{"vulnerability": "cve-2024-10789", "sightings": [{"uuid": "9a2aa713-7417-4343-a8c1-8a0a87a5394a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10789", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lftiey4fb62g", "content": "", "creation_timestamp": "2025-01-16T04:54:14.081798Z"}, {"uuid": "c214462e-e0d7-47aa-8fdf-f99aa8ea3b60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10789", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1912", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10789\n\ud83d\udd39 Description: The WP User Profile Avatar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the wpupa_user_admin() function. This makes it possible for unauthenticated attackers to update the plugins setting which controls access to the functionality via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-01-16T03:27:22.549Z\n\ud83d\udccf Modified: 2025-01-16T03:27:22.549Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/b056cc98-3bd8-493a-bbf4-9bcee2e52d24?source=cve\n2. https://plugins.trac.wordpress.org/changeset/3222923/", "creation_timestamp": "2025-01-16T03:55:18.000000Z"}, {"uuid": "1b1b8ece-fbdc-47dc-bb25-59a3bf49fa27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10789", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113835909092626607", "content": "", "creation_timestamp": "2025-01-16T03:28:45.133078Z"}, {"uuid": "f75de9bf-eb72-4c23-8ea5-f98c457b5606", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10789", "type": "seen", "source": "https://t.me/cvedetector/15568", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10789 - \"WordPress WP User Profile Avatar CSRF\"\", \n  \"Content\": \"CVE ID : CVE-2024-10789 \nPublished : Jan. 16, 2025, 4:15 a.m. | 36\u00a0minutes ago \nDescription : The WP User Profile Avatar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the wpupa_user_admin() function. This makes it possible for unauthenticated attackers to update the plugins setting which controls access to the functionality via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-16T06:11:54.000000Z"}, {"uuid": "6dd04ca6-ca12-4d7a-aede-b02ad7495e99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10789", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lftg7qwu4i2c", "content": "", "creation_timestamp": "2025-01-16T04:15:31.403837Z"}]}