{"vulnerability": "CVE-2024-1383", "sightings": [{"uuid": "cbc228d4-8c7f-48a4-a759-7080a563b69e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13835", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ljtosilano2e", "content": "", "creation_timestamp": "2025-03-08T04:29:58.542443Z"}, {"uuid": "e2afccec-f414-44eb-8c8d-5aa70814be61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13830", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113985946518586560", "content": "", "creation_timestamp": "2025-02-11T15:25:14.592499Z"}, {"uuid": "1787b91e-d26e-4c05-80a3-9d5d83d0061c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13830", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhw2mltlp62x", "content": "", "creation_timestamp": "2025-02-11T16:16:19.459485Z"}, {"uuid": "464ad6fa-4f9d-470a-96d3-0eebbcc506a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13830", "type": "seen", "source": "https://social.circl.lu/users/cedric/statuses/113986844143593949", "content": "", "creation_timestamp": "2025-02-11T19:13:31.592981Z"}, {"uuid": "7f76b020-8f69-407b-953d-56918fe47af5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13833", "type": "seen", "source": "Telegram/RD1Ky5ZRbc32bZBRiSXIpP4UIywIulPEnoUHTEQQcT6lmCwS", "content": "", "creation_timestamp": "2025-03-02T11:46:58.000000Z"}, {"uuid": "ca90674b-2dc7-46ee-85ed-8ed554646f65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13837", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lifhgskvf72y", "content": "", "creation_timestamp": "2025-02-17T19:15:40.239988Z"}, {"uuid": "dce9c2bf-7152-4bc0-a1dd-e27ce515552d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13837", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lifopbzyog2v", "content": "", "creation_timestamp": "2025-02-17T21:25:41.488496Z"}, {"uuid": "e0817dfa-4ae7-4289-a65d-ebe39f5b2591", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13831", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lja4mf633525", "content": "", "creation_timestamp": "2025-02-28T09:43:50.213664Z"}, {"uuid": "7398d7d5-236a-4b31-b4d4-297109faee65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13833", "type": "seen", "source": "MISP/1e8d1b5a-3537-4a30-907d-acb1720bbd18", "content": "", "creation_timestamp": "2025-08-19T18:29:28.000000Z"}, {"uuid": "687e24be-18c8-43b4-94ac-fb4341f7690f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13834", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/114008351209049483", "content": "", "creation_timestamp": "2025-02-15T14:23:03.001522Z"}, {"uuid": "eefabc69-21c6-4537-8276-6ad969a6cab9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13834", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li7z3w2y2u2o", "content": "", "creation_timestamp": "2025-02-15T15:15:43.807976Z"}, {"uuid": "78380733-ccc6-4f8e-b8df-ec00e84d4509", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13834", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3liaghzkjqm2c", "content": "", "creation_timestamp": "2025-02-15T19:15:08.616648Z"}, {"uuid": "09108322-4384-4952-a101-ab55154b088e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-13830", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/85f9fd3a-b2ef-443b-b091-2cad7418236f", "content": "", "creation_timestamp": "2025-02-11T19:05:13.397489Z"}, {"uuid": "f20e7788-f6cb-4bbb-9052-733acf9a460c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13831", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5859", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13831\n\ud83d\udd25 CVSS Score: 7.2 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The Tabs for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input in the 'product_has_custom_tabs' function. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.\n\ud83d\udccf Published: 2025-02-28T08:23:17.051Z\n\ud83d\udccf Modified: 2025-02-28T08:23:17.051Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/790a2c64-b358-41ed-be17-f2b99d294617?source=cve\n2. https://plugins.trac.wordpress.org/browser/wc-tabs/trunk/wc-tabs-lite.php#L363", "creation_timestamp": "2025-02-28T09:27:33.000000Z"}, {"uuid": "c9610a62-7ac6-4328-8a2e-2cb766d460a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13835", "type": "seen", "source": "https://t.me/cvedetector/19878", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13835 - WordPress Post Meta Data Manager Multisite Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13835 \nPublished : March 8, 2025, 3:15 a.m. | 2\u00a0hours, 19\u00a0minutes ago \nDescription : The Post Meta Data Manager plugin for WordPress is vulnerable to multisite privilege escalation in all versions up to, and including, 1.4.3. This is due to the plugin not properly verifying the existence of a multisite installation prior to allowing user meta to be added/modified. This makes it possible for authenticated attackers, with Administrator-level access and above, to gain elevated privileges on subsites that would otherwise be inaccessible. \nSeverity: 7.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-08T06:49:39.000000Z"}, {"uuid": "b9ba4ebf-d848-484b-9d4b-80263a53eac1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13832", "type": "seen", "source": "https://t.me/cvedetector/19145", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13832 - Elementor Ultra Addons Lite WordPress Information Exposure\", \n  \"Content\": \"CVE ID : CVE-2024-13832 \nPublished : Feb. 28, 2025, 9:15 a.m. | 51\u00a0minutes ago \nDescription : The Ultra Addons Lite for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.8 via the 'ut_elementor' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-28T11:10:38.000000Z"}, {"uuid": "686219ec-00fa-46b0-84d9-2624d804f5b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13834", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4568", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13834\n\ud83d\udd25 CVSS Score: 5.3 (CVSS_V3)\n\ud83d\udd39 Description: The Responsive Plus \u2013 Starter Templates, Advanced Features and Customizer Settings for Responsive Theme plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.4 via the 'remote_request' function. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.\n\ud83d\udccf Published: 2025-02-15T15:30:24Z\n\ud83d\udccf Modified: 2025-02-15T15:30:24Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13834\n2. https://plugins.trac.wordpress.org/changeset/3240422/responsive-add-ons\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/b2833265-f1e5-4cfd-ad2f-ca28a59de82f?source=cve", "creation_timestamp": "2025-02-15T16:12:23.000000Z"}, {"uuid": "300126fa-6aa3-4556-961b-568e08025e14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13834", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4571", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13834\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-15T15:15:23.423\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/changeset/3240422/responsive-add-ons\n2. https://www.wordfence.com/threat-intel/vulnerabilities/id/b2833265-f1e5-4cfd-ad2f-ca28a59de82f?source=cve", "creation_timestamp": "2025-02-15T17:11:11.000000Z"}, {"uuid": "1169803e-229f-4784-874e-81741d990b72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13836", "type": "seen", "source": "https://t.me/cvedetector/20048", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13836 - WordPress Login Control Reflected Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-13836 \nPublished : March 11, 2025, 6:15 a.m. | 1\u00a0hour, 47\u00a0minutes ago \nDescription : The WP Login Control WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-11T09:15:56.000000Z"}, {"uuid": "79192050-551a-4f34-a15e-a72da5e9f765", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13833", "type": "seen", "source": "https://t.me/cvedetector/19235", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13833 - WordPress Gallery Plugin PHP Object Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13833 \nPublished : March 1, 2025, 12:15 p.m. | 37\u00a0minutes ago \nDescription : The Album Gallery \u2013 WordPress Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.3 via deserialization of untrusted input from gallery meta. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. \nSeverity: 7.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-01T13:56:31.000000Z"}, {"uuid": "ff0b8920-35cd-464e-9f1e-c0292a499f5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13831", "type": "seen", "source": "https://t.me/cvedetector/19141", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13831 - WooCommerce Tabs for WordPress PHP Object Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13831 \nPublished : Feb. 28, 2025, 9:15 a.m. | 51\u00a0minutes ago \nDescription : The Tabs for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input in the 'product_has_custom_tabs' function. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. \nSeverity: 7.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-28T11:10:32.000000Z"}, {"uuid": "042d173f-beb0-4894-ae26-a61bef4e7e67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13838", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7291", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13838\n\ud83d\udd25 CVSS Score: 5.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Uncanny Automator \u2013 Easy Automation, Integration, Webhooks &amp; Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.2 via the 'call_webhook' method of the Automator_Send_Webhook class This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.\n\ud83d\udccf Published: 2025-03-12T07:00:22.022Z\n\ud83d\udccf Modified: 2025-03-12T07:00:22.022Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/29eeac86-6b33-49e6-a7e1-c80dee383d6f?source=cve\n2. https://plugins.trac.wordpress.org/changeset/3249921/uncanny-automator/trunk/src/core/lib/webhooks/class-automator-send-webhook.php", "creation_timestamp": "2025-03-12T07:43:57.000000Z"}, {"uuid": "743d5898-f2f4-48dd-9e1b-4862de604aec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13832", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5865", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13832\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: The Ultra Addons Lite for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.8 via the 'ut_elementor' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.\n\ud83d\udccf Published: 2025-02-28T08:23:14.655Z\n\ud83d\udccf Modified: 2025-02-28T08:23:14.655Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/476883a8-c258-477b-99d3-f35423d7a312?source=cve\n2. https://plugins.trac.wordpress.org/browser/ut-elementor-addons-lite/trunk/includes/queries.php#L506", "creation_timestamp": "2025-02-28T09:27:40.000000Z"}, {"uuid": "fc4b1617-c14c-42b3-bade-3743eca672c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13839", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6523", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13839\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Staff Directory Plugin: Company Directory plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-03-05T09:21:47.525Z\n\ud83d\udccf Modified: 2025-03-05T09:21:47.525Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/80203516-8546-441a-b51d-2d09968492b5?source=cve\n2. https://plugins.trac.wordpress.org/browser/staff-directory-pro/trunk/include/tgmpa/init.php#L99\n3. https://wordpress.org/plugins/staff-directory-pro/#developers", "creation_timestamp": "2025-03-05T09:35:58.000000Z"}, {"uuid": "7f1e41a3-99e9-41f9-a3eb-5f30de7850ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13833", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6071", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13833\n\ud83d\udd25 CVSS Score: 7.2 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The Album Gallery \u2013 WordPress Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.3 via deserialization of untrusted input from gallery meta. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.\n\ud83d\udccf Published: 2025-03-01T11:22:48.683Z\n\ud83d\udccf Modified: 2025-03-01T11:22:48.683Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/cc7075a6-5609-42ab-a4cb-9d33686c7de0?source=cve\n2. https://plugins.trac.wordpress.org/changeset/3246291/new-album-gallery", "creation_timestamp": "2025-03-01T11:27:27.000000Z"}, {"uuid": "db46649f-689b-4a2a-931e-3f5f540cdb8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13834", "type": "seen", "source": "Telegram/t0XrKhc1kiVejZaDwdDtjo7jIIsYmbiN6sM7WK6vqjUaGJDE", "content": "", "creation_timestamp": "2025-02-24T14:08:42.000000Z"}, {"uuid": "fcff435f-793e-4433-8d3d-388213533b7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13834", "type": "seen", "source": "https://t.me/cvedetector/18176", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13834 - WordPress Responsive Plus - Server-Side Request Forgery Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13834 \nPublished : Feb. 15, 2025, 3:15 p.m. | 2\u00a0hours, 9\u00a0minutes ago \nDescription : The Responsive Plus \u2013 Starter Templates, Advanced Features and Customizer Settings for Responsive Theme plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.4 via the 'remote_request' function. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-15T18:32:43.000000Z"}, {"uuid": "63a58ead-f9d7-4b53-8569-df235ed37af0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13835", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6913", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13835\n\ud83d\udd25 CVSS Score: 7.2 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The Post Meta Data Manager plugin for WordPress is vulnerable to multisite privilege escalation in all versions up to, and including, 1.4.3. This is due to the plugin not properly verifying the existence of a multisite installation prior to allowing user meta to be added/modified. This makes it possible for authenticated attackers, with Administrator-level access and above, to gain elevated privileges on subsites that would otherwise be inaccessible.\n\ud83d\udccf Published: 2025-03-08T02:24:04.227Z\n\ud83d\udccf Modified: 2025-03-08T02:24:04.227Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/568aa6d6-10a1-4653-ab95-845faf005b8e?source=cve\n2. https://wordpress.org/plugins/post-meta-data-manager/", "creation_timestamp": "2025-03-08T02:35:24.000000Z"}, {"uuid": "7788d66b-9b39-4f9b-bedd-7d2a71ee638b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13835", "type": "seen", "source": "Telegram/Pl5CtMRltYuSsFiI7PP1YbTRdMFEuTXzb5wiwL9-kz_SF8hu", "content": "", "creation_timestamp": "2025-03-08T04:37:51.000000Z"}, {"uuid": "fc77211b-7bab-439a-8667-d6ac8fd14372", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13839", "type": "seen", "source": "https://t.me/cvedetector/19611", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13839 - WordPress Staff Directory Plugin Reflected Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-13839 \nPublished : March 5, 2025, 10:15 a.m. | 48\u00a0minutes ago \nDescription : The Staff Directory Plugin: Company Directory plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-05T12:45:52.000000Z"}, {"uuid": "e19a32d5-9a91-46ec-ab15-bc856c392f64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13832", "type": "seen", "source": "Telegram/3R56g4XUreeMi4KCYmHQmsrao_sf2SQJYz5M1e3c2oXJOsvo", "content": "", "creation_timestamp": "2025-03-02T11:44:22.000000Z"}, {"uuid": "35c62025-43bc-49ba-816b-8f6dc834ec79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13834", "type": "seen", "source": "Telegram/rwoptQm-KGbJkeY0nbL12OY3XqMLtDOrF1CVxZ0boJpP7VZ0", "content": "", "creation_timestamp": "2025-02-15T23:50:18.000000Z"}, {"uuid": "ab9589b5-372d-413c-a97d-f5ea75583fe1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13831", "type": "seen", "source": "Telegram/1FZpbOh4wG1zbPdS276daDtpSBX8oNuxT_CFWRelKfsx3C6x", "content": "", "creation_timestamp": "2025-03-02T11:44:22.000000Z"}]}