{"vulnerability": "CVE-2024-1215", "sightings": [{"uuid": "f79517ed-a960-4583-aa95-57cf211e009f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12155", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9329", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-12155 Missing Authorization (CWE-862)\nURL\uff1ahttps://github.com/McTavishSue/CVE-2024-12155\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-12-06T13:05:28.000000Z"}, {"uuid": "ae477e97-64ca-47a3-a79b-82ee3ef83d73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12159", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/309", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12159\n\ud83d\udd39 Description: The Optimize Your Campaigns \u2013 Google Shopping \u2013 Google Ads \u2013 Google Adwords plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.1 due to the print_php_information.php being publicly accessible. This makes it possible for unauthenticated attackers to extract sensitive configuration data that can be leveraged in another attack.\n\ud83d\udccf Published: 2025-01-07T04:22:19.794Z\n\ud83d\udccf Modified: 2025-01-07T04:22:19.794Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/cfeca343-c796-45d5-a71d-8211d8b38b3e?source=cve\n2. https://plugins.trac.wordpress.org/browser/muzaara-adwords-optimize-dashboard/trunk/lib/muzaara/lib/google-ads-php/scripts/print_php_information.php", "creation_timestamp": "2025-01-07T04:37:15.000000Z"}, {"uuid": "6f2619de-5de2-4a29-9194-913be52f50dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12153", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/319", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12153\n\ud83d\udd39 Description: The GDY Modular Content plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.9.91. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-01-07T04:22:16.140Z\n\ud83d\udccf Modified: 2025-01-07T04:22:16.140Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/8f854737-e87b-4c50-a9fb-d3b129f9d9fc?source=cve\n2. https://plugins.trac.wordpress.org/browser/gdy-modular-content/trunk/includes/elements.php#L16", "creation_timestamp": "2025-01-07T04:38:31.000000Z"}, {"uuid": "4456be75-7f56-48a3-9f24-54ce7920a995", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12158", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/318", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12158\n\ud83d\udd39 Description: The Popup \u2013 MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'upc_delete_db_data' AJAX action in all versions up to, and including, 3.2.6. This makes it possible for unauthenticated attackers to delete the DB data for the plugin.\n\ud83d\udccf Published: 2025-01-07T04:22:16.501Z\n\ud83d\udccf Modified: 2025-01-07T04:22:16.501Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/93a698df-fd68-4fbc-946e-a9b5a7f93b71?source=cve\n2. https://wordpress.org/plugins/ultimate-popup-creator/", "creation_timestamp": "2025-01-07T04:38:23.000000Z"}, {"uuid": "489866bc-bb5c-45f5-9950-355d93dbfe1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12150", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/19746", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12150\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eron Software Wowwo CRM allows Blind SQL Injection.This issue affects .\u00a0NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available.\n\ud83d\udccf Published: 2025-06-27T16:40:47.711Z\n\ud83d\udccf Modified: 2025-06-27T16:40:47.711Z\n\ud83d\udd17 References:\n1. https://www.usom.gov.tr/bildirim/tr-25-0141", "creation_timestamp": "2025-06-27T16:57:26.000000Z"}, {"uuid": "65ad9caf-59f1-4037-aa39-ef61896bcc3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12152", "type": "seen", "source": "https://t.me/cvedetector/14507", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12152 - MIPL WC Multisite Sync Directory Traversal Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12152 \nPublished : Jan. 7, 2025, 10:15 a.m. | 39\u00a0minutes ago \nDescription : The MIPL WC Multisite Sync plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.5 via the 'mipl_wc_sync_download_log' action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-07T12:11:48.000000Z"}, {"uuid": "25baba96-370b-47b7-b484-2ecacfeb51e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12155", "type": "seen", "source": "https://t.me/cvedetector/12178", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12155 - The SV100 Companion plugin for WordPress is vulner\", \n  \"Content\": \"CVE ID : CVE-2024-12155 \nPublished : Dec. 6, 2024, 9:15 a.m. | 19\u00a0minutes ago \nDescription : The SV100 Companion plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the settings_import() function in all versions up to, and including, 2.0.02. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-06T10:35:50.000000Z"}, {"uuid": "a973fa27-b05d-4a47-a477-77140e7a69b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1215", "type": "seen", "source": "https://t.me/ctinow/192907", "content": "https://ift.tt/JXsFEbH\nCVE-2024-1215 | SourceCodester CRUD without Page Reload 1.0 fetch_data.php username/city cross site scripting", "creation_timestamp": "2024-02-25T15:16:23.000000Z"}, {"uuid": "263a33d6-57ea-4062-862f-910a578c9b97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1215", "type": "seen", "source": "https://t.me/ctinow/183489", "content": "https://ift.tt/DgLNz5x\nCVE-2024-1215 Exploit", "creation_timestamp": "2024-02-12T23:16:22.000000Z"}, {"uuid": "32318f60-8b82-4e29-9aab-3db3cfdbf812", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1215", "type": "seen", "source": "https://t.me/ctinow/178614", "content": "https://ift.tt/xA8XIvj\nCVE-2024-1215", "creation_timestamp": "2024-02-03T17:31:17.000000Z"}, {"uuid": "017af0fa-bb74-44a3-a6b9-55ea59031fef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12151", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113595787225996422", "content": "", "creation_timestamp": "2024-12-04T17:42:36.126917Z"}, {"uuid": "82dacde3-d386-4414-a7ea-a2b07fb6f573", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12159", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf4vggi26k2l", "content": "", "creation_timestamp": "2025-01-07T05:16:27.733544Z"}, {"uuid": "ad6799d0-ff3b-49fb-9607-975f2e4c1ba0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12153", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf4vg7cw2m25", "content": "", "creation_timestamp": "2025-01-07T05:16:19.584537Z"}, {"uuid": "6be0d840-3455-473e-beec-08b67ee9360e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12152", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf5g57tpu52c", "content": "", "creation_timestamp": "2025-01-07T10:15:31.991109Z"}, {"uuid": "1beb0876-a04c-48ca-8e19-1b0c581f534c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12157", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lg7ad5qbk62n", "content": "", "creation_timestamp": "2025-01-20T21:02:04.219034Z"}, {"uuid": "b499f31e-bb8c-47f9-a577-b10a8c3e79cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12156", "type": "seen", "source": "https://t.me/cvedetector/12711", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12156 - WordPress RSS Feed to Post Autoblogging SEO Help Reflected Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12156 \nPublished : Dec. 12, 2024, 5:15 a.m. | 43\u00a0minutes ago \nDescription : The AI Content Writer, RSS Feed to Post, Autoblogging SEO Help plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 6.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T07:07:55.000000Z"}, {"uuid": "6bc8c9c8-2453-4a6b-a7ca-b5a6a3dd0890", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12151", "type": "seen", "source": "https://t.me/cvedetector/12024", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12151 - Incorrect permission assignment in the user migrat\", \n  \"Content\": \"CVE ID : CVE-2024-12151 \nPublished : Dec. 4, 2024, 6:15 p.m. | 50\u00a0minutes ago \nDescription : Incorrect permission assignment in the user migration feature in Devolutions Server 2024.3.8.0 and earlier allows users to retain their old permission sets. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-04T20:06:41.000000Z"}, {"uuid": "a26de047-ff4d-45be-9633-cb567d39721e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12155", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113605258904859384", "content": "", "creation_timestamp": "2024-12-06T09:51:22.684459Z"}, {"uuid": "c80ef402-b03e-440a-9487-8c2b9646bed5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12152", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113786373317643206", "content": "", "creation_timestamp": "2025-01-07T09:31:09.204564Z"}, {"uuid": "4a4a69e3-8775-4187-8784-a48248dcbcb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12152", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf5hp2lyem2u", "content": "", "creation_timestamp": "2025-01-07T10:43:23.967079Z"}, {"uuid": "74534b97-e064-4835-a117-c679fe917654", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12152", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/384", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12152\n\ud83d\udd39 Description: The MIPL WC Multisite Sync plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.5 via the 'mipl_wc_sync_download_log' action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.\n\ud83d\udccf Published: 2025-01-07T09:22:15.610Z\n\ud83d\udccf Modified: 2025-01-07T09:22:15.610Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/575d1e24-d23d-4589-bb71-f52efec1ac58?source=cve\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3216574%40mipl-wc-multisite-sync&new=3216574%40mipl-wc-multisite-sync&sfp_email=&sfph_mail=\n3. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3215735%40mipl-wc-multisite-sync&new=3215735%40mipl-wc-multisite-sync&sfp_email=&sfph_mail=", "creation_timestamp": "2025-01-07T09:36:31.000000Z"}, {"uuid": "a2bbb985-4937-40e0-a625-e4e6ac2ce2c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12157", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/462", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12157\n\ud83d\udd39 Description: The Popup \u2013 MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'upc_delete_db_record' AJAX action in all versions up to, and including, 3.2.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n\ud83d\udccf Published: 2025-01-07T04:21:58.312Z\n\ud83d\udccf Modified: 2025-01-07T16:24:42.599Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/3e63ce97-40af-493d-9376-231a99d9bd58?source=cve\n2. https://wordpress.org/plugins/ultimate-popup-creator/", "creation_timestamp": "2025-01-07T16:40:30.000000Z"}, {"uuid": "ef8cf72e-047e-4eed-95fa-2f4c3c292c09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12157", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf4vgbimee2o", "content": "", "creation_timestamp": "2025-01-07T05:16:21.849170Z"}, {"uuid": "97d18b77-df5f-42f0-9612-9f36f5350b3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12158", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf4vgdy7e422", "content": "", "creation_timestamp": "2025-01-07T05:16:24.553829Z"}, {"uuid": "1e510bb6-4092-47da-948b-a044f9fd1b27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12150", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lsmeubyswu2i", "content": "", "creation_timestamp": "2025-06-27T19:30:06.885508Z"}]}