{"vulnerability": "CVE-2024-1386", "sightings": [{"uuid": "25f0b320-96f7-46a6-8304-809616a68518", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13867", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113995871774983364", "content": "", "creation_timestamp": "2025-02-13T09:29:22.313727Z"}, {"uuid": "c24cf060-5c26-48cd-b672-9313f64a9b69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13867", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li2hfx5dv62d", "content": "", "creation_timestamp": "2025-02-13T10:15:54.239849Z"}, {"uuid": "ad3e12d9-623e-48be-b550-1d8864baae4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13867", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3li2vulnybj2a", "content": "", "creation_timestamp": "2025-02-13T14:34:37.744097Z"}, {"uuid": "d4e08450-7372-4b6a-ac1f-ae8c0cca4dfb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13863", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ll6v7zxoqi2l", "content": "", "creation_timestamp": "2025-03-25T08:49:24.065043Z"}, {"uuid": "f5b54ca9-5e21-445b-8672-64f7151e6678", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13869", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lirogkgqri2k", "content": "", "creation_timestamp": "2025-02-22T15:52:44.655841Z"}, {"uuid": "aa6c8bb1-eff3-450d-b8b5-26ae2c14b496", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13860", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lo6e7qfomi2l", "content": "", "creation_timestamp": "2025-05-02T08:00:40.769942Z"}, {"uuid": "ad5b4cca-074d-42a0-89ed-176ed6a19745", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13868", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ljp77irqw52y", "content": "", "creation_timestamp": "2025-03-06T09:40:13.908433Z"}, {"uuid": "50db5d95-eff8-4274-99cc-b9ea64c1ed9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13861", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114319711347166542", "content": "", "creation_timestamp": "2025-04-11T14:06:01.995933Z"}, {"uuid": "0c0f366f-df81-4909-86eb-1202a3a7988d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13861", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmkdybtpof2j", "content": "", "creation_timestamp": "2025-04-11T15:37:57.406421Z"}, {"uuid": "4240c02a-de28-4d23-8ee0-c3294439dfd7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13867", "type": "seen", "source": "MISP/db121278-a8f5-4f36-a226-e45f3a86f55e", "content": "", "creation_timestamp": "2025-08-26T13:26:34.000000Z"}, {"uuid": "845a1149-3aed-42d1-ab3f-6c1bb3ccbc5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13860", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lo6g6epu5zk2", "content": "", "creation_timestamp": "2025-05-02T13:21:03.775484Z"}, {"uuid": "92689f16-3bf6-4500-9490-3a35145ad510", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13862", "type": "seen", "source": "https://t.me/cvedetector/20049", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13862 - AWS Elementor YouTube Vimeo Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13862 \nPublished : March 11, 2025, 6:15 a.m. | 1\u00a0hour, 47\u00a0minutes ago \nDescription : The S3Bubble Media Streaming (AWS|Elementor|YouTube|Vimeo Functionality) WordPress plugin through 8.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-11T09:15:57.000000Z"}, {"uuid": "194da837-6a3d-425d-86bd-00b7b1fb3c64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13864", "type": "seen", "source": "https://t.me/cvedetector/20046", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13864 - \"WordPress Countdown Timer Reflected Cross-Site Scripting\"\", \n  \"Content\": \"CVE ID : CVE-2024-13864 \nPublished : March 11, 2025, 6:15 a.m. | 1\u00a0hour, 47\u00a0minutes ago \nDescription : The Countdown Timer WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-11T09:15:55.000000Z"}, {"uuid": "ebbfedc6-5ce1-49d7-9097-25a51134a7df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13860", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14449", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13860\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018bbp_topic_title\u2019 parameter in all versions up to, and including, 2.8.50 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 2.8.41.\n\ud83d\udccf Published: 2025-05-02T06:41:50.634Z\n\ud83d\udccf Modified: 2025-05-02T06:41:50.634Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/a0ac8a41-553e-473b-82a7-226de17e472d?source=cve\n2. https://www.buddyboss.com/platform/\n3. https://example/social/forums/forum/redteam/", "creation_timestamp": "2025-05-02T07:16:18.000000Z"}, {"uuid": "1ea8a2bd-ee0d-4856-8749-f547cffb018f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13869", "type": "seen", "source": "https://t.me/cvedetector/18720", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13869 - NGINX WPvivid Backup & Migration Arbitrary File Upload Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13869 \nPublished : Feb. 22, 2025, 1:15 p.m. | 2\u00a0hours, 7\u00a0minutes ago \nDescription : The Migration, Backup, Staging \u2013 WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload_files' function in all versions up to, and including, 0.9.112. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. NOTE: Uploaded files are only accessible on WordPress instances running on the NGINX web server as the existing .htaccess within the target file upload folder prevents access on Apache servers. \nSeverity: 7.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-22T16:39:53.000000Z"}, {"uuid": "d8293f92-5b77-45e4-84c0-3e9fb5f3c791", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13867", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4233", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13867\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-13T10:15:09.847\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://themeforest.net/item/listivo-classified-ads-wordpress-theme/34032749\n2. https://www.wordfence.com/threat-intel/vulnerabilities/id/705c2322-bb52-4337-b0dd-6bf04bd1b0e0?source=cve", "creation_timestamp": "2025-02-13T11:11:33.000000Z"}, {"uuid": "9f746e09-4522-4f1c-ab7f-5bba8291a7d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13868", "type": "seen", "source": "Telegram/CtdztYBb8pns69z9Cs5MX17mMkZTDa-WXujZ5442YfHeFUWO", "content": "", "creation_timestamp": "2025-03-08T04:34:09.000000Z"}, {"uuid": "dff17ecf-39ef-4a24-aa46-5ef7c47ec577", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13867", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4237", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13867\n\ud83d\udd25 CVSS Score: 6.2 (CVSS_V3)\n\ud83d\udd39 Description: The Listivo - Classified Ads WordPress Theme theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 2.3.67 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-02-13T12:31:06Z\n\ud83d\udccf Modified: 2025-02-13T12:31:06Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13867\n2. https://themeforest.net/item/listivo-classified-ads-wordpress-theme/34032749\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/705c2322-bb52-4337-b0dd-6bf04bd1b0e0?source=cve", "creation_timestamp": "2025-02-13T13:12:32.000000Z"}, {"uuid": "6c44d634-08df-465f-a3f6-0a882355f2b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13869", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5025", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13869\n\ud83d\udd25 CVSS Score: 7.2 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The Migration, Backup, Staging \u2013 WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload_files' function in all versions up to, and including, 0.9.112. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. NOTE: Uploaded files are only accessible on WordPress instances running on the NGINX web server as the existing .htaccess within the target file upload folder prevents access on Apache servers.\n\ud83d\udccf Published: 2025-02-22T12:39:20.843Z\n\ud83d\udccf Modified: 2025-02-22T12:39:20.843Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/0082e46d-fdbe-4ab7-bba3-0681a25d4495?source=cve\n2. https://plugins.trac.wordpress.org/changeset/3242904/wpvivid-backuprestore", "creation_timestamp": "2025-02-22T13:22:48.000000Z"}, {"uuid": "e56f6b42-c35e-465e-8e1b-d4e7c73bcd6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13863", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8602", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13863\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Stylish Google Sheet Reader 4.0  WordPress plugin before 4.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin\n\ud83d\udccf Published: 2025-03-25T06:00:13.705Z\n\ud83d\udccf Modified: 2025-03-25T06:00:13.705Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/a6161595-0934-4baa-9da6-73792f4b87fd/", "creation_timestamp": "2025-03-25T06:23:34.000000Z"}, {"uuid": "a6b79ea7-4c10-4b01-85f9-9ea207682bab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13866", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6506", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13866\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Simple Notification plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.\n\ud83d\udccf Published: 2025-03-05T08:21:57.003Z\n\ud83d\udccf Modified: 2025-03-05T08:21:57.003Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/e814f798-5ebc-4bea-838f-d0a803f9bdbc?source=cve\n2. https://wordpress.org/plugins/simple-notification/#developers", "creation_timestamp": "2025-03-05T08:35:18.000000Z"}, {"uuid": "b1b5d1dc-812a-4570-82dd-3625b0b75da2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13868", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6654", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13868\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The URL Shortener | Conversion Tracking  | AB Testing  | WooCommerce WordPress plugin through 9.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n\ud83d\udccf Published: 2025-03-06T06:00:03.753Z\n\ud83d\udccf Modified: 2025-03-06T06:00:03.753Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/0bff1645-dd53-4416-a90f-7cf4a6b33c1a/", "creation_timestamp": "2025-03-06T06:33:01.000000Z"}, {"uuid": "54c2df8c-3103-44fe-918f-67bb7216e2e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13864", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7158", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13864\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Countdown Timer WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin\n\ud83d\udccf Published: 2025-03-11T06:00:12.171Z\n\ud83d\udccf Modified: 2025-03-11T14:08:28.208Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/b95b32b6-218a-4d02-b294-ab13458006b2/", "creation_timestamp": "2025-03-11T14:39:59.000000Z"}, {"uuid": "0b1b823c-031e-4bb9-b123-d410d1fcc747", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13866", "type": "seen", "source": "Telegram/2ihVuJD-Q4icVthQhU76SEVteELsfPqayhaeHBdyWOQ7WMIK", "content": "", "creation_timestamp": "2025-03-06T02:16:26.000000Z"}, {"uuid": "64e6161e-ff1c-4900-b97c-f46250c38503", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13861", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12183", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13861\n\ud83d\udd25 CVSS Score: 7.8 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: A code injection vulnerability in the Debian package component of Taegis Endpoint Agent (Linux) versions older than 1.3.10 allows local users arbitrary code execution as root. Redhat-based systems using RPM packages are not affected.\n\ud83d\udccf Published: 2025-04-11T12:41:45.182Z\n\ud83d\udccf Modified: 2025-04-17T03:55:29.877Z\n\ud83d\udd17 References:\n1. https://www.sophos.com/en-us/security-advisories/sophos-sa-20250411-taegis-agent-lpe", "creation_timestamp": "2025-04-17T04:57:23.000000Z"}, {"uuid": "af39ab4c-0fbc-4fa8-b076-cf2351c05663", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13861", "type": "seen", "source": "https://t.me/cvedetector/22747", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13861 - Taegis Endpoint Agent Debian Package Code Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13861 \nPublished : April 11, 2025, 1:15 p.m. | 28\u00a0minutes ago \nDescription : A code injection vulnerability in the Debian package component of Taegis Endpoint Agent (Linux) versions older than 1.3.10 allows local users arbitrary code execution as root. Redhat-based systems using RPM packages are not affected. \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-11T16:27:15.000000Z"}, {"uuid": "6fbb280a-33ec-449c-a647-309451fa62ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13867", "type": "seen", "source": "https://t.me/cvedetector/17988", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13867 - Listivo WordPress Theme - Reflected Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13867 \nPublished : Feb. 13, 2025, 10:15 a.m. | 1\u00a0hour, 15\u00a0minutes ago \nDescription : The Listivo - Classified Ads WordPress Theme theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 2.3.67 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-13T12:58:54.000000Z"}, {"uuid": "543ace19-054f-4e01-8d41-0a2ecdc2040b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13869", "type": "seen", "source": "Telegram/7-B2hz2HD5ns3w-f5EMjyzJDjJwSUPicx7MvTV7YXoXlLcEt", "content": "", "creation_timestamp": "2025-02-23T17:38:05.000000Z"}, {"uuid": "980d3798-6066-472c-ac68-79834f990bbe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13868", "type": "seen", "source": "https://t.me/cvedetector/19689", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13868 - WooCommerce WordPress Plugin Reflected Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-13868 \nPublished : March 6, 2025, 6:15 a.m. | 1\u00a0hour, 43\u00a0minutes ago \nDescription : The URL Shortener | Conversion Tracking  | AB Testing  | WooCommerce WordPress plugin through 9.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-06T09:39:53.000000Z"}, {"uuid": "de0dfe2e-09b4-4ad8-b66c-08ce528bda2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13867", "type": "seen", "source": "Telegram/EVDk7KOsizbcEgGcLOUYsd0ZU6QJz5m7xXqghohdznrcdjO5", "content": "", "creation_timestamp": "2025-02-14T10:08:09.000000Z"}, {"uuid": "b57ad503-499b-4f5a-8c29-58a5ddf1df81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13867", "type": "seen", "source": "Telegram/K_CcpKZFwpFdAI2nVyjbHp4IG7-9HyUcRSa9yXyzl1Hco05q", "content": "", "creation_timestamp": "2025-02-14T10:06:09.000000Z"}, {"uuid": "0ad8878d-4c09-454e-9285-f3b00a607b42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13860", "type": "seen", "source": "https://t.me/cvedetector/24337", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13860 - Buddyboss WordPress Stored Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-13860 \nPublished : May 2, 2025, 7:15 a.m. | 1\u00a0hour, 41\u00a0minutes ago \nDescription : The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018bbp_topic_title\u2019 parameter in all versions up to, and including, 2.8.50 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 2.8.41. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-02T11:45:45.000000Z"}]}