{"vulnerability": "CVE-2024-1341", "sightings": [{"uuid": "34243c32-806b-4ba4-88b3-5f2eeb00edd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13416", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113958519350665410", "content": "", "creation_timestamp": "2025-02-06T19:10:09.090767Z"}, {"uuid": "f3658511-e2be-4e8a-953f-90785a2f6e8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13415", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgzdxsttyp2f", "content": "", "creation_timestamp": "2025-01-31T06:16:27.301789Z"}, {"uuid": "a818f9fb-cc3c-4eef-b060-4c1e6f4fcbf2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13410", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lkrbxrbasq2j", "content": "", "creation_timestamp": "2025-03-19T23:00:08.734061Z"}, {"uuid": "a02d3f02-7bbe-4e03-ae8f-db57feeda10c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13410", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lksk76y4va2p", "content": "", "creation_timestamp": "2025-03-20T11:00:06.119417Z"}, {"uuid": "aa073d9f-c366-4b2d-806c-3c0d22ec7b0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13419", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14438", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13419\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: Multiple plugins and/or themes for WordPress using Smart Framework are vulnerable to Stored Cross-Site Scripting due to a missing capability check on the saveOptions() and importThemeOptions() functions in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings which includes custom JavaScript that is enabled site-wide. This issue was escalated to Envato over two months from the date of this disclosure and the issue is still vulnerable.\n\ud83d\udccf Published: 2025-05-02T03:21:17.035Z\n\ud83d\udccf Modified: 2025-05-02T03:21:17.035Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/07729c28-a73a-46f4-853e-116792d612f5?source=cve\n2. https://themeforest.net/item/beyot-wordpress-real-estate-theme/19514964", "creation_timestamp": "2025-05-02T04:15:55.000000Z"}, {"uuid": "7dc597db-9a90-4919-a0e7-768b06de45d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13413", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7103", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13413\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The ProductDyno plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018res\u2019 parameter in all versions up to, and including, 1.0.24 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts into pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This vulnerability is potentially a duplicate of CVE-2025-22320.\n\ud83d\udccf Published: 2025-03-11T04:21:46.530Z\n\ud83d\udccf Modified: 2025-03-11T04:21:46.530Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/fdc1289a-abd1-43db-89b7-3e81878a0f9a?source=cve\n2. https://plugins.trac.wordpress.org/browser/productdyno/trunk/admin/partials/productdyno-admin-display.php#L81\n3. https://wordpress.org/plugins/productdyno/#developers\n4. https://plugins.trac.wordpress.org/changeset/3251678/", "creation_timestamp": "2025-03-11T04:41:05.000000Z"}, {"uuid": "659e56b0-2ee2-427e-99de-c7263c753c1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13412", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8031", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13412\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\ud83d\udd39 Description: The CozyStay theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handler function in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to execute arbitrary actions.\n\ud83d\udccf Published: 2025-03-19T06:57:41.845Z\n\ud83d\udccf Modified: 2025-03-19T06:57:41.845Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/67965a51-39d3-4d14-adf5-d91d4c775baf?source=cve\n2. https://themeforest.net/item/cozystay-hotel-booking-wordpress-theme/47383367#item-description__changelog", "creation_timestamp": "2025-03-19T07:49:35.000000Z"}, {"uuid": "ceb472ab-c4c5-4df6-b449-b817e180640d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13410", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8032", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13410\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The CozyStay and TinySalt plugins for WordPress are vulnerable to PHP Object Injection in all versions up to, and including, 1.7.0, and in all versions up to, and including 3.9.0, respectively, via deserialization of untrusted input in the 'ajax_handler' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.\n\ud83d\udccf Published: 2025-03-19T06:57:41.231Z\n\ud83d\udccf Modified: 2025-03-19T06:57:41.231Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/61080df6-836f-4365-964a-fa2517e8be5a?source=cve\n2. https://themeforest.net/item/cozystay-hotel-booking-wordpress-theme/47383367#item-description__changelog\n3. https://themeforest.net/item/tinysalt-personal-food-blog-wordpress-theme/26294668#item-description__changelog", "creation_timestamp": "2025-03-19T07:49:36.000000Z"}, {"uuid": "ced4491d-0664-4b62-b3f7-b456efb930a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13411", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8826", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13411\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Zapier for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5.1 via the updated_user() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.\n\ud83d\udccf Published: 2025-03-26T11:22:10.207Z\n\ud83d\udccf Modified: 2025-03-26T11:22:10.207Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/701dc461-88e7-40bf-a4fb-f92723b6e05e?source=cve\n2. https://plugins.trac.wordpress.org/browser/zapier/trunk/zapier.php#L114\n3. https://plugins.trac.wordpress.org/browser/zapier/trunk/zapier.php#L210\n4. https://plugins.trac.wordpress.org/browser/zapier/trunk/zapier.php#L284\n5. https://wordpress.org/plugins/zapier/#developers\n6. https://plugins.trac.wordpress.org/changeset/3257975/", "creation_timestamp": "2025-03-26T11:25:18.000000Z"}, {"uuid": "621dbff1-4973-46a8-a780-ca7c9cea0e92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13415", "type": "seen", "source": "https://t.me/cvedetector/16890", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13415 - WooCommerce Food Menu Authorized Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13415 \nPublished : Jan. 31, 2025, 6:15 a.m. | 1\u00a0hour, 29\u00a0minutes ago \nDescription : The Food Menu \u2013 Restaurant Menu & Online Ordering for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the response() function in all versions up to, and including, 5.1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the plugin's settings. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-31T09:30:52.000000Z"}, {"uuid": "e01baab5-d670-40d6-8a22-dc7a89ed00c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13418", "type": "seen", "source": "https://t.me/cvedetector/24321", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13418 - WordPress Theme/Plugin Arbitrary File Upload Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13418 \nPublished : May 2, 2025, 4:15 a.m. | 33\u00a0minutes ago \nDescription : Multiple plugins and/or themes for WordPress are vulnerable to Arbitrary File Uploads due to a missing capability check on the ajaxUploadFonts() function in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files that can make remote code execution possible. This issue was escalated to Envato over two months from the date of this disclosure and the issue, while partially patched, is still vulnerable. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-02T07:34:48.000000Z"}, {"uuid": "e02ef0ca-a149-4f39-8797-409662da3543", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13419", "type": "seen", "source": "https://t.me/cvedetector/24322", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13419 - WordPress Smart Framework Stored Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-13419 \nPublished : May 2, 2025, 4:15 a.m. | 33\u00a0minutes ago \nDescription : Multiple plugins and/or themes for WordPress using Smart Framework are vulnerable to Stored Cross-Site Scripting due to a missing capability check on the saveOptions() and importThemeOptions() functions in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings which includes custom JavaScript that is enabled site-wide. This issue was escalated to Envato over two months from the date of this disclosure and the issue is still vulnerable. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-02T07:34:49.000000Z"}, {"uuid": "599b8632-5916-400d-94bf-9c3cc09e8e45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13417", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhjvoqow7q2s", "content": "", "creation_timestamp": "2025-02-06T20:16:06.312532Z"}, {"uuid": "c3516286-a433-4407-bcc0-bdba93db6e56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13410", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkpoa2d4et26", "content": "", "creation_timestamp": "2025-03-19T07:34:10.784453Z"}, {"uuid": "e24a5db9-b830-49ab-8748-4de9f18b0d01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13410", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lkpol2gbfw24", "content": "", "creation_timestamp": "2025-03-19T07:40:19.774256Z"}, {"uuid": "47f0c6db-3306-4b09-a1e7-a9e35263ba88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13413", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lk3lxtubed2j", "content": "", "creation_timestamp": "2025-03-11T08:00:34.128603Z"}, {"uuid": "d4569c2f-d2e2-42e8-9f07-7b6515e6fa34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13412", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkpysav3zu2x", "content": "", "creation_timestamp": "2025-03-19T10:43:18.473262Z"}, {"uuid": "7acec609-26ca-4b3d-8cf0-3a16c0cc5a2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13418", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14430", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13418\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Multiple plugins and/or themes for WordPress are vulnerable to Arbitrary File Uploads due to a missing capability check on the ajaxUploadFonts() function in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files that can make remote code execution possible. This issue was escalated to Envato over two months from the date of this disclosure and the issue, while partially patched, is still vulnerable.\n\ud83d\udccf Published: 2025-05-02T03:21:20.383Z\n\ud83d\udccf Modified: 2025-05-02T03:21:20.383Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/bced4547-3264-43dc-8bb1-89a06f74ccbd?source=cve\n2. https://themeforest.net/item/beyot-wordpress-real-estate-theme/19514964", "creation_timestamp": "2025-05-02T04:15:42.000000Z"}, {"uuid": "4bc279e5-8b53-418e-818b-179aa4338a2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13416", "type": "seen", "source": "https://t.me/cvedetector/17430", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13416 - 2N OS Token Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13416 \nPublished : Feb. 6, 2025, 7:15 p.m. | 1\u00a0hour, 27\u00a0minutes ago \nDescription : Using API in the 2N OS device, authorized user can enable logging, which discloses valid authentication tokens in system log. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-06T21:55:37.000000Z"}, {"uuid": "db333d4e-b995-4025-bd5b-0a300ac9c526", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13415", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3611", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13415\n\ud83d\udd25 CVSS Score: 4.2 (CVSS_V3)\n\ud83d\udd39 Description: The Food Menu \u2013 Restaurant Menu & Online Ordering for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the response() function in all versions up to, and including, 5.1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the plugin's settings.\n\ud83d\udccf Published: 2025-01-31T06:30:53Z\n\ud83d\udccf Modified: 2025-01-31T06:30:53Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13415\n2. https://plugins.svn.wordpress.org/tlp-food-menu/tags/5.1.4/app/Controllers/Admin/Ajax/Settings.php\n3. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3231030%40tlp-food-menu&new=3231030%40tlp-food-menu&sfp_email=&sfph_mail=\n4. https://www.wordfence.com/threat-intel/vulnerabilities/id/ab6dd645-8831-49bc-b6b1-bb153ef79204?source=cve", "creation_timestamp": "2025-01-31T08:15:01.000000Z"}, {"uuid": "e5c65190-a679-4f9a-92c2-5ca8cf091f84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13415", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3588", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13415\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-01-31T06:15:29.287\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://plugins.svn.wordpress.org/tlp-food-menu/tags/5.1.4/app/Controllers/Admin/Ajax/Settings.php\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3231030%40tlp-food-menu&new=3231030%40tlp-food-menu&sfp_email=&sfph_mail=\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/ab6dd645-8831-49bc-b6b1-bb153ef79204?source=cve", "creation_timestamp": "2025-01-31T07:24:06.000000Z"}, {"uuid": "d9242745-f016-4669-9814-bb26b69ee24b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13416", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4881", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13416\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: Using API in the 2N OS device, authorized user can enable logging, which discloses valid authentication tokens in system log.\n\n\n\n\n2N has released an updated version 2.46 of 2N OS, where this vulnerability is mitigated. It is recommended that all customers update their devices to the latest 2N OS.\n\ud83d\udccf Published: 2025-02-06T19:09:06.798Z\n\ud83d\udccf Modified: 2025-02-21T12:12:46.226Z\n\ud83d\udd17 References:\n1. https://www.2n.com/en-GB/download/cve_2024_1341x_2nos_2_46_v1pdf", "creation_timestamp": "2025-02-21T12:18:24.000000Z"}, {"uuid": "7dc31510-e5a6-4d9b-849c-f6a301564279", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13417", "type": "seen", "source": "Telegram/G8HVV-iz0RkVN13Xxt0tWNYDELo07JWH6upHnUxTADdbLJx6", "content": "", "creation_timestamp": "2025-02-21T15:03:13.000000Z"}, {"uuid": "83ed5640-33ff-4fef-a572-b0f721802da0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13412", "type": "seen", "source": "https://t.me/cvedetector/20628", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13412 - CozyStay WordPress Unauthenticated Remote Code Execution\", \n  \"Content\": \"CVE ID : CVE-2024-13412 \nPublished : March 19, 2025, 7:15 a.m. | 1\u00a0hour, 41\u00a0minutes ago \nDescription : The CozyStay theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handler function in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to execute arbitrary actions. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-19T10:28:11.000000Z"}, {"uuid": "688ffc7e-42e0-4025-a4d1-68a4dabdc1cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13410", "type": "seen", "source": "https://t.me/cvedetector/20627", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13410 - CozyStay WordPress PHP Object Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13410 \nPublished : March 19, 2025, 7:15 a.m. | 1\u00a0hour, 41\u00a0minutes ago \nDescription : The CozyStay and TinySalt plugins for WordPress are vulnerable to PHP Object Injection in all versions up to, and including, 1.7.0, and in all versions up to, and including 3.9.0, respectively, via deserialization of untrusted input in the 'ajax_handler' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-19T10:28:10.000000Z"}, {"uuid": "edb68006-b0cb-4138-9dee-620621f2ed5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13411", "type": "seen", "source": "https://t.me/cvedetector/21172", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13411 - Zapier for WordPress SSRF Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13411 \nPublished : March 26, 2025, 12:15 p.m. | 26\u00a0minutes ago \nDescription : The Zapier for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5.1 via the updated_user() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-26T13:53:24.000000Z"}, {"uuid": "9e1ed514-56e1-4199-a935-f01343e6e913", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1341", "type": "seen", "source": "https://t.me/ctinow/196220", "content": "https://ift.tt/IoyAMkl\nCVE-2024-1341", "creation_timestamp": "2024-02-29T06:37:02.000000Z"}, {"uuid": "3e34644f-cb9d-4ae7-b7bd-675393554b59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1341", "type": "seen", "source": "https://t.me/ctinow/196227", "content": "https://ift.tt/IoyAMkl\nCVE-2024-1341", "creation_timestamp": "2024-02-29T06:41:23.000000Z"}, {"uuid": "1bba9198-ed6e-4849-a927-75e04e53c4bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13415", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113921294170969239", "content": "", "creation_timestamp": "2025-01-31T05:23:18.200970Z"}, {"uuid": "8c58090c-1855-419e-bf4d-0da9d6cbaae5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13416", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhjscgz7oa2x", "content": "", "creation_timestamp": "2025-02-06T19:15:32.550803Z"}, {"uuid": "1f603876-b25d-4501-8b6c-c9b8fc6f4621", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13415", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgzi4pti2n25", "content": "", "creation_timestamp": "2025-01-31T07:30:51.318802Z"}, {"uuid": "04092513-41ca-46cb-8766-a1e0a1ec3323", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13417", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113958559472154007", "content": "", "creation_timestamp": "2025-02-06T19:20:21.279120Z"}, {"uuid": "34b81a36-8f0c-4469-a121-fa1df30a8561", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13412", "type": "seen", "source": "https://bsky.app/profile/potato.software/post/3lkprzjya2g2r", "content": "", "creation_timestamp": "2025-03-19T08:42:07.009051Z"}, {"uuid": "8cad10fd-10d7-4c6c-b6b5-a086eabb86ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13410", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114188229100222629", "content": "", "creation_timestamp": "2025-03-19T08:48:21.938363Z"}, {"uuid": "69761b41-b1fa-441d-86a8-1bf1950814f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13410", "type": "seen", "source": "https://bsky.app/profile/potato.software/post/3lkptneuv352k", "content": "", "creation_timestamp": "2025-03-19T09:11:06.447099Z"}, {"uuid": "f0c6a0f2-d1f1-4f84-aa12-3e14ee3077db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13418", "type": "seen", "source": "https://bsky.app/profile/FunctionalProgramming.activitypub.awakari.com.ap.brid.gy/post/3lo6bacjbbkf2", "content": "", "creation_timestamp": "2025-05-02T07:19:05.407821Z"}, {"uuid": "5f4db203-7d8c-4df0-92b3-03fc9e7009c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13419", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lo6e7ow6jg2h", "content": "", "creation_timestamp": "2025-05-02T08:00:33.369443Z"}, {"uuid": "0dd69361-3045-48f8-9e80-226c1da10f6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13418", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lo6e7p54hx2t", "content": "", "creation_timestamp": "2025-05-02T08:00:34.487549Z"}, {"uuid": "8bf3bb1a-d69a-48f8-9502-42c38aeff432", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13413", "type": "seen", "source": "https://t.me/cvedetector/20030", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13413 - ProductDyno WordPress Reflected Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13413 \nPublished : March 11, 2025, 5:15 a.m. | 37\u00a0minutes ago \nDescription : The ProductDyno plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018res\u2019 parameter in all versions up to, and including, 1.0.24 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts into pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This vulnerability is potentially a duplicate of CVE-2025-22320. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-11T07:35:34.000000Z"}, {"uuid": "fc35d2f8-275a-449f-834e-cf604e48c027", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13417", "type": "seen", "source": "https://t.me/cvedetector/17421", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13417 - Cisco RFID Reader Denial of Service\", \n  \"Content\": \"CVE ID : CVE-2024-13417 \nPublished : Feb. 6, 2025, 8:15 p.m. | 26\u00a0minutes ago \nDescription : Specifically crafted payloads sent to the RFID reader could cause DoS of RFID reader. After the device is restarted, it gets back to fully working state. \nSeverity: 4.6 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-06T21:55:24.000000Z"}]}