{"vulnerability": "CVE-2024-1346", "sightings": [{"uuid": "82770d7c-6f11-457d-b01f-314df7827950", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13466", "type": "seen", "source": "MISP/ca7dfd4e-d0b5-4d10-8982-36d9f6e53c8e", "content": "", "creation_timestamp": "2025-09-01T13:53:38.000000Z"}, {"uuid": "1b2ff581-f5eb-4ed0-bd9c-3845e09d7228", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13468", "type": "seen", "source": "Telegram/rff-tJCtuJ46yvxQW4LLz6LSbaZzNG_Lz1Yi2Ll1Xlt18CW7", "content": "", "creation_timestamp": "2025-02-19T15:39:51.000000Z"}, {"uuid": "91593dc9-c208-4b90-bbdd-8046593ccb92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13465", "type": "seen", "source": "Telegram/54Tpp5BNRg2I7n1sBztHm0SCcq8j8DyUQs6Ws4usItbp0zYP", "content": "", "creation_timestamp": "2025-02-21T22:10:24.000000Z"}, {"uuid": "08b5d09d-e7b3-4a8b-a299-5c9b869d967c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13461", "type": "seen", "source": "https://t.me/cvedetector/18645", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13461 - Autoship Cloud for WooCommerce Subscription Products Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13461 \nPublished : Feb. 21, 2025, 10:15 a.m. | 1\u00a0hour, 59\u00a0minutes ago \nDescription : The Autoship Cloud for WooCommerce Subscription Products plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'autoship-create-scheduled-order-action' shortcode in all versions up to, and including, 2.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-21T13:55:33.000000Z"}, {"uuid": "2a8b13bb-69be-4cc4-a865-9c1c9dc47ba0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13465", "type": "seen", "source": "https://t.me/cvedetector/18308", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13465 - aBlocks - WordPress Gutenberg Blocks Stored Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-13465 \nPublished : Feb. 18, 2025, 8:15 a.m. | 1\u00a0hour, 17\u00a0minutes ago \nDescription : The aBlocks \u2013 WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \"Table Of Content\" Block, specifically in the \"markerView\" attribute, in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-18T10:57:45.000000Z"}, {"uuid": "c1c17dfc-803c-4b19-b6fa-2d15c6449880", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13469", "type": "seen", "source": "https://t.me/cvedetector/19146", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13469 - WordPress PickPlugins Pricing Table Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13469 \nPublished : Feb. 28, 2025, 9:15 a.m. | 51\u00a0minutes ago \nDescription : The Pricing Table by PickPlugins plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button Link in all versions up to, and including, 1.12.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-28T11:10:39.000000Z"}, {"uuid": "6e7834f1-07fd-4c7f-936e-90a58bfb90f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13467", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3058", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13467\n\ud83d\udd39 Description: The WP Contact Form7 Email Spam Blocker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-01-25T07:24:17.422Z\n\ud83d\udccf Modified: 2025-01-25T07:24:17.422Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/b70a1344-2b55-40c9-a314-80d581e0b019?source=cve\n2. https://wordpress.org/plugins/wp-contact-form7-email-spam-blocker/", "creation_timestamp": "2025-01-25T08:05:35.000000Z"}, {"uuid": "af832a10-c284-4c08-ae66-21ddb3551a3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13463", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3582", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13463\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-01-31T04:15:07.497\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3227873%40seatreg&new=3227873%40seatreg&sfp_email=&sfph_mail=#file1224\n2. https://www.wordfence.com/threat-intel/vulnerabilities/id/769bc1fa-4f41-431e-9907-6e03d2c921be?source=cve", "creation_timestamp": "2025-01-31T05:24:41.000000Z"}, {"uuid": "b7090b1d-f74e-45a0-9944-4333197fffaa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13464", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4733", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13464\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Library Bookshelves plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bookshelf' shortcode in all versions up to, and including, 5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-02-18T04:21:20.479Z\n\ud83d\udccf Modified: 2025-02-18T04:21:20.479Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/c6b75ae7-89d9-4dd4-85c1-c12369bd86c8?source=cve\n2. https://plugins.trac.wordpress.org/browser/library-bookshelves/trunk/functions.php#L681", "creation_timestamp": "2025-02-18T07:56:41.000000Z"}, {"uuid": "f474a7e8-3324-42a9-9bcf-a93c64136518", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13465", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4765", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13465\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The aBlocks \u2013 WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \"Table Of Content\" Block, specifically in the \"markerView\" attribute, in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-02-18T07:28:13.882Z\n\ud83d\udccf Modified: 2025-02-18T07:28:13.882Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/abdb6632-d579-4650-b058-da10201cca8c?source=cve\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3236611%40ablocks&new=3236611%40ablocks&sfp_email=&sfph_mail=", "creation_timestamp": "2025-02-18T08:41:11.000000Z"}, {"uuid": "c2bf4a58-57c1-4e8a-968f-6db2099952c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13468", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4781", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13468\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\ud83d\udd39 Description: The Trash Duplicate and 301 Redirect plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'duplicates-action-top' action in all versions up to, and including, 1.9. This makes it possible for unauthenticated attackers to delete arbitrary posts/pages.\n\ud83d\udccf Published: 2025-02-19T07:32:14.346Z\n\ud83d\udccf Modified: 2025-02-19T07:32:14.346Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/ebb6afd7-6bc4-4c8a-a645-04f64d5adff4?source=cve\n2. https://wordpress.org/plugins/trash-duplicate-and-301-redirect/", "creation_timestamp": "2025-02-19T08:40:56.000000Z"}, {"uuid": "a27620c0-9c54-4e67-b2e9-cb736dad4757", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13462", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4789", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13462\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The WP Wiki Tooltip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wiki' shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-02-19T07:32:11.019Z\n\ud83d\udccf Modified: 2025-02-19T07:32:11.019Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/926646de-4fb0-4460-b0d1-4d451e6505ca?source=cve\n2. https://plugins.trac.wordpress.org/browser/wp-wiki-tooltip/trunk/class.wp-wiki-tooltip.php\n3. https://wordpress.org/plugins/wp-wiki-tooltip/", "creation_timestamp": "2025-02-19T08:41:09.000000Z"}, {"uuid": "4b2ffdbd-9fab-4ba6-a1c0-eca4ca244faf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13461", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4874", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13461\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Autoship Cloud for WooCommerce Subscription Products plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'autoship-create-scheduled-order-action' shortcode in all versions up to, and including, 2.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-02-21T09:21:05.066Z\n\ud83d\udccf Modified: 2025-02-21T09:21:05.066Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/0ae16c4e-0151-4414-8612-ec8eb92505fd?source=cve\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3242136%40autoship-cloud&new=3242136%40autoship-cloud&sfp_email=&sfph_mail=", "creation_timestamp": "2025-02-21T10:20:23.000000Z"}, {"uuid": "f4d32fc9-1a86-452f-ba75-18216af6814a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13469", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5863", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13469\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Pricing Table by PickPlugins plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button Link in all versions up to, and including, 1.12.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-02-28T08:23:15.555Z\n\ud83d\udccf Modified: 2025-02-28T08:23:15.555Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/5239c414-cd1d-4257-9f8e-e7a92c2119f9?source=cve\n2. https://wordpress.org/plugins/pricingtable/", "creation_timestamp": "2025-02-28T09:27:36.000000Z"}, {"uuid": "860b6fc6-6a8e-4542-958a-803f8c0efbd0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1346", "type": "published-proof-of-concept", "source": "https://t.me/ap_security/480", "content": "#cve #poc #exploit\n\nCVE-2024-1346: MySQL Weak Password\ud83d\udda5\n\n\u0421\u043b\u0430\u0431\u044b\u0439 \u043f\u0430\u0440\u043e\u043b\u044c \u043a\u043e\u0440\u043d\u044f \u0431\u0430\u0437\u044b \u0434\u0430\u043d\u043d\u044b\u0445 MySQL \u0432 LaborOfficeFree \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0435\u0440\u0441\u0438\u044e 19.10. \u042d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u044b\u0447\u0438\u0441\u043b\u0438\u0442\u044c \u043a\u043e\u0440\u043d\u0435\u0432\u043e\u0439 \u043f\u0430\u0440\u043e\u043b\u044c \u0431\u0430\u0437\u044b \u0434\u0430\u043d\u043d\u044b\u0445 MySQL, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0439 LaborOfficeFree, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0434\u0432\u0435 \u043a\u043e\u043d\u0441\u0442\u0430\u043d\u0442\u044b\n\nGitHub", "creation_timestamp": "2024-02-28T09:20:34.000000Z"}, {"uuid": "27816c8f-932e-4356-8da4-ccd74cb26fa1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13463", "type": "seen", "source": "https://t.me/cvedetector/16879", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13463 - WordPress SeatReg Plugin Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13463 \nPublished : Jan. 31, 2025, 4:15 a.m. | 1\u00a0hour, 24\u00a0minutes ago \nDescription : The SeatReg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'seatreg' shortcode in all versions up to, and including, 1.56.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-31T07:00:20.000000Z"}, {"uuid": "7f2916b2-7d18-4683-882b-7266457b5bc1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13460", "type": "seen", "source": "https://t.me/cvedetector/16785", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13460 - WordPress WE Testimonial Slider Stored Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-13460 \nPublished : Jan. 30, 2025, 2:15 p.m. | 46\u00a0minutes ago \nDescription : The WE \u2013 Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Testimonial Author Names in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-30T16:46:40.000000Z"}, {"uuid": "a54189e7-07c5-49da-8bc4-977d0727f03b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13467", "type": "seen", "source": "https://t.me/cvedetector/16368", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13467 - \"WordPress Contact Form7 Email Spam Blocker Reflected Cross-Site Scripting\"\", \n  \"Content\": \"CVE ID : CVE-2024-13467 \nPublished : Jan. 25, 2025, 8:15 a.m. | 42\u00a0minutes ago \nDescription : The WP Contact Form7 Email Spam Blocker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-25T10:28:44.000000Z"}, {"uuid": "6e6388c8-8d68-4f2d-9e85-5a1c63e20651", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1346", "type": "published-proof-of-concept", "source": "https://t.me/Teamx1945x/3622", "content": "#exploit\n1. CVE-2024-1346:\nWeak MySQL database root password in LaborOfficeFree\nhttps://github.com/PeterGabaldon/CVE-2024-1346\n\n2. A modern dashboard exploit for MS Xbox\nhttps://github.com/XboxDev/endgame-exploit", "creation_timestamp": "2024-04-20T12:14:24.000000Z"}, {"uuid": "48e34a60-6a2d-4487-a207-04d40af9427a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13464", "type": "seen", "source": "Telegram/4zc--tzrJoH033kJ8cRJOl22R3zdCNtHoORRBCExNEXjvcf_", "content": "", "creation_timestamp": "2025-02-18T11:39:00.000000Z"}, {"uuid": "147ecd45-55b7-47fa-a5af-7b6a2a3f136c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13469", "type": "seen", "source": "Telegram/ds_oPvImO8eDTy436x3EIYX6iAtNWnfUR2DNRBr-lJx0f3lB", "content": "", "creation_timestamp": "2025-03-02T11:44:22.000000Z"}, {"uuid": "e27db744-bb1d-4ded-b47f-a065cede8552", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1346", "type": "published-proof-of-concept", "source": "https://t.me/Teamx1945x/4301", "content": "CVE ID : CVE-2024-1346\nSystem : Mysql, laborofficefree\nType : prvilage esclation (Weakness Enumeration)\n\nExploit \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644 :\n\ud83d\udd3b Github \ud83d\udd3b\nhttps://github.com/PeterGabaldon/CVE-2024-1346\n\n#\u0627\u0633\u062a\u063a\u0644\u0627\u0644_\u062b\u063a\u0631\u0629", "creation_timestamp": "2024-04-21T09:53:16.000000Z"}, {"uuid": "1ca504a6-d884-409b-8fac-f6ecdf08e352", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1346", "type": "published-proof-of-concept", "source": "https://t.me/P_R_V_8_official/145", "content": "#exploit\n1. CVE-2024-1346:\nWeak MySQL database root password in LaborOfficeFree\nhttps://github.com/PeterGabaldon/CVE-2024-1346\n\n2. A modern dashboard exploit for MS Xbox\nhttps://github.com/XboxDev/endgame-exploit", "creation_timestamp": "2024-05-06T13:51:45.000000Z"}, {"uuid": "8f00a110-01fc-4006-ab25-4c639f098f17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1346", "type": "published-proof-of-concept", "source": "Telegram/shw0X-lljcYkBRUgN-78ZdjBcyVv0bGz8BESp3bxGNfd", "content": "", "creation_timestamp": "2024-05-18T19:34:53.000000Z"}, {"uuid": "74440143-2b9a-4dde-830f-23cdf032a07d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13461", "type": "seen", "source": "Telegram/A-pofhxUOYPGw641gkjHKGHd-AV-9FAmSJHnetNvNqh4uW74", "content": "", "creation_timestamp": "2025-02-21T12:35:18.000000Z"}, {"uuid": "75376c43-de47-4ee8-8d46-fd622ebb95e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13462", "type": "seen", "source": "Telegram/5RyhNZvD7xlkDFfik4nQXDe9Z7mhyhLdwYGwVJ5zs4Gos6UV", "content": "", "creation_timestamp": "2025-02-19T15:39:51.000000Z"}, {"uuid": "2d4287c8-d5ac-4fdd-a3db-8af718429452", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1346", "type": "published-proof-of-concept", "source": "https://t.me/intell137/82", "content": "#exploit\n1. CVE-2024-1346:\nWeak MySQL database root password in LaborOfficeFree\nhttps://github.com/PeterGabaldon/CVE-2024-1346\n\n2. A modern dashboard exploit for MS Xbox\nhttps://github.com/XboxDev/endgame-exploit", "creation_timestamp": "2024-02-26T04:03:18.000000Z"}, {"uuid": "ee320299-0d38-42c3-8b91-ca2e0a5145c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1346", "type": "published-proof-of-concept", "source": "https://t.me/openSource3/75", "content": "CVE ID : CVE-2024-1346\nSystem : Mysql, laborofficefree\nType : prvilage esclation (Weakness Enumeration)\n\nExploit \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644 :\n\ud83d\udd3b Github \ud83d\udd3b\nhttps://github.com/PeterGabaldon/CVE-2024-1346\n\n#\u0627\u0633\u062a\u063a\u0644\u0627\u0644_\u062b\u063a\u0631\u0629", "creation_timestamp": "2024-04-19T18:46:29.000000Z"}, {"uuid": "b04f6308-eff1-49c3-8c27-e866e245bf87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1346", "type": "seen", "source": "https://t.me/arpsyndicate/3662", "content": "#ExploitObserverAlert\n\nCVE-2024-1346\n\nDESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1346. Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to calculate the root password of the MySQL database used by LaborOfficeFree using two constants.", "creation_timestamp": "2024-02-20T18:34:00.000000Z"}, {"uuid": "1d7a44d6-4695-44d6-b275-cfbc6c809c7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1346", "type": "seen", "source": "https://t.me/samprogr0_0/520", "content": "\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0644\u062b\u063a\u0631\u0629 CVE-2024-1346 \u0644\u062e\u062f\u0645\u0629  MYSQL", "creation_timestamp": "2024-04-08T00:19:07.000000Z"}, {"uuid": "1153a54c-9ff4-4123-b3c6-52c25cba80bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1346", "type": "published-proof-of-concept", "source": "https://t.me/samprogr0_0/519", "content": "#exploit\n1. CVE-2024-1346:\nWeak MySQL database root password in LaborOfficeFree\nhttps://github.com/PeterGabaldon/CVE-2024-1346\n\n2. A modern dashboard exploit for MS Xbox\nhttps://github.com/XboxDev/endgame-exploit", "creation_timestamp": "2024-04-08T00:19:05.000000Z"}, {"uuid": "6ab83ef4-1948-4ec4-b683-df2af3d7505a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1346", "type": "seen", "source": "https://t.me/ctinow/187656", "content": "https://ift.tt/U9qEv4V\nCVE-2024-1346", "creation_timestamp": "2024-02-19T13:31:11.000000Z"}, {"uuid": "c81fdfc3-e22c-429a-8c17-c67cee7d2cd7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1346", "type": "seen", "source": "https://t.me/ctinow/187652", "content": "https://ift.tt/U9qEv4V\nCVE-2024-1346", "creation_timestamp": "2024-02-19T13:27:04.000000Z"}, {"uuid": "692d1d8c-9faa-4520-89a5-6676744971b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1346", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2033", "content": "https://github.com/PeterGabaldon/CVE-2024-1346\n\nWeak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to calculate the root password of the MySQL database used by LaborOfficeFree using two constants\n#github #poc", "creation_timestamp": "2024-02-26T07:49:00.000000Z"}, {"uuid": "5063fae7-464b-4ca7-95ca-789708690066", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1346", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10044", "content": "#exploit\n1. CVE-2024-1346:\nWeak MySQL database root password in LaborOfficeFree\nhttps://github.com/PeterGabaldon/CVE-2024-1346\n\n2. A modern dashboard exploit for MS Xbox\nhttps://github.com/XboxDev/endgame-exploit\n\n3. CVE-2024-26582:\nLinux Kernel TLS Vulnerability\nhttps://lore.kernel.org/linux-cve-announce/2024022139-spruce-prelude-c358@gregkh", "creation_timestamp": "2024-02-26T12:44:22.000000Z"}, {"uuid": "53f86548-8a02-4516-8897-8a3a6b0b9cbd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13467", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113887990332393071", "content": "", "creation_timestamp": "2025-01-25T08:13:41.947660Z"}, {"uuid": "cd25c7e0-6dff-4dda-875c-5cbbb7d070fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13466", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113917345308287387", "content": "", "creation_timestamp": "2025-01-30T12:39:03.183163Z"}, {"uuid": "5207dfd5-1d2e-4634-843b-d944bcdf269e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13466", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgxkwfrj3h2f", "content": "", "creation_timestamp": "2025-01-30T13:15:37.141513Z"}, {"uuid": "06bf1214-b940-4f09-a00c-59b5a12b2c41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13463", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113920848389854184", "content": "", "creation_timestamp": "2025-01-31T03:29:55.994984Z"}, {"uuid": "6057847f-ed92-4011-975a-d84c1053ffdd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13460", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgxoe5qq6x2e", "content": "", "creation_timestamp": "2025-01-30T14:16:59.158345Z"}, {"uuid": "8268dfda-870b-4956-9fb1-1dad2e7c56af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13463", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgz5acwit32f", "content": "", "creation_timestamp": "2025-01-31T04:15:56.839681Z"}, {"uuid": "a5843f9a-10ba-4eea-8ca8-40845de584f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13460", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113917848510514042", "content": "", "creation_timestamp": "2025-01-30T14:47:01.506648Z"}, {"uuid": "c071cae8-4c43-4eda-940f-d154c1f6dd75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13464", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ligixi2ps22n", "content": "", "creation_timestamp": "2025-02-18T05:15:32.967039Z"}, {"uuid": "3557bb5a-1dd9-4942-8d2a-964b7a88b1ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13465", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ligsznv47e2k", "content": "", "creation_timestamp": "2025-02-18T08:15:43.486135Z"}, {"uuid": "714bfb42-0a40-4fa5-b07e-e03ed74f3704", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13462", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lijdipsq332y", "content": "", "creation_timestamp": "2025-02-19T08:15:48.698813Z"}, {"uuid": "137652a3-258d-40af-ac1c-927201d81cdf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13468", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lijdjq7chn2g", "content": "", "creation_timestamp": "2025-02-19T08:16:22.191501Z"}, {"uuid": "fcc457a0-f840-4d18-b0ca-07df13ce130e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13469", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lja4mexiwb2y", "content": "", "creation_timestamp": "2025-02-28T09:43:49.600479Z"}]}