{"vulnerability": "CVE-2024-1379", "sightings": [{"uuid": "eb7b9407-388f-45ef-8a85-19687677fda6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13790", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lkpvbnadmm24", "content": "", "creation_timestamp": "2025-03-19T09:40:19.941724Z"}, {"uuid": "47ade8a1-0d12-4276-9207-a98efc705b1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13790", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lkrbxrjxjp2q", "content": "", "creation_timestamp": "2025-03-19T23:00:09.552854Z"}, {"uuid": "6a0a4d8c-1385-4425-8ba6-08e263f2143f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13794", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113989781120946332", "content": "", "creation_timestamp": "2025-02-12T07:40:26.136861Z"}, {"uuid": "235d52d3-afd7-4545-9543-49b90f9cf53e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13794", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhxq7rcevr2a", "content": "", "creation_timestamp": "2025-02-12T08:15:31.368976Z"}, {"uuid": "049b2e5d-2028-47c4-919a-5acd2be781cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13794", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lhy5mhmk4n2u", "content": "", "creation_timestamp": "2025-02-12T12:15:15.872285Z"}, {"uuid": "d609c3f4-a0a8-4433-b141-c4178f2f7b89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13791", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/114001942927367213", "content": "", "creation_timestamp": "2025-02-14T11:13:20.445265Z"}, {"uuid": "cf44a369-5018-40dc-9851-baa5fa25737c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13791", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li537jyk4z2c", "content": "", "creation_timestamp": "2025-02-14T11:15:33.537067Z"}, {"uuid": "e3c58f6a-4692-4006-a52e-f2897ead13cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13791", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3li5gvpjosl2a", "content": "", "creation_timestamp": "2025-02-14T14:44:49.744871Z"}, {"uuid": "f4d0cb20-4f9f-446e-aabd-0942176d5947", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13795", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ligszvlf7d27", "content": "", "creation_timestamp": "2025-02-18T08:15:51.615939Z"}, {"uuid": "ee4c0510-0396-4205-a40f-b2eb1e04dafe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13790", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkpysbfipe2s", "content": "", "creation_timestamp": "2025-03-19T10:43:20.330710Z"}, {"uuid": "1f1d00c9-90e5-4ff8-9f0f-d6f3d95a20e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13790", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114188702542520075", "content": "", "creation_timestamp": "2025-03-19T10:48:46.041874Z"}, {"uuid": "f05c9d29-e08a-44ff-bb18-c408773d744a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13798", "type": "seen", "source": "https://t.me/cvedetector/18710", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13798 - ComboBlocks Unauthorized Order Creation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13798 \nPublished : Feb. 22, 2025, 5:15 a.m. | 1\u00a0hour, 49\u00a0minutes ago \nDescription : The Post Grid and Gutenberg Blocks \u2013 ComboBlocks plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 2.3.5. This is due to insufficient verification on form fields. This makes it possible for unauthenticated attackers to create new orders for products and mark them as paid without actually completing a payment. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-22T08:18:44.000000Z"}, {"uuid": "da00cc14-f438-4075-b6a1-6797fbfb1de7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13797", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lih53w5h4v2o", "content": "", "creation_timestamp": "2025-02-18T11:15:56.655138Z"}, {"uuid": "affc1298-cd57-4bd2-8692-bfee3fef326f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13795", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lih6sp3jl226", "content": "", "creation_timestamp": "2025-02-18T11:46:35.870369Z"}, {"uuid": "fcb1402a-00eb-43ee-80f5-6422af5953ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13797", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lihg3hjxnf22", "content": "", "creation_timestamp": "2025-02-18T13:56:47.227276Z"}, {"uuid": "2a06e043-d5dd-44ae-9c22-aa4bca4a2327", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13799", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lij4snd62l2g", "content": "", "creation_timestamp": "2025-02-19T06:16:05.163488Z"}, {"uuid": "29821406-d92a-4e78-bbf3-d905ec35f4c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13799", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lijcz4mnpj2a", "content": "", "creation_timestamp": "2025-02-19T08:07:05.091299Z"}, {"uuid": "c24072f0-231e-4257-9f24-dc3052cbebdd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13792", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3limctg7c3n2y", "content": "", "creation_timestamp": "2025-02-20T12:41:54.416703Z"}, {"uuid": "4f4ac21e-adb1-469a-b0e4-01bad2cc1eec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13790", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lksk77a5ji2r", "content": "", "creation_timestamp": "2025-03-20T11:00:07.214657Z"}, {"uuid": "0ece4726-5978-442e-b0b7-361c061aa73f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13796", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lj7phka2h525", "content": "", "creation_timestamp": "2025-02-28T05:48:29.242128Z"}, {"uuid": "1507163f-a832-4275-9530-36e76757f1c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13796", "type": "seen", "source": "MISP/af1fbe07-e10c-40c4-844e-d4419bdf6f80", "content": "", "creation_timestamp": "2025-08-22T13:26:18.000000Z"}, {"uuid": "19564e44-31dd-4960-bcc4-9ba9c55a5a62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13799", "type": "seen", "source": "https://t.me/cvedetector/18409", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13799 - WordPress User Private Files Stored Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-13799 \nPublished : Feb. 19, 2025, 6:15 a.m. | 2\u00a0hours ago \nDescription : The User Private Files \u2013 File Upload & Download Manager with Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018new-fldr-name\u2019 parameter in all versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-19T09:32:37.000000Z"}, {"uuid": "b5a74135-e736-4d62-8f9d-2673922c3950", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13792", "type": "seen", "source": "https://t.me/cvedetector/18531", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13792 - WooCommerce Food - Restaurant Menu & Food Ordering Shortcode Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13792 \nPublished : Feb. 20, 2025, 10:15 a.m. | 1\u00a0hour, 3\u00a0minutes ago \nDescription : The WooCommerce Food - Restaurant Menu & Food ordering plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.2. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-20T13:09:06.000000Z"}, {"uuid": "a2a9b9a8-aea2-403f-b0ab-e97d08cc54f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13794", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4041", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13794\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-12T08:15:08.430\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3235271%40hide-my-wp&new=3235271%40hide-my-wp&sfp_email=&sfph_mail=\n2. https://www.wordfence.com/threat-intel/vulnerabilities/id/9effa526-7454-4490-9bf4-0605254d6625?source=cve", "creation_timestamp": "2025-02-12T09:08:26.000000Z"}, {"uuid": "2dd68c02-9d14-4aa6-88b6-019b6f122509", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13797", "type": "seen", "source": "https://t.me/cvedetector/18319", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13797 - The PressMart Elementor WooCommerce WordPress Theme Shortcode Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13797 \nPublished : Feb. 18, 2025, 11:15 a.m. | 18\u00a0minutes ago \nDescription : The PressMart - Modern Elementor WooCommerce WordPress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.16. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-18T12:38:09.000000Z"}, {"uuid": "f4a5a636-b718-4809-b5c6-a05428586485", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13795", "type": "seen", "source": "https://t.me/cvedetector/18306", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13795 - Ecwid by Lightspeed Ecommerce Shopping Cart CSRF Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13795 \nPublished : Feb. 18, 2025, 8:15 a.m. | 1\u00a0hour, 17\u00a0minutes ago \nDescription : The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.12.27. This is due to missing or incorrect nonce validation on the ecwid_deactivate_feedback() function. This makes it possible for unauthenticated attackers to send deactivation messages on behalf of a site owner via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-18T10:57:44.000000Z"}, {"uuid": "051f439c-bb75-49d7-a41a-803567910fc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13796", "type": "seen", "source": "https://t.me/cvedetector/19121", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13796 - ComboBlocks WordPress Sensitive Information Exposure\", \n  \"Content\": \"CVE ID : CVE-2024-13796 \nPublished : Feb. 28, 2025, 5:15 a.m. | 44\u00a0minutes ago \nDescription : The Post Grid and Gutenberg Blocks \u2013 ComboBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.6 via the /wp-json/post-grid/v2/get_users REST API This makes it possible for unauthenticated attackers to extract sensitive data including including emails and other user data. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-28T07:49:36.000000Z"}, {"uuid": "c9b129dd-7d8a-4860-9675-b33da3275dba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13791", "type": "seen", "source": "Telegram/uytY2toEG9W3wF_Wamnh4Zob4aHqZzx-OQr9lTL9FkFJBAcY", "content": "", "creation_timestamp": "2025-02-14T21:08:29.000000Z"}, {"uuid": "6fa3c6d9-49e2-4e04-94a0-36e4a3df099a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13795", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4764", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13795\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.12.27. This is due to missing or incorrect nonce validation on the ecwid_deactivate_feedback() function. This makes it possible for unauthenticated attackers to send deactivation messages on behalf of a site owner via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-02-18T07:28:14.388Z\n\ud83d\udccf Modified: 2025-02-18T07:28:14.388Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/f1eb9ec6-897a-4c38-a85c-033d7050dcfa?source=cve\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3241777%40ecwid-shopping-cart&new=3241777%40ecwid-shopping-cart&sfp_email=&sfph_mail=", "creation_timestamp": "2025-02-18T08:41:11.000000Z"}, {"uuid": "dadc2a99-e4af-4496-94c8-47c2c7f4d546", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13794", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4053", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13794\n\ud83d\udd25 CVSS Score: 5.3 (CVSS_V3)\n\ud83d\udd39 Description: The WP Ghost (Hide My WP Ghost) \u2013 Security & Firewall plugin for WordPress is vulnerable to Login Page Dislcosure in all versions up to, and including, 5.3.02. This is due to the plugin not properly restricting the /wp-register.php path. This makes it possible for unauthenticated attackers to discover the hidden login page location.\n\ud83d\udccf Published: 2025-02-12T09:31:44Z\n\ud83d\udccf Modified: 2025-02-12T09:31:44Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13794\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3235271%40hide-my-wp&new=3235271%40hide-my-wp&sfp_email=&sfph_mail=\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/9effa526-7454-4490-9bf4-0605254d6625?source=cve", "creation_timestamp": "2025-02-12T10:10:12.000000Z"}, {"uuid": "1a8bb039-ed67-4ded-ad8a-03eedb92a840", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13799", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4773", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13799\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The User Private Files \u2013 File Upload & Download Manager with Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018new-fldr-name\u2019 parameter in all versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-02-19T05:22:53.160Z\n\ud83d\udccf Modified: 2025-02-19T05:22:53.160Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/419cf912-3187-43d7-90ab-1a20a46d86e4?source=cve\n2. https://plugins.trac.wordpress.org/browser/user-private-files/trunk/js/folder.js\n3. https://plugins.trac.wordpress.org/changeset/3240877/", "creation_timestamp": "2025-02-19T08:39:11.000000Z"}, {"uuid": "6d906592-4f3c-4545-8bb2-917538d8d46c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13790", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8036", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13790\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The MinimogWP \u2013 The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.7.0 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.\n\ud83d\udccf Published: 2025-03-19T08:21:59.729Z\n\ud83d\udccf Modified: 2025-03-19T08:21:59.729Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/b3ae0e08-5cdc-47ff-b094-3920d56a50f7?source=cve\n2. https://changelog.thememove.com/minimog-wp/\n3. https://themeforest.net/item/minimog-the-high-converting-ecommerce-wordpress-theme/36947163", "creation_timestamp": "2025-03-19T08:49:01.000000Z"}, {"uuid": "461e1ad5-f19d-4adf-aee9-b942c65d9c23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13798", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5015", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13798\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: The Post Grid and Gutenberg Blocks \u2013 ComboBlocks plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 2.3.5. This is due to insufficient verification on form fields. This makes it possible for unauthenticated attackers to create new orders for products and mark them as paid without actually completing a payment.\n\ud83d\udccf Published: 2025-02-22T04:21:16.200Z\n\ud83d\udccf Modified: 2025-02-22T04:21:16.200Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/705823ff-e9c3-4b8b-b71c-3b60d0d15b01?source=cve\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3242737%40post-grid&new=3242737%40post-grid&sfp_email=&sfph_mail=", "creation_timestamp": "2025-02-22T05:18:50.000000Z"}, {"uuid": "0069fc9f-3de8-4076-89d6-667e16563649", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13796", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5837", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13796\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: The Post Grid and Gutenberg Blocks \u2013 ComboBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.6 via the /wp-json/post-grid/v2/get_users REST API This makes it possible for unauthenticated attackers to extract sensitive data including including emails and other user data.\n\ud83d\udccf Published: 2025-02-28T04:21:55.558Z\n\ud83d\udccf Modified: 2025-02-28T04:21:55.558Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/0407223a-cd41-43d1-87b0-d6b83b57d4b3?source=cve\n2. https://plugins.trac.wordpress.org/browser/post-grid/trunk/includes/blocks/functions-rest.php?rev=3242718#L2055\n3. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3245187%40post-grid&new=3245187%40post-grid&sfp_email=&sfph_mail=", "creation_timestamp": "2025-02-28T05:26:34.000000Z"}, {"uuid": "15046c6b-4d11-4c2f-8bb3-2bee8a5c8f70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13794", "type": "seen", "source": "https://t.me/cvedetector/17829", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13794 - Hide My WP Ghost WordPress Plugin Login Page Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13794 \nPublished : Feb. 12, 2025, 8:15 a.m. | 28\u00a0minutes ago \nDescription : The WP Ghost (Hide My WP Ghost) \u2013 Security & Firewall plugin for WordPress is vulnerable to Login Page Dislcosure in all versions up to, and including, 5.3.02. This is due to the plugin not properly restricting the /wp-register.php path. This makes it possible for unauthenticated attackers to discover the hidden login page location. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-12T10:10:57.000000Z"}, {"uuid": "bb115a09-fd67-4533-8198-80ff2652d1c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13793", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15475", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13793\n\ud83d\udd25 CVSS Score: 7.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\ud83d\udd39 Description: The Wolmart | Multi-Vendor Marketplace WooCommerce Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.8.11. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.\n\ud83d\udccf Published: 2025-05-08T04:21:33.449Z\n\ud83d\udccf Modified: 2025-05-08T04:21:33.449Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/6eb57c97-f560-42d1-87bd-b19c60700956?source=cve\n2. https://themeforest.net/item/wolmart-multivendor-marketplace-woocommerce-theme/32947681#item-description__changelog", "creation_timestamp": "2025-05-08T05:22:47.000000Z"}, {"uuid": "eda3d452-956e-4085-b36c-23d174ee645a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13796", "type": "seen", "source": "Telegram/JdTF9cA6lYGjgIkRZtMnYlzNIqYTWwqEqOEw8Ue95B_dwXRz", "content": "", "creation_timestamp": "2025-03-02T11:44:22.000000Z"}, {"uuid": "33f12a7d-36b5-40dd-9d99-2c2e114c1bce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13791", "type": "seen", "source": "https://t.me/cvedetector/18083", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13791 - Bit Assist WordPress Path Traversal\", \n  \"Content\": \"CVE ID : CVE-2024-13791 \nPublished : Feb. 14, 2025, 11:15 a.m. | 51\u00a0minutes ago \nDescription : Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the downloadResponseFile() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. \nSeverity: 4.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-14T13:14:59.000000Z"}, {"uuid": "b28fd2e0-7acd-4bc8-8703-befdeabb45a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13790", "type": "seen", "source": "https://t.me/cvedetector/20630", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13790 - MinimogWP Local File Inclusion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13790 \nPublished : March 19, 2025, 9:15 a.m. | 1\u00a0hour, 51\u00a0minutes ago \nDescription : The MinimogWP \u2013 The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.7.0 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-19T12:08:28.000000Z"}, {"uuid": "5d21c0a1-28ac-42d6-a816-23dc0bc9dc14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13799", "type": "seen", "source": "Telegram/7WpSiD-Hy8M_bQMA1tkjN-Zno5fhwqgwg-2McQAMBUt0I1so", "content": "", "creation_timestamp": "2025-02-19T15:39:50.000000Z"}, {"uuid": "d9ccf962-1bc1-449b-8c09-ae4f901eafae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13794", "type": "seen", "source": "Telegram/CN_5XkoS89a_dU6USSIfzvAJSVeuompeaxH6G1h0w84Mn7EJ", "content": "", "creation_timestamp": "2025-02-14T10:04:03.000000Z"}, {"uuid": "36689e68-a424-4ae3-a185-b8dff976f1a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13793", "type": "seen", "source": "https://t.me/cvedetector/24789", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13793 - Walmart | WooCommerce Theme WordPress Shortcode Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13793 \nPublished : May 8, 2025, 5:15 a.m. | 1\u00a0hour, 51\u00a0minutes ago \nDescription : The Wolmart | Multi-Vendor Marketplace WooCommerce Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.8.11. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-08T09:14:17.000000Z"}]}