{"vulnerability": "cve-2024-1093", "sightings": [{"uuid": "15232d0a-c413-4304-befc-c6cbe969e90a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10930", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lmuxxzh4ug2x", "content": "", "creation_timestamp": "2025-04-15T21:02:24.240827Z"}, {"uuid": "bea76840-b6c0-407a-9ab3-dbd1d7a092b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2024-10938", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mftsjjnzrw2y", "content": "", "creation_timestamp": "2026-02-27T13:21:56.132246Z"}, {"uuid": "04ed0bb3-80fe-4062-916a-f049b2221ea7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10932", "type": "seen", "source": "https://t.me/cvedetector/14268", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10932 - WordPress Backup Migration PHP Object Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10932 \nPublished : Jan. 4, 2025, 8:15 a.m. | 26\u00a0minutes ago \nDescription : The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.6 via deserialization of untrusted input in the 'recursive_unserialize_replace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must create a staging site in order to trigger the exploit. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-04T09:44:29.000000Z"}, {"uuid": "743a3179-742b-455b-9d53-63a35c314e98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10934", "type": "seen", "source": "https://t.me/cvedetector/11180", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10934 - OpenBSD NFS Client/Server Multiple Vulnerabilities (Double Free, Uninitialized Variable)\", \n  \"Content\": \"CVE ID : CVE-2024-10934 \nPublished : Nov. 15, 2024, 8:15 p.m. | 23\u00a0minutes ago \nDescription : In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021,  \navoid possible mbuf double free in NFS client and server implementation, do not use uninitialized variable in error handling of NFS server. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-15T21:39:19.000000Z"}, {"uuid": "7194bb55-254e-4fcc-952b-903fb51b8fb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1093", "type": "seen", "source": "https://t.me/ctinow/199848", "content": "https://ift.tt/RZSPsv5\nCVE-2024-1093", "creation_timestamp": "2024-03-05T03:27:46.000000Z"}, {"uuid": "7d3a7787-2eeb-4149-b6a8-c8e074ba1114", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1093", "type": "seen", "source": "https://t.me/ctinow/199861", "content": "https://ift.tt/RZSPsv5\nCVE-2024-1093", "creation_timestamp": "2024-03-05T03:28:07.000000Z"}, {"uuid": "6e11da9f-5f18-4055-87d5-7ce7375a4a5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10932", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113768895220327215", "content": "", "creation_timestamp": "2025-01-04T07:26:19.238675Z"}, {"uuid": "457cded2-afa6-4875-86ec-44716952f022", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10936", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113865950817703932", "content": "", "creation_timestamp": "2025-01-21T10:48:47.288626Z"}, {"uuid": "ae8a103f-67d8-4d8c-905b-8ca8b7f973bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10936", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgaokmd56o2w", "content": "", "creation_timestamp": "2025-01-21T10:49:24.460231Z"}, {"uuid": "e7722780-c282-4160-8db5-84a7351bd878", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10936", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgajdm7dof2c", "content": "", "creation_timestamp": "2025-01-21T09:15:58.670957Z"}, {"uuid": "1d65289e-63d4-43a0-b57d-b270a6955356", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10936", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113865413919158621", "content": "", "creation_timestamp": "2025-01-21T08:32:13.100214Z"}, {"uuid": "59680fe5-161d-47ff-a359-849ad27b3300", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10936", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgaoklt6xh2e", "content": "", "creation_timestamp": "2025-01-21T10:49:22.664313Z"}, {"uuid": "5b19c357-3371-4e44-9ef9-a3cb662d793c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10930", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-051-03", "content": "", "creation_timestamp": "2025-02-20T11:00:00.000000Z"}, {"uuid": "5cc4d9ac-10f3-4793-bbfa-167ec45264d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10936", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2378", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10936\n\ud83d\udd39 Description: The String locator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.6 via deserialization of untrusted input in the 'recursive_unserialize_replace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must perform a search and replace action to trigger the exploit.\n\ud83d\udccf Published: 2025-01-21T08:21:51.041Z\n\ud83d\udccf Modified: 2025-01-21T08:21:51.041Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/1404f034-2d1d-44b2-87e5-61f72f215417?source=cve\n2. https://plugins.trac.wordpress.org/browser/string-locator/trunk/includes/Extension/SearchReplace/Replace/class-sql.php#L170\n3. https://plugins.trac.wordpress.org/changeset/3222952/", "creation_timestamp": "2025-01-21T09:01:24.000000Z"}, {"uuid": "b12afb4e-9edf-4ead-97c6-3a7356476ccf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10933", "type": "seen", "source": "https://t.me/cvedetector/12136", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10933 - In OpenBSD 7.5 before errata 009 and OpenBSD 7.4 b\", \n  \"Content\": \"CVE ID : CVE-2024-10933 \nPublished : Dec. 5, 2024, 8:15 p.m. | 41\u00a0minutes ago \nDescription : In OpenBSD 7.5 before errata 009 and OpenBSD 7.4 before errata 022, exclude any '/' in readdir name validation to avoid unexpected directory traversal on untrusted file systems. \nSeverity: 5.0 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-05T22:03:16.000000Z"}, {"uuid": "7090a22b-5c35-4c7d-85c5-4be365d40ca3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10930", "type": "published-proof-of-concept", "source": "Telegram/Udydye_9MRniXQnKlLw6izn4LpjwmtcmKZHz8V5yRbLQn20", "content": "", "creation_timestamp": "2025-02-11T16:00:08.000000Z"}, {"uuid": "26504654-4797-45fe-a1ec-cf8068083bef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10934", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/113489194020827153", "content": "", "creation_timestamp": "2024-11-15T21:54:32.887975Z"}, {"uuid": "61387d84-b599-4ba6-857f-e442fb221188", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10930", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-01", "content": "", "creation_timestamp": "2025-03-04T11:00:00.000000Z"}, {"uuid": "ca82a056-4031-4593-a802-aa55a6e3a38b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10930", "type": "seen", "source": "https://t.me/cvedetector/19526", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10930 - Citrix DLL Hijacking Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10930 \nPublished : March 4, 2025, 6:15 p.m. | 32\u00a0minutes ago \nDescription : An Uncontrolled Search Path Element vulnerability exists which could allow a malicious actor to perform DLL hijacking and execute arbitrary code with escalated privileges. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-04T20:01:41.000000Z"}, {"uuid": "143362f2-76fc-48e2-a607-68c7b102b94f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10930", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6393", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10930\n\ud83d\udd25 CVSS Score: 7.1 (cvssV4_0, Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: An Uncontrolled Search Path Element vulnerability exists which could allow a malicious actor to perform DLL hijacking and execute arbitrary code with escalated privileges.\n\ud83d\udccf Published: 2025-03-04T17:21:39.313Z\n\ud83d\udccf Modified: 2025-03-04T17:21:39.313Z\n\ud83d\udd17 References:\n1. https://www.corporate.carrier.com/product-security/advisories-resources/\n2. https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-01", "creation_timestamp": "2025-03-04T17:34:04.000000Z"}, {"uuid": "100fe9b8-bef8-470a-b14c-5a0828629524", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10936", "type": "seen", "source": "https://t.me/cvedetector/15910", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10936 - WordPress String Locator PHP Object Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10936 \nPublished : Jan. 21, 2025, 9:15 a.m. | 37\u00a0minutes ago \nDescription : The String locator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.6 via deserialization of untrusted input in the 'recursive_unserialize_replace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must perform a search and replace action to trigger the exploit. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-21T11:06:15.000000Z"}, {"uuid": "bf9abbc0-6a98-4047-b271-655e9d044f45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10939", "type": "seen", "source": "https://t.me/cvedetector/12831", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10939 - WordPress Image Widget Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10939 \nPublished : Dec. 13, 2024, 6:15 a.m. | 40\u00a0minutes ago \nDescription : The Image Widget WordPress plugin before 4.4.11 does not sanitise and escape some of its Image Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-13T08:14:26.000000Z"}, {"uuid": "3304c6d4-39df-42cc-bf41-d007be7a8ca7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10937", "type": "seen", "source": "https://t.me/cvedetector/12065", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10937 - The Related Posts, Inline Related Posts, Contextua\", \n  \"Content\": \"CVE ID : CVE-2024-10937 \nPublished : Dec. 5, 2024, 9:15 a.m. | 45\u00a0minutes ago \nDescription : The Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.58 via the wp_ajax_nopriv_related_post_ajax_get_post_ids AJAX action. This makes it possible for unauthenticated attackers to extract sensitive data including titles of posts in draft status. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-05T11:10:10.000000Z"}, {"uuid": "2a2a7b82-bf06-4757-886f-9e4e45756e4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10937", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113599306295100608", "content": "", "creation_timestamp": "2024-12-05T08:37:32.934250Z"}, {"uuid": "d7e7d39e-bc8d-4432-9773-3de362413a16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10933", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113602050431949235", "content": "", "creation_timestamp": "2024-12-05T20:15:25.025094Z"}, {"uuid": "b89aa1ba-a4ab-47c6-b3fe-6fe9c8cb6d33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10939", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113644024668514441", "content": "", "creation_timestamp": "2024-12-13T06:10:00.996663Z"}, {"uuid": "6cf81a06-244e-423f-b707-2f4bddaa51f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10930", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ljlf3yh7tw2f", "content": "", "creation_timestamp": "2025-03-04T21:15:00.090174Z"}]}