{"vulnerability": "CVE-2024-1392", "sightings": [{"uuid": "71707158-8c33-4e47-adec-944d2b739cb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13925", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12197", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13925\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Klarna Checkout for WooCommerce WordPress plugin before 2.13.5 exposes an unauthenticated WooCommerce Ajax endpoint that allows an attacker to flood the log files with data at the maximum size allowed for a POST parameter per request. This can result in rapid consumption of disk space, potentially filling the entire disk.\n\ud83d\udccf Published: 2025-04-17T06:00:09.407Z\n\ud83d\udccf Modified: 2025-04-17T06:00:09.407Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/6aebb52f-d74a-4043-86c4-c24579f24ef4/", "creation_timestamp": "2025-04-17T06:57:20.000000Z"}, {"uuid": "8387781c-6bec-4f98-a6bb-75744cc523a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13925", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmyj7ha6oi2c", "content": "", "creation_timestamp": "2025-04-17T06:48:43.448973Z"}, {"uuid": "8ee57d61-4bea-4591-9af2-7a26cecc6409", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13929", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lprtj7csk42q", "content": "", "creation_timestamp": "2025-05-22T19:20:06.412681Z"}, {"uuid": "148c7e76-cf15-4898-83ca-cbce96003dc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13928", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lprtsb4eca22", "content": "", "creation_timestamp": "2025-05-22T19:25:08.448187Z"}, {"uuid": "5745ad80-1810-421d-8766-9d3902386797", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13924", "type": "seen", "source": "https://t.me/cvedetector/19899", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13924 - FancyWP WordPress Blind Server-Side Request Forgery Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13924 \nPublished : March 8, 2025, 1:15 p.m. | 44\u00a0minutes ago \nDescription : The Starter Templates by FancyWP plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.0.0 via the 'http_request_host_is_external' filter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-08T15:11:16.000000Z"}, {"uuid": "74b04e5d-4a35-4a9e-ab8b-e8adcb96829a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13924", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/114127947868522711", "content": "", "creation_timestamp": "2025-03-08T17:18:03.038559Z"}, {"uuid": "299e8022-a604-43ea-8080-31e30d5f8305", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13926", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3ln5laan57qu2", "content": "", "creation_timestamp": "2025-04-19T07:08:24.314829Z"}, {"uuid": "2311a56a-5415-4c8c-8b59-2add0a30136f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13926", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ln5qctml472a", "content": "", "creation_timestamp": "2025-04-19T08:39:12.550849Z"}, {"uuid": "371491dc-9087-4b74-a8f2-fe55b4620e5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13924", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6945", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13924\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: The Starter Templates by FancyWP plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.0.0 via the 'http_request_host_is_external' filter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.\n\ud83d\udccf Published: 2025-03-08T12:21:32.041Z\n\ud83d\udccf Modified: 2025-03-08T12:21:32.041Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/9355b100-08a9-4640-a91b-e56ba1ab9b07?source=cve\n2. https://plugins.trac.wordpress.org/browser/starter-templates/trunk/classess/class-export.php#L3", "creation_timestamp": "2025-03-08T12:36:26.000000Z"}, {"uuid": "1a305bc4-3674-47f4-ad51-2efb20baaa57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13926", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12576", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13926\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The WP-Syntax WordPress plugin through 1.2 does not properly handle input, allowing an attacker to create a post containing a large number of tags, thereby exploiting a catastrophic backtracking issue in the regular expression processing to cause a DoS.\n\ud83d\udccf Published: 2025-04-19T06:00:02.350Z\n\ud83d\udccf Modified: 2025-04-19T06:00:02.350Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/b5f0092e-7cd5-412f-a8ea-7bd4a8bf86d2/", "creation_timestamp": "2025-04-19T06:59:28.000000Z"}, {"uuid": "4c679b38-a550-4f52-85f0-202d082e9cb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13925", "type": "seen", "source": "https://t.me/cvedetector/23217", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13925 - Klarna Checkout for WooCommerce File Log Flood Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13925 \nPublished : April 17, 2025, 6:15 a.m. | 1\u00a0hour, 56\u00a0minutes ago \nDescription : The Klarna Checkout for WooCommerce WordPress plugin before 2.13.5 exposes an unauthenticated WooCommerce Ajax endpoint that allows an attacker to flood the log files with data at the maximum size allowed for a POST parameter per request. This can result in rapid consumption of disk space, potentially filling the entire disk. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-17T10:28:11.000000Z"}, {"uuid": "4ece4f53-f508-4f71-a76c-2bad601c0976", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13926", "type": "seen", "source": "https://t.me/cvedetector/23374", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13926 - WordPress WP-Syntax Regular Expression Denial of Service (DoS)\", \n  \"Content\": \"CVE ID : CVE-2024-13926 \nPublished : April 19, 2025, 6:15 a.m. | 32\u00a0minutes ago \nDescription : The WP-Syntax WordPress plugin through 1.2 does not properly handle input, allowing an attacker to create a post containing a large number of tags, thereby exploiting a catastrophic backtracking issue in the regular expression processing to cause a DoS. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-19T09:18:10.000000Z"}, {"uuid": "ffa7894a-044b-4a05-b482-e28be2977422", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13923", "type": "seen", "source": "https://t.me/cvedetector/20735", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13923 - WooCommerce Server-Side Request Forgery Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13923 \nPublished : March 20, 2025, 12:15 p.m. | 1\u00a0hour, 44\u00a0minutes ago \nDescription : The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.0 via the validate_file() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. \nSeverity: 7.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-20T15:43:46.000000Z"}, {"uuid": "9c050e2c-8760-4226-ac30-8621afd06aa6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13924", "type": "seen", "source": "Telegram/HG0M_GwIqq-n4i0Gf-FzKxnP20cW5N5XUKms6jqt4dgi5pDp", "content": "", "creation_timestamp": "2025-03-08T16:29:02.000000Z"}, {"uuid": "37234883-e14f-4138-be24-2dd11e5a674d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13922", "type": "seen", "source": "https://t.me/cvedetector/20734", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13922 - WooCommerce Order Export & Import Arbitrary File Deletion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13922 \nPublished : March 20, 2025, 12:15 p.m. | 1\u00a0hour, 44\u00a0minutes ago \nDescription : The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.6.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary log files on the server. \nSeverity: 2.7 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-20T15:43:45.000000Z"}, {"uuid": "820d3abd-d9d3-4d1f-b6ad-ea6e27a1448d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13921", "type": "seen", "source": "https://t.me/cvedetector/20733", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13921 - WooCommerce Order Export & Order Import PHP Object Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13921 \nPublished : March 20, 2025, 12:15 p.m. | 1\u00a0hour, 44\u00a0minutes ago \nDescription : The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.0 via deserialization of untrusted input from the 'form_data' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. \nSeverity: 7.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-20T15:43:44.000000Z"}, {"uuid": "4b968de9-505c-4b26-8f3a-88acfb15b17b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13920", "type": "seen", "source": "https://t.me/cvedetector/20732", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13920 - WooCommerce Directory Traversal Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13920 \nPublished : March 20, 2025, 12:15 p.m. | 1\u00a0hour, 44\u00a0minutes ago \nDescription : The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.0 via the download_file() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary log files on the server, which can contain sensitive information. \nSeverity: 4.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-20T15:43:43.000000Z"}]}