{"vulnerability": "CVE-2024-1364", "sightings": [{"uuid": "050ff770-1491-451e-9930-bc6d32a7ee88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13646", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113918327429686885", "content": "", "creation_timestamp": "2025-01-30T16:50:54.977912Z"}, {"uuid": "7be66aa1-78ee-4efe-8423-53ec95ae18b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13642", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113915968971057037", "content": "", "creation_timestamp": "2025-01-30T06:49:02.731501Z"}, {"uuid": "2dc5ea5c-2bfb-4f9e-b50c-5fef3e2a7992", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13642", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgwwslr7kg2n", "content": "", "creation_timestamp": "2025-01-30T07:15:33.939550Z"}, {"uuid": "71a865b6-d3fa-4f7c-bf84-312ae3b82acd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13646", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgxoehbx2i2t", "content": "", "creation_timestamp": "2025-01-30T14:17:09.249079Z"}, {"uuid": "14e53e77-bb5d-477c-b5cc-bc541d5a5fe3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13646", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113917907581375526", "content": "", "creation_timestamp": "2025-01-30T15:02:02.831810Z"}, {"uuid": "f48d2581-5823-43e8-b6b4-cae967fb9220", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13643", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113984096796796467", "content": "", "creation_timestamp": "2025-02-11T07:34:49.967297Z"}, {"uuid": "36799d58-596c-4123-9b7e-85d866b268c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13643", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhv7reljtx23", "content": "", "creation_timestamp": "2025-02-11T08:15:49.859175Z"}, {"uuid": "68a0af11-93b7-4e87-9068-ae2b4856aa29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13643", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113984386006622303", "content": "", "creation_timestamp": "2025-02-11T08:48:23.410972Z"}, {"uuid": "7f45702a-55e0-4757-939b-542f4fa7c6f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13643", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lhviwprm5r2c", "content": "", "creation_timestamp": "2025-02-11T10:59:52.096426Z"}, {"uuid": "bb9ceecf-c735-4f9d-bd9a-fe721769364a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13647", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lj5f4ccrmc27", "content": "", "creation_timestamp": "2025-02-27T07:37:54.723282Z"}, {"uuid": "48e1c8a8-54fa-43c5-bd73-fa2ced0767f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13644", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhzmlrqyl72a", "content": "", "creation_timestamp": "2025-02-13T02:15:58.814651Z"}, {"uuid": "1d250f50-5b7c-4572-925f-6a02a909261c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13640", "type": "seen", "source": "https://bsky.app/profile/potato.software/post/3ljtpjakynt2o", "content": "", "creation_timestamp": "2025-03-08T04:42:39.831837Z"}, {"uuid": "0b8f5933-1af5-49d8-be0c-26c248a955f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13641", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/114000574432565372", "content": "", "creation_timestamp": "2025-02-14T05:25:18.788802Z"}, {"uuid": "1203fb5f-92d7-46c5-8680-3aad94c58549", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13641", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li4kiefipn2c", "content": "", "creation_timestamp": "2025-02-14T06:16:15.861245Z"}, {"uuid": "a97432af-ccb9-47fa-836f-730142535f6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13641", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3li4skdzcbm2y", "content": "", "creation_timestamp": "2025-02-14T08:40:34.423009Z"}, {"uuid": "41b80a96-e2af-4f3d-9be2-dc4f903a1c02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13640", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lju3x525dr2h", "content": "", "creation_timestamp": "2025-03-08T08:25:11.052698Z"}, {"uuid": "8e4b21a8-ccc4-4984-8661-a0e6ec024b04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13645", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3llxsohuaan2a", "content": "", "creation_timestamp": "2025-04-04T06:40:18.666408Z"}, {"uuid": "259387a4-ecc5-4469-9ded-58f9cea14d21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13645", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114278590576492916", "content": "", "creation_timestamp": "2025-04-04T07:48:28.836172Z"}, {"uuid": "0229ca8e-7d4f-4587-a51a-10b075671490", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13645", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114278590576492916", "content": "", "creation_timestamp": "2025-04-04T07:48:28.865579Z"}, {"uuid": "d8a90d38-6f8e-497e-8429-97b2d5717ebc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13645", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3llxxaltg3i2z", "content": "", "creation_timestamp": "2025-04-04T08:02:04.122005Z"}, {"uuid": "9b1692c0-b888-4c80-acfc-e34efc3749cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13647", "type": "seen", "source": "MISP/24306fae-b16b-4478-9297-d2973cdb583c", "content": "", "creation_timestamp": "2025-08-22T14:52:22.000000Z"}, {"uuid": "4e314add-3cea-4635-9d3b-5e0302cf1f52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13644", "type": "seen", "source": "MISP/db121278-a8f5-4f36-a226-e45f3a86f55e", "content": "", "creation_timestamp": "2025-08-26T13:26:34.000000Z"}, {"uuid": "0c5977c6-23a5-4123-a351-df64551108fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13640", "type": "seen", "source": "https://t.me/cvedetector/19873", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13640 - WooCommerce Print Invoice & Delivery Notes Sensitive Information Exposure\", \n  \"Content\": \"CVE ID : CVE-2024-13640 \nPublished : March 8, 2025, 5:15 a.m. | 19\u00a0minutes ago \nDescription : The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.4.1 via the 'wcdn/invoice' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/wcdn/invoice directory which can contain invoice files if an email attachment setting is enabled. \nSeverity: 5.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-08T06:49:33.000000Z"}, {"uuid": "cc9f710d-aa09-494e-aa6b-64f2d36b4d8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13649", "type": "seen", "source": "https://t.me/cvedetector/19902", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13649 - Elementor Xpro Addons for WordPress Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13649 \nPublished : March 8, 2025, 12:15 p.m. | 1\u00a0hour, 43\u00a0minutes ago \nDescription : The 140+ Widgets | Xpro Addons For Elementor \u2013 FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 1.4.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-08T15:11:19.000000Z"}, {"uuid": "7170e562-5bd6-401a-b71d-ab49c69ce283", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13648", "type": "seen", "source": "https://t.me/cvedetector/18646", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13648 - \"Maps for WP Stored Cross-Site Scripting Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-13648 \nPublished : Feb. 21, 2025, 10:15 a.m. | 1\u00a0hour, 59\u00a0minutes ago \nDescription : The Maps for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'MapOnePoint' shortcode in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-21T13:55:34.000000Z"}, {"uuid": "19b7ecda-40ea-40b1-b323-fd5c39eb1e67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13647", "type": "seen", "source": "https://t.me/cvedetector/19022", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13647 - SakolaWP WordPress Plugin Cross-Site Request Forgery (CSRF)\", \n  \"Content\": \"CVE ID : CVE-2024-13647 \nPublished : Feb. 27, 2025, 5:15 a.m. | 1\u00a0hour, 54\u00a0minutes ago \nDescription : The School Management System \u2013 SakolaWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8. This is due to missing or incorrect nonce validation on the 'save_exam_setting' and 'delete_exam_setting' actions. This makes it possible for unauthenticated attackers to update exam settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-27T08:42:06.000000Z"}, {"uuid": "3cb0d81d-fd69-4b55-8953-a64914f43e77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13643", "type": "seen", "source": "https://t.me/cvedetector/17682", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13643 - Zox News - WordPress News & Magazine Theme Plugin Unauthenticated Option Manipulation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13643 \nPublished : Feb. 11, 2025, 8:15 a.m. | 1\u00a0hour, 51\u00a0minutes ago \nDescription : The Zox News - Professional WordPress News & Magazine Theme plugin for WordPress is vulnerable to unauthorized data modification. This vulnerability can lead to privilege escalation and denial of service conditions due to missing capability checks on the backup_options() and reset_options() functions in all versions up to and including 3.17.0. This vulnerability allows authenticated attackers with Subscriber-level access and above to update and delete arbitrary option values on the WordPress site. Attackers can exploit this issue to update the default user role for registration to Administrator and enable user registration, thereby gaining administrative access to the vulnerable site. Additionally, they could delete critical options, causing errors that may disrupt the site's functionality and deny service to legitimate users. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-11T11:29:59.000000Z"}, {"uuid": "fe7aa463-49a6-40aa-89d5-985cdbc38f86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13641", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4422", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13641\n\ud83d\udd25 CVSS Score: 5.8 (CVSS_V3)\n\ud83d\udd39 Description: The Return Refund and Exchange For WooCommerce \u2013 Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.5 via the 'attachment' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/attachment directory which can contain file attachments for order refunds.\n\ud83d\udccf Published: 2025-02-14T06:30:36Z\n\ud83d\udccf Modified: 2025-02-14T06:30:36Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13641\n2. https://plugins.trac.wordpress.org/browser/woo-refund-and-exchange-lite/trunk/common/class-woo-refund-and-exchange-lite-common.php#L127\n3. https://plugins.trac.wordpress.org/changeset/3236486\n4. https://www.wordfence.com/threat-intel/vulnerabilities/id/5f88a21d-28a9-4c91-9bf9-6b69f6a420e8?source=cve", "creation_timestamp": "2025-02-14T07:09:55.000000Z"}, {"uuid": "28651003-1e2b-4c48-8ba1-fb88ae882dad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13642", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3468", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13642\n\ud83d\udd25 CVSS Score: 6.2 (CVSS_V3)\n\ud83d\udd39 Description: The Stratum \u2013 Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Hotspot widget in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-01-30T09:30:37Z\n\ud83d\udccf Modified: 2025-01-30T09:30:37Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13642\n2. https://plugins.trac.wordpress.org/changeset/3228058#file6\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/7ccaee26-277e-4730-8242-9b5e6a281fcc?source=cve", "creation_timestamp": "2025-01-30T10:11:38.000000Z"}, {"uuid": "e0348ada-30b7-4776-9df7-f27661fd8802", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13641", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4429", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13641\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-14T06:15:19.957\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/browser/woo-refund-and-exchange-lite/trunk/common/class-woo-refund-and-exchange-lite-common.php#L127\n2. https://plugins.trac.wordpress.org/changeset/3236486/\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/5f88a21d-28a9-4c91-9bf9-6b69f6a420e8?source=cve", "creation_timestamp": "2025-02-14T07:12:02.000000Z"}, {"uuid": "2ec51fae-36d1-481a-8760-714fdf5b5874", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13648", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4871", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13648\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Maps for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'MapOnePoint' shortcode in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-02-21T09:21:06.423Z\n\ud83d\udccf Modified: 2025-02-21T09:21:06.423Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/a16c8b5d-fd93-49b4-b1d7-f4cd9248aef3?source=cve\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3226414%40maps-for-wp&new=3226414%40maps-for-wp&sfp_email=&sfph_mail=\n3. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3242174%40maps-for-wp&new=3242174%40maps-for-wp&sfp_email=&sfph_mail=", "creation_timestamp": "2025-02-21T10:20:18.000000Z"}, {"uuid": "1ac73303-ac83-44ce-92c2-6547526dc1e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13647", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5650", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13647\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: The School Management System \u2013 SakolaWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8. This is due to missing or incorrect nonce validation on the 'save_exam_setting' and 'delete_exam_setting' actions. This makes it possible for unauthenticated attackers to update exam settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-02-27T04:21:44.840Z\n\ud83d\udccf Modified: 2025-02-27T04:21:44.840Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/6a5db3fc-6ae4-4566-8610-687cb725cf6e?source=cve\n2. https://wordpress.org/plugins/sakolawp-lite/", "creation_timestamp": "2025-02-27T05:25:22.000000Z"}, {"uuid": "91de11b5-d349-4b26-ac22-440f14ead325", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13649", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6944", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13649\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The 140+ Widgets | Xpro Addons For Elementor \u2013 FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 1.4.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-03-08T11:16:39.514Z\n\ud83d\udccf Modified: 2025-03-08T11:16:39.514Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/43192613-ce5b-4acc-b284-f40cad7cb8df?source=cve\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3235058%40xpro-elementor-addons&new=3235058%40xpro-elementor-addons&sfp_email=&sfph_mail=\n3. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3248584%40xpro-elementor-addons&new=3248584%40xpro-elementor-addons&sfp_email=&sfph_mail=", "creation_timestamp": "2025-03-08T11:36:23.000000Z"}, {"uuid": "cf07ba57-0295-4db7-9765-b004ebe5e5a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13640", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6919", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13640\n\ud83d\udd25 CVSS Score: 5.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.4.1 via the 'wcdn/invoice' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/wcdn/invoice directory which can contain invoice files if an email attachment setting is enabled.\n\ud83d\udccf Published: 2025-03-08T04:21:03.752Z\n\ud83d\udccf Modified: 2025-03-08T04:21:03.752Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/12ab3e54-a0b9-4420-ac90-f16e23688cca?source=cve\n2. https://plugins.trac.wordpress.org/browser/woocommerce-delivery-notes/trunk/includes/class-wcdn-theme.php#L56\n3. https://plugins.trac.wordpress.org/changeset/3250195/", "creation_timestamp": "2025-03-08T04:35:37.000000Z"}, {"uuid": "303a23e9-867d-4f3b-b5fb-fefc481cc50d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13645", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10398", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13645\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The tagDiv Composer plugin for WordPress is vulnerable to PHP Object Instantiation in all versions up to, and including, 5.3 via module parameter. This makes it possible for unauthenticated attackers to Instantiate a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.\n\ud83d\udccf Published: 2025-04-04T05:22:44.092Z\n\ud83d\udccf Modified: 2025-04-04T05:22:44.092Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/4124003c-4864-48f1-acba-9a613d9c99ae?source=cve\n2. https://tagdiv.com/tagdiv-composer-page-builder-basics/", "creation_timestamp": "2025-04-04T05:35:56.000000Z"}, {"uuid": "05346154-f3fb-4f2f-aec0-0c60f3f77969", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13641", "type": "seen", "source": "https://t.me/cvedetector/18077", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13641 - WooCommerce Return Management System Sensitive Information Exposure\", \n  \"Content\": \"CVE ID : CVE-2024-13641 \nPublished : Feb. 14, 2025, 6:15 a.m. | 1\u00a0hour, 40\u00a0minutes ago \nDescription : The Return Refund and Exchange For WooCommerce \u2013 Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.5 via the 'attachment' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/attachment directory which can contain file attachments for order refunds. \nSeverity: 5.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-14T09:04:07.000000Z"}, {"uuid": "63bbb9bb-c0b4-464e-b45d-b840c88511d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13644", "type": "seen", "source": "https://t.me/cvedetector/17956", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13644 - Elementor DethemeKit Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13644 \nPublished : Feb. 13, 2025, 2:15 a.m. | 1\u00a0hour, 8\u00a0minutes ago \nDescription : The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's De Gallery widget in all versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-13T04:36:55.000000Z"}, {"uuid": "0b4a5679-766f-4b65-8c3c-c4960bee8e08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13642", "type": "seen", "source": "https://t.me/cvedetector/16746", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13642 - \"Stratum Elementor Widgets Stored Cross-Site Scripting Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-13642 \nPublished : Jan. 30, 2025, 7:15 a.m. | 1\u00a0hour, 33\u00a0minutes ago \nDescription : The Stratum \u2013 Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Hotspot widget in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-30T10:04:59.000000Z"}, {"uuid": "537fbca8-ed41-46ad-ae98-482fa40eafcf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13646", "type": "seen", "source": "https://t.me/cvedetector/16786", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13646 - WordPress Single-user-chat Unauthorized Data Modification Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13646 \nPublished : Jan. 30, 2025, 2:15 p.m. | 46\u00a0minutes ago \nDescription : The Single-user-chat plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to insufficient validation on the 'single_user_chat_update_login' function in all versions up to, and including, 0.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to update option values to 'login' on the WordPress site. This may be leveraged to update an option that would create an error on the site and deny service to legitimate users or be used to set some values to true such as registration. \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-30T16:46:41.000000Z"}, {"uuid": "e1f0818e-d9e7-4080-b480-7fb3589804eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13649", "type": "seen", "source": "Telegram/jkP3wyoW6YYMaly-es_Cs2Cm1Z9O2JhX6e7Bm9qOND7YfQaU", "content": "", "creation_timestamp": "2025-03-08T16:29:02.000000Z"}, {"uuid": "765fe5d4-a76d-4536-9433-fc675d27c23e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13640", "type": "seen", "source": "Telegram/R1FAI1NNYpT4dN-aCwtq_3p2iRpSTgywesk0hV61J6629EnO", "content": "", "creation_timestamp": "2025-03-08T16:28:59.000000Z"}, {"uuid": "8c27c3b0-34a8-40a5-bc8e-a997e8863100", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13645", "type": "seen", "source": "https://t.me/cvedetector/22101", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13645 - TagDiv Composer PHP Object Instantiation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13645 \nPublished : April 4, 2025, 6:15 a.m. | 1\u00a0hour, 39\u00a0minutes ago \nDescription : The tagDiv Composer plugin for WordPress is vulnerable to PHP Object Instantiation in all versions up to, and including, 5.3 via module parameter. This makes it possible for unauthenticated attackers to Instantiate a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-04T10:29:39.000000Z"}, {"uuid": "b6c703b3-30d1-407f-ab02-4ec88b40e527", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13648", "type": "seen", "source": "Telegram/-xBIPsZP-_f0defBViLndVmNYN6G7Povb8ypfeF_V9IYqr4H", "content": "", "creation_timestamp": "2025-02-21T12:35:18.000000Z"}, {"uuid": "d94a56e0-ee7a-4b43-99d8-09e4facf7731", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13641", "type": "seen", "source": "Telegram/ahIjZj75gAuB6aAQtOoZRuQ8ILnHJnA_aFpJIUgXtZlgsgNw", "content": "", "creation_timestamp": "2025-02-14T21:08:29.000000Z"}, {"uuid": "540a319f-d801-4556-8531-dda1d5e055a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13644", "type": "seen", "source": "Telegram/HNkDmXcza9pmgk0K81a8vT59XW7utMqZ18pl_YTuAz7A6eQ3", "content": "", "creation_timestamp": "2025-02-14T10:06:08.000000Z"}, {"uuid": "8107b701-c077-4ce7-9b67-a0b469a58abe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13643", "type": "seen", "source": "Telegram/SSNfKwTQW0dHV9QvY5oNIW9qfwYJDWDD7DvJvhTHUdB4oTEx", "content": "", "creation_timestamp": "2025-02-14T10:01:39.000000Z"}, {"uuid": "ce289bad-9d36-45b8-8d9e-639361003391", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13641", "type": "seen", "source": "Telegram/kRjlnja-Z0LDkhIKhjaTNXEz5pf5lAuC-cHfMlJWW464CGdI", "content": "", "creation_timestamp": "2025-02-14T10:09:24.000000Z"}]}