{"vulnerability": "CVE-2024-2509", "sightings": [{"uuid": "cf82d58c-4153-417b-8378-328b145d2e8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-25098", "type": "seen", "source": "https://t.me/ctinow/201719", "content": "https://ift.tt/mkVTeaI\nCVE-2024-25098 | PB oEmbed HTML5 Audio Plugin up to 2.6 on WordPress Shortcode cross site scripting", "creation_timestamp": "2024-03-06T19:51:44.000000Z"}, {"uuid": "7a7fa022-c564-43c2-96b0-14ac8fb2d388", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-25092", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/14593", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udcc5 Date: 2025-03-14 03:56:33\n\ud83d\udea8 Title: Alleged disclosure of WordPress NextMove Lite 2.17.0 Missing Authorization Vulnerability\n\ud83d\udee1\ufe0f Victim Country: \n\ud83c\udfed Victim Industry: \n\ud83c\udfe2 Victim Organization: \n\ud83c\udf10 Victim Site: \n\ud83d\udcdc Category: Vulnerability\n\ud83d\udd75\ufe0f\u200d\u2642\ufe0f Threat Actor: Nxploited\n\ud83c\udf0d Network: openweb\n\ud83d\udd17 Claim: https://0day.today/exploit/description/39942\n\ud83d\udcdd Description: The threat actor claims to have disclosed an exploit for WordPress NextMove Lite 2.17.0, which suffers from a missing authorization vulnerability. This flaw could allow unauthorized users to access or modify restricted resources, posing a medium security risk to PHP-based web applications. The vulnerability is tracked as CVE-2024-25092.\n\n\u26a0\ufe0f Stay ahead of cyber threats! Subscribe to the Paid Threat Feed at https://t.me/DarkWebInformer_Bot for real-time updates (Website excluded). Want to pay via crypto? Visit https://darkwebinformer.com/crypto-payments.", "creation_timestamp": "2025-03-14T04:56:36.000000Z"}, {"uuid": "84853323-1deb-4114-8387-bdac481dde54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-25092", "type": "published-proof-of-concept", "source": "Telegram/t4W2qGLDrPTh4ylfVSi32sIJvO37xNh95ZguxDMzeYbNCQs", "content": "", "creation_timestamp": "2025-03-13T16:00:07.000000Z"}, {"uuid": "91dedca0-5649-4b16-a634-1e7f81403ff7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-25099", "type": "seen", "source": "https://t.me/ctinow/206950", "content": "https://ift.tt/QYKOpSa\nCVE-2024-25099", "creation_timestamp": "2024-03-13T17:37:20.000000Z"}, {"uuid": "9bd884e7-9e9d-4613-8624-936382e7a206", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-25097", "type": "seen", "source": "https://t.me/ctinow/206949", "content": "https://ift.tt/kyOqraV\nCVE-2024-25097", "creation_timestamp": "2024-03-13T17:37:19.000000Z"}, {"uuid": "e9a43c49-eab6-47c3-8fc9-0ebee03c2bd4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-25094", "type": "seen", "source": "https://t.me/ctinow/203185", "content": "https://ift.tt/mWile7j\nCVE-2024-25094 | PJ News Ticker Plugin up to 6.8.10 on WordPress Shortcode cross site scripting", "creation_timestamp": "2024-03-08T09:51:57.000000Z"}, {"uuid": "24671069-00bd-49ea-bf29-974fcdaa6914", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-25091", "type": "seen", "source": "https://t.me/ctinow/197475", "content": "https://ift.tt/aJge9SX\nCVE-2024-25091", "creation_timestamp": "2024-03-01T10:21:47.000000Z"}, {"uuid": "b6cc8247-590d-4b37-afba-b3b44d99c456", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-25091", "type": "seen", "source": "https://t.me/ctinow/197478", "content": "https://ift.tt/aJge9SX\nCVE-2024-25091", "creation_timestamp": "2024-03-01T10:26:51.000000Z"}, {"uuid": "1c98afdb-5090-46f7-9a57-10cae2628d5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-25090", "type": "seen", "source": "https://t.me/cvedetector/1672", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-25090 - Apache Roller Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-25090 \nPublished : July 26, 2024, 9:15 a.m. | 38\u00a0minutes ago \nDescription : Insufficient input validation and sanitation in Profile name & screenname, Bookmark name & description and blogroll name features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted users, then you need to do nothing because you trust your users to author raw HTML and other web content. If you are running with untrusted users then you should upgrade to Roller 6.1.3.  \n  \nThis issue affects Apache Roller: from 5.0.0 before 6.1.3.  \n  \nUsers are recommended to upgrade to version 6.1.3, which fixes the issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-26T12:09:14.000000Z"}, {"uuid": "31eaf240-2047-4bb1-a19b-3f83daece5bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-25093", "type": "seen", "source": "Telegram/WgNuBYGAOl1X0k-RNBaaU_hm5nxICynulbuvT75lQQKseBW-", "content": "", "creation_timestamp": "2024-02-29T07:05:11.000000Z"}]}