{"vulnerability": "CVE-2024-1355", "sightings": [{"uuid": "b95a0745-aeca-4fc5-8cb0-658fdd0ca7ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1355", "type": "seen", "source": "https://t.me/ctinow/199810", "content": "https://ift.tt/O1lkFaK\nCVE-2024-1355 | GitHub Enterprise Server up to 3.8.14/3.9.9/3.10.6/3.11.4 Management Console access control", "creation_timestamp": "2024-03-05T02:01:52.000000Z"}, {"uuid": "812479a1-ff4a-44a6-a41b-2e64b9878725", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1355", "type": "seen", "source": "https://t.me/ctinow/184138", "content": "https://ift.tt/dNJwZRa\nCVE-2024-1355", "creation_timestamp": "2024-02-13T20:22:13.000000Z"}, {"uuid": "aa905d08-e54a-453c-b3c4-46727e592d1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13554", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113988772745294473", "content": "", "creation_timestamp": "2025-02-12T03:23:59.473816Z"}, {"uuid": "efc7203c-4690-45df-8d02-f84624d598f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13554", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhxcv3inor2g", "content": "", "creation_timestamp": "2025-02-12T04:16:54.164702Z"}, {"uuid": "4809743e-717b-4fa5-b97e-02f059685cc5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13553", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114263019273052265", "content": "", "creation_timestamp": "2025-04-01T13:48:33.201103Z"}, {"uuid": "fb8cd677-cce0-4d16-a709-b36bd1c0e145", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13557", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/114248301386235895", "content": "", "creation_timestamp": "2025-03-29T23:25:32.039378Z"}, {"uuid": "ca985ecd-5831-4a6f-b63e-41259536bedb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13557", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/114248301386235895", "content": "", "creation_timestamp": "2025-03-29T23:25:32.035903Z"}, {"uuid": "8d51b0ec-b192-4e3d-89c1-d5f6315b6e95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13553", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114263019273052265", "content": "", "creation_timestamp": "2025-04-01T13:48:33.199163Z"}, {"uuid": "fe930375-e52e-42c7-a73e-0d669deb8371", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13554", "type": "seen", "source": "https://t.me/cvedetector/17809", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13554 - WordPress WP Extended Unauthorized Data Modification Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13554 \nPublished : Feb. 12, 2025, 4:15 a.m. | 17\u00a0minutes ago \nDescription : The The Ultimate WordPress Toolkit \u2013 WP Extended plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reorder_route() function in all versions up to, and including, 3.0.13. This makes it possible for unauthenticated attackers to reorder posts. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-12T05:59:51.000000Z"}, {"uuid": "d86b895e-328f-4d1b-95fa-19f1e7029971", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13552", "type": "seen", "source": "Telegram/0Cuv1QWlA-rLV6AiKmRGQwI5GWH-njWf7Atbn8q3bj-9DDbo", "content": "", "creation_timestamp": "2025-03-08T04:34:56.000000Z"}, {"uuid": "4376a471-6c93-4ffa-b30b-43da784c4b4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13555", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4736", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13555\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: The 1 Click WordPress Migration Plugin \u2013 100% FREE for a limited time plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing or incorrect nonce validation on the cancel_actions() function. This makes it possible for unauthenticated attackers to cancel a triggered backup via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-02-18T04:21:19.375Z\n\ud83d\udccf Modified: 2025-02-18T04:21:19.375Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/aee963fa-26b5-4bf0-b52f-095c67fb4834?source=cve\n2. https://wordpress.org/plugins/1-click-migration/", "creation_timestamp": "2025-02-18T07:56:46.000000Z"}, {"uuid": "452b7bb0-d0f9-490e-bd52-69f061018199", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13557", "type": "seen", "source": "https://t.me/cvedetector/21508", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13557 - United Themes WordPress Shortcodes Arbitrary Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13557 \nPublished : March 29, 2025, 7:15 a.m. | 2\u00a0hours, 2\u00a0minutes ago \nDescription : The Shortcodes by United Themes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.1.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-29T10:29:02.000000Z"}, {"uuid": "1971ea39-adbc-410f-9dfe-4de4a920aafa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13558", "type": "seen", "source": "https://t.me/cvedetector/20736", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13558 - WooCommerce NP Quote Request Insecure Direct Object Reference\", \n  \"Content\": \"CVE ID : CVE-2024-13558 \nPublished : March 20, 2025, 12:15 p.m. | 1\u00a0hour, 44\u00a0minutes ago \nDescription : The NP Quote Request for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.179 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to read the content of quote requests. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-20T15:43:46.000000Z"}, {"uuid": "38ef54c2-31a2-48a7-bc2c-b9598979a148", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13559", "type": "seen", "source": "Telegram/SM4otjivLIuFEnPWXoFGs_RbHCFbNb4nGQX-Jixbdt9ooLJX", "content": "", "creation_timestamp": "2025-03-02T11:46:31.000000Z"}, {"uuid": "1b70130c-d034-4eef-880f-0c9c3e0b71be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13554", "type": "seen", "source": "Telegram/f6Cz5mSDDhV2et9GKaYBmPn3AqXMjPSG7rSM-olp5QsNhKVY", "content": "", "creation_timestamp": "2025-02-14T10:04:02.000000Z"}, {"uuid": "0abbd10e-6ddb-4f5b-8b8a-476416ff6082", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1355", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3ll5mifm7ss22", "content": "", "creation_timestamp": "2025-03-24T20:40:19.223475Z"}, {"uuid": "fcddf463-49f3-413c-bc40-71f75be08425", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13556", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ligxjwp4va2a", "content": "", "creation_timestamp": "2025-02-18T09:36:25.023693Z"}, {"uuid": "2abd1280-0336-4ef7-abba-17ed8714ca33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13553", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3llqvfffeth2v", "content": "", "creation_timestamp": "2025-04-01T12:40:17.154075Z"}, {"uuid": "81838a8c-80ea-421f-8ad1-5ac69418b824", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13551", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3054", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13551\n\ud83d\udd39 Description: The ABC Notation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'abcjs' shortcode in all versions up to, and including, 6.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-01-25T07:24:19.183Z\n\ud83d\udccf Modified: 2025-01-25T07:24:19.183Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/e10930fd-fae0-4554-acf3-da81a124f79d?source=cve\n2. https://plugins.svn.wordpress.org/abc-notation/tags/6.1.3/abc-notation.php", "creation_timestamp": "2025-01-25T08:05:29.000000Z"}, {"uuid": "c35c9348-3dc1-4dfd-b0fe-d4926e781537", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13550", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3053", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13550\n\ud83d\udd39 Description: The ABC Notation plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.1.3 via the 'file' attribute of the 'abcjs' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.\n\ud83d\udccf Published: 2025-01-25T07:24:19.540Z\n\ud83d\udccf Modified: 2025-01-25T07:24:19.540Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/e53a2b7a-7005-451a-88f2-c23d420b4aad?source=cve\n2. https://plugins.svn.wordpress.org/abc-notation/tags/6.1.3/abc-notation.php", "creation_timestamp": "2025-01-25T08:05:28.000000Z"}, {"uuid": "414f0437-28a6-4c9c-9361-877df5c6065e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13554", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4031", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13554\n\ud83d\udd25 CVSS Score: 5.3 (CVSS_V3)\n\ud83d\udd39 Description: The The Ultimate WordPress Toolkit \u2013 WP Extended plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reorder_route() function in all versions up to, and including, 3.0.13. This makes it possible for unauthenticated attackers to reorder posts.\n\ud83d\udccf Published: 2025-02-12T06:30:31Z\n\ud83d\udccf Modified: 2025-02-12T06:30:31Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13554\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3233951%40wpextended&new=3233951%40wpextended&sfp_email=&sfph_mail=\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/136ecfa1-5591-4636-bc30-6c68ddc7f277?source=cve", "creation_timestamp": "2025-02-12T07:11:50.000000Z"}, {"uuid": "79d03bb4-58b1-4f0e-ad71-3c2f3e44987c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13554", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4011", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13554\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-12T04:15:09.503\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3233951%40wpextended&new=3233951%40wpextended&sfp_email=&sfph_mail=\n2. https://www.wordfence.com/threat-intel/vulnerabilities/id/136ecfa1-5591-4636-bc30-6c68ddc7f277?source=cve", "creation_timestamp": "2025-02-12T05:06:50.000000Z"}, {"uuid": "e384f003-705a-464e-abd2-248339ef51f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13559", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6045", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13559\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The TemplatesNext ToolKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tx_woo_wishlist_table' shortcode in all versions up to, and including, 3.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-03-01T04:21:49.690Z\n\ud83d\udccf Modified: 2025-03-01T04:21:49.690Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/775b6034-617a-4d84-a8fe-773ffbd9742a?source=cve\n2. https://plugins.trac.wordpress.org/browser/templatesnext-toolkit/trunk/inc/woo-compare-wishlist/includes/wishlist/shortcode.php#L13", "creation_timestamp": "2025-03-01T05:27:13.000000Z"}, {"uuid": "4b899852-92f6-42f3-9bbf-032466aa117f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13552", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6833", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13552\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: The SupportCandy \u2013 Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.0 via file upload due to missing validation on a user controlled key. This makes it possible for authenticated attackers to download attachments for support tickets that don't belong to them. If an admin enables tickets for guests, this can be exploited by unauthenticated attackers.\n\ud83d\udccf Published: 2025-03-07T09:21:14.155Z\n\ud83d\udccf Modified: 2025-03-07T14:15:46.926Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/13f87248-cc0b-4351-b79d-6efc5190b021?source=cve\n2. https://plugins.trac.wordpress.org/browser/supportcandy/trunk/includes/admin/tickets/class-wpsc-new-ticket.php#L395\n3. https://plugins.trac.wordpress.org/changeset/3235142/supportcandy/trunk?old=3188306&old_path=%2Fsupportcandy%2Ftrunk", "creation_timestamp": "2025-03-07T14:38:24.000000Z"}, {"uuid": "42eb8b92-8a6d-4333-8da7-95371a3c7174", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13550", "type": "seen", "source": "https://t.me/cvedetector/16370", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13550 - WordPress ABC Notation Plugin Path Traversal Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13550 \nPublished : Jan. 25, 2025, 8:15 a.m. | 42\u00a0minutes ago \nDescription : The ABC Notation plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.1.3 via the 'file' attribute of the 'abcjs' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-25T10:28:46.000000Z"}, {"uuid": "cfb09197-2245-4564-bc68-51b605ac3de1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13553", "type": "seen", "source": "https://t.me/cvedetector/21753", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13553 - WooCommerce WordPress Host Header Spoofing Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13553 \nPublished : April 1, 2025, 12:15 p.m. | 1\u00a0hour, 13\u00a0minutes ago \nDescription : The SMS Alert Order Notifications \u2013 WooCommerce plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.7.9. This is due to the plugin using the Host header to determine if the plugin is in a playground environment. This makes it possible for unauthenticated attackers to spoof the Host header to make the OTP code \"1234\" and authenticate as any user, including administrators. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-01T16:23:20.000000Z"}, {"uuid": "5828da52-ee73-46af-b15d-5ecae4e2bd06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13556", "type": "seen", "source": "Telegram/3WKXBsKXC871Ka7qcAdxlgB3sHvWmKmyt3Bv4h9ZzEfdm6Ly", "content": "", "creation_timestamp": "2025-02-18T11:39:00.000000Z"}, {"uuid": "6814d280-d7e6-487c-b3f5-bb1ccfdcd022", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13550", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113887990362859810", "content": "", "creation_timestamp": "2025-01-25T08:13:42.361441Z"}, {"uuid": "11278866-1486-4877-b4b3-a3071ad4274c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13551", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113888049364965035", "content": "", "creation_timestamp": "2025-01-25T08:28:42.548678Z"}, {"uuid": "eb5df465-10f5-493e-ac33-a100942058bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13555", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ligiyqhwev2g", "content": "", "creation_timestamp": "2025-02-18T05:16:15.673492Z"}, {"uuid": "541ce121-dd9a-4d59-a1c5-eb6b73b955d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13556", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ligmcxtwc32o", "content": "", "creation_timestamp": "2025-02-18T06:15:39.788105Z"}, {"uuid": "e9fca0a0-0a1d-4df6-8cb5-d742d427521f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13556", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114024022764435678", "content": "", "creation_timestamp": "2025-02-18T08:48:32.203236Z"}, {"uuid": "d6bc85d8-1666-448b-b6df-8cc3ad1fc370", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13556", "type": "seen", "source": "https://t.me/cvedetector/18276", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13556 - \"WordPress Affiliate Links PHP Object Injection Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-13556 \nPublished : Feb. 18, 2025, 6:15 a.m. | 1\u00a0hour, 15\u00a0minutes ago \nDescription : The Affiliate Links: WordPress Plugin for Link Cloaking and Link Management plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.1 via deserialization of untrusted input from an file export. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-18T09:16:45.000000Z"}, {"uuid": "66174203-16e7-46de-b9c4-3a8f45b4a726", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13552", "type": "seen", "source": "https://t.me/cvedetector/19805", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13552 - SupportCandy WordPress Plugin Insecure Direct Object Reference Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13552 \nPublished : March 7, 2025, 10:15 a.m. | 46\u00a0minutes ago \nDescription : The SupportCandy \u2013 Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.0 via file upload due to missing validation on a user controlled key. This makes it possible for authenticated attackers to download attachments for support tickets that don't belong to them. If an admin enables tickets for guests, this can be exploited by unauthenticated attackers. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-07T12:25:45.000000Z"}, {"uuid": "03882435-eafc-4536-a9b8-63a6c68828ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13551", "type": "seen", "source": "https://t.me/cvedetector/16363", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13551 - WordPress ABC Notation Plugin Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13551 \nPublished : Jan. 25, 2025, 8:15 a.m. | 42\u00a0minutes ago \nDescription : The ABC Notation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'abcjs' shortcode in all versions up to, and including, 6.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-25T10:28:37.000000Z"}, {"uuid": "fc90dd41-22c9-4220-a792-88272089530e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13559", "type": "seen", "source": "https://t.me/cvedetector/19214", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13559 - WordPress TemplatesNext ToolKit Stored Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2024-13559 \nPublished : March 1, 2025, 5:15 a.m. | 1\u00a0hour, 28\u00a0minutes ago \nDescription : The TemplatesNext ToolKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tx_woo_wishlist_table' shortcode in all versions up to, and including, 3.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-01T08:05:11.000000Z"}, {"uuid": "b9cfa2a9-56a7-4d44-a7c3-40b02fbf8a20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13557", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9536", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13557\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Shortcodes by United Themes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.1.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.\n\ud83d\udccf Published: 2025-03-29T07:03:31.749Z\n\ud83d\udccf Modified: 2025-03-29T07:03:31.749Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/e4ca7dad-bfe2-443e-b575-362d8ff93242?source=cve\n2. https://unitedthemes.com/", "creation_timestamp": "2025-03-29T07:28:41.000000Z"}, {"uuid": "f918a513-98ce-4e3c-ba90-2870725cd89a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13556", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4752", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13556\n\ud83d\udd25 CVSS Score: 8.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The Affiliate Links: WordPress Plugin for Link Cloaking and Link Management plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.1 via deserialization of untrusted input from an file export. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.\n\ud83d\udccf Published: 2025-02-18T05:22:27.177Z\n\ud83d\udccf Modified: 2025-02-18T05:22:27.177Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/290027c3-6b0a-43b9-9220-b8c641eb73f7?source=cve\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3238736%40affiliate-links&new=3238736%40affiliate-links&sfp_email=&sfph_mail=", "creation_timestamp": "2025-02-18T08:00:36.000000Z"}, {"uuid": "9a74f541-cd81-48c9-b8ef-0c577eb9be08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13553", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9873", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13553\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The SMS Alert Order Notifications \u2013 WooCommerce plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.7.9. This is due to the plugin using the Host header to determine if the plugin is in a playground environment. This makes it possible for unauthenticated attackers to spoof the Host header to make the OTP code \"1234\" and authenticate as any user, including administrators.\n\ud83d\udccf Published: 2025-04-01T11:12:28.510Z\n\ud83d\udccf Modified: 2025-04-01T11:12:28.510Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/4e444a30-11c5-4219-b4fe-635084cbac3a?source=cve\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3248017%40sms-alert&new=3248017%40sms-alert&sfp_email=&sfph_mail=\n3. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3227241%40sms-alert&new=3227241%40sms-alert&sfp_email=&sfph_mail=", "creation_timestamp": "2025-04-01T11:34:31.000000Z"}, {"uuid": "ac0787fa-3c4d-41a5-a353-199fc7453a05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13555", "type": "seen", "source": "Telegram/SFAK1Wi9aKgj8-vGvhA0L76hh4h47BjP5BFEoHW97UGMaORS", "content": "", "creation_timestamp": "2025-02-18T11:39:00.000000Z"}]}