{"vulnerability": "CVE-2024-1171", "sightings": [{"uuid": "d6b68b82-0d90-4fed-8b0e-04c989df813b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11719", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17062", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11719\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The tarteaucitron-wp WordPress plugin before 0.3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.\n\ud83d\udccf Published: 2025-05-15T20:06:50.972Z\n\ud83d\udccf Modified: 2025-05-20T19:33:28.595Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/64c2a296-5fc6-450e-a12d-75cbf8b73e3a/", "creation_timestamp": "2025-05-20T19:43:01.000000Z"}, {"uuid": "6228eb57-61f9-4759-91f5-daab81ebc444", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11717", "type": "seen", "source": "https://t.me/cvedetector/14186", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11717 - CTFd TokenForgeable Authentication\", \n  \"Content\": \"CVE ID : CVE-2024-11717 \nPublished : Jan. 2, 2025, 5:15 p.m. | 36\u00a0minutes ago \nDescription : Tokens in CTFd used for account activation and password resetting can be used interchangeably for these operations. When used, they are sent to the server as a GET parameter and they are not single use, which means, that during token expiration time an on-path attacker might reuse such a token to change user's password and take over the account.\u00a0Moreover, the tokens also include base64 encoded user email.  \n  \nThis issue impacts releases up to 3.7.4 and was addressed by  pull request 2679  \u00a0included in 3.7.5 release. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-02T19:16:50.000000Z"}, {"uuid": "a4dec7d6-576f-4871-85fe-12ea58e4527e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11716", "type": "seen", "source": "https://t.me/cvedetector/14187", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11716 - CTFd Team Bracket Reassignment Vulnerability ( Privilege Escalation )\", \n  \"Content\": \"CVE ID : CVE-2024-11716 \nPublished : Jan. 2, 2025, 5:15 p.m. | 36\u00a0minutes ago \nDescription : While assignment of a user to a team (bracket) in\u00a0CTFd  should be possible only once, at the registration, a flaw in logic implementation allows an authenticated user to reset it's bracket and then pick a new one, joining another team while a competition is already ongoing.  \nThis issue impacts releases from 3.7.0 up to 3.7.4 and was addressed by  pull request 2636  \u00a0included in 3.7.5 release. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-02T19:16:50.000000Z"}, {"uuid": "262dcc18-3ae9-4d41-b41d-360cc40fb9cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11716", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lerlb6aqsi2o", "content": "", "creation_timestamp": "2025-01-02T17:15:20.963410Z"}, {"uuid": "11e25bf4-7f52-4f0f-81c4-737fe7b00077", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11717", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lerlbatny62l", "content": "", "creation_timestamp": "2025-01-02T17:15:24.109160Z"}, {"uuid": "7668f56d-2a4a-46b0-afc1-c5483b0afa0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11716", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lermr2dj332q", "content": "", "creation_timestamp": "2025-01-02T17:42:02.816945Z"}, {"uuid": "44cbc77e-08ca-414e-95f8-699dece10f5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11717", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lermr2rirz2q", "content": "", "creation_timestamp": "2025-01-02T17:42:04.020423Z"}, {"uuid": "1128f681-e11a-4057-9bcb-969437f001cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1171", "type": "seen", "source": "https://t.me/ctinow/203651", "content": "https://ift.tt/9NW6wYk\nCVE-2024-1171 | wpdevteam Essential Addons for Elementor Plugin up to 5.9.8 on WordPress Filterable Gallery Widget cross site scripting (ID 3034127)", "creation_timestamp": "2024-03-08T23:26:07.000000Z"}, {"uuid": "309243e1-6646-4072-995f-9ed886272beb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11718", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17060", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11718\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The tarteaucitron-wp WordPress plugin before 0.3.0 allows author level and above users to add HTML into a post/page, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.\n\ud83d\udccf Published: 2025-05-15T20:06:50.765Z\n\ud83d\udccf Modified: 2025-05-20T19:33:48.089Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/02da3a49-20e4-4476-a78d-4c627994a90a/", "creation_timestamp": "2025-05-20T19:42:56.000000Z"}, {"uuid": "b816d115-d230-489d-b2fd-7932d901d9a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11714", "type": "seen", "source": "https://t.me/cvedetector/12940", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11714 - WordPress WP Job Portal SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2024-11714 \nPublished : Dec. 14, 2024, 7:15 a.m. | 39\u00a0minutes ago \nDescription : The WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'ff' parameter of the getFieldsForVisibleCombobox() function in all versions up to, and including, 2.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. \nSeverity: 4.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-14T09:20:30.000000Z"}, {"uuid": "21f52f2c-0342-4c7c-b1ef-ec72638ba4f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11713", "type": "seen", "source": "https://t.me/cvedetector/12939", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11713 - WordPress Job Portal SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11713 \nPublished : Dec. 14, 2024, 7:15 a.m. | 39\u00a0minutes ago \nDescription : The WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'page_id' parameter of the wpjobportal_deactivate() function in all versions up to, and including, 2.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. \nSeverity: 4.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-14T09:20:26.000000Z"}, {"uuid": "4a6bbcc4-1d69-4446-92f7-00cb57cced47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11712", "type": "seen", "source": "https://t.me/cvedetector/12938", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11712 - \"WP Job Portal Unauthorized Data Exposure\"\", \n  \"Content\": \"CVE ID : CVE-2024-11712 \nPublished : Dec. 14, 2024, 7:15 a.m. | 39\u00a0minutes ago \nDescription : The WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getResumeFileDownloadById() function in all versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to download other users resumes. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-14T09:20:25.000000Z"}, {"uuid": "7350ec01-80c6-4dd8-89b6-31f3dba2bb89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11715", "type": "seen", "source": "https://t.me/cvedetector/12941", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11715 - WordPress Job Portal - Unauthorized Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11715 \nPublished : Dec. 14, 2024, 7:15 a.m. | 39\u00a0minutes ago \nDescription : The WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the assignUserRole() function in all versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to elevate their privileges to that of an employer. \nSeverity: 4.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-14T09:20:31.000000Z"}, {"uuid": "f731d503-8d4c-4db5-ab7e-241b84233259", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11710", "type": "seen", "source": "https://t.me/cvedetector/12942", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11710 - WordPress WP Job Portal SQL Injectionumdation\", \n  \"Content\": \"CVE ID : CVE-2024-11710 \nPublished : Dec. 14, 2024, 7:15 a.m. | 39\u00a0minutes ago \nDescription : The WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'fieldfor', 'visibleParent' and 'id' parameters in all versions up to, and including, 2.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. \nSeverity: 4.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-14T09:20:31.000000Z"}, {"uuid": "046b54b4-bb8e-49b5-9e0b-8042195e4a10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11711", "type": "seen", "source": "https://t.me/cvedetector/12937", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11711 - WordPress WP Job Portal SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2024-11711 \nPublished : Dec. 14, 2024, 7:15 a.m. | 39\u00a0minutes ago \nDescription : The WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'resumeid' parameter in all versions up to, and including, 2.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-14T09:20:25.000000Z"}, {"uuid": "23da4984-21d8-4ca7-beab-ea2666c205c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11710", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113649831055109149", "content": "", "creation_timestamp": "2024-12-14T06:46:39.599730Z"}, {"uuid": "8e59f9d2-4e3c-4661-9d3b-aeb817764b66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11711", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113649831070852946", "content": "", "creation_timestamp": "2024-12-14T06:46:39.866099Z"}, {"uuid": "5f24eb3f-0f70-4ed3-9034-4e18acc05384", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11712", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113649831085986241", "content": "", "creation_timestamp": "2024-12-14T06:46:40.248825Z"}, {"uuid": "a6a5c1be-1e77-4d3e-94f5-d6462370d36f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11713", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113649831100646705", "content": "", "creation_timestamp": "2024-12-14T06:46:40.352364Z"}, {"uuid": "b1b8ab19-9301-403d-9324-f4300bf1bcc6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11711", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113649844459675891", "content": "", "creation_timestamp": "2024-12-14T06:50:04.181579Z"}, {"uuid": "b39de051-0c13-4736-919c-83a11efbf93c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11710", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113649844444413100", "content": "", "creation_timestamp": "2024-12-14T06:50:04.283787Z"}, {"uuid": "6c3292e6-7725-4840-975a-ca9dd3a36e27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11713", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113649844489337774", "content": "", "creation_timestamp": "2024-12-14T06:50:04.523936Z"}, {"uuid": "b6f75393-f947-4ee0-917a-2f5e9d48d44a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11712", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113649844474484932", "content": "", "creation_timestamp": "2024-12-14T06:50:04.726238Z"}, {"uuid": "ad38d70a-e439-4793-9395-f697019404c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11714", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113649903547678336", "content": "", "creation_timestamp": "2024-12-14T07:05:05.753486Z"}, {"uuid": "2012b34a-65d1-41a2-8e2a-6f857daba0e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11715", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113649903562348865", "content": "", "creation_timestamp": "2024-12-14T07:05:06.020445Z"}]}