{"vulnerability": "CVE-2024-1172", "sightings": [{"uuid": "2ffab3a9-a30b-44ac-867c-378b102070e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11728", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3ln6ztjltv62u", "content": "", "creation_timestamp": "2025-04-19T21:02:17.141255Z"}, {"uuid": "325cc136-d509-4b07-95dd-99db19b5250c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11720", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113650255805497748", "content": "", "creation_timestamp": "2024-12-14T08:34:40.737808Z"}, {"uuid": "bcff2245-3ca2-4747-baf0-94f3b0656d81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11721", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113650255820247206", "content": "", "creation_timestamp": "2024-12-14T08:34:40.984013Z"}, {"uuid": "a1ac4de4-670a-4293-89a1-40f152daf570", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11725", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf543yiw2x25", "content": "", "creation_timestamp": "2025-01-07T07:15:53.225121Z"}, {"uuid": "65ecea2c-757b-4e4a-a580-7a7f8cac28af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11725", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf543yiw2x25", "content": "", "creation_timestamp": "2025-01-07T07:15:53.233341Z"}, {"uuid": "823fa109-a201-46e9-9e22-2d946808c3e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11725", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113785968791389908", "content": "", "creation_timestamp": "2025-01-07T07:48:17.214050Z"}, {"uuid": "8e113dd8-8a00-4907-9f6f-25f0f305d59b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1172", "type": "seen", "source": "https://t.me/ctinow/203661", "content": "https://ift.tt/dcVHeZP\nCVE-2024-1172 | wpdevteam Essential Addons for Elementor Plugin up to 5.9.8 on WordPress Accordion Widget cross site scripting", "creation_timestamp": "2024-03-08T23:56:18.000000Z"}, {"uuid": "106ed625-76d4-419f-981c-4d214c679da3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11729", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113605581573888297", "content": "", "creation_timestamp": "2024-12-06T11:13:26.122274Z"}, {"uuid": "1dfa7258-a3e8-4e9d-8977-4bf93983ae26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11724", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113638525180877879", "content": "", "creation_timestamp": "2024-12-12T06:51:25.926932Z"}, {"uuid": "0d7a7d6f-d7aa-4b53-88fb-6d5d64ad240d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11727", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113638584180255981", "content": "", "creation_timestamp": "2024-12-12T07:06:25.901866Z"}, {"uuid": "971d216d-b611-4e53-ba55-5b3d39bfcbf6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11722", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113690099366421366", "content": "", "creation_timestamp": "2024-12-21T09:27:25.703669Z"}, {"uuid": "526207e4-3651-4cb5-98d7-3256e1419f8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11722", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ldso77bld625", "content": "", "creation_timestamp": "2024-12-21T10:15:20.030309Z"}, {"uuid": "b1b89192-0b13-470d-b739-ef3feee52068", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11726", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113707496978300630", "content": "", "creation_timestamp": "2024-12-24T11:11:51.829453Z"}, {"uuid": "710e69d2-f796-471f-bfcf-825d3455174f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11726", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3le2cxqkno72l", "content": "", "creation_timestamp": "2024-12-24T11:15:36.159810Z"}, {"uuid": "7be6ad7e-5ea8-493e-8a6a-f23168fb75eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11725", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113785725676670532", "content": "", "creation_timestamp": "2025-01-07T06:46:27.073268Z"}, {"uuid": "e57f9310-cb09-4010-98d8-e5118d6cde5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11725", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/375", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11725\n\ud83d\udd39 Description: The SMS Alert Order Notifications \u2013 WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the updateWcWarrantySettings() function in all versions up to, and including, 3.7.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. Please note this requires the woocommerce-warranty plugin to be installed in order to be exploited.\n\ud83d\udccf Published: 2025-01-07T06:40:56.260Z\n\ud83d\udccf Modified: 2025-01-07T06:40:56.260Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/33517dba-78ac-4391-a55e-d1f13801b212?source=cve\n2. https://plugins.trac.wordpress.org/browser/sms-alert/trunk/helper/return-warranty.php#L74\n3. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3199795%40sms-alert&new=3199795%40sms-alert&sfp_email=&sfph_mail=\n4. https://plugins.trac.wordpress.org/changeset/3198056/sms-alert/trunk/helper/return-warranty.php\n5. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3197777%40sms-alert&new=3197777%40sms-alert&sfp_email=&sfph_mail=\n6. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3207391%40sms-alert&new=3207391%40sms-alert&sfp_email=&sfph_mail=", "creation_timestamp": "2025-01-07T07:37:58.000000Z"}, {"uuid": "897f27b7-f40a-4b1e-bed9-10995da49d0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11725", "type": "seen", "source": "https://t.me/cvedetector/14492", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11725 - WordPress WooCommerce SMS Alert Order Notifications Privilege Escalation\", \n  \"Content\": \"CVE ID : CVE-2024-11725 \nPublished : Jan. 7, 2025, 7:15 a.m. | 30\u00a0minutes ago \nDescription : The SMS Alert Order Notifications \u2013 WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the updateWcWarrantySettings() function in all versions up to, and including, 3.7.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. Please note this requires the woocommerce-warranty plugin to be installed in order to be exploited. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-07T08:51:07.000000Z"}, {"uuid": "333404f6-7dd5-41e2-9c22-00f425fcf274", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11722", "type": "seen", "source": "https://t.me/cvedetector/13498", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11722 - WordPress DynamiApps Frontend Admin SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2024-11722 \nPublished : Dec. 21, 2024, 10:15 a.m. | 41\u00a0minutes ago \nDescription : The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.25.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This requires an unauthenticated user to have been given permission to view form submissions, and the form submission shortcode be added to a page. \nSeverity: 5.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-21T11:59:19.000000Z"}, {"uuid": "348fdb9c-701c-473e-a2f1-6b97c8a901f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11726", "type": "seen", "source": "https://t.me/cvedetector/13583", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11726 - BookingPress SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2024-11726 \nPublished : Dec. 24, 2024, 11:15 a.m. | 25\u00a0minutes ago \nDescription : The Appointment Booking Calendar Plugin and Scheduling Plugin \u2013 BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'category' parameter of the 'bookingpress_form' shortcode in all versions up to, and including, 1.1.21 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-24T12:43:55.000000Z"}, {"uuid": "9a21deea-1a3d-411c-b83a-c19a339acbb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11720", "type": "seen", "source": "https://t.me/cvedetector/12944", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11720 - DynamiApps WordPress Frontend Admin Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11720 \nPublished : Dec. 14, 2024, 9:15 a.m. | 42\u00a0minutes ago \nDescription : The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via submission forms in all versions up to, and including, 3.24.5 due to insufficient input sanitization and output escaping on the new Taxonomy form. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This is only exploitable when lower-level users have been granted access to submit specific forms, which is disabled by default. \nSeverity: 7.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-14T11:00:40.000000Z"}, {"uuid": "6500eb7d-d958-4bb8-9a2c-3aa6478555d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11721", "type": "seen", "source": "https://t.me/cvedetector/12943", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11721 - \"WordPress DynamiApps Frontend Admin Privilege Escalation\"\", \n  \"Content\": \"CVE ID : CVE-2024-11721 \nPublished : Dec. 14, 2024, 9:15 a.m. | 42\u00a0minutes ago \nDescription : The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.24.5. This is due to insufficient controls on the user role select field when utilizing the 'Role' field in a form. This makes it possible for unauthenticated attackers to create new administrative user accounts, even when the administrative user role has not been provided as an option to the user, granted that unauthenticated users have been provided access to the form. \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-14T11:00:39.000000Z"}, {"uuid": "832d5143-d1c7-46ac-b99c-061f0769d84c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11724", "type": "seen", "source": "https://t.me/cvedetector/12750", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11724 - Wordpress Cookie Consent Script Whitelist Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11724 \nPublished : Dec. 12, 2024, 7:15 a.m. | 33\u00a0minutes ago \nDescription : The Cookie Consent for WP \u2013 Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpl_script_save AJAX action in all versions up to, and including, 3.6.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to whitelist scripts. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T08:48:56.000000Z"}, {"uuid": "562e1068-637c-46b9-ba2a-ea683b020b0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11727", "type": "seen", "source": "https://t.me/cvedetector/12747", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11727 - NotificationX Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11727 \nPublished : Dec. 12, 2024, 7:15 a.m. | 33\u00a0minutes ago \nDescription : The NotificationX \u2013 Live Sales Notification, WooCommerce Sales Popup, FOMO, Social Proof, Announcement Banner & Floating Notification Top Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's content settings for notifications in all versions up to, and including, 2.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. \nSeverity: 4.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T08:48:51.000000Z"}, {"uuid": "32e88f63-afcb-4f41-9e8f-d00cbb776e0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11723", "type": "seen", "source": "https://t.me/cvedetector/12715", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11723 - WordPress kvCORE IDX Reflected Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11723 \nPublished : Dec. 12, 2024, 5:15 a.m. | 43\u00a0minutes ago \nDescription : The kvCORE IDX plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via any parameter on pages with the kvcoreidx_listings_sitemap_ranges, kvcoreidx_listings_sitemap_page, kvcoreidx_agent_profile_sitemap, or kvcoreidx_agent_profile shortcode present in all versions up to, and including, 2.3.35 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T07:08:01.000000Z"}, {"uuid": "86e05c30-c166-4865-b3ab-0171a05e32b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11729", "type": "seen", "source": "https://t.me/cvedetector/12203", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11729 - The KiviCare \u2013 Clinic & Patient Management System\", \n  \"Content\": \"CVE ID : CVE-2024-11729 \nPublished : Dec. 6, 2024, 11:15 a.m. | 40\u00a0minutes ago \nDescription : The KiviCare \u2013 Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'service_list[0][service_id]' parameter of the get_widget_payment_options AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Custom-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-06T13:06:34.000000Z"}, {"uuid": "822f31ed-6567-4a2f-a5fa-2044e1f5aba5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11728", "type": "seen", "source": "https://t.me/cvedetector/12200", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11728 - The KiviCare \u2013 Clinic & Patient Management System\", \n  \"Content\": \"CVE ID : CVE-2024-11728 \nPublished : Dec. 6, 2024, 10:15 a.m. | 41\u00a0minutes ago \nDescription : The KiviCare \u2013 Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'visit_type[service_id]' parameter of the tax_calculated_data AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-06T12:16:26.000000Z"}, {"uuid": "03151a75-3f5b-4a10-a1c4-c8d3f9f283ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11726", "type": "seen", "source": "https://t.me/HackerArsenal/773", "content": "\u203c\ufe0f CVE-2024-11726 \u203c\ufe0f\n\nThe Appointment Booking Calendar Plugin and Scheduling Plugin  BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'category' parameter of the 'bookingpressform' shortcode in all versions up to, and including, 1.1.21 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Contributorlevel access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n\n\ud83d\udcd6 Read more.\n\n\ud83d\udd17 Via \"National Vulnerability Database\"\n\n----------\n\ud83d\udc41\ufe0f Seen on @cibsecurity_CVEs", "creation_timestamp": "2024-12-24T14:45:03.000000Z"}]}