{"vulnerability": "CVE-2024-3134", "sightings": [{"uuid": "94efa391-8153-4fb5-b0c4-487d38a31b7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-31349", "type": "seen", "source": "Telegram/KVM-rIjZK1OrlkLMaMKw6ZXNCRRWekEv1OEj9Zd1k2O6ZU5W", "content": "", "creation_timestamp": "2025-02-14T10:04:01.000000Z"}, {"uuid": "855dc65a-19dd-4731-b17c-c53ceb3ce590", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3134", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3434", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-3134\n\ud83d\udd25 CVSS Score: 6.2 (CVSS_V3)\n\ud83d\udd39 Description: The Master Addons \u2013 Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the title_html_tag attribute in all versions up to, and including, 2.0.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2024-05-17T00:31:00Z\n\ud83d\udccf Modified: 2025-01-30T00:31:03Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-3134\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3087193%40master-addons%2Ftrunk&old=3078134%40master-addons%2Ftrunk&sfp_email=&sfph_mail=\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/6106c972-5475-4c19-8630-3a01edc616ad?source=cve", "creation_timestamp": "2025-01-30T01:12:17.000000Z"}, {"uuid": "f30824bb-081a-4f30-9013-aff554a2e8b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-31349", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3995", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-31349\n\ud83d\udd25 CVSS Score: 6.5 (CVSS_V3)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MailMunch MailMunch \u2013 Grow your Email List allows Stored XSS.This issue affects MailMunch \u2013 Grow your Email List: from n/a through 3.1.6.\n\ud83d\udccf Published: 2024-04-07T18:30:30Z\n\ud83d\udccf Modified: 2025-02-12T03:31:14Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-31349\n2. https://patchstack.com/database/vulnerability/mailmunch/wordpress-mailmunch-grow-your-email-list-plugin-3-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-02-12T04:08:24.000000Z"}, {"uuid": "c85d16d1-2fea-416c-b830-c911cc69604b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-31345", "type": "published-proof-of-concept", "source": "Telegram/ioXyoo3ajrg33a8-M1YBppyPg5FyIlupTVF1Q5WN6NNg", "content": "", "creation_timestamp": "2024-04-09T09:46:07.000000Z"}, {"uuid": "9d70f1f9-a2d9-4489-b0e4-ea046f46ca4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-31349", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3988", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-31349\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2024-04-07T18:15:13.240\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://patchstack.com/database/vulnerability/mailmunch/wordpress-mailmunch-grow-your-email-list-plugin-3-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve\n2. https://patchstack.com/database/vulnerability/mailmunch/wordpress-mailmunch-grow-your-email-list-plugin-3-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-02-12T03:08:27.000000Z"}, {"uuid": "16d4491e-439c-42cd-903a-137c278469b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-31340", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9429", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-31340\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: TP-Link Tether versions prior to 4.5.13 and TP-Link Tapo versions prior to 3.3.6 do not properly validate certificates, which may allow a remote unauthenticated attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack.\n\ud83d\udccf Published: 2024-05-22T05:29:04.007Z\n\ud83d\udccf Modified: 2025-03-28T19:23:24.162Z\n\ud83d\udd17 References:\n1. https://play.google.com/store/apps/details?id=com.tplink.tether\n2. https://play.google.com/store/apps/details?id=com.tplink.iot\n3. https://jvn.jp/en/jp/JVN29471697/", "creation_timestamp": "2025-03-28T19:28:52.000000Z"}, {"uuid": "58172419-279a-461d-a991-1012f8437ed1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3134", "type": "seen", "source": "Telegram/w2tWFVHBbQjFmcNgslv1rQ6I_OzFv6MfIeXOmZ1QZIlO8K-N", "content": "", "creation_timestamp": "2025-01-30T02:17:49.000000Z"}]}