{"vulnerability": "CVE-2024-1344", "sightings": [{"uuid": "5448faca-008b-4c4b-9ea2-000dd990fc2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13440", "type": "seen", "source": "Telegram/ntFCoD_nFhfIkIVN0ngxmQMOQXaZVh3Eez1RZys2Gpv94cge", "content": "", "creation_timestamp": "2025-02-14T10:03:11.000000Z"}, {"uuid": "24cf38de-193e-45b6-a21d-9faab55b5c59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13447", "type": "seen", "source": "https://t.me/cvedetector/16090", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13447 - WordPress WP Hotel Booking Unauthenticated Subscriber Data Exposure\", \n  \"Content\": \"CVE ID : CVE-2024-13447 \nPublished : Jan. 22, 2025, 11:15 a.m. | 45\u00a0minutes ago \nDescription : The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hotel_booking_load_order_user AJAX action in all versions up to, and including, 2.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve a list of registered user emails. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-22T13:02:58.000000Z"}, {"uuid": "561c8ed5-c385-43b9-9424-1ccd7c7940a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1344", "type": "seen", "source": "https://t.me/arpsyndicate/3671", "content": "#ExploitObserverAlert\n\nCVE-2024-1344\n\nDESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1344. Encrypted database credentials in LaborOfficeFree affecting version 19.10. This vulnerability allows an attacker to read and extract the username and password from the database of 'LOF_service.exe' and 'LaborOfficeFree.exe' located in the '%programfiles(x86)%\\LaborOfficeFree\\' directory. This user can log in remotely and has root-like privileges.", "creation_timestamp": "2024-02-20T18:48:15.000000Z"}, {"uuid": "f9fe0def-c0f1-4a7c-859f-fe0124fe4c26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13447", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgdc4b3kax2e", "content": "", "creation_timestamp": "2025-01-22T11:44:35.403419Z"}, {"uuid": "097bb670-4867-4962-a772-104de04a7e55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13442", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkqfwt6ytl26", "content": "", "creation_timestamp": "2025-03-19T14:38:31.780927Z"}, {"uuid": "da4bea12-b55b-41d8-a33c-29dfe26cd97f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13445", "type": "seen", "source": "https://t.me/cvedetector/18518", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13445 - Elementor Website Builder Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13445 \nPublished : Feb. 20, 2025, 5:15 a.m. | 1\u00a0hour, 45\u00a0minutes ago \nDescription : The Elementor Website Builder \u2013 More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the border, margin and gap parameters in all versions up to, and including, 3.27.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-20T08:07:58.000000Z"}, {"uuid": "7245efa7-4024-4b67-898b-3e1a818d4ce2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13441", "type": "seen", "source": "https://t.me/cvedetector/16366", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13441 - WordPress Bilingual Linker Plugin Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13441 \nPublished : Jan. 25, 2025, 8:15 a.m. | 42\u00a0minutes ago \nDescription : The Bilingual Linker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the bl_otherlang_link_1 parameter in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-25T10:28:40.000000Z"}, {"uuid": "44b320a3-5dd1-442b-aa95-1b2e54a1fae5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13440", "type": "seen", "source": "https://t.me/cvedetector/17546", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13440 - WordPress Super Store Finder Unauthenticated SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2024-13440 \nPublished : Feb. 9, 2025, 5:15 a.m. | 1\u00a0hour, 18\u00a0minutes ago \nDescription : The Super Store Finder plugin for WordPress is vulnerable to SQL Injection via the \u2018ssf_wp_user_name\u2019 parameter in all versions up to, and including, 7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into an already existing query to store cross-site scripting in store reviews. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-09T07:38:09.000000Z"}, {"uuid": "6efe9c4b-1ad1-4507-9fa8-0d59f8a376e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13446", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7311", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13446\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The Workreap plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.2.5. This is due to the plugin not properly validating a user's identity prior to (1) performing a social auto-login or (2) updating their profile details (e.g. password). This makes it possible for unauthenticated attackers to (1) login as an arbitrary user if their email address is known or (2) change an arbitrary user's password, including administrators, and leverage that to gain access to their account. NOTE: This vulnerability was partially fixed in version 3.2.5.\n\ud83d\udccf Published: 2025-03-12T09:22:25.914Z\n\ud83d\udccf Modified: 2025-03-12T14:20:41.049Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/78c1308b-0849-4235-b2d6-0b1750a5614f?source=cve\n2. https://themeforest.net/item/workreap-freelance-marketplace-wordpress-theme/23712454", "creation_timestamp": "2025-03-12T14:40:47.000000Z"}, {"uuid": "7dfb7c96-d2fc-47d7-85b5-ca9fcd34104b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13442", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8044", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13442\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.0. This is due to the plugin not properly validating a user's identity prior to (1) performing a post-booking auto-login or (2) updating their profile details (e.g. password). This makes it possible for unauthenticated attackers to (1) login as an arbitrary user if their email address is known or (2) change an arbitrary user's password, including administrators, and leverage that to gain access to their account.\n\ud83d\udccf Published: 2025-03-19T11:10:37.915Z\n\ud83d\udccf Modified: 2025-03-19T13:37:10.480Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/827b5482-cb42-4aaa-80b5-3d0143fcead8?source=cve\n2. https://themeforest.net/item/service-finder-service-and-business-listing-wordpress-theme/15208793", "creation_timestamp": "2025-03-19T13:49:13.000000Z"}, {"uuid": "6cc1ef62-b1a9-4ebf-9f16-b1b626c22a50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13448", "type": "seen", "source": "https://t.me/cvedetector/16588", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13448 - WordPress ThemeREX Addons Remote File Upload Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13448 \nPublished : Jan. 28, 2025, 7:15 a.m. | 1\u00a0hour, 59\u00a0minutes ago \nDescription : The ThemeREX Addons plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'trx_addons_uploads_save_data' function in all versions up to, and including, 2.32.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-28T10:25:47.000000Z"}, {"uuid": "bdc4898a-dafd-450e-b1c9-1ddcb57fea0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13442", "type": "seen", "source": "https://t.me/cvedetector/20637", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13442 - WordPress Service Finder Bookings Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13442 \nPublished : March 19, 2025, 12:15 p.m. | 53\u00a0minutes ago \nDescription : The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.0. This is due to the plugin not properly validating a user's identity prior to (1) performing a post-booking auto-login or (2) updating their profile details (e.g. password). This makes it possible for unauthenticated attackers to (1) login as an arbitrary user if their email address is known or (2) change an arbitrary user's password, including administrators, and leverage that to gain access to their account. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-19T14:38:48.000000Z"}, {"uuid": "e4a2ba18-aa4f-48ae-b4e2-e76ef8afcb34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13444", "type": "seen", "source": "https://t.me/cvedetector/15919", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13444 - WordPress wp-greet CSRF\", \n  \"Content\": \"CVE ID : CVE-2024-13444 \nPublished : Jan. 21, 2025, 11:15 a.m. | 29\u00a0minutes ago \nDescription : The wp-greet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-21T12:46:39.000000Z"}, {"uuid": "f7f1471b-83d2-4f67-9764-5ae784817cd2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13448", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgsjg4s7r625", "content": "", "creation_timestamp": "2025-01-28T13:05:18.359306Z"}, {"uuid": "58b70f7c-b0dd-4bcd-9b7e-dcb0812e9ee6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13448", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgsjg5ytht2w", "content": "", "creation_timestamp": "2025-01-28T13:05:24.747171Z"}, {"uuid": "01a46361-7ec0-4c7c-b05a-47f9ef4135cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13448", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lgsoaon7e22v", "content": "", "creation_timestamp": "2025-01-28T14:31:48.507088Z"}, {"uuid": "d040dc9f-25f3-4708-8ac6-da8ed3a71c31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13448", "type": "seen", "source": "https://bsky.app/profile/gothburz.bsky.social/post/3lgsth4j5nz2k", "content": "", "creation_timestamp": "2025-01-28T16:04:48.927345Z"}, {"uuid": "ad4669df-60f6-46a1-a13c-94c295282822", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13442", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lkrbxrrt7f2z", "content": "", "creation_timestamp": "2025-03-19T23:00:10.309354Z"}, {"uuid": "50e31c21-e3be-4851-8ad2-8120e8cdf951", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13446", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114150716747771514", "content": "", "creation_timestamp": "2025-03-12T17:48:29.104107Z"}, {"uuid": "acf22808-de6f-4cf9-81ef-2555be9c659a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13448", "type": "seen", "source": "MISP/d0bda5d9-8cbc-4c6c-8803-a5e3150f9ec2", "content": "", "creation_timestamp": "2025-09-01T19:03:03.000000Z"}, {"uuid": "0582cd18-95c2-4fd8-8823-c62f4176aa95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13443", "type": "seen", "source": "https://t.me/cvedetector/18405", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13443 - Easypromos Plugin WordPress Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13443 \nPublished : Feb. 19, 2025, 4:15 a.m. | 1\u00a0hour, 59\u00a0minutes ago \nDescription : The Easypromos Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Easypromos shortcode in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-19T07:52:23.000000Z"}, {"uuid": "873dc4bc-3b81-4ff1-998d-0d0b154da6df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13444", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2411", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13444\n\ud83d\udd39 Description: The wp-greet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-01-21T11:09:47.099Z\n\ud83d\udccf Modified: 2025-01-21T14:49:02.298Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/dafc40bf-833a-4d42-b9bc-c7cf2b234ef5?source=cve\n2. https://plugins.trac.wordpress.org/browser/wp-greet/trunk/wpg-form.php#L253\n3. https://wordpress.org/plugins/wp-greet/#developers\n4. https://plugins.trac.wordpress.org/browser/wp-greet/trunk/wpg-admin.php#L124\n5. https://plugins.trac.wordpress.org/browser/wp-greet/trunk/wpg-admin.php#L350\n6. https://plugins.trac.wordpress.org/changeset/3225035/", "creation_timestamp": "2025-01-21T15:00:48.000000Z"}, {"uuid": "1bcdfde5-c34d-4022-b3de-fd9da8c304bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13447", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2533", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13447\n\ud83d\udd39 Description: The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hotel_booking_load_order_user AJAX action in all versions up to, and including, 2.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve a list of registered user emails.\n\ud83d\udccf Published: 2025-01-22T11:07:58.320Z\n\ud83d\udccf Modified: 2025-01-22T11:07:58.320Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/bc883e7e-af82-47e1-a0c0-122e6abd6b52?source=cve\n2. https://plugins.trac.wordpress.org/browser/wp-hotel-booking/trunk/assets/js/admin/admin.hotel-booking.js#L621\n3. https://wordpress.org/plugins/wp-hotel-booking/#developers\n4. https://plugins.trac.wordpress.org/changeset/3225879/", "creation_timestamp": "2025-01-22T12:01:56.000000Z"}, {"uuid": "3aeb4c68-7b3c-4ce6-a697-e827778b2614", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13441", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3055", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13441\n\ud83d\udd39 Description: The Bilingual Linker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the bl_otherlang_link_1 parameter in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-01-25T07:24:18.755Z\n\ud83d\udccf Modified: 2025-01-25T07:24:18.755Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/daeda8d7-1bff-4258-9953-b4303f1778d0?source=cve\n2. https://plugins.trac.wordpress.org/browser/bilingual-linker/tags/2.4/bilingual-linker.php#L291", "creation_timestamp": "2025-01-25T08:05:30.000000Z"}, {"uuid": "cbf7132a-f8eb-4268-b4fc-df24c5d32d64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13449", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3071", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13449\n\ud83d\udd39 Description: The Boom Fest plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'bf_admin_action' function in all versions up to, and including, 2.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin settings that change the appearance of the website.\n\ud83d\udccf Published: 2025-01-25T08:23:15.192Z\n\ud83d\udccf Modified: 2025-01-25T08:23:15.192Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/246a66ea-7f2f-44e6-825b-5556eacc33ab?source=cve\n2. https://plugins.trac.wordpress.org/browser/boom-fest/trunk/admin/class-boom-fest-admin.php#L174\n3. https://plugins.trac.wordpress.org/changeset/3227296/", "creation_timestamp": "2025-01-25T09:04:51.000000Z"}, {"uuid": "cc4282b7-1c4f-4257-934c-9f72da4476a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13449", "type": "seen", "source": "https://t.me/cvedetector/16385", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13449 - WordPress Boom Fest Capability Check Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-13449 \nPublished : Jan. 25, 2025, 9:15 a.m. | 1\u00a0hour, 50\u00a0minutes ago \nDescription : The Boom Fest plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'bf_admin_action' function in all versions up to, and including, 2.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin settings that change the appearance of the website. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-25T12:09:15.000000Z"}, {"uuid": "205d17e0-610a-4b3b-8c00-affbab8078e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1344", "type": "seen", "source": "https://t.me/ctinow/187654", "content": "https://ift.tt/G0Lc2pV\nCVE-2024-1344", "creation_timestamp": "2024-02-19T13:31:09.000000Z"}, {"uuid": "327e205f-6cb3-45a0-a68d-35419b5663e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1344", "type": "seen", "source": "https://t.me/ctinow/187650", "content": "https://ift.tt/G0Lc2pV\nCVE-2024-1344", "creation_timestamp": "2024-02-19T13:26:59.000000Z"}, {"uuid": "0afbec8c-5c09-4a71-9092-6939779c721b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13444", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgapziyycg2t", "content": "", "creation_timestamp": "2025-01-21T11:15:35.505100Z"}, {"uuid": "2a7c3e3c-de88-4b79-9e43-5fbfe968397c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13444", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113866055413991258", "content": "", "creation_timestamp": "2025-01-21T11:15:21.652014Z"}, {"uuid": "060dc240-f37f-4483-9453-bd87ff486277", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13444", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgas6vvmav2h", "content": "", "creation_timestamp": "2025-01-21T11:54:24.710370Z"}, {"uuid": "989b6217-2366-4825-822c-b7cf716c2d5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13444", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113866040050446234", "content": "", "creation_timestamp": "2025-01-21T11:11:27.098913Z"}, {"uuid": "e4e12faa-a7b1-42c8-8131-abe157e0e0ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13441", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113887931313995607", "content": "", "creation_timestamp": "2025-01-25T07:58:41.076040Z"}, {"uuid": "8766fbcb-227e-41de-a939-36ab6902b7c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13449", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113888054096536678", "content": "", "creation_timestamp": "2025-01-25T08:29:54.748171Z"}, {"uuid": "42a95f16-d72a-440d-bc03-f16bce5d3a85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13448", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113904625814112822", "content": "", "creation_timestamp": "2025-01-28T06:44:19.354722Z"}, {"uuid": "cabe5f7d-17e2-4773-bbed-dd230a249280", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13448", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgrvuc5lru2f", "content": "", "creation_timestamp": "2025-01-28T07:15:19.297427Z"}, {"uuid": "dc5c74fe-52d5-45bf-89e7-1164c08314fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13448", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113905113590513418", "content": "", "creation_timestamp": "2025-01-28T08:48:25.674136Z"}, {"uuid": "661acf49-d909-4781-98fb-79433ed45ebe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13447", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgdaikotf62j", "content": "", "creation_timestamp": "2025-01-22T11:15:40.271770Z"}, {"uuid": "139a2daa-7b96-4f22-9a9c-b4b61d122f1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13440", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113972028460516363", "content": "", "creation_timestamp": "2025-02-09T04:25:41.872982Z"}, {"uuid": "8ba886be-b85a-48df-a1c1-09a77559df36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13440", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhpurv6ykz22", "content": "", "creation_timestamp": "2025-02-09T05:15:57.077406Z"}, {"uuid": "5b795444-0840-4ad0-b4c4-cc12f55f1478", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13440", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/113972810450751089", "content": "", "creation_timestamp": "2025-02-09T07:44:33.928569Z"}, {"uuid": "bd4daa25-c3a7-4345-a98d-d34a923143b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13440", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lhq5dubjda2m", "content": "", "creation_timestamp": "2025-02-09T07:49:09.381662Z"}, {"uuid": "f2a27cc4-189a-495c-9f9b-85ecc4cc49a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13442", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lkq7ddnhzo2v", "content": "", "creation_timestamp": "2025-03-19T12:40:14.326939Z"}, {"uuid": "78d6a49e-f185-4167-a022-99905dab2f2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13443", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3liiwbw66gt2y", "content": "", "creation_timestamp": "2025-02-19T04:19:21.587600Z"}, {"uuid": "352cb579-20ce-4b98-b928-f370cfc283a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13443", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lijcz52h622v", "content": "", "creation_timestamp": "2025-02-19T08:07:06.614722Z"}, {"uuid": "d64cd663-9923-4882-be03-0487c60d7aad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13442", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114189644522048401", "content": "", "creation_timestamp": "2025-03-19T14:48:19.703465Z"}, {"uuid": "5fed52b6-d863-4ad7-8454-9e8b522a8121", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13446", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lk6fehrozq2m", "content": "", "creation_timestamp": "2025-03-12T10:40:19.517673Z"}, {"uuid": "c77c9e01-bfba-422b-a506-a31d2911b6ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13442", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lksk77jor224", "content": "", "creation_timestamp": "2025-03-20T11:00:07.961796Z"}, {"uuid": "22f9349c-05cd-4537-acfb-d8f7199ff2e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13443", "type": "seen", "source": "Telegram/RgBcvaf9qQLSwIn_qHNFZeblR9TSxAPbNcKHELcK2fXu9D6t", "content": "", "creation_timestamp": "2025-02-19T15:39:49.000000Z"}]}