{"vulnerability": "CVE-2024-1375", "sightings": [{"uuid": "93ebe30a-007e-4213-8b44-8f251cd8a7bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13758", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113916339089732944", "content": "", "creation_timestamp": "2025-01-30T08:23:09.479502Z"}, {"uuid": "30d15ff2-bd6d-4d1a-a417-03fbda3ff150", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13758", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgx5iurnuc2f", "content": "", "creation_timestamp": "2025-01-30T09:15:44.742070Z"}, {"uuid": "a8513ac5-4b64-46d3-bcd8-18c4aabfa8be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13759", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3loqskak4qcw2", "content": "", "creation_timestamp": "2025-05-09T16:05:04.401875Z"}, {"uuid": "4f3221f1-e497-4817-8170-92a03e1c69ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13752", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/114007194740959636", "content": "", "creation_timestamp": "2025-02-15T09:28:56.992775Z"}, {"uuid": "d123acf5-2884-428c-8f2f-e1026f14ed31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13752", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li7icztwba2o", "content": "", "creation_timestamp": "2025-02-15T10:15:29.083034Z"}, {"uuid": "1b3a5bb6-41e3-4606-a751-afe187855331", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13752", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3li7le5ledk2m", "content": "", "creation_timestamp": "2025-02-15T11:09:50.423614Z"}, {"uuid": "331b02e2-5400-4f97-ad92-c48281262a65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13753", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114036057912346467", "content": "", "creation_timestamp": "2025-02-20T11:49:32.726085Z"}, {"uuid": "03b4a9b8-6552-4ed2-83e7-007e3a5a8ab1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13753", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3limctgdc5x2y", "content": "", "creation_timestamp": "2025-02-20T12:41:55.214947Z"}, {"uuid": "0481276b-ee7b-4e39-8ebb-8a6c0ea5368f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13759", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114478753232862764", "content": "", "creation_timestamp": "2025-05-09T16:12:29.169832Z"}, {"uuid": "d6efd050-9f3b-481f-a11d-45567d130e57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13759", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-25-897/", "content": "", "creation_timestamp": "2025-09-18T03:00:00.000000Z"}, {"uuid": "e6207b54-61f7-40b9-a300-6fbcca4943fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13753", "type": "seen", "source": "https://t.me/cvedetector/18529", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13753 - WordPress Ultimate Classified Listings CSRF\", \n  \"Content\": \"CVE ID : CVE-2024-13753 \nPublished : Feb. 20, 2025, 10:15 a.m. | 1\u00a0hour, 3\u00a0minutes ago \nDescription : The Ultimate Classified Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the update_profile function. This makes it possible for unauthenticated attackers to modify victim's email via a forged request, which might lead to account takeover, granted they can trick a user into performing an action such as clicking on a link. \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-20T13:09:02.000000Z"}, {"uuid": "610c5702-5e15-40ff-9ea0-52b6e4b01973", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13758", "type": "seen", "source": "MISP/ca7dfd4e-d0b5-4d10-8982-36d9f6e53c8e", "content": "", "creation_timestamp": "2025-09-01T13:53:38.000000Z"}, {"uuid": "eac28ef8-07eb-4235-afed-4bfa3f722198", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13751", "type": "seen", "source": "https://t.me/cvedetector/18631", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13751 - WordPress 3D Photo Gallery Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13751 \nPublished : Feb. 21, 2025, 4:15 a.m. | 1\u00a0hour, 40\u00a0minutes ago \nDescription : The 3D Photo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'des[]' parameter in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-21T07:14:48.000000Z"}, {"uuid": "26845917-ace1-4b10-a4b2-5dc3af357165", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13750", "type": "seen", "source": "https://t.me/cvedetector/19210", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13750 - WordPress WooCommerce Multilevel Referral Affiliate Plugin SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13750 \nPublished : March 1, 2025, 5:15 a.m. | 1\u00a0hour, 28\u00a0minutes ago \nDescription : The Multilevel Referral Affiliate Plugin for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.27 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-01T08:05:05.000000Z"}, {"uuid": "6e36169c-b3ac-4e52-920d-9c82995ec0ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13758", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3467", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13758\n\ud83d\udd25 CVSS Score: 6.4 (CVSS_V3)\n\ud83d\udd39 Description: The CP Contact Form with PayPal plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.52. This is due to missing or incorrect nonce validation on the cp_contact_form_paypal_check_init_actions() function. This makes it possible for unauthenticated attackers to add discount codes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-01-30T09:30:37Z\n\ud83d\udccf Modified: 2025-01-30T09:30:37Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13758\n2. https://plugins.trac.wordpress.org/browser/cp-contact-form-with-paypal/trunk/cp_contactformpp_functions.php#L616\n3. https://plugins.trac.wordpress.org/changeset/3230873\n4. https://wordpress.org/plugins/cp-contact-form-with-paypal/#developers\n5. https://www.wordfence.com/threat-intel/vulnerabilities/id/495183b6-dc7c-4ff7-bc99-fc05a10d1269?source=cve", "creation_timestamp": "2025-01-30T10:11:37.000000Z"}, {"uuid": "75b96639-d0aa-442b-8b5e-c01fb55ae7d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13758", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3476", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13758\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-01-30T09:15:08.547\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/browser/cp-contact-form-with-paypal/trunk/cp_contactformpp_functions.php#L616\n2. https://plugins.trac.wordpress.org/changeset/3230873/\n3. https://wordpress.org/plugins/cp-contact-form-with-paypal/#developers\n4. https://www.wordfence.com/threat-intel/vulnerabilities/id/495183b6-dc7c-4ff7-bc99-fc05a10d1269?source=cve", "creation_timestamp": "2025-01-30T11:19:02.000000Z"}, {"uuid": "9f4d549b-4a30-4c97-abc0-8447c609da6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13752", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4555", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13752\n\ud83d\udd25 CVSS Score: 6.4 (CVSS_V3)\n\ud83d\udd39 Description: The WP Project Manager \u2013 Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check in the '/pm/v2/settings/notice' endpoint all versions up to, and including, 2.6.17. This makes it possible for authenticated attackers, with Subscriber-level access and above, to cause a persistent denial of service condition.\n\ud83d\udccf Published: 2025-02-15T12:30:50Z\n\ud83d\udccf Modified: 2025-02-15T12:30:50Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13752\n2. https://plugins.trac.wordpress.org/browser/wedevs-project-manager/trunk/core/Upgrades/Upgrade_2_0.php#L255\n3. https://plugins.trac.wordpress.org/browser/wedevs-project-manager/trunk/core/Upgrades/Upgrade_2_3.php#L151\n4. https://plugins.trac.wordpress.org/changeset/3239348\n5. https://plugins.trac.wordpress.org/changeset?old_path=%2Fwedevs-project-manager%2Ftags%2F2.6.17%2Fsrc%2FSettings%2FControllers%2FSettings_Controller.php&old=3213295&new_path=%2Fwedevs-project-manager%2Ftags%2F2.6.18%2Fsrc%2FSettings%2FControllers%2FSettings_Controller.php&new=3240807&sfp_email=&sfph_mail=\n6. https://plugins.trac.wordpress.org/changeset?old_path=%2Fwedevs-project-manager%2Ftrunk%2Froutes%2Fsettings.php&old=3213295&new_path=%2Fwedevs-project-manager%2Ftrunk%2Froutes%2Fsettings.php&new=3240806&sfp_email=&sfph_mail=\n7. https://wordpress.org/plugins/wedevs-project-manager/#developers\n8. https://www.wordfence.com/threat-intel/vulnerabilities/id/bd54a50b-13ce-43ce-bce1-8fe132abc07e?source=cve", "creation_timestamp": "2025-02-15T13:11:15.000000Z"}, {"uuid": "1f226ce0-5808-4c99-aad6-649816cd164a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13757", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6528", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13757\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Master Slider \u2013 Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ms_layer shortcode in all versions up to, and including, 3.10.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-03-05T09:21:45.634Z\n\ud83d\udccf Modified: 2025-03-05T09:21:45.634Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/26a7fb51-f40d-46b8-9f52-495716032a1b?source=cve\n2. https://wordpress.org/plugins/master-slider/#developers\n3. https://plugins.trac.wordpress.org/browser/master-slider/trunk/includes/msp-shortcodes.php#L815", "creation_timestamp": "2025-03-05T09:36:06.000000Z"}, {"uuid": "01854297-69ea-4bc9-a816-ea7e9120f844", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13752", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4547", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13752\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-15T10:15:08.533\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/browser/wedevs-project-manager/trunk/core/Upgrades/Upgrade_2_0.php#L255\n2. https://plugins.trac.wordpress.org/browser/wedevs-project-manager/trunk/core/Upgrades/Upgrade_2_3.php#L151\n3. https://plugins.trac.wordpress.org/changeset/3239348/\n4. https://plugins.trac.wordpress.org/changeset?old_path=%2Fwedevs-project-manager%2Ftags%2F2.6.17%2Fsrc%2FSettings%2FControllers%2FSettings_Controller.php&old=3213295&new_path=%2Fwedevs-project-manager%2Ftags%2F2.6.18%2Fsrc%2FSettings%2FControllers%2FSettings_Controller.php&new=3240807&sfp_email=&sfph_mail=\n5. https://plugins.trac.wordpress.org/changeset?old_path=%2Fwedevs-project-manager%2Ftrunk%2Froutes%2Fsettings.php&old=3213295&new_path=%2Fwedevs-project-manager%2Ftrunk%2Froutes%2Fsettings.php&new=3240806&sfp_email=&sfph_mail=\n6. https://wordpress.org/plugins/wedevs-project-manager/#developers\n7. https://www.wordfence.com/threat-intel/vulnerabilities/id/bd54a50b-13ce-43ce-bce1-8fe132abc07e?source=cve", "creation_timestamp": "2025-02-15T11:10:49.000000Z"}, {"uuid": "10d1ca72-42ff-41bd-8f60-a95cf1e76580", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13751", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4844", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13751\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The 3D Photo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'des[]' parameter in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-02-21T03:21:23.081Z\n\ud83d\udccf Modified: 2025-02-21T03:21:23.081Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/eae1c878-3df9-47af-8283-de3d5acb219a?source=cve\n2. https://plugins.trac.wordpress.org/browser/3d-photo-gallery/tags/1.3/plugin.class.php#L57", "creation_timestamp": "2025-02-21T04:19:43.000000Z"}, {"uuid": "a603c602-a1c7-464d-82e2-9a8f33cd7e56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13757", "type": "seen", "source": "Telegram/9qPNNz-lYGKCUPdnw4j7cht5eZThRzyQmWCQTd78nssH1eNw", "content": "", "creation_timestamp": "2025-03-06T02:16:31.000000Z"}, {"uuid": "4ef26bdf-75ff-4be4-b420-20255b5f6abb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13750", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6047", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13750\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: The Multilevel Referral Affiliate Plugin for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.27 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n\ud83d\udccf Published: 2025-03-01T04:21:48.987Z\n\ud83d\udccf Modified: 2025-03-01T04:21:48.987Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/4389ddc9-de69-4316-9bfa-ff3bd3346c69?source=cve\n2. https://plugins.trac.wordpress.org/browser/multilevel-referral-plugin-for-woocommerce/tags/2.27/classes/referral-program.php#L310", "creation_timestamp": "2025-03-01T05:27:15.000000Z"}, {"uuid": "24b53e25-7ed1-4e32-9c73-a683891292a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13759", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15825", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13759\n\ud83d\udd25 CVSS Score: 7.8 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Local Privilege Escalation in Avira.Spotlight.Service.exe in Avira Prime 1.1.96.2 on Windows 10 x64\u00a0 allows local attackers to gain system-level privileges via arbitrary file deletion\n\ud83d\udccf Published: 2025-05-09T15:20:02.750Z\n\ud83d\udccf Modified: 2025-05-09T19:07:12.574Z\n\ud83d\udd17 References:\n1. https://www.gendigital.com/us/en/contact-us/security-advisories/)", "creation_timestamp": "2025-05-09T19:26:20.000000Z"}, {"uuid": "e020a250-ccaa-42bd-8d7c-30cf9286bb9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13758", "type": "seen", "source": "https://t.me/cvedetector/16755", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13758 - PayPal for WordPress CSRF Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13758 \nPublished : Jan. 30, 2025, 9:15 a.m. | 1\u00a0hour, 37\u00a0minutes ago \nDescription : The CP Contact Form with PayPal plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.52. This is due to missing or incorrect nonce validation on the cp_contact_form_paypal_check_init_actions() function. This makes it possible for unauthenticated attackers to add discount codes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-30T12:35:38.000000Z"}, {"uuid": "bd7f0312-85f7-4cec-8027-117bfc5623e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13752", "type": "seen", "source": "https://t.me/cvedetector/18164", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13752 - WordPress Project Manager Unauthenticated Data Disclosure and Denial of Service Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13752 \nPublished : Feb. 15, 2025, 10:15 a.m. | 1\u00a0hour, 4\u00a0minutes ago \nDescription : The WP Project Manager \u2013 Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check in the '/pm/v2/settings/notice' endpoint all versions up to, and including, 2.6.17. This makes it possible for authenticated attackers, with Subscriber-level access and above, to cause a persistent denial of service condition. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-15T12:41:23.000000Z"}, {"uuid": "0706157f-e754-4002-9250-4fc6dbb7cdf0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13752", "type": "seen", "source": "Telegram/sDf-5Rsi3rlakJ0rcpb3cBRsqYmOkZqUPuiIHF12RZDYVcrn", "content": "", "creation_timestamp": "2025-02-24T14:08:42.000000Z"}, {"uuid": "6bef44e8-7589-464c-937e-91cbc40d7028", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13759", "type": "seen", "source": "https://t.me/cvedetector/24972", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13759 - Avira Prime Local Privilege Escalation\", \n  \"Content\": \"CVE ID : CVE-2024-13759 \nPublished : May 9, 2025, 4:15 p.m. | 1\u00a0hour, 59\u00a0minutes ago \nDescription : Local Privilege Escalation in Avira.Spotlight.Service.exe in Avira Prime 1.1.96.2 on Windows 10 x64\u00a0 allows local attackers to gain system-level privileges via arbitrary file deletion \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-09T20:23:41.000000Z"}, {"uuid": "36395b57-0981-48a1-827e-283644272078", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13757", "type": "seen", "source": "https://t.me/cvedetector/19623", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13757 - Master Slider - WordPress Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13757 \nPublished : March 5, 2025, 10:15 a.m. | 48\u00a0minutes ago \nDescription : The Master Slider \u2013 Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ms_layer shortcode in all versions up to, and including, 3.10.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-05T12:46:07.000000Z"}, {"uuid": "78702a6a-51ac-4164-a198-8d9b88d46cac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13752", "type": "seen", "source": "Telegram/S9-QpAEMb-HMLj6Oz7Py6itwShvV7DTEzJGHq-OpG810DTa5", "content": "", "creation_timestamp": "2025-02-15T23:50:18.000000Z"}, {"uuid": "10eff975-477b-47ce-8b36-122ad53e6460", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1375", "type": "seen", "source": "https://t.me/cvedetector/702", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-1375 - The Event post plugin for WordPress is vulnerable\", \n  \"Content\": \"CVE ID : CVE-2024-1375 \nPublished : July 12, 2024, 3:15 a.m. | 40\u00a0minutes ago \nDescription : The Event post plugin for WordPress is vulnerable to unauthorized bulk metadata update due to a missing nonce check on the save_bulkdatas function in all versions up to, and including, 5.9.5. This makes it possible for unauthenticated attackers to update post_meta_data via a forged request, granted they can trick a logged-in user into performing an action such as clicking on a link. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-12T06:02:30.000000Z"}, {"uuid": "454b2775-ae72-44d0-ac44-9c693797ee5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13751", "type": "seen", "source": "Telegram/5H9FNL_h74vj6kva_yiqJBGA-kAWRU5Wm8JHG7o9RvQMjK9B", "content": "", "creation_timestamp": "2025-02-21T08:03:23.000000Z"}]}