{"vulnerability": "CVE-2024-1350", "sightings": [{"uuid": "28cf6cee-bf92-4288-b778-0ce5e613f88a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13503", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2165", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13503\n\ud83d\udd39 Description: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Newtec NTC2218, NTC2250, NTC2299 on Linux, PowerPC, ARM (Updating signaling process in the swdownload binary modules) allows Local Execution of Code, Remote Code Inclusion.\nThis issue affects NTC2218, NTC2250, NTC2299: from 1.0.1.1 through 2.2.6.19. The issue is both present on the PowerPC versions of the modem and the ARM versions.\n\nA stack buffer buffer overflow in the swdownload binary allows attackers to execute arbitrary code. The parse_INFO function uses an unrestricted `sscanf` to read a string of an incoming network packet into a statically sized buffer.\n\ud83d\udccf Published: 2025-01-17T13:52:35.803Z\n\ud83d\udccf Modified: 2025-01-17T16:01:06.569Z\n\ud83d\udd17 References:\n1. https://doi.org/10.1145/3643833.3656139\n2. https://www.youtube.com/watch?v=-pxmly8xeas", "creation_timestamp": "2025-01-17T16:57:08.000000Z"}, {"uuid": "c1eb295c-08f3-46c4-96fe-a1d0a9c5c946", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13505", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3134", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13505\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-01-26T12:15:28.613\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/browser/survey-maker/tags/5.1.3.2/admin/partials/surveys/actions/partials/survey-maker-surveys-actions-tab1.php#L1160\n2. https://www.wordfence.com/threat-intel/vulnerabilities/id/fc3c22a2-b766-419c-a481-48e6a73b084c?source=cve", "creation_timestamp": "2025-01-26T13:14:24.000000Z"}, {"uuid": "be452c1c-2fda-42d5-b4fd-88ec955c5fd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13505", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3130", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: GHSA-fp6x-mq75-x6gh\n\ud83d\udd25 CVSS Score: N/A (CVSS_V3)\n\ud83d\udd39 Description: The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018ays_sections[5][questions][8][title]\u2019 parameter in all versions up to, and including, 5.1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.\n\ud83d\udccf Published: 2025-01-26T12:30:32Z\n\ud83d\udccf Modified: 2025-01-26T12:30:32Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13505\n2. https://plugins.trac.wordpress.org/browser/survey-maker/tags/5.1.3.2/admin/partials/surveys/actions/partials/survey-maker-surveys-actions-tab1.php#L1160\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/fc3c22a2-b766-419c-a481-48e6a73b084c?source=cve", "creation_timestamp": "2025-01-26T13:06:16.000000Z"}, {"uuid": "d4bf1f56-a8c3-458c-8659-77a3f880785e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13500", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4561", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13500\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-15T12:15:30.610\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/changeset/3239348/\n2. https://wordpress.org/plugins/wedevs-project-manager/#developers\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/70083f93-f110-4029-a3d3-ce8a77799a31?source=cve", "creation_timestamp": "2025-02-15T13:11:23.000000Z"}, {"uuid": "31cb931b-c439-4fe7-887b-ace7190b3f14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13500", "type": "seen", "source": "https://t.me/cvedetector/18173", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13500 - WordPress WP Project Manager SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2024-13500 \nPublished : Feb. 15, 2025, 12:15 p.m. | 1\u00a0hour, 7\u00a0minutes ago \nDescription : The WP Project Manager \u2013 Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018orderby\u2019 parameter in all versions up to, and including, 2.6.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-15T15:12:01.000000Z"}, {"uuid": "a5eeb51b-885f-4a23-88cd-fa41b4592826", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13504", "type": "seen", "source": "https://t.me/cvedetector/16892", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13504 - WordPress Shared Files Frontend Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13504 \nPublished : Jan. 31, 2025, 6:15 a.m. | 1\u00a0hour, 29\u00a0minutes ago \nDescription : The Shared Files \u2013 Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via dfxp File uploads in all versions up to, and including, 1.7.42 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the dfxp file. This issue affects only Apache-based environments, where dfxp files are handled by default. \nSeverity: 7.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-31T09:30:57.000000Z"}, {"uuid": "86241b4a-d6b6-4521-88a7-3336c0eb5b08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13500", "type": "seen", "source": "Telegram/STUJUJDMknX5BFBJgYXEZDUQ3Gv7qcp61P2kciuP65oUDUqz", "content": "", "creation_timestamp": "2025-02-15T23:50:18.000000Z"}, {"uuid": "c27f6ba6-44ef-4a6e-ad0f-c8eb47006950", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13504", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113921353183294059", "content": "", "creation_timestamp": "2025-01-31T05:38:18.554801Z"}, {"uuid": "e48cd1a8-61d6-4dc2-b0e9-e125ea02b42d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13505", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113894422663486289", "content": "", "creation_timestamp": "2025-01-26T11:29:32.342506Z"}, {"uuid": "eed01007-4ac8-4e3d-b25c-f4d6fab40ff2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13500", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li7p2kxnjd2y", "content": "", "creation_timestamp": "2025-02-15T12:16:01.076670Z"}, {"uuid": "bd8098eb-c424-4751-89ed-324ec6a2987a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13500", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3li7yrlqn6d22", "content": "", "creation_timestamp": "2025-02-15T15:09:57.204822Z"}, {"uuid": "06a3655c-d678-46b0-9da7-c43c1f9d2bf6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13502", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2129", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13502\n\ud83d\udd39 Description: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Newtec/iDirect NTC2218, NTC2250, NTC2299 on Linux, PowerPC, ARM allows Local Code Inclusion.This issue affects NTC2218, NTC2250, NTC2299: from 1.0.1.1 through 2.2.6.19.\n\n\nThe `commit_multicast` page used to configure multicasts in the modem's web administration interface uses improperly parses incoming data from the request before passing it to an `eval` statement in a bash script. This allows attackers to inject arbitrary shell commands.\n\ud83d\udccf Published: 2025-01-17T14:01:03.084Z\n\ud83d\udccf Modified: 2025-01-17T14:49:20.740Z\n\ud83d\udd17 References:\n1. https://doi.org/10.1145/3643833.3656139\n2. https://www.youtube.com/watch?v=-pxmly8xeas", "creation_timestamp": "2025-01-17T14:56:39.000000Z"}, {"uuid": "a64b947f-cc6f-4205-bc55-3657639269b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13504", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3586", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13504\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-01-31T06:15:29.603\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/browser/shared-files/tags/1.7.40\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3231372%40shared-files%2Ftrunk&old=3229309%40shared-files%2Ftrunk&sfp_email=&sfph_mail=\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/9f4210a0-5448-4ff6-876a-37db4ad9b23a?source=cve", "creation_timestamp": "2025-01-31T07:24:02.000000Z"}, {"uuid": "0e5e271c-0ec1-445f-91bd-11558305d919", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13504", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3607", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13504\n\ud83d\udd25 CVSS Score: 7.4 (CVSS_V3)\n\ud83d\udd39 Description: The Shared Files \u2013 Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via dfxp File uploads in all versions up to, and including, 1.7.42 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the dfxp file. This issue affects only Apache-based environments, where dfxp files are handled by default.\n\ud83d\udccf Published: 2025-01-31T06:30:53Z\n\ud83d\udccf Modified: 2025-01-31T06:30:53Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13504\n2. https://plugins.trac.wordpress.org/browser/shared-files/tags/1.7.40\n3. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3231372%40shared-files%2Ftrunk&old=3229309%40shared-files%2Ftrunk&sfp_email=&sfph_mail=\n4. https://www.wordfence.com/threat-intel/vulnerabilities/id/9f4210a0-5448-4ff6-876a-37db4ad9b23a?source=cve", "creation_timestamp": "2025-01-31T08:14:55.000000Z"}, {"uuid": "e4d5d798-6845-4ef4-8f29-b4c0adb005b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13500", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4559", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13500\n\ud83d\udd25 CVSS Score: 6.4 (CVSS_V3)\n\ud83d\udd39 Description: The WP Project Manager \u2013 Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018orderby\u2019 parameter in all versions up to, and including, 2.6.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n\ud83d\udccf Published: 2025-02-15T12:30:50Z\n\ud83d\udccf Modified: 2025-02-15T12:30:50Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13500\n2. https://plugins.trac.wordpress.org/changeset/3239348\n3. https://wordpress.org/plugins/wedevs-project-manager/#developers\n4. https://www.wordfence.com/threat-intel/vulnerabilities/id/70083f93-f110-4029-a3d3-ce8a77799a31?source=cve", "creation_timestamp": "2025-02-15T13:11:21.000000Z"}, {"uuid": "7c677248-b336-4d42-a479-29495d2d52b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13503", "type": "seen", "source": "https://t.me/cvedetector/15705", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13503 - Newtec NTC2218, NTC2250, NTC2299 Classic Buffer Overflow\", \n  \"Content\": \"CVE ID : CVE-2024-13503 \nPublished : Jan. 17, 2025, 2:15 p.m. | 39\u00a0minutes ago \nDescription : Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Newtec NTC2218, NTC2250, NTC2299 on Linux, PowerPC, ARM (Updating signaling process in the swdownload binary modules) allows Local Execution of Code, Remote Code Inclusion.  \nThis issue affects NTC2218, NTC2250, NTC2299: from 1.0.1.1 through 2.2.6.19. The issue is both present on the PowerPC versions of the modem and the ARM versions.  \n  \nA stack buffer buffer overflow in the swdownload binary allows attackers to execute arbitrary code. The parse_INFO function uses an unrestricted `sscanf` to read a string of an incoming network packet into a statically sized buffer. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-17T15:57:22.000000Z"}, {"uuid": "e42875b2-1252-4023-bb15-0b145a350730", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13502", "type": "seen", "source": "https://t.me/cvedetector/15704", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13502 - Newtec/iDirect iDirect NTC2218, NTC2250, NTC2299 OS Command Injection\", \n  \"Content\": \"CVE ID : CVE-2024-13502 \nPublished : Jan. 17, 2025, 2:15 p.m. | 39\u00a0minutes ago \nDescription : Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Newtec/iDirect NTC2218, NTC2250, NTC2299 on Linux, PowerPC, ARM allows Local Code Inclusion.This issue affects NTC2218, NTC2250, NTC2299: from 1.0.1.1 through 2.2.6.19.  \n  \n  \nThe `commit_multicast` page used to configure multicasts in the modem's web administration interface uses improperly parses incoming data from the request before passing it to an `eval` statement in a bash script. This allows attackers to inject arbitrary shell commands. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-17T15:57:21.000000Z"}, {"uuid": "bd6f8359-73b4-47dc-9fb8-9fe5690ab002", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13501", "type": "seen", "source": "Telegram/c9dfVfFXnLiugId5JxKOwb7ZbNT33a6aiRFqYF542sKRhN3N", "content": "", "creation_timestamp": "2025-02-18T11:39:00.000000Z"}, {"uuid": "afb08f09-20b2-4d75-8661-d6b41f298366", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13503", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113844046206247513", "content": "", "creation_timestamp": "2025-01-17T13:58:07.651228Z"}, {"uuid": "835f63f6-4032-45dd-87db-d3a9c7ee22f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13502", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113844072614495482", "content": "", "creation_timestamp": "2025-01-17T14:04:50.470502Z"}, {"uuid": "02cdea15-badd-4406-afd2-2bff37185ed7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13502", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfwyamim6j2n", "content": "", "creation_timestamp": "2025-01-17T14:16:06.637210Z"}, {"uuid": "b1382330-603e-4018-8e01-c7fc9745b13b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13503", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfwyapxlge2s", "content": "", "creation_timestamp": "2025-01-17T14:16:10.300159Z"}, {"uuid": "54d3246a-7eb7-4d29-b5fe-5f3c71df9609", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13503", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfx2ntuaen2e", "content": "", "creation_timestamp": "2025-01-17T14:59:18.141069Z"}, {"uuid": "40949a6d-e3c0-4473-972c-08fbbe6d4e89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13502", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfx2nuqbkf2e", "content": "", "creation_timestamp": "2025-01-17T14:59:19.288592Z"}, {"uuid": "3f64c841-d4af-426e-8d8b-ee0649cfd91d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13509", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113904625829697666", "content": "", "creation_timestamp": "2025-01-28T06:44:19.641652Z"}, {"uuid": "495cef7b-7939-4414-8835-f9965156b4ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13509", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgsjg4zibg2k", "content": "", "creation_timestamp": "2025-01-28T13:05:19.526239Z"}, {"uuid": "62c613a6-cbf1-4ec9-838e-bda30e0c4efa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13505", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgno3rx5kr2k", "content": "", "creation_timestamp": "2025-01-26T14:45:43.576785Z"}, {"uuid": "2fd74509-871c-40f4-9dd3-b75b127fc396", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13506", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhvjsrhhua22", "content": "", "creation_timestamp": "2025-02-11T11:15:33.511240Z"}, {"uuid": "880d61f2-a905-4d7c-b226-fe9d01d3f0cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13501", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ligixkumha2o", "content": "", "creation_timestamp": "2025-02-18T05:15:36.167788Z"}, {"uuid": "199b5090-3cdf-4bc5-b58d-152a69d77f75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13508", "type": "seen", "source": "https://t.me/cvedetector/18398", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13508 - Booking Package for WordPress Reflected Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-13508 \nPublished : Feb. 19, 2025, 12:15 a.m. | 1\u00a0hour, 53\u00a0minutes ago \nDescription : The Booking Package plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the locale parameter in all versions up to, and including, 1.6.72 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-19T03:41:40.000000Z"}, {"uuid": "e66f9178-06e1-4b29-942e-bca63089d653", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13506", "type": "seen", "source": "https://t.me/cvedetector/17705", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13506 - GeoDirectory - WP Business Directory Plugin Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13506 \nPublished : Feb. 11, 2025, 11:15 a.m. | 52\u00a0minutes ago \nDescription : The GeoDirectory \u2013 WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the display_name profile parameter in all versions up to, and including, 2.8.97 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-11T13:11:14.000000Z"}, {"uuid": "2cb6c6f4-1862-42e9-b09f-df069e4dd7a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13505", "type": "seen", "source": "https://t.me/cvedetector/16416", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13505 - \"WordPress Survey Maker Stored Cross-Site Scripting Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-13505 \nPublished : Jan. 26, 2025, 12:15 p.m. | 1\u00a0hour, 49\u00a0minutes ago \nDescription : The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018ays_sections[5][questions][8][title]\u2019 parameter in all versions up to, and including, 5.1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. \nSeverity: 5.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-26T15:44:39.000000Z"}, {"uuid": "e66cef16-07f7-45f8-a6a8-f66a8682e68b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13500", "type": "seen", "source": "Telegram/mC9OTeGGRXoeWZlfY_A8lY75W2D5z3n-Ti7l8_6buIw1X-Kf", "content": "", "creation_timestamp": "2025-02-24T14:08:42.000000Z"}, {"uuid": "357c3a16-57c2-4838-9848-0509dbe4f116", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13509", "type": "seen", "source": "https://t.me/cvedetector/16587", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13509 - \"WS Form LITE - WordPress Stored Cross-Site Scripting Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-13509 \nPublished : Jan. 28, 2025, 7:15 a.m. | 1\u00a0hour, 59\u00a0minutes ago \nDescription : The WS Form LITE \u2013 Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url parameter in all versions up to, and including, 1.10.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: This vulnerability is partially fixed in 1.10.13 and completely fixed in 1.10.14. \nSeverity: 7.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-28T10:25:47.000000Z"}, {"uuid": "2a6092df-1141-464c-bc27-6a6a9217d32e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13503", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/113847824871766844", "content": "", "creation_timestamp": "2025-01-18T05:59:05.434457Z"}, {"uuid": "dde4989c-3162-410d-8e7d-2ae734d6ba44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13504", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgzdxx6nbt2r", "content": "", "creation_timestamp": "2025-01-31T06:16:31.757229Z"}, {"uuid": "70268b62-9b9b-4008-8534-0cc67e4849f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13504", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgzi4pfw4o2q", "content": "", "creation_timestamp": "2025-01-31T07:30:49.190050Z"}, {"uuid": "cea69ec6-7f3f-46e1-969d-2a263d627e65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13509", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgrvuzn32q2n", "content": "", "creation_timestamp": "2025-01-28T07:15:43.593748Z"}, {"uuid": "36a05c65-66cb-4cdf-abf8-56567fd52b83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13505", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgnfq3kvpc2n", "content": "", "creation_timestamp": "2025-01-26T12:15:58.512406Z"}, {"uuid": "87b3cb67-24ac-4bee-9342-8c8974224871", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13500", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/114007668674336492", "content": "", "creation_timestamp": "2025-02-15T11:29:28.595456Z"}, {"uuid": "8ed827b2-098d-4b56-85f8-4008cbd351f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13508", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3liiiojakeh2g", "content": "", "creation_timestamp": "2025-02-19T00:15:51.656054Z"}, {"uuid": "cf154f96-7e2d-4b98-ba97-dd7445114087", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13508", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3liivcb3u4y2c", "content": "", "creation_timestamp": "2025-02-19T04:01:39.212022Z"}]}