{"vulnerability": "CVE-2024-1361", "sightings": [{"uuid": "1c4428bc-63ae-4653-bc59-974481755272", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13614", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhjlmugyx222", "content": "", "creation_timestamp": "2025-02-06T17:16:05.617147Z"}, {"uuid": "832cf133-e931-45ba-bed3-765e2d064c82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13612", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lh4lu5sblk2c", "content": "", "creation_timestamp": "2025-02-01T13:15:34.026108Z"}, {"uuid": "86bfc99d-e9ac-40b0-b5b3-5a6f65f25e0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13612", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lh4tsascvf2q", "content": "", "creation_timestamp": "2025-02-01T15:37:39.637114Z"}, {"uuid": "3914df82-5725-4d13-beb8-2a1ebefcea23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13610", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmtofs6yui2i", "content": "", "creation_timestamp": "2025-04-15T08:38:25.463050Z"}, {"uuid": "2e0350ee-09ff-436a-9ced-c75641e65ed9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13614", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113957861599808876", "content": "", "creation_timestamp": "2025-02-06T16:22:52.894989Z"}, {"uuid": "a53a7e32-dc82-4ff9-9eaf-78d2a44f5717", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13618", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ll6v7zjesz2k", "content": "", "creation_timestamp": "2025-03-25T08:49:21.846870Z"}, {"uuid": "0bf7f09f-c478-484e-ab50-987e1d12ad4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13617", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ll6va2q3yi2l", "content": "", "creation_timestamp": "2025-03-25T08:49:28.009227Z"}, {"uuid": "a5e1844e-b972-4c11-9e21-177e33598a11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13613", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpemg4fyyu2h", "content": "", "creation_timestamp": "2025-05-17T13:08:27.918963Z"}, {"uuid": "ff50f570-a5af-4760-8dd6-98b3f3cf1d4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13619", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3meovce55yb2s", "content": "", "creation_timestamp": "2026-02-12T21:03:24.111733Z"}, {"uuid": "29c47277-3a77-42bf-a209-fc2df647d74e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13611", "type": "seen", "source": "MISP/1e8d1b5a-3537-4a30-907d-acb1720bbd18", "content": "", "creation_timestamp": "2025-08-19T18:29:28.000000Z"}, {"uuid": "8b0fb16e-6da1-4748-8b55-1bd75e00ae5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13611", "type": "seen", "source": "Telegram/XuHL3rmpEM9Ue9JaezZN1adZ6zNHmp5jsgRvClbwwU5yU8rw", "content": "", "creation_timestamp": "2025-03-02T11:46:31.000000Z"}, {"uuid": "8df56c8b-5be9-4a78-b5eb-baeae46a65b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13615", "type": "seen", "source": "https://t.me/cvedetector/20052", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13615 - Social Snap WordPress Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13615 \nPublished : March 11, 2025, 6:15 a.m. | 1\u00a0hour, 47\u00a0minutes ago \nDescription : The Social Share Buttons, Social Sharing Icons, Click to Tweet \u2014 Social Media Plugin by Social Snap WordPress plugin through 1.3.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-11T09:16:02.000000Z"}, {"uuid": "751da04b-bed4-44b4-8688-f940c8f9d5a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13614", "type": "seen", "source": "https://t.me/cvedetector/17415", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13614 - Kaspersky Kernel Memory Buffer Overwrite Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13614 \nPublished : Feb. 6, 2025, 5:15 p.m. | 1\u00a0hour, 25\u00a0minutes ago \nDescription : Kaspersky has fixed a security issue in Kaspersky Anti-Virus SDK for Windows, Kaspersky Security for Virtualization Light Agent, Kaspersky Endpoint Security for Windows, Kaspersky Small Office Security, Kaspersky for Windows (Standard, Plus, Premium), Kaspersky Free, Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Security Cloud, Kaspersky Safe Kids, Kaspersky Anti-Ransomware Tool that could allow an authenticated attacker to write data to a limited area outside the allocated kernel memory buffer. The fix was installed automatically for all Kaspersky Endpoint products. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-06T20:15:13.000000Z"}, {"uuid": "28728030-3a0e-47b0-b00c-f080eb04501f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13611", "type": "seen", "source": "https://t.me/cvedetector/19230", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13611 - Better Messages WordPress Plugin Sensitive Information Exposure\", \n  \"Content\": \"CVE ID : CVE-2024-13611 \nPublished : March 1, 2025, 9:15 a.m. | 1\u00a0hour, 36\u00a0minutes ago \nDescription : The Better Messages \u2013 Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.9 via the 'bp-better-messages' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/bp-better-messages directory which can contain file attachments included in chat messages. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-01T12:16:05.000000Z"}, {"uuid": "ababe346-46f5-431c-bb12-b0172999515f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13611", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6069", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13611\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: The Better Messages \u2013 Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.9 via the 'bp-better-messages' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/bp-better-messages directory which can contain file attachments included in chat messages.\n\ud83d\udccf Published: 2025-03-01T08:23:20.219Z\n\ud83d\udccf Modified: 2025-03-01T08:23:20.219Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/997918b9-2ccd-413e-9df2-d24bc3820ba1?source=cve\n2. https://plugins.trac.wordpress.org/browser/bp-better-messages/trunk/addons/files.php\n3. https://plugins.trac.wordpress.org/changeset/3228957/", "creation_timestamp": "2025-03-01T09:30:21.000000Z"}, {"uuid": "c81d6915-08c0-4276-8b47-9cebf42c677e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13612", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3770", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13612\n\ud83d\udd25 CVSS Score: 6.2 (CVSS_V3)\n\ud83d\udd39 Description: The Better Messages \u2013 Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'better_messages_live_chat_button' shortcode in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-02-01T15:32:58Z\n\ud83d\udccf Modified: 2025-02-01T15:32:58Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13612\n2. https://plugins.trac.wordpress.org/browser/bp-better-messages/trunk/inc/shortcodes.php#L125\n3. https://plugins.trac.wordpress.org/browser/bp-better-messages/trunk/inc/shortcodes.php#L127\n4. https://plugins.trac.wordpress.org/browser/bp-better-messages/trunk/inc/shortcodes.php#L84\n5. https://plugins.trac.wordpress.org/changeset/3228965\n6. https://www.wordfence.com/threat-intel/vulnerabilities/id/169a857f-1ae0-40f6-8a34-10c573af59c5?source=cve", "creation_timestamp": "2025-02-01T16:16:53.000000Z"}, {"uuid": "0a264fcb-0d46-44c8-b415-5ae013d94361", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13612", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3767", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13612\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-01T13:15:21.320\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/browser/bp-better-messages/trunk/inc/shortcodes.php#L125\n2. https://plugins.trac.wordpress.org/browser/bp-better-messages/trunk/inc/shortcodes.php#L127\n3. https://plugins.trac.wordpress.org/browser/bp-better-messages/trunk/inc/shortcodes.php#L84\n4. https://plugins.trac.wordpress.org/changeset/3228965/\n5. https://www.wordfence.com/threat-intel/vulnerabilities/id/169a857f-1ae0-40f6-8a34-10c573af59c5?source=cve", "creation_timestamp": "2025-02-01T15:25:39.000000Z"}, {"uuid": "7bb9ca56-aaf8-41de-a6f7-5df4c76fad7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13617", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8604", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13617\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The aoa-downloadable WordPress plugin through 0.1.0 doesn't validate a parameter in its download function, allowing unauthenticated attackers to download arbitrary files from the server\n\ud83d\udccf Published: 2025-03-25T06:00:13.131Z\n\ud83d\udccf Modified: 2025-03-25T06:00:13.131Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/8d6dd979-21ef-4d14-9c42-bbd1d7b65c53/", "creation_timestamp": "2025-03-25T06:23:39.000000Z"}, {"uuid": "841d5cbd-012a-495a-8d38-05cfe44955d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13618", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8603", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13618\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The aoa-downloadable WordPress plugin through 0.1.0 lacks authorization and authentication for requests to its download.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs.\n\ud83d\udccf Published: 2025-03-25T06:00:13.473Z\n\ud83d\udccf Modified: 2025-03-25T06:00:13.473Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/d6a78233-3f23-4da4-9bc0-1439cde20a30/", "creation_timestamp": "2025-03-25T06:23:39.000000Z"}, {"uuid": "a3c5b0c0-416d-4782-b76b-464fa437f38c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13610", "type": "seen", "source": "https://t.me/cvedetector/22922", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13610 - \"Simple Social Media Share Buttons WordPress Stored Cross-Site Scripting Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-13610 \nPublished : April 15, 2025, 6:15 a.m. | 42\u00a0minutes ago \nDescription : The Simple Social Media Share Buttons  WordPress plugin before 6.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-15T09:04:44.000000Z"}, {"uuid": "da5a3914-bb64-4f5c-a651-f4470a444c43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13610", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11772", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13610\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Simple Social Media Share Buttons  WordPress plugin before 6.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n\ud83d\udccf Published: 2025-04-15T06:00:10.252Z\n\ud83d\udccf Modified: 2025-04-15T06:00:10.252Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/85229528-1110-4d45-b972-8bbcba003a1f/", "creation_timestamp": "2025-04-15T06:54:47.000000Z"}, {"uuid": "2ff6c9fb-561e-4134-8c93-fa8be1518974", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1361", "type": "seen", "source": "https://t.me/ctinow/206833", "content": "https://ift.tt/UQlxB7G\nCVE-2024-1361 | Colibri Page Builder Plugin up to 1.0.253 on WordPress extend_builder cross-site request forgery (ID 3039597)", "creation_timestamp": "2024-03-13T16:11:53.000000Z"}, {"uuid": "8fb8c802-ea3c-47ce-9d7d-9006a8ec455b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13612", "type": "seen", "source": "https://t.me/cvedetector/17020", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13612 - Better Messages WordPress Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2024-13612 \nPublished : Feb. 1, 2025, 1:15 p.m. | 1\u00a0hour, 27\u00a0minutes ago \nDescription : The Better Messages \u2013 Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'better_messages_live_chat_button' shortcode in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-01T16:29:04.000000Z"}, {"uuid": "f52d14f4-8b6e-4f87-9b76-10284dbb4e47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13612", "type": "seen", "source": "Telegram/id5c-uzd8joEnuM4Ylclj-mM_cjyr3dF-mTNzOMe9UV7go3u", "content": "", "creation_timestamp": "2025-02-20T23:26:55.000000Z"}, {"uuid": "6c2dbcbe-4fef-4a44-a280-27286247d2a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1361", "type": "seen", "source": "https://t.me/ctinow/191677", "content": "https://ift.tt/nerDK7I\nCVE-2024-1361", "creation_timestamp": "2024-02-23T12:26:19.000000Z"}, {"uuid": "60afba75-be01-4566-9844-1d1b607356f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1361", "type": "seen", "source": "https://t.me/ctinow/191681", "content": "https://ift.tt/nerDK7I\nCVE-2024-1361", "creation_timestamp": "2024-02-23T12:26:23.000000Z"}]}