{"vulnerability": "CVE-2024-1353", "sightings": [{"uuid": "c796e271-3856-44b9-8902-36d719a9f019", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13536", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lga62nkvrm2q", "content": "", "creation_timestamp": "2025-01-21T05:54:06.997938Z"}, {"uuid": "e147eff5-8c74-4d1a-a6bd-b43732167aa0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13536", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lga3vj6mcf2h", "content": "", "creation_timestamp": "2025-01-21T05:15:26.750045Z"}, {"uuid": "5435e257-bda5-455c-96ee-7cb4b399513a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13536", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113864448812079089", "content": "", "creation_timestamp": "2025-01-21T04:26:48.127385Z"}, {"uuid": "b99037e5-2423-4836-8f4b-1904dcd788b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13530", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113921792266108738", "content": "", "creation_timestamp": "2025-01-31T07:29:58.427245Z"}, {"uuid": "97fec027-ae38-45f0-8686-18517571bf62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13530", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgzkmrevkh2e", "content": "", "creation_timestamp": "2025-01-31T08:15:32.939411Z"}, {"uuid": "0bd3626c-e6d3-409e-8069-86969d9b96bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13531", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113990323187797239", "content": "", "creation_timestamp": "2025-02-12T09:58:17.254154Z"}, {"uuid": "430622c6-46aa-4365-9868-db15e195b724", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13539", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113988772714447267", "content": "", "creation_timestamp": "2025-02-12T03:23:58.930945Z"}, {"uuid": "1d330f8d-2837-4dd3-82a3-cbfc31a37d58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13539", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhxcuw7fq32d", "content": "", "creation_timestamp": "2025-02-12T04:16:48.791682Z"}, {"uuid": "43a9edb9-b7df-44bf-a868-463725e28f0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13531", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhxwxm52p72a", "content": "", "creation_timestamp": "2025-02-12T10:16:13.445160Z"}, {"uuid": "280ecfc5-b9bf-4fa2-8c39-c4c900459cfd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13532", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113990709281718324", "content": "", "creation_timestamp": "2025-02-12T11:36:28.510350Z"}, {"uuid": "f8424e6c-a857-47b2-81fc-da9d13c6cbdc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13532", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhy5nvolko2h", "content": "", "creation_timestamp": "2025-02-12T12:16:04.106786Z"}, {"uuid": "2ac4a0d8-a2cc-4338-853b-e42e9cd0680b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13531", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lhyemcjfnz23", "content": "", "creation_timestamp": "2025-02-12T14:20:29.732325Z"}, {"uuid": "0e4251a0-6112-4f53-a4f6-237bf6adb841", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13533", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lijqw4vnbn2p", "content": "", "creation_timestamp": "2025-02-19T12:15:56.723778Z"}, {"uuid": "65972934-6863-460e-897a-d7fbb6dac80f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13534", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lijqw725sm2o", "content": "", "creation_timestamp": "2025-02-19T12:15:59.215293Z"}, {"uuid": "f82f3ee8-2556-41b8-bcc2-28af3484d1a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13533", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lijxnjyp5b2z", "content": "", "creation_timestamp": "2025-02-19T14:16:25.658339Z"}, {"uuid": "2c3046c1-e579-4f99-93c3-84ba8260b2f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13534", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lijxnkjp3j2z", "content": "", "creation_timestamp": "2025-02-19T14:16:28.626116Z"}, {"uuid": "6cb09087-8247-462d-bbb8-d4dd92a5b7d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13534", "type": "seen", "source": "https://t.me/cvedetector/18438", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13534 - WordPress Small Package Quotes - Worldwide Express Edition SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2024-13534 \nPublished : Feb. 19, 2025, 12:15 p.m. | 2\u00a0hours, 11\u00a0minutes ago \nDescription : The Small Package Quotes \u2013 Worldwide Express Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 5.2.18 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-19T16:14:04.000000Z"}, {"uuid": "76268e31-41d4-4f4b-aef1-3ba5bff7273e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13535", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ligiyieucf2h", "content": "", "creation_timestamp": "2025-02-18T05:16:06.771131Z"}, {"uuid": "be69e472-2d26-4bac-bb85-9e08e1610cb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13538", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ligiylb65m2y", "content": "", "creation_timestamp": "2025-02-18T05:16:09.813919Z"}, {"uuid": "3b89d784-c30a-440d-92bf-12d7d12b7ed4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13537", "type": "seen", "source": "https://t.me/cvedetector/18629", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13537 - WordPress C9 Blocks Full Path Disclosure\", \n  \"Content\": \"CVE ID : CVE-2024-13537 \nPublished : Feb. 21, 2025, 4:15 a.m. | 1\u00a0hour, 40\u00a0minutes ago \nDescription : The C9 Blocks plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.7.7. This is due the plugin containing a publicly accessible composer-setup.php file with error display enabled. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-21T07:14:47.000000Z"}, {"uuid": "b8c56826-5ab9-4eed-ade5-52fd06bfe041", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13533", "type": "seen", "source": "https://t.me/cvedetector/18437", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13533 - USPS Small Package Quotes for WordPress SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2024-13533 \nPublished : Feb. 19, 2025, 12:15 p.m. | 2\u00a0hours, 11\u00a0minutes ago \nDescription : The Small Package Quotes \u2013 USPS Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' parameter in all versions up to, and including, 1.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-19T16:14:03.000000Z"}, {"uuid": "b2d397c3-c16c-4c5a-bc1f-f6121f9afda1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13539", "type": "seen", "source": "https://t.me/cvedetector/17806", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13539 - AForms Eats WordPress Full Path Disclosure\", \n  \"Content\": \"CVE ID : CVE-2024-13539 \nPublished : Feb. 12, 2025, 4:15 a.m. | 17\u00a0minutes ago \nDescription : The AForms Eats plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.3.1. This is due the /vendor/aura/payload-interface/phpunit.php file being publicly accessible and displaying error messages. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-12T05:59:49.000000Z"}, {"uuid": "08b674d4-bf20-4d6a-9de1-c262ed51560b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13536", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2376", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13536\n\ud83d\udd39 Description: The 1003 Mortgage Application plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.87. This is due the /inc/class/fnm/export.php file being publicly accessible with error logging enabled. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.\n\ud83d\udccf Published: 2025-01-21T04:20:57.518Z\n\ud83d\udccf Modified: 2025-01-21T04:20:57.518Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/cfbc90b9-af91-49ac-ad3d-a37c17e8ba6d?source=cve\n2. https://plugins.trac.wordpress.org/browser/1003-mortgage-application/trunk/inc/class/fnm/export.php", "creation_timestamp": "2025-01-21T05:01:20.000000Z"}, {"uuid": "f50e9923-2b9c-4b15-9839-db6926b83284", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13531", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4067", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13531\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-12T10:15:12.317\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/browser/shipengine-shipping-quotes/trunk/admin/tab/shipping-rules/shipping-rules-save.php#L77\n2. https://www.wordfence.com/threat-intel/vulnerabilities/id/cbb7bdcf-9f93-4c86-a4b3-ad5aaf7521b0?source=cve", "creation_timestamp": "2025-02-12T11:10:42.000000Z"}, {"uuid": "74b15264-c4a9-4bce-bc04-282f203dfcaa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13539", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4033", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13539\n\ud83d\udd25 CVSS Score: 5.3 (CVSS_V3)\n\ud83d\udd39 Description: The AForms Eats plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.3.1. This is due the /vendor/aura/payload-interface/phpunit.php file being publicly accessible and displaying error messages. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.\n\ud83d\udccf Published: 2025-02-12T06:30:30Z\n\ud83d\udccf Modified: 2025-02-12T06:30:30Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13539\n2. https://plugins.trac.wordpress.org/browser/aforms-eats/trunk/vendor/aura/payload-interface/phpunit.php\n3. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3232963%40aforms-eats&new=3232963%40aforms-eats&sfp_email=&sfph_mail=\n4. https://www.wordfence.com/threat-intel/vulnerabilities/id/5e1950c7-cc7c-48cf-974e-f691ef61d6be?source=cve", "creation_timestamp": "2025-02-12T07:11:58.000000Z"}, {"uuid": "59b05bf8-498d-409b-86f0-a9374131dd39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13537", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4845", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13537\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: The C9 Blocks plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.7.7. This is due the plugin containing a publicly accessible composer-setup.php file with error display enabled. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.\n\ud83d\udccf Published: 2025-02-21T03:21:22.710Z\n\ud83d\udccf Modified: 2025-02-21T03:21:22.710Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/e3e682fb-e821-45cb-a087-d97d42a3743e?source=cve\n2. https://plugins.trac.wordpress.org/browser/c9-blocks/trunk/composer-setup.php", "creation_timestamp": "2025-02-21T04:19:44.000000Z"}, {"uuid": "67cd653b-f857-4902-8643-a6a0ac25993f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13532", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4083", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13532\n\ud83d\udd25 CVSS Score: 7.5 (CVSS_V3)\n\ud83d\udd39 Description: The Small Package Quotes \u2013 Purolator Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n\ud83d\udccf Published: 2025-02-12T12:30:48Z\n\ud83d\udccf Modified: 2025-02-12T12:30:48Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13532\n2. https://plugins.trac.wordpress.org/browser/small-package-quotes-purolator-edition/trunk/warehouse-dropship/wild/includes/wild-delivery-save.php#L237\n3. https://plugins.trac.wordpress.org/browser/small-package-quotes-purolator-edition/trunk/warehouse-dropship/wild/includes/wild-delivery-save.php#L346\n4. https://www.wordfence.com/threat-intel/vulnerabilities/id/813fe9d2-913c-4e04-bcb7-443eef95c62e?source=cve", "creation_timestamp": "2025-02-12T13:10:37.000000Z"}, {"uuid": "a634636d-bb09-406d-ab1e-7e73538992cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13539", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4013", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13539\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-12T04:15:09.197\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/browser/aforms-eats/trunk/vendor/aura/payload-interface/phpunit.php\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3232963%40aforms-eats&new=3232963%40aforms-eats&sfp_email=&sfph_mail=\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/5e1950c7-cc7c-48cf-974e-f691ef61d6be?source=cve", "creation_timestamp": "2025-02-12T05:06:56.000000Z"}, {"uuid": "5d7416d6-2dc6-4b46-aae8-d423dcb76407", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13535", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4742", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13535\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: The Actionwear products sync plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.3.0. This is due the composer-setup.php file being publicly accessible with 'display_errors' set to true. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.\n\ud83d\udccf Published: 2025-02-18T04:21:17.197Z\n\ud83d\udccf Modified: 2025-02-18T04:21:17.197Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/6dbf9689-c812-4b7c-9df3-c4639aae3357?source=cve\n2. https://plugins.trac.wordpress.org/browser/actionwear-products-sync/trunk/composer-setup.php", "creation_timestamp": "2025-02-18T07:56:54.000000Z"}, {"uuid": "fe8f4d94-e103-4f6f-a6ad-331596897da7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13531", "type": "seen", "source": "Telegram/aGIqCmndzn-sUFzvT74dwNSwaE3DbG0e2hi-AkM7TuBF9TBT", "content": "", "creation_timestamp": "2025-02-20T23:26:55.000000Z"}, {"uuid": "3df23d47-17e2-4205-978c-84bdbd6ba2b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13532", "type": "seen", "source": "https://t.me/cvedetector/17854", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13532 - Purolator WordPress SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13532 \nPublished : Feb. 12, 2025, 12:15 p.m. | 38\u00a0minutes ago \nDescription : The Small Package Quotes \u2013 Purolator Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-12T14:22:12.000000Z"}, {"uuid": "4da79cc9-26d6-4eb9-ab55-3b896a657647", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13531", "type": "seen", "source": "https://t.me/cvedetector/17839", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13531 - ShipEngine WordPress SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13531 \nPublished : Feb. 12, 2025, 10:15 a.m. | 37\u00a0minutes ago \nDescription : The ShipEngine Shipping Quotes plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' parameter in all versions up to, and including, 1.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-12T12:41:42.000000Z"}, {"uuid": "f321a783-81c9-4461-b1b7-0d67d5d321e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13538", "type": "seen", "source": "Telegram/v5j2Oi8bf63BSycY8wX7bbQsHOvSVKMDabfdBO8OMKSRIETk", "content": "", "creation_timestamp": "2025-02-18T11:39:00.000000Z"}, {"uuid": "85493cde-05de-4848-a95e-7caba5e33de6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13535", "type": "seen", "source": "Telegram/gYhhPwWbQDEmYOQ_THE8p5kXqXItYsoriWxx0xWIM2oEnEfV", "content": "", "creation_timestamp": "2025-02-18T11:39:00.000000Z"}, {"uuid": "2a96a775-45c6-435b-bf1e-d31eed57d102", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13537", "type": "seen", "source": "Telegram/FG08fG1l_a-6F5OFtpNjVbLODW-QjmB0kOIu3hQ664Wc57kP", "content": "", "creation_timestamp": "2025-02-21T08:03:23.000000Z"}, {"uuid": "43b772b5-5f89-4106-bd11-89756c4dd2de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13532", "type": "seen", "source": "Telegram/WljlRHAPp515FqKzB9xLJEgnqaoRSXKdGk85o4djbzJ8PjAz", "content": "", "creation_timestamp": "2025-02-14T10:04:59.000000Z"}, {"uuid": "e44ab476-2c79-41cf-8ad3-f13223e329cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13536", "type": "seen", "source": "https://t.me/cvedetector/15908", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13536 - NexusGroup Mortgage Application Plugin Full Path Disclosure Vuln\", \n  \"Content\": \"CVE ID : CVE-2024-13536 \nPublished : Jan. 21, 2025, 5:15 a.m. | 34\u00a0minutes ago \nDescription : The 1003 Mortgage Application plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.87. This is due the /inc/class/fnm/export.php file being publicly accessible with error logging enabled. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-21T06:55:49.000000Z"}, {"uuid": "3485f768-1865-4f76-8931-087d03030d80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13532", "type": "seen", "source": "Telegram/DoJj1RlWzJm-evJlm3SDJ96fDdGsatDMHKlK1sEIsA9w2cyC", "content": "", "creation_timestamp": "2025-02-20T23:26:55.000000Z"}, {"uuid": "dff06e17-3513-4393-a0a6-e2cc8cb00fad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13539", "type": "seen", "source": "Telegram/iwpa8DqX1KKmp527jsuftSmYU7sS1NlhgXDLJR-BohUvzYQG", "content": "", "creation_timestamp": "2025-02-14T10:04:02.000000Z"}, {"uuid": "286f33b9-9c06-4c11-871a-963b8d46ea63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1353", "type": "seen", "source": "https://t.me/ctinow/198366", "content": "https://ift.tt/pGhovn8\nCVE-2024-1353 | PHPEMS up to 1.0 index.api.php index picurl deserialization", "creation_timestamp": "2024-03-02T14:16:41.000000Z"}, {"uuid": "b6ba5e67-727b-4f07-bcc8-68458f7a1650", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1353", "type": "seen", "source": "https://t.me/ctinow/181767", "content": "https://ift.tt/KFEluty\nCVE-2024-1353", "creation_timestamp": "2024-02-09T02:26:25.000000Z"}]}