{"vulnerability": "cve-2024-1007", "sightings": [{"uuid": "510739dc-206a-46a3-bffa-5b2348946f95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10075", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17006", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10075\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Jetpack  WordPress plugin before 13.8 does not ensure that the post created by the Contact Form is only accessible to authorised users, which could allow unauthenticated users to run arbitrary shortcodes and block.\n\ud83d\udccf Published: 2025-05-15T20:06:40.225Z\n\ud83d\udccf Modified: 2025-05-20T16:10:57.508Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/a984976c-291a-4f68-90d4-e452605ea7d1/", "creation_timestamp": "2025-05-20T16:40:53.000000Z"}, {"uuid": "828648cf-6709-42f6-adc7-7a6cc30e6366", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10079", "type": "seen", "source": "https://t.me/cvedetector/8297", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10079 - WordPress Easy Post Types PHP Object Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10079 \nPublished : Oct. 18, 2024, 8:15 a.m. | 39\u00a0minutes ago \nDescription : The WP Easy Post Types plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.4 via deserialization of untrusted input from the 'text' parameter in the 'ajax_import_content' function. This allows authenticated attackers, with subscriber-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-18T11:03:45.000000Z"}, {"uuid": "4f04a8dc-e75b-41f2-8652-d5a0bf0cac45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10078", "type": "seen", "source": "https://t.me/cvedetector/8296", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10078 - Drupal Plugin Unauthorized Access\", \n  \"Content\": \"CVE ID : CVE-2024-10078 \nPublished : Oct. 18, 2024, 8:15 a.m. | 39\u00a0minutes ago \nDescription : The WP Easy Post Types plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 1.4.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete plugin options and posts. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-18T11:03:44.000000Z"}, {"uuid": "bd0ef887-4ed8-4035-a394-741bf726fc69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10070", "type": "seen", "source": "https://t.me/cvedetector/8187", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10070 - \"ESA FENET CDG SQL Injection Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-10070 \nPublished : Oct. 17, 2024, 3:15 p.m. | 41\u00a0minutes ago \nDescription : A vulnerability classified as critical has been found in ESAFENET CDG 5. This affects the function actionPolicyPush of the file /com/esafenet/policy/action/PolicyPushControlAction.java. The manipulation of the argument policyId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-17T18:19:02.000000Z"}, {"uuid": "423f5528-1dc4-40c4-9075-74f18e5b1dbd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10072", "type": "seen", "source": "https://t.me/cvedetector/8201", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10072 - ESAFENET CDG SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2024-10072 \nPublished : Oct. 17, 2024, 5:15 p.m. | 35\u00a0minutes ago \nDescription : A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5. This issue affects the function actionAddEncryptPolicyGroup of the file /com/esafenet/servlet/policy/EncryptPolicyService.java. The manipulation of the argument checklist leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-17T19:59:30.000000Z"}, {"uuid": "6ecaf459-dfa4-4406-bf32-3aa4ecd508e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10073", "type": "seen", "source": "https://t.me/cvedetector/8200", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10073 - \"FlairNLP Flare Code Injection Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-10073 \nPublished : Oct. 17, 2024, 5:15 p.m. | 35\u00a0minutes ago \nDescription : A vulnerability, which was classified as critical, was found in flairNLP flair 0.14.0. Affected is the function ClusteringModel of the file flair\\models\\clustering.py of the component Mode File Loader. The manipulation leads to code injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 5.0 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-17T19:59:30.000000Z"}, {"uuid": "48f86583-fc5d-4aff-be07-77785f85fe82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10071", "type": "seen", "source": "https://t.me/cvedetector/8193", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10071 - ESAFENET CDG Sql Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10071 \nPublished : Oct. 17, 2024, 4:15 p.m. | 45\u00a0minutes ago \nDescription : A vulnerability classified as critical was found in ESAFENET CDG 5. This vulnerability affects the function actionUpdateEncryptPolicyEdit of the file /com/esafenet/servlet/policy/EncryptPolicyService.java. The manipulation of the argument encryptPolicyId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-17T19:09:12.000000Z"}, {"uuid": "a08fd1e3-607f-49f3-bbd1-a695123d190f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1007", "type": "seen", "source": "https://t.me/ctinow/189444", "content": "https://ift.tt/jEUnhaG\nCVE-2024-1007 | SourceCodester Employee Management System 1.0 edit_profile.php txtfullname sql injection", "creation_timestamp": "2024-02-21T10:41:20.000000Z"}, {"uuid": "c9fd5733-370a-479e-9e3f-13c0e0363e39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1007", "type": "seen", "source": "https://t.me/ctinow/177358", "content": "https://ift.tt/NF2qVzn\nCVE-2024-1007 Exploit", "creation_timestamp": "2024-02-01T08:16:25.000000Z"}, {"uuid": "9a4e2237-09e4-4341-bd28-367081779b2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10074", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113588900992984256", "content": "", "creation_timestamp": "2024-12-03T12:31:20.544922Z"}, {"uuid": "c53ee8dc-3e06-44e6-a329-72b75916ffd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10074", "type": "seen", "source": "https://t.me/cvedetector/11883", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10074 - OpenHarmony Privilege Escalation After Free Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10074 \nPublished : Dec. 3, 2024, 1:15 p.m. | 29\u00a0minutes ago \nDescription : in OpenHarmony v4.1.1 and prior versions allow a local attacker cause the common permission is upgraded to root through use after free. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-03T14:49:41.000000Z"}, {"uuid": "477ca5be-70b1-48f6-8391-03637dbd537f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1007", "type": "seen", "source": "https://t.me/ctinow/175409", "content": "https://ift.tt/v3LojBG\nCVE-2024-1007", "creation_timestamp": "2024-01-29T17:31:55.000000Z"}, {"uuid": "61135fda-a067-477a-b14a-17de411bb2a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10076", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17014", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10076\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Jetpack  WordPress plugin before 13.8, Jetpack Boost  WordPress plugin before 3.4.8 use regexes in the Site Accelerator features when switching image URLs to their CDN counterpart. Unfortunately, some of them may match patterns it shouldn\u2019t, ultimately making it possible for contributor and above users to perform Stored XSS attacks\n\ud83d\udccf Published: 2025-05-15T20:06:40.424Z\n\ud83d\udccf Modified: 2025-05-20T16:03:22.267Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/15f278f6-0418-4c83-b925-b1a2d8c53e2f/", "creation_timestamp": "2025-05-20T16:41:03.000000Z"}]}