{"vulnerability": "CVE-2024-1011", "sightings": [{"uuid": "1f5b0728-5fbf-455d-b861-8446d81ba289", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10117", "type": "seen", "source": "MISP/af790da0-9e28-4cb7-bd4e-46ad005115c6", "content": "", "creation_timestamp": "2025-10-08T21:59:32.000000Z"}, {"uuid": "fa99a4e1-dc38-417a-b86b-91eab3c24e4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10117", "type": "seen", "source": "Telegram/jQ36yx4nwjxU5dE6p3viwnYEKlLh5UIfzwTrSf0l1aYk33sX", "content": "", "creation_timestamp": "2025-02-14T10:03:10.000000Z"}, {"uuid": "9ddca285-045f-4072-ac47-234962fb6436", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10111", "type": "seen", "source": "https://t.me/cvedetector/12704", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10111 - WordPress OAuth SSO OAuth Client Authentication Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10111 \nPublished : Dec. 12, 2024, 4:15 a.m. | 36\u00a0minutes ago \nDescription : The OAuth Single Sign On \u2013 SSO (OAuth Client) plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.26.3. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username and the user does not have an already-existing account for the service returning the token. \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T06:17:43.000000Z"}, {"uuid": "acbfc6dc-5848-4065-9483-462c57b917c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10113", "type": "seen", "source": "https://t.me/cvedetector/11044", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10113 - WordPress WP AdCenter Stored Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2024-10113 \nPublished : Nov. 15, 2024, 6:15 a.m. | 21\u00a0minutes ago \nDescription : The WP AdCenter \u2013 Ad Manager & Adsense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpadcenter_ad shortcode in all versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-15T07:43:33.000000Z"}, {"uuid": "15386b2f-e540-4d48-8657-5b00c1d140ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10117", "type": "seen", "source": "https://t.me/cvedetector/9033", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10117 - WordPress WP Crowdfunding Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10117 \nPublished : Oct. 26, 2024, 12:15 p.m. | 24\u00a0minutes ago \nDescription : The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcf_donate shortcode in all versions up to, and including, 2.1.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-26T14:49:10.000000Z"}, {"uuid": "c59a683b-044f-4b62-a88c-e34bb4660e17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1011", "type": "seen", "source": "https://t.me/ctinow/175267", "content": "https://ift.tt/4UcpOSR\nCVE-2024-1011 | SourceCodester Employee Management System 1.0 Leave delete-leave.php id access control", "creation_timestamp": "2024-01-29T14:41:45.000000Z"}, {"uuid": "7b04bbf3-f0d6-48f2-ab22-ac16bdc852d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10117", "type": "seen", "source": "MISP/af790da0-9e28-4cb7-bd4e-46ad005115c6", "content": "", "creation_timestamp": "2025-10-01T18:11:57.000000Z"}, {"uuid": "cbb68059-1424-4989-9674-cd45e6eae68c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10114", "type": "seen", "source": "https://t.me/cvedetector/9835", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10114 - WooCommerce - Social Login WordPress Authentication Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-10114 \nPublished : Nov. 5, 2024, 9:15 a.m. | 38\u00a0minutes ago \nDescription : The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.7.7. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token. \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-05T11:21:09.000000Z"}, {"uuid": "e6e77660-b738-487e-ad0e-b8aa88b63cd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1011", "type": "seen", "source": "https://t.me/ctinow/179427", "content": "https://ift.tt/1pKrdHw\nCVE-2024-1011 Exploit", "creation_timestamp": "2024-02-05T19:16:50.000000Z"}, {"uuid": "ea9c3925-b31a-4729-ad19-7e289fa263a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1011", "type": "seen", "source": "https://t.me/ctinow/175443", "content": "https://ift.tt/NabMhPS\nCVE-2024-1011", "creation_timestamp": "2024-01-29T18:22:25.000000Z"}, {"uuid": "04ff9424-6313-4086-a94d-8b7c9dcc760a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10113", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113485333659464059", "content": "", "creation_timestamp": "2024-11-15T05:32:48.576265Z"}, {"uuid": "b0baf93e-d848-456b-b7a2-8d4e048706de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10119", "type": "seen", "source": "https://t.me/cvedetector/8286", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10119 - SECOM WRTM326 Remote Command Injection\", \n  \"Content\": \"CVE ID : CVE-2024-10119 \nPublished : Oct. 18, 2024, 5:15 a.m. | 19\u00a0minutes ago \nDescription : The wireless router WRTM326 from SECOM does not properly validate a specific parameter. An unauthenticated remote attacker could execute arbitrary system commands by sending crafted requests. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-18T07:42:56.000000Z"}, {"uuid": "74f6c7d2-2539-4a45-94a8-723af3c8f691", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10118", "type": "seen", "source": "https://t.me/cvedetector/8273", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10118 - SECOM WRTR-304GN-304TW-UPSC Arbitrary Command Injection\", \n  \"Content\": \"CVE ID : CVE-2024-10118 \nPublished : Oct. 18, 2024, 4:15 a.m. | 31\u00a0minutes ago \nDescription : SECOM WRTR-304GN-304TW-UPSC does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-18T06:52:31.000000Z"}, {"uuid": "bfe26ebd-17fd-48bd-8395-3ba7d3f548c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10112", "type": "seen", "source": "https://t.me/cvedetector/8915", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10112 - WordPress Simple News Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10112 \nPublished : Oct. 25, 2024, 9:15 a.m. | 42\u00a0minutes ago \nDescription : The Simple News plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'news' shortcode in all versions up to, and including, 2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T12:04:01.000000Z"}, {"uuid": "c3c47523-1eb4-4526-92c8-5d7e57bc55b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10116", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113530166902801495", "content": "", "creation_timestamp": "2024-11-23T03:34:29.475753Z"}, {"uuid": "5c1c0f7a-7be2-4a03-81cc-9626c2cca30f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10111", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113637748475293338", "content": "", "creation_timestamp": "2024-12-12T03:33:54.147433Z"}]}