{"vulnerability": "GHSA-JRXV-486P-M4JQ", "sightings": [{"uuid": "c8313073-88d1-46e0-a93a-30d058cf05eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-JRXV-486P-M4JQ", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/31", "content": "\ud83d\udccc CVE ID: GHSA-jrxv-486p-m4jq\n\ud83d\udd39 Summary: No summary available.\n\ud83d\udd17 More Info: https://nvd.nist.gov/vuln/detail/CVE-2024-1229", "creation_timestamp": "2025-01-05T01:28:36.000000Z"}, {"uuid": "2be9c657-7985-4c09-9442-502969f20e52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-JRXV-486P-M4JQ", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/110", "content": "\ud83d\udccc **CVE ID**: GHSA-jrxv-486p-m4jq\n\ud83d\udd17 **Aliases**: CVE-2024-12279\n\ud83d\udd39 **Details**: The WP Social AutoConnect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.\n\ud83d\udd22 **Severity**: CVSS_V3: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\n\ud83d\uddd3\ufe0f **Modified**: 2025-01-04T12:30:32Z\n\ud83d\uddd3\ufe0f **Published**: 2025-01-04T12:30:32Z\n\ud83c\udff7\ufe0f **CWE IDs**: CWE-352\n\ud83d\udd17 **References**:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-1229\n2. https://plugins.trac.wordpress.org/changeset/32115\n3. https://wordpress.org/plugins/wp-fb-autoconnect/#developers\n4. https://www.wordfence.com/threat-intel/vulnerabilities/id/392d8286-a5fd-4d5d-9f6a-f13564013edc?source=cve", "creation_timestamp": "2025-01-05T01:39:15.000000Z"}]}