{"vulnerability": "CVE-2024-4705", "sightings": [{"uuid": "bb795c6c-bd15-45c1-92b2-7fa2318a5ee6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47059", "type": "seen", "source": "https://t.me/cvedetector/6033", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47059 - WordPress Username Enumeration Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47059 \nPublished : Sept. 18, 2024, 10:15 p.m. | 39\u00a0minutes ago \nDescription : When logging in with the correct username and incorrect weak password, the user receives the notification, that their password is too weak.  \n  \nHowever when an incorrect username is provided alongside with a weak password, the application responds with \u2019Invalid credentials\u2019 notification.  \n  \nThis difference could be used to perform username enumeration. \nSeverity: 0.0 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-19T01:07:04.000000Z"}, {"uuid": "31ef9513-2b2e-4200-95e8-32344e95fc2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47058", "type": "seen", "source": "https://t.me/cvedetector/6031", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47058 - Mautic Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47058 \nPublished : Sept. 18, 2024, 9:15 p.m. | 37\u00a0minutes ago \nDescription : With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user's current session. \nSeverity: 2.9 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-19T00:16:58.000000Z"}, {"uuid": "04fc9d6a-276e-4538-ba1b-213295daf871", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47050", "type": "seen", "source": "https://t.me/cvedetector/6023", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47050 - Mautic Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47050 \nPublished : Sept. 18, 2024, 9:15 p.m. | 37\u00a0minutes ago \nDescription : Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-19T00:16:49.000000Z"}, {"uuid": "b2d819e5-df55-4886-b1f2-80626a3487a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47051", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3ljfjw3obys2f", "content": "", "creation_timestamp": "2025-03-02T13:25:12.432591Z"}, {"uuid": "629c18a3-ebb8-478e-aad9-d2f019573815", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47055", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqat6o76wyp2", "content": "", "creation_timestamp": "2025-05-28T18:24:14.070809Z"}, {"uuid": "97debc43-e112-4806-a2b5-b76851c30f3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47057", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqat6w3aezt2", "content": "", "creation_timestamp": "2025-05-28T18:24:23.768503Z"}, {"uuid": "8aef9f1e-54e6-4038-a16d-cf932827a6bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47056", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lqgam4t2os2m", "content": "", "creation_timestamp": "2025-05-30T22:07:35.305227Z"}, {"uuid": "9644e1b6-dfb4-40fc-bed5-544cc1a36a17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47051", "type": "seen", "source": "MISP/02fb130c-7874-4693-9b66-81ed91a2e996", "content": "", "creation_timestamp": "2025-08-12T13:33:28.000000Z"}, {"uuid": "934be22e-5264-4526-a78b-ceefa3451235", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47053", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5487", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-47053\n\ud83d\udd25 CVSS Score: 7.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)\n\ud83d\udd39 Description: This advisory addresses an authorization vulnerability in Mautic's HTTP Basic Authentication implementation. This flaw could allow unauthorized access to sensitive report data.\n\n  *  Improper Authorization:\u00a0An authorization flaw exists in Mautic's API Authorization implementation. Any authenticated user, regardless of assigned roles or permissions, can access all reports and their associated data via the API. This bypasses the intended access controls governed by the \"Reporting Permissions > View Own\" and \"Reporting Permissions > View Others\" permissions, which should restrict access to non-System Reports.\n\ud83d\udccf Published: 2025-02-26T11:54:17.219Z\n\ud83d\udccf Modified: 2025-02-26T11:55:28.089Z\n\ud83d\udd17 References:\n1. https://github.com/mautic/mautic/security/advisories/GHSA-8xv7-g2q3-fqgc\n2. https://cwe.mitre.org/data/definitions/287.html\n3. https://docs.mautic.org/en/5.2/configuration/settings.html#api-settings", "creation_timestamp": "2025-02-26T12:31:56.000000Z"}, {"uuid": "4adec726-89b2-4e0f-8f19-7bed12a2c1e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47051", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/15977", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aMautic < 5.2.3 Authenticated RCE\nURL\uff1ahttps://github.com/mallo-m/CVE-2024-47051\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2025-02-28T05:32:27.000000Z"}, {"uuid": "bb78c376-316f-402b-bb43-8fd1359f44f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47051", "type": "published-proof-of-concept", "source": "Telegram/6x5JFB1mh-KsEZivZp3gjSaXJ58VhO2Ttj6R645bZY-KT8s", "content": "", "creation_timestamp": "2025-09-29T15:00:07.000000Z"}, {"uuid": "e4a5b69a-0231-465e-8794-f487eeea29d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47051", "type": "published-proof-of-concept", "source": "Telegram/jbRQaSaN2N0kXwljQYCoonpQHmzDHlddlNPLUgvahHArL2U", "content": "", "creation_timestamp": "2025-02-28T10:00:07.000000Z"}, {"uuid": "5e373716-49dd-4a16-a0fd-0c8d4778593c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47051", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lj4epoaebp26", "content": "", "creation_timestamp": "2025-02-26T21:58:10.493446Z"}, {"uuid": "aed05c89-61b0-4a9e-961f-ade01286677f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47053", "type": "seen", "source": "https://bsky.app/profile/druid.fi/post/3lj33ptmzfc2z", "content": "", "creation_timestamp": "2025-02-26T09:44:34.885847Z"}, {"uuid": "ef36acd0-718e-45e0-92e0-74762901620a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47051", "type": "seen", "source": "https://bsky.app/profile/druid.fi/post/3lj33ptmzfc2z", "content": "", "creation_timestamp": "2025-02-26T09:44:35.019146Z"}, {"uuid": "fdcc4eb8-984e-4b76-b0cb-ad60bd9938a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47056", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqaq7z7pjnp2", "content": "", "creation_timestamp": "2025-05-28T17:32:11.010453Z"}, {"uuid": "55f76555-af65-42dd-a2a9-9d04f7967c78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47051", "type": "seen", "source": "MISP/02fb130c-7874-4693-9b66-81ed91a2e996", "content": "", "creation_timestamp": "2025-08-21T03:19:27.000000Z"}, {"uuid": "fb6dbb4f-748c-47c2-9418-2066a8a41bfa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47051", "type": "seen", "source": "https://t.me/cybersecplayground/116", "content": "\ud83d\udea8 Critical Alert: CVE-2024-47051 (CVSS 9.1) \u2013 Mautic RCE & File Deletion Vulnerability \ud83d\udea8\n\n\ud83d\udd25 What is CVE-2024-47051?\nA critical security flaw has been discovered in Mautic (before version 5.2.3) that allows:\n\nRemote Code Execution (RCE): \nAttackers can run arbitrary commands on the server.\nArbitrary File Deletion: Attackers can delete critical files, leading to system compromise or service disruption.\n\n\ud83c\udfaf Impact & Risk\nWidespread Exposure: Over 200,000 organizations rely on Mautic for marketing automation.\nPublic-Facing Instances: Many exposed instances are accessible on the internet, making them high-value targets.\n\nPotential Consequences:\nFull server takeover by exploiting RCE\nDeletion of essential system files leading to denial of service (DoS)\nSensitive data leakage\n\n\ud83d\udd0d Detection & Exploitation\n\ud83d\udcca Hunter Exposure: 64K+ instances found on Hunter.\n\n\ud83d\udd0e Dorks:\n\nFOFA: product=\"Mautic\"\nHunter: product.name=\"Mautic\"\n\n\ud83d\udee1 Mitigation & Fix\n\u2705 Upgrade to Mautic 5.2.3+ immediately.\n\u2705 Restrict access to Mautic instances using firewalls and authentication.\n\u2705 Monitor logs for unusual activities or unauthorized access attempts.\n\u2705 Use Web Application Firewalls (WAFs) to detect and block exploit attempts.\n\n\ud83d\udcf0 References & More Info\n\ud83d\udd17 SecurityOnline Info\n\n\ud83d\udce2 Join us for more security updates! \ud83d\udc49 @cybersecplayground\n\n#Mautic #hunterhow #infosec #infosecurity #OSINT #Vulnerability #cybersecplayground \ud83d\ude80", "creation_timestamp": "2025-03-03T06:08:17.000000Z"}, {"uuid": "00007167-46ff-480b-9d5c-7f1d50f950bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-4705", "type": "seen", "source": "https://t.me/Kelvinseccommunity/567", "content": "\ud83d\udc68\u200d\ud83d\ude92\ud83d\udc68\u200d\ud83d\ude92  CVE-2024-4705 \ud83d\udd25\ud83d\udd25\nThe Testimonials Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's testimonials shortcode in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page\n\nclass-testimonials-widget-premium.php\n\n@kelvinseccommunity", "creation_timestamp": "2024-07-23T23:56:08.000000Z"}, {"uuid": "177c47b0-7ee9-42f2-bb31-4a7f65de661d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47051", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114071918573609938", "content": "", "creation_timestamp": "2025-02-26T19:49:10.464068Z"}, {"uuid": "411b603b-6334-4d06-bc59-fc7f14883acf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47051", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lj4ljq7wuj2z", "content": "", "creation_timestamp": "2025-02-27T00:00:11.211587Z"}, {"uuid": "91cb0fdc-9f28-4f34-963a-2a19ed1585cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47051", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lj5tr5zh4p27", "content": "", "creation_timestamp": "2025-02-27T12:00:06.868602Z"}, {"uuid": "3ae5db58-9646-4358-8b03-e2235d1e9e48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47055", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lqgabtmflb2e", "content": "", "creation_timestamp": "2025-05-30T22:01:49.831757Z"}, {"uuid": "d8ee5618-fd3c-4180-8ac7-1de275a53a03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47057", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lqgagqgdxs2r", "content": "", "creation_timestamp": "2025-05-30T22:04:34.523840Z"}, {"uuid": "b54a7708-6e8d-4e4f-9be7-22a43be2b0b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47051", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5484", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-47051\n\ud83d\udd25 CVSS Score: 9.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L)\n\ud83d\udd39 Description: This advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. These vulnerabilities could be exploited by authenticated users.\n\n  *  Remote Code Execution (RCE) via Asset Upload:\u00a0A Remote Code Execution vulnerability has been identified in the asset upload functionality. Insufficient enforcement of allowed file extensions allows an attacker to bypass restrictions and upload executable files, such as PHP scripts.\n\n\n  *  Path Traversal File Deletion:\u00a0A Path Traversal vulnerability exists in the upload validation process. Due to improper handling of path components, an authenticated user can manipulate the file deletion process to delete arbitrary files on the host system.\n\ud83d\udccf Published: 2025-02-26T12:01:26.374Z\n\ud83d\udccf Modified: 2025-02-26T12:01:26.374Z\n\ud83d\udd17 References:\n1. https://github.com/mautic/mautic/security/advisories/GHSA-73gx-x7r9-77x2\n2. https://owasp.org/www-community/attacks/Code_Injection\n3. https://owasp.org/www-community/attacks/Path_Traversal", "creation_timestamp": "2025-02-26T12:31:53.000000Z"}]}