{"vulnerability": "CVE-2024-1370", "sightings": [{"uuid": "608b4251-b2bc-4c5f-8143-6e88cfbb3f00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13705", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113918025661122768", "content": "", "creation_timestamp": "2025-01-30T15:32:04.438794Z"}, {"uuid": "55316ef9-b95c-4431-a0f5-d9ca4642ce2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13700", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113917966659185202", "content": "", "creation_timestamp": "2025-01-30T15:17:04.254579Z"}, {"uuid": "bcc46348-94bd-4dea-8d72-ffb5eef1842e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13706", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgxs5k5liq2i", "content": "", "creation_timestamp": "2025-01-30T15:24:52.409660Z"}, {"uuid": "2955da73-1198-4c0b-9695-e3918ac98d0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13707", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113918025675634080", "content": "", "creation_timestamp": "2025-01-30T15:32:04.862445Z"}, {"uuid": "dff796f4-d414-4eef-bc94-18d4610ceef3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13700", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgxoexlcnj2t", "content": "", "creation_timestamp": "2025-01-30T14:17:26.762260Z"}, {"uuid": "a354669a-bdec-4f2a-9fe7-5ebfd14dac17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13700", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgxyucmcf52k", "content": "", "creation_timestamp": "2025-01-30T17:25:00.331567Z"}, {"uuid": "a5fc952d-72cb-4c65-ad28-58f5d0979851", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13705", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgxyucwbg72u", "content": "", "creation_timestamp": "2025-01-30T17:25:02.178520Z"}, {"uuid": "fc12c3fc-f86e-430f-8c35-d9c67cbc2df9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13709", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113886870046975534", "content": "", "creation_timestamp": "2025-01-25T03:28:47.535100Z"}, {"uuid": "2715aa02-9cdf-484b-a6ad-3dda02ebf844", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13707", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113918327535935624", "content": "", "creation_timestamp": "2025-01-30T16:50:57.147814Z"}, {"uuid": "3ad2c5a1-d472-4c9d-a049-eb4a8745e8d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13706", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113917016533701154", "content": "", "creation_timestamp": "2025-01-30T11:15:27.208582Z"}, {"uuid": "9b023d88-21bc-43ff-a013-b8cfaf0b0f7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13706", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgxeaeslcw2w", "content": "", "creation_timestamp": "2025-01-30T11:15:55.023430Z"}, {"uuid": "982bc11d-375d-413a-9947-8fc2618ed1ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13707", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgxof42fnt2t", "content": "", "creation_timestamp": "2025-01-30T14:17:30.978880Z"}, {"uuid": "06d8d9c6-1b35-45f0-bc17-72514dffe868", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13705", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgxoezpdiq2c", "content": "", "creation_timestamp": "2025-01-30T14:17:28.581183Z"}, {"uuid": "7f868bbb-1882-43f5-aa60-8cc13e1c9bb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13709", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3045", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13709\n\ud83d\udd39 Description: The Linear plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on the 'linear-debug'. This makes it possible for unauthenticated attackers to reset the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-01-25T03:21:18.130Z\n\ud83d\udccf Modified: 2025-01-25T03:21:18.130Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/83af4ee4-2763-4706-8cb2-fa102a72be68?source=cve\n2. https://plugins.trac.wordpress.org/browser/linear/trunk/includes/class-linear-settings.php#L1874", "creation_timestamp": "2025-01-25T04:04:51.000000Z"}, {"uuid": "7e9e80e2-af62-4e4f-a47a-e373e20d99d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13706", "type": "seen", "source": "MISP/ca7dfd4e-d0b5-4d10-8982-36d9f6e53c8e", "content": "", "creation_timestamp": "2025-09-01T13:53:38.000000Z"}, {"uuid": "3f5aa174-aac4-461d-b96a-61f767fbe821", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13703", "type": "seen", "source": "https://t.me/cvedetector/20181", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13703 - \"vcita WordPress Plugin Unauthorized Data Modification Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-13703 \nPublished : March 13, 2025, 2:15 a.m. | 1\u00a0hour, 18\u00a0minutes ago \nDescription : The CRM and Lead Management by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_ajax_toggle_ae() function in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enable and disable plugin widgets. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-13T04:44:57.000000Z"}, {"uuid": "3a2b2ae2-6658-422e-bb20-ff5ee2084266", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13701", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113988772760145805", "content": "", "creation_timestamp": "2025-02-12T03:23:59.669508Z"}, {"uuid": "4c268fef-7e75-4c88-8b94-abcf572ba8fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13701", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhxcv62qm72x", "content": "", "creation_timestamp": "2025-02-12T04:16:56.842678Z"}, {"uuid": "e7ea0fc8-49a9-45fa-b453-e76604dd7d42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13704", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ligszswqcw2g", "content": "", "creation_timestamp": "2025-02-18T08:15:48.800690Z"}, {"uuid": "62760ca4-c994-47b8-bcb3-45935b325ebf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13709", "type": "seen", "source": "https://t.me/cvedetector/16359", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13709 - WordPress Linear CSRF Weakness\", \n  \"Content\": \"CVE ID : CVE-2024-13709 \nPublished : Jan. 25, 2025, 4:15 a.m. | 22\u00a0minutes ago \nDescription : The Linear plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on the 'linear-debug'. This makes it possible for unauthenticated attackers to reset the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-25T06:17:47.000000Z"}, {"uuid": "ef6c1f79-e73a-4962-99b6-ca83678070bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13704", "type": "seen", "source": "https://t.me/cvedetector/18305", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13704 - WordPress Super Testimonials Stored Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-13704 \nPublished : Feb. 18, 2025, 8:15 a.m. | 1\u00a0hour, 17\u00a0minutes ago \nDescription : The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'st_user_title' parameter in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 7.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-18T10:57:43.000000Z"}, {"uuid": "c5105bcc-6469-4020-b6fe-1230947aac72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13701", "type": "seen", "source": "https://t.me/cvedetector/17810", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13701 - WordPress Liveticker Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13701 \nPublished : Feb. 12, 2025, 4:15 a.m. | 17\u00a0minutes ago \nDescription : The Liveticker (by stklcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'liveticker' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-12T05:59:52.000000Z"}, {"uuid": "bd5ff44c-1164-4353-afa0-2e11ba89e937", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13706", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3479", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13706\n\ud83d\udd25 CVSS Score: 6.2 (CVSS_V3)\n\ud83d\udd39 Description: The WP Image Uploader plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'file' parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-01-30T12:31:18Z\n\ud83d\udccf Modified: 2025-01-30T12:31:19Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13706\n2. https://plugins.trac.wordpress.org/browser/wp-image-uploader/trunk/index.php#L85\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/fea1546c-1d8f-4478-81b7-20a9096e0217?source=cve", "creation_timestamp": "2025-01-30T13:11:26.000000Z"}, {"uuid": "aa490427-4c6b-4bfa-a090-beb3af484091", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13701", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4032", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13701\n\ud83d\udd25 CVSS Score: 6.2 (CVSS_V3)\n\ud83d\udd39 Description: The Liveticker (by stklcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'liveticker' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-02-12T06:30:31Z\n\ud83d\udccf Modified: 2025-02-12T06:30:31Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13701\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3234940%40stklcode-liveticker&new=3234940%40stklcode-liveticker&sfp_email=&sfph_mail=\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/c4edf78c-cd17-42dd-90dc-10946e79d57b?source=cve", "creation_timestamp": "2025-02-12T07:11:54.000000Z"}, {"uuid": "d1d9030c-9c63-46f7-baa1-78dec3eb2dca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13701", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4010", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13701\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-12T04:15:09.647\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3234940%40stklcode-liveticker&new=3234940%40stklcode-liveticker&sfp_email=&sfph_mail=\n2. https://www.wordfence.com/threat-intel/vulnerabilities/id/c4edf78c-cd17-42dd-90dc-10946e79d57b?source=cve", "creation_timestamp": "2025-02-12T05:06:48.000000Z"}, {"uuid": "c8beda5d-3793-4ef9-9131-01aa78a12578", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13703", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7563", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13703\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: The CRM and Lead Management by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_ajax_toggle_ae() function in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enable and disable plugin widgets.\n\ud83d\udccf Published: 2025-03-13T01:45:27.946Z\n\ud83d\udccf Modified: 2025-03-14T13:54:28.543Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/8e8c2aa5-5770-4b88-b415-40c2aff69d84?source=cve\n2. https://plugins.trac.wordpress.org/browser/crm-customer-relationship-management-by-vcita/trunk/vcita-ajax-function.php#L6", "creation_timestamp": "2025-03-14T14:45:23.000000Z"}, {"uuid": "e4766b86-687d-4dcb-8a0e-7a190392bc00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13704", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4767", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13704\n\ud83d\udd25 CVSS Score: 7.2 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'st_user_title' parameter in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-02-18T07:28:12.710Z\n\ud83d\udccf Modified: 2025-02-18T07:28:12.710Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/20720912-6bfd-4df1-97c7-7025c16d7a0f?source=cve\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3240039%40super-testimonial&new=3240039%40super-testimonial&sfp_email=&sfph_mail=", "creation_timestamp": "2025-02-18T08:41:13.000000Z"}, {"uuid": "fcd82b58-9095-4b03-a34e-0049cef6bbcd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13708", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10394", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13708\n\ud83d\udd25 CVSS Score: 7.2 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in versions 4.0.1 to 7.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.\n\ud83d\udccf Published: 2025-04-04T05:22:46.789Z\n\ud83d\udccf Modified: 2025-04-04T05:22:46.789Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/f58b3971-e1e4-4337-82a3-99c9079c6696?source=cve\n2. https://plugins.trac.wordpress.org/browser/woocommerce-jetpack/trunk/includes/class-wcj-checkout-files-upload.php", "creation_timestamp": "2025-04-04T05:35:50.000000Z"}, {"uuid": "2b15cc85-129b-4702-a2cd-3e3e59af702e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13702", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8813", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13702\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vCitaMeetingScheduler' and 'vCitaSchedulingCalendar' shortcodes in all versions up to, and including, 2.7.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-03-26T08:21:52.086Z\n\ud83d\udccf Modified: 2025-03-26T08:21:52.086Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/e5d3239b-0f65-46f7-977b-9995542a6eb9?source=cve\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3256449%40crm-customer-relationship-management-by-vcita&new=3256449%40crm-customer-relationship-management-by-vcita&sfp_email=&sfph_mail=", "creation_timestamp": "2025-03-26T09:25:58.000000Z"}, {"uuid": "96510738-274f-49c5-b6be-a70c4a6fc95d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13706", "type": "seen", "source": "https://t.me/cvedetector/16763", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13706 - WordPress WP Image Uploader Reflected Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-13706 \nPublished : Jan. 30, 2025, 11:15 a.m. | 1\u00a0hour, 39\u00a0minutes ago \nDescription : The WP Image Uploader plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'file' parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-30T14:16:01.000000Z"}, {"uuid": "d5b13754-4e23-42a4-9e4d-38b29ad8972f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13700", "type": "seen", "source": "https://t.me/cvedetector/16781", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13700 - \"WordPress Embed Swagger UI Stored Cross-Site Scripting\"\", \n  \"Content\": \"CVE ID : CVE-2024-13700 \nPublished : Jan. 30, 2025, 2:15 p.m. | 46\u00a0minutes ago \nDescription : The Embed Swagger UI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpsgui' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-30T16:46:34.000000Z"}, {"uuid": "bb0c30c6-6bd3-452f-b655-2c0020517343", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13705", "type": "seen", "source": "https://t.me/cvedetector/16770", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13705 - \"WordPress StageShow Plugin Reflected Cross-Site Scripting Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-13705 \nPublished : Jan. 30, 2025, 2:15 p.m. | 46\u00a0minutes ago \nDescription : The StageShow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 9.8.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-30T16:46:19.000000Z"}, {"uuid": "ebda3100-f78d-4eca-ac1f-0f5b293e3213", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13707", "type": "seen", "source": "https://t.me/cvedetector/16772", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13707 - WordPress WP Image Uploader CSRF Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13707 \nPublished : Jan. 30, 2025, 2:15 p.m. | 46\u00a0minutes ago \nDescription : The WP Image Uploader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the gky_image_uploader_main_function() function. This makes it possible for unauthenticated attackers to delete arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-30T16:46:21.000000Z"}, {"uuid": "a6b07e52-a4ad-45a5-9d0b-9fea74aba16f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13702", "type": "seen", "source": "https://t.me/cvedetector/21164", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13702 - vcita WordPress Stored Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-13702 \nPublished : March 26, 2025, 9:15 a.m. | 1\u00a0hour, 17\u00a0minutes ago \nDescription : The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vCitaMeetingScheduler' and 'vCitaSchedulingCalendar' shortcodes in all versions up to, and including, 2.7.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-26T12:12:53.000000Z"}, {"uuid": "3fd73f41-869c-45c3-bb3f-027fe3a43423", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13708", "type": "seen", "source": "https://t.me/cvedetector/22102", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13708 - WooCommerce Booster for WordPress Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13708 \nPublished : April 4, 2025, 6:15 a.m. | 1\u00a0hour, 39\u00a0minutes ago \nDescription : The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in versions 4.0.1 to 7.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. \nSeverity: 7.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-04T10:29:40.000000Z"}, {"uuid": "7e988645-443f-40bf-adf6-adfcbcd02fd2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13700", "type": "seen", "source": "Telegram/5EiRE4hZWr8nn_TXxBqwv7xLtXbatLNbiNc3WD9AD4cDBWRS", "content": "", "creation_timestamp": "2025-02-01T17:28:11.000000Z"}, {"uuid": "0e57eecc-52a0-468d-a3a2-32a1f8e4a8d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13701", "type": "seen", "source": "Telegram/5tGhnS3rSJwCEIJLdIbXHKBzUtaucWd3ycHANGHqvI6ye0Jq", "content": "", "creation_timestamp": "2025-02-14T10:04:02.000000Z"}]}