07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13493", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li4kibtauv2c", "content": "", "creation_timestamp": "2025-02-14T06:16:13.390838Z"}, {"uuid": "850a670c-dd69-4200-9179-6eebb2b7a116", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13493", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3li4skdvzwi26", "content": "", "creation_timestamp": "2025-02-14T08:40:33.887083Z"}, {"uuid": "deefe2a0-6b38-4fd5-9686-bbcd290509b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13491", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lijqw2hy5m2h", "content": "", "creation_timestamp": "2025-02-19T12:15:54.241817Z"}, {"uuid": "30decd5f-c687-4686-8c4f-2fa04aa3d1a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13491", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lijxnkcpj22m", "content": "", "creation_timestamp": "2025-02-19T14:16:27.448117Z"}, {"uuid": "a2b98ace-61d2-45b5-aaa1-006d72531631", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13496", "type": "seen", "source": "https://bsky.app/profile/abrahack.bsky.social/post/3ll4ghq7qrs2g", "content": "", "creation_timestamp": "2025-03-24T09:19:58.609966Z"}, {"uuid": "98f8576a-e5e7-4d52-b79d-8da272329fad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13496", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-13496.yaml", "content": "", "creation_timestamp": "2025-03-25T08:37:47.000000Z"}, {"uuid": "591f34b3-e344-4e64-9228-3105fd6e8c81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13496", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3llcon6byo72z", "content": "", "creation_timestamp": "2025-03-26T21:02:12.840776Z"}, {"uuid": "06854cd9-f69d-44ad-8691-8e551ec63fd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13498", "type": "seen", "source": "MISP/682bdba3-46b7-4a8f-b7be-c6bf4b4f9868", "content": "", "creation_timestamp": "2025-08-13T13:26:34.000000Z"}, {"uuid": "92631d0d-d49a-4e2c-8d18-360182d8212d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13492", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-13492.yaml", "content": "", "creation_timestamp": "2026-02-06T16:25:47.000000Z"}, {"uuid": "06484085-edf6-4208-b5b7-d085c6e00070", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13491", "type": "seen", "source": "https://t.me/cvedetector/18436", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13491 - FedEx WordPress SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2024-13491 \nPublished : Feb. 19, 2025, 12:15 p.m. | 2\u00a0hours, 11\u00a0minutes ago \nDescription : The Small Package Quotes \u2013 For Customers of FedEx plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 4.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-19T16:14:02.000000Z"}, {"uuid": "6c9c3565-5bdb-4181-9b1e-b8c6698feb22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13494", "type": "seen", "source": "https://t.me/cvedetector/18858", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13494 - WordPress File Upload CSRF\", \n  \"Content\": \"CVE ID : CVE-2024-13494 \nPublished : Feb. 25, 2025, 8:15 a.m. | 1\u00a0hour, 23\u00a0minutes ago \nDescription : The WordPress File Upload plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.25.2. This is due to missing or incorrect nonce validation on the 'wfu_file_details' function. This makes it possible for unauthenticated attackers to modify user data details associated with uploaded files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-25T10:41:14.000000Z"}, {"uuid": "8ba3a528-14d5-40b6-a66c-e0904285bb42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13492", "type": "seen", "source": "https://t.me/cvedetector/17464", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13492 - WordPress Guten Free Options XSS Weakness\", \n  \"Content\": \"CVE ID : CVE-2024-13492 \nPublished : Feb. 7, 2025, 6:15 a.m. | 40\u00a0minutes ago \nDescription : The Guten Free Options WordPress plugin through 0.9.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-07T07:57:36.000000Z"}, {"uuid": "20d1371f-5723-4e94-acc1-3f8dbce88d05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13495", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2535", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13495\n\ud83d\udd39 Description: The The GamiPress \u2013 Gamification plugin to reward points, achievements, badges &amp; ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via the gamipress_ajax_get_logs() function in all versions up to, and including, 7.2.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.\n\ud83d\udccf Published: 2025-01-22T11:07:57.323Z\n\ud83d\udccf Modified: 2025-01-22T11:07:57.323Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/55fa8423-9a41-4afe-9401-03d232caa656?source=cve\n2. https://wordpress.org/plugins/gamipress/#developers\n3. https://plugins.trac.wordpress.org/browser/gamipress/trunk/includes/ajax-functions.php#L39\n4. https://plugins.trac.wordpress.org/changeset/3226227/", "creation_timestamp": "2025-01-22T12:01:58.000000Z"}, {"uuid": "eda9e81a-4a09-44e1-8e9a-c61d364b90fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13499", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2534", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13499\n\ud83d\udd39 Description: The The GamiPress \u2013 Gamification plugin to reward points, achievements, badges &amp; ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipress_do_shortcode() function in all versions up to, and including, 7.2.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.\n\ud83d\udccf Published: 2025-01-22T11:07:57.919Z\n\ud83d\udccf Modified: 2025-01-22T11:07:57.919Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/b30ab159-ff3c-4d46-b182-f8938097b837?source=cve\n2. https://plugins.trac.wordpress.org/browser/gamipress/trunk/includes/functions.php\n3. https://plugins.trac.wordpress.org/browser/gamipress/trunk/includes/functions.php#L645\n4. https://wordpress.org/plugins/gamipress/#developers\n5. https://plugins.trac.wordpress.org/changeset/3226227/", "creation_timestamp": "2025-01-22T12:01:57.000000Z"}, {"uuid": "d9068b1e-df90-42fd-a0f8-0372daa1d9ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13496", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2532", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13496\n\ud83d\udd39 Description: The GamiPress \u2013 Gamification plugin to reward points, achievements, badges &amp; ranks in WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018orderby\u2019 parameter in all versions up to, and including, 7.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n\ud83d\udccf Published: 2025-01-22T11:07:58.693Z\n\ud83d\udccf Modified: 2025-01-22T11:07:58.693Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/ea54436c-b623-4049-af19-9995c312476e?source=cve\n2. https://plugins.trac.wordpress.org/browser/gamipress/trunk/libraries/ct/includes/class-ct-query.php#L160\n3. https://plugins.trac.wordpress.org/browser/gamipress/trunk/includes/ajax-functions.php#L39\n4. https://wordpress.org/plugins/gamipress/#developers\n5. https://plugins.trac.wordpress.org/changeset/3226227/", "creation_timestamp": "2025-01-22T12:01:55.000000Z"}, {"uuid": "c44d9414-90da-4ba9-a55d-3a0e011bda30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13494", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5261", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13494\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: The WordPress File Upload plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.25.2. This is due to missing or incorrect nonce validation on the 'wfu_file_details' function. This makes it possible for unauthenticated attackers to modify user data details associated with uploaded files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-02-25T07:30:31.044Z\n\ud83d\udccf Modified: 2025-02-25T07:30:31.044Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/595a6ab3-0731-4ef4-a385-5dfebbd917f4?source=cve\n2. https://plugins.trac.wordpress.org/changeset/3241028/wp-file-upload", "creation_timestamp": "2025-02-25T08:25:38.000000Z"}, {"uuid": "86865128-e32d-4281-9104-9844ea5badb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13490", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4069", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13490\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-12T10:15:11.973\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/changeset/3235163\n2. https://www.wordfence.com/threat-intel/vulnerabilities/id/8bcfbc26-9b5d-4df8-9f16-293734bd2805?source=cve", "creation_timestamp": "2025-02-12T11:10:48.000000Z"}, {"uuid": "6b7db83d-8a8b-47ce-b464-2c1d06b46731", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13490", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4098", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13490\n\ud83d\udd25 CVSS Score: 7.5 (CVSS_V3)\n\ud83d\udd39 Description: The LTL Freight Quotes \u2013 XPO Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 4.3.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n\ud83d\udccf Published: 2025-02-12T12:30:47Z\n\ud83d\udccf Modified: 2025-02-12T12:30:47Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13490\n2. https://plugins.trac.wordpress.org/changeset/3235163\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/8bcfbc26-9b5d-4df8-9f16-293734bd2805?source=cve", "creation_timestamp": "2025-02-12T13:11:49.000000Z"}, {"uuid": "3f51515f-0813-4253-b442-a01f51aa9458", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13493", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4420", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13493\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Sensly Online Presence WordPress plugin through 0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n\ud83d\udccf Published: 2025-02-14T06:30:36Z\n\ud83d\udccf Modified: 2025-02-14T06:30:36Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13493\n2. https://wpscan.com/vulnerability/dfbdd474-92e5-422b-a185-e441a6014557", "creation_timestamp": "2025-02-14T07:09:51.000000Z"}, {"uuid": "06714a7c-6f6d-4f84-9dde-f6a5fa4de69e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13493", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4430", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13493\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-14T06:15:19.740\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/dfbdd474-92e5-422b-a185-e441a6014557/", "creation_timestamp": "2025-02-14T07:12:04.000000Z"}, {"uuid": "39fd021c-6b1b-49e3-9e3e-43dfa19a752c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13498", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7287", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13498\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: The NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.8.1 via file uploads due to insufficient directory listing prevention and lack of randomization of file names. This makes it possible for unauthenticated attackers to extract sensitive data including files uploaded via a form.\n\ud83d\udccf Published: 2025-03-12T05:22:52.045Z\n\ud83d\udccf Modified: 2025-03-12T05:22:52.045Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/f188a5e6-699e-4e1a-b4e4-7fb4056b0bee?source=cve\n2. https://plugins.trac.wordpress.org/changeset/3235420/nex-forms-express-wp-form-builder", "creation_timestamp": "2025-03-12T05:41:09.000000Z"}, {"uuid": "756c584e-3591-4854-acb4-7cdcd6419973", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13497", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7661", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13497\n\ud83d\udd25 CVSS Score: 7.2 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The WordPress form builder plugin for contact forms, surveys and quizzes \u2013 Tripetto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via attachment uploads in all versions up to, and including, 8.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the uploaded file.\n\ud83d\udccf Published: 2025-03-15T04:22:08.315Z\n\ud83d\udccf Modified: 2025-03-15T04:22:08.315Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/fbbe006c-1afc-4c8b-a9f3-ffb21cdabb54?source=cve\n2. https://plugins.trac.wordpress.org/browser/tripetto/trunk/lib/attachments.php#L46\n3. https://plugins.trac.wordpress.org/changeset?sfp_email=&amp;sfph_mail=&amp;reponame=&amp;new=3251202%40tripetto%2Ftrunk&amp;old=3231968%40tripetto%2Ftrunk&amp;sfp_email=&amp;sfph_mail=", "creation_timestamp": "2025-03-15T04:45:11.000000Z"}, {"uuid": "106bcee6-da4c-4dd7-bce3-7a69e830e18b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13493", "type": "seen", "source": "https://t.me/cvedetector/18076", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13493 - Sensly Online Presence Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13493 \nPublished : Feb. 14, 2025, 6:15 a.m. | 1\u00a0hour, 40\u00a0minutes ago \nDescription : The Sensly Online Presence WordPress plugin through 0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-14T09:04:06.000000Z"}, {"uuid": "32d06c9a-9d5f-4e9e-9cd9-527b39a26afb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13490", "type": "seen", "source": "https://t.me/cvedetector/17844", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13490 - XPO WordPress LTL Freight Quotes SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2024-13490 \nPublished : Feb. 12, 2025, 10:15 a.m. | 37\u00a0minutes ago \nDescription : The LTL Freight Quotes \u2013 XPO Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 4.3.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-12T12:41:49.000000Z"}, {"uuid": "263a9317-495e-4c91-ad8a-868f12b0e7da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13497", "type": "seen", "source": "https://t.me/cvedetector/20351", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13497 - Tripetto WordPress Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13497 \nPublished : March 15, 2025, 5:15 a.m. | 34\u00a0minutes ago \nDescription : The WordPress form builder plugin for contact forms, surveys and quizzes \u2013 Tripetto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via attachment uploads in all versions up to, and including, 8.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the uploaded file. \nSeverity: 7.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-15T06:55:37.000000Z"}, {"uuid": "c24497a6-a46d-4e8c-889e-365dad5b50e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13499", "type": "seen", "source": "https://t.me/cvedetector/16089", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13499 - GamiPress WordPress Shortcode Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13499 \nPublished : Jan. 22, 2025, 11:15 a.m. | 45\u00a0minutes ago \nDescription : The The GamiPress \u2013 Gamification plugin to reward points, achievements, badges &amp; ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipress_do_shortcode() function in all versions up to, and including, 7.2.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-22T13:02:57.000000Z"}, {"uuid": "cdbb6bd7-7f84-4813-b20e-0bbcf882d0a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13496", "type": "seen", "source": "https://t.me/cvedetector/16088", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13496 - GamiPress WordPress Plugin Time-Based SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13496 \nPublished : Jan. 22, 2025, 11:15 a.m. | 45\u00a0minutes ago \nDescription : The GamiPress \u2013 Gamification plugin to reward points, achievements, badges &amp; ranks in WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018orderby\u2019 parameter in all versions up to, and including, 7.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-22T13:02:56.000000Z"}, {"uuid": "015489fc-f392-41ea-8d1d-8bc8bfabf590", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13495", "type": "seen", "source": "https://t.me/cvedetector/16087", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13495 - WordPress GamiPress Plugin Shortcode Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13495 \nPublished : Jan. 22, 2025, 11:15 a.m. | 45\u00a0minutes ago \nDescription : The The GamiPress \u2013 Gamification plugin to reward points, achievements, badges &amp; ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via the gamipress_ajax_get_logs() function in all versions up to, and including, 7.2.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-22T13:02:55.000000Z"}, {"uuid": "70d1d76f-3199-4732-bc99-3ba77542eace", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13493", "type": "seen", "source": "Telegram/MOjdhX-DHO1zNvKmda8Q2PrPwrjTJJx6jK7lZZJomyXqdmpE", "content": "", "creation_timestamp": "2025-02-14T21:08:29.000000Z"}, {"uuid": "b34483b8-0e53-402a-b75a-8364b54c646b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13490", "type": "seen", "source": "Telegram/Kg-pMbNs201LxWHsOkAk2Cq8rHJ3wusnYARHtdnRa5d3LJnF", "content": "", "creation_timestamp": "2025-02-20T23:26:55.000000Z"}, {"uuid": "82975db7-0c3d-4b90-a0e8-119f4d519415", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13493", "type": "seen", "source": "Telegram/de4--PPdRNhl-0T8C6T-nddu6RQFu6cP5-jvsuV-E9_mE_dX", "content": "", "creation_timestamp": "2025-02-14T10:09:24.000000Z"}, {"uuid": "3f54f2ce-3f97-464a-b414-2908638cf467", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1349", "type": "seen", "source": "https://t.me/ctinow/201720", "content": "https://ift.tt/iya8jBV\nCVE-2024-1349 | EmbedPress Plugin up to 3.9.8 on WordPress Shortcode cross site scripting", "creation_timestamp": "2024-03-06T19:51:46.000000Z"}]}