{"vulnerability": "CVE-2024-1390", "sightings": [{"uuid": "694f5733-48bd-49e8-ae4f-77983b5cbf84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13904", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ljrxr4s67t2q", "content": "", "creation_timestamp": "2025-03-07T12:04:56.632922Z"}, {"uuid": "539ec3a8-a839-484e-8182-ccc866f1da0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13905", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lj5f4bdkpe26", "content": "", "creation_timestamp": "2025-02-27T07:37:52.844203Z"}, {"uuid": "cc7481f7-de86-462d-bbb1-e6fbaed52f0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13902", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ljpmlbjocu2e", "content": "", "creation_timestamp": "2025-03-06T13:39:28.351658Z"}, {"uuid": "64f6dfc0-4458-41b0-88be-46b3a7a77f13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13907", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lj5mo2p3cy2p", "content": "", "creation_timestamp": "2025-02-27T09:53:07.290594Z"}, {"uuid": "e0d972c3-d88c-49a6-bbe9-2747bd71666f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13908", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ljucwvij6j2f", "content": "", "creation_timestamp": "2025-03-08T10:30:19.736246Z"}, {"uuid": "60637dfd-798f-44f3-a6e7-c1a3303949e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13900", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lip4jhf5id2a", "content": "", "creation_timestamp": "2025-02-21T15:26:56.924604Z"}, {"uuid": "31e8648d-6581-4ecb-8115-6bab9e1f76fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13903", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkv3yfb6c62e", "content": "", "creation_timestamp": "2025-03-21T11:23:46.432721Z"}, {"uuid": "35886652-a15a-4d19-bda9-bbc1b0e102b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13909", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmh73tucc42g", "content": "", "creation_timestamp": "2025-04-10T09:32:31.201163Z"}, {"uuid": "f7095213-8331-404b-9092-385016e0a6d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13900", "type": "seen", "source": "https://t.me/cvedetector/18651", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13900 - WordPress Head, Footer and Post Injections PHP Code Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13900 \nPublished : Feb. 21, 2025, 12:15 p.m. | 2\u00a0hours, 10\u00a0minutes ago \nDescription : The Head, Footer and Post Injections plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 3.3.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject PHP Code in multisite environments. \nSeverity: 4.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-21T15:35:52.000000Z"}, {"uuid": "fee27314-365b-46c5-97c6-daacff615281", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13902", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6660", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13902\n\ud83d\udd25 CVSS Score: 4.8 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability, which was classified as problematic, was found in huang-yk student-manage 1.0. This affects an unknown part of the component Edit a Student Information Page. The manipulation of the argument Class leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-03-06T10:00:15.926Z\n\ud83d\udccf Modified: 2025-03-06T10:00:15.926Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.298785\n2. https://vuldb.com/?ctiid.298785\n3. https://gitee.com/huang-yk/student-manage/issues/I9UXC4", "creation_timestamp": "2025-03-06T10:44:06.000000Z"}, {"uuid": "d82489e0-183b-4ad8-a97b-e698d97065e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13903", "type": "seen", "source": "https://t.me/cvedetector/20799", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13903 - QuickJS Stack-Based Buffer Overflow Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13903 \nPublished : March 21, 2025, 7:15 a.m. | 1\u00a0hour, 23\u00a0minutes ago \nDescription : A vulnerability was found in quickjs-ng QuickJS up to 0.8.0. It has been declared as problematic. Affected by this vulnerability is the function JS_GetRuntime of the file quickjs.c of the component qjs. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. Upgrading to version 0.9.0 is able to address this issue. The patch is named 99c02eb45170775a9a679c32b45dd4000ea67aff. It is recommended to upgrade the affected component. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-21T10:07:45.000000Z"}, {"uuid": "8f220fbd-5f56-4a22-9f4d-f2727511f819", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1390", "type": "seen", "source": "https://t.me/ctinow/201070", "content": "https://ift.tt/WPaMZQF\nCVE-2024-1390 | Paid Membership Subscriptions Plugin up to 2.11.1 on WordPress creating_pricing_table_page authorization", "creation_timestamp": "2024-03-06T07:36:24.000000Z"}, {"uuid": "fe9bc5b7-4d63-489d-9058-bf2df436b697", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13905", "type": "seen", "source": "MISP/24306fae-b16b-4478-9297-d2973cdb583c", "content": "", "creation_timestamp": "2025-08-22T14:52:22.000000Z"}, {"uuid": "8398f5f0-4049-47f9-98a6-4b8a5ffe0e3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13907", "type": "seen", "source": "MISP/24306fae-b16b-4478-9297-d2973cdb583c", "content": "", "creation_timestamp": "2025-08-22T14:52:22.000000Z"}, {"uuid": "e28df39b-a725-4c40-baae-09458637c14a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13907", "type": "seen", "source": "https://t.me/cvedetector/19029", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13907 - BoldGrid WordPress Backup Plugin SSRF Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13907 \nPublished : Feb. 27, 2025, 7:15 a.m. | 2\u00a0hours, 3\u00a0minutes ago \nDescription : The Total Upkeep \u2013 WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.16.8 via the 'download' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. \nSeverity: 4.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-27T10:22:18.000000Z"}, {"uuid": "32ce1b93-b347-4084-94b2-6b6b3c05816a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13905", "type": "seen", "source": "https://t.me/cvedetector/19023", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13905 - OneStore Sites WordPress SSRF\", \n  \"Content\": \"CVE ID : CVE-2024-13905 \nPublished : Feb. 27, 2025, 5:15 a.m. | 1\u00a0hour, 54\u00a0minutes ago \nDescription : The OneStore Sites plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 0.1.1 via the class-export.php file. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-27T08:42:10.000000Z"}, {"uuid": "f0170121-290e-41e4-af1c-b006a96e6266", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13902", "type": "seen", "source": "Telegram/P3HZdf4vbH8p2-v6dd089xCuFCjXn2k-dOnSPH94E7lbu_Xy", "content": "", "creation_timestamp": "2025-03-08T04:34:09.000000Z"}, {"uuid": "f5574f3b-c200-46aa-b5cb-999f7b5acb56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13905", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5649", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13905\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: The OneStore Sites plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 0.1.1 via the class-export.php file. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.\n\ud83d\udccf Published: 2025-02-27T04:21:45.364Z\n\ud83d\udccf Modified: 2025-02-27T04:21:45.364Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/f2c70d5f-beb3-480e-8ea8-c3ab01ce5a20?source=cve\n2. https://plugins.trac.wordpress.org/browser/onestore-sites/trunk/classess/class-export.php#L3", "creation_timestamp": "2025-02-27T05:25:21.000000Z"}, {"uuid": "0155913d-efdf-445d-9119-6b86d2eb4f5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13906", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6800", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13906\n\ud83d\udd25 CVSS Score: 7.2 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The Gallery by BestWebSoft \u2013 Customizable Image and Photo Galleries for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.7.3 via deserialization of untrusted input in the 'import_gallery_from_csv' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.\n\ud83d\udccf Published: 2025-03-07T07:22:24.217Z\n\ud83d\udccf Modified: 2025-03-07T07:22:24.217Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/76c5559d-f9dd-43cf-8c8e-07188b4edf7f?source=cve\n2. https://plugins.trac.wordpress.org/browser/gallery-plugin/tags/4.7.3/gallery-plugin.php#L292\n3. https://plugins.trac.wordpress.org/changeset/3249573/", "creation_timestamp": "2025-03-07T07:37:12.000000Z"}, {"uuid": "2c367398-4eff-44e3-bb06-2bc3377eeb88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13904", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6814", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13904\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: The Platform.ly for WooCommerce plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.6 via the 'hooks' function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.\n\ud83d\udccf Published: 2025-03-07T08:21:25.888Z\n\ud83d\udccf Modified: 2025-03-07T08:21:25.888Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/944e4c96-6ded-4483-9eaf-d976646f45ea?source=cve\n2. https://plugins.trac.wordpress.org/browser/platformly-for-woocommerce/trunk/platformly-for-woocommerce.php#L167\n3. https://plugins.trac.wordpress.org/changeset/3249460", "creation_timestamp": "2025-03-07T08:34:59.000000Z"}, {"uuid": "39f28d81-8832-48b3-bdf7-57b1dde1b1bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13908", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6929", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13908\n\ud83d\udd25 CVSS Score: 7.2 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The SMTP by BestWebSoft plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_options' function in all versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.\n\ud83d\udccf Published: 2025-03-08T07:04:54.779Z\n\ud83d\udccf Modified: 2025-03-08T07:04:54.779Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/9f3b0637-b1ee-4e0b-95cd-11ac377805a7?source=cve\n2. https://plugins.trac.wordpress.org/browser/bws-smtp/tags/1.1.8/includes/class-bwssmtp-settings.php\n3. https://plugins.trac.wordpress.org/changeset/3250935/", "creation_timestamp": "2025-03-08T07:36:20.000000Z"}, {"uuid": "689d2d7e-db40-4bb0-a9ab-b0e061d7a720", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13902", "type": "seen", "source": "https://t.me/cvedetector/19694", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13902 - Huang-yk Student-Manage Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13902 \nPublished : March 6, 2025, 10:15 a.m. | 1\u00a0hour, 50\u00a0minutes ago \nDescription : A vulnerability, which was classified as problematic, was found in huang-yk student-manage 1.0. This affects an unknown part of the component Edit a Student Information Page. The manipulation of the argument Class leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 2.4 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-06T13:50:32.000000Z"}, {"uuid": "69f3f2c0-de9c-4d52-aceb-f27cee4d9556", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13908", "type": "seen", "source": "Telegram/8_67QVRu8jsseg50VHW5myUiec8qrRQI3FAaVTz1pKVL3997", "content": "", "creation_timestamp": "2025-03-08T16:29:00.000000Z"}, {"uuid": "8ec052b9-10c4-47cc-8710-69ad8fe82ab3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13906", "type": "seen", "source": "https://t.me/cvedetector/19794", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13906 - BestWebSoft Gallery PHP Object Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13906 \nPublished : March 7, 2025, 8:15 a.m. | 46\u00a0minutes ago \nDescription : The Gallery by BestWebSoft \u2013 Customizable Image and Photo Galleries for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.7.3 via deserialization of untrusted input in the 'import_gallery_from_csv' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. \nSeverity: 7.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-07T10:45:17.000000Z"}, {"uuid": "384ab5fd-463f-48b2-a4d8-c1c3960d5256", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13908", "type": "seen", "source": "https://t.me/cvedetector/19881", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13908 - BestWebSoft WordPress SMTP File Upload Vulnerability (Remote Code Execution)\", \n  \"Content\": \"CVE ID : CVE-2024-13908 \nPublished : March 8, 2025, 7:15 a.m. | 30\u00a0minutes ago \nDescription : The SMTP by BestWebSoft plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_options' function in all versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. \nSeverity: 7.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-08T09:20:05.000000Z"}, {"uuid": "4c2671b5-1015-4efd-b42d-325d68b94b5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13901", "type": "seen", "source": "https://t.me/cvedetector/19208", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13901 - WordPress Counter Box: DOM-Based Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13901 \nPublished : March 1, 2025, 6:15 a.m. | 28\u00a0minutes ago \nDescription : The Counter Box: Add Engaging Countdowns, Timers & Counters to Your WordPress Site plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the \u2018content\u2019 parameter in all versions up to, and including, 2.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. \nSeverity: 4.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-01T08:05:04.000000Z"}, {"uuid": "3c49c9c2-0532-497d-bc3d-2a996a2a7187", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13901", "type": "seen", "source": "Telegram/0uyFsjxtvx_kcuYXCUEmobN-MzXraYGbEHFoq4b206KKPOtc", "content": "", "creation_timestamp": "2025-03-02T11:46:31.000000Z"}, {"uuid": "9efa9443-e59f-47eb-92ad-20fc1921677b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13900", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4880", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13900\n\ud83d\udd25 CVSS Score: 4.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L)\n\ud83d\udd39 Description: The Head, Footer and Post Injections plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 3.3.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject PHP Code in multisite environments.\n\ud83d\udccf Published: 2025-02-21T11:09:32.964Z\n\ud83d\udccf Modified: 2025-02-21T11:09:32.964Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/5177bde6-4922-48ee-9155-577c392809a0?source=cve\n2. https://plugins.trac.wordpress.org/changeset/3244016/", "creation_timestamp": "2025-02-21T11:18:32.000000Z"}, {"uuid": "545b912c-7258-4b94-ba73-29a062bfe0c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13901", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6053", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13901\n\ud83d\udd25 CVSS Score: 4.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Counter Box: Add Engaging Countdowns, Timers & Counters to Your WordPress Site plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the \u2018content\u2019 parameter in all versions up to, and including, 2.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.\n\ud83d\udccf Published: 2025-03-01T05:30:59.247Z\n\ud83d\udccf Modified: 2025-03-01T05:30:59.247Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/251b17a7-781f-4f17-af90-9a6fbae69243?source=cve\n2. https://plugins.trac.wordpress.org/browser/counter-box/trunk/admin/assets/js/5.builder.js#L10\n3. https://plugins.trac.wordpress.org/changeset/3247696/", "creation_timestamp": "2025-03-01T06:27:18.000000Z"}, {"uuid": "b1622007-b6cd-4b16-b2f3-ceb6257f1992", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13903", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8320", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13903\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in quickjs-ng QuickJS up to 0.8.0. It has been declared as problematic. Affected by this vulnerability is the function JS_GetRuntime of the file quickjs.c of the component qjs. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. Upgrading to version 0.9.0 is able to address this issue. The patch is named 99c02eb45170775a9a679c32b45dd4000ea67aff. It is recommended to upgrade the affected component.\n\ud83d\udccf Published: 2025-03-21T07:00:14.647Z\n\ud83d\udccf Modified: 2025-03-21T07:00:14.647Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.300571\n2. https://vuldb.com/?ctiid.300571\n3. https://vuldb.com/?submit.517394\n4. https://github.com/quickjs-ng/quickjs/issues/775\n5. https://github.com/quickjs-ng/quickjs/commit/99c02eb45170775a9a679c32b45dd4000ea67aff\n6. https://github.com/quickjs-ng/quickjs/releases/tag/v0.9.0", "creation_timestamp": "2025-03-21T07:19:47.000000Z"}]}