{"vulnerability": "cve-2024-1095", "sightings": [{"uuid": "2197b227-01ca-4298-8a4d-dd2f46e0638d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1095", "type": "seen", "source": "https://t.me/ctinow/199849", "content": "https://ift.tt/lhronQ6\nCVE-2024-1095", "creation_timestamp": "2024-03-05T03:27:47.000000Z"}, {"uuid": "e5f3a4c0-baaf-412b-b624-67b2c6358c2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1095", "type": "seen", "source": "https://t.me/ctinow/199862", "content": "https://ift.tt/lhronQ6\nCVE-2024-1095", "creation_timestamp": "2024-03-05T03:28:08.000000Z"}, {"uuid": "fe5dad09-017b-41cc-b463-7e66f173b583", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10957", "type": "exploited", "source": "https://t.me/CyberBulletin/27046", "content": "\u26a1\ufe0fCVE-2024-10957 Exposes Over 3 Million WordPress Sites to Unauthenticated PHP Object Injection Exploits.\n\n#CyberBulletin", "creation_timestamp": "2025-01-05T11:43:31.000000Z"}, {"uuid": "5e0358ff-b157-43c8-b358-a5fb4088d8cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10957", "type": "seen", "source": "https://bsky.app/profile/ethicalhack3r.bsky.social/post/3lf5eb5afqs2y", "content": "", "creation_timestamp": "2025-01-07T09:41:57.331167Z"}, {"uuid": "222c4125-1020-4335-9803-43c2d0c582e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10957", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113770372050731497", "content": "", "creation_timestamp": "2025-01-04T13:41:49.813211Z"}, {"uuid": "8a226735-2fe5-461a-8590-ab9b6c47e3c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10957", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lewc5uwjj22k", "content": "", "creation_timestamp": "2025-01-04T14:15:41.089197Z"}, {"uuid": "f00ab438-05f4-4087-a523-85da8120b719", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10957", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lewe7qgnoq2g", "content": "", "creation_timestamp": "2025-01-04T14:52:30.603889Z"}, {"uuid": "5b71b94d-b905-4c29-95e4-18770667475a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10957", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lewe7qraki2g", "content": "", "creation_timestamp": "2025-01-04T14:52:31.349342Z"}, {"uuid": "cddc64f2-ec5a-4095-b50e-6becd274bc20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10957", "type": "seen", "source": "https://bsky.app/profile/bolhasec.com/post/3leyac2jt3c2y", "content": "", "creation_timestamp": "2025-01-05T08:47:34.006672Z"}, {"uuid": "3612db89-7d0b-48f0-a24a-b6fd3c92ee11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10957", "type": "seen", "source": "https://bsky.app/profile/elhackernet.extwitter.link/post/3leyymygeac26", "content": "", "creation_timestamp": "2025-01-05T16:03:09.869948Z"}, {"uuid": "3fd26650-7fde-4c01-bba8-21ff858e829b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10957", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lf33xdavto22", "content": "", "creation_timestamp": "2025-01-06T12:07:57.934431Z"}, {"uuid": "bf533f97-e2ca-401b-b61f-5042f88e4f88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10957", "type": "seen", "source": "https://bsky.app/profile/decrypt.lol/post/3lgaaqd3mgd2i", "content": "", "creation_timestamp": "2025-01-21T06:42:02.011563Z"}, {"uuid": "f00035a6-9dc9-4ff2-b488-311aa5b4c33b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1095", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/78", "content": "\ud83d\udccc **CVE ID**: GHSA-vcp4-p2mp-8fpq\n\ud83d\udd17 **Aliases**: CVE-2024-10957\n\ud83d\udd39 **Details**: The UpdraftPlus: WP Backup &amp; Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.24.11 via deserialization of untrusted input in the 'recursive_unserialized_replace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must perform a search and replace action to trigger the exploit.\n\ud83d\udd22 **Severity**: CVSS_V3: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n\ud83d\uddd3\ufe0f **Modified**: 2025-01-04T15:30:45Z\n\ud83d\uddd3\ufe0f **Published**: 2025-01-04T15:30:45Z\n\ud83c\udff7\ufe0f **CWE IDs**: CWE-502\n\ud83d\udd17 **References**:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-1095\n2. https://plugins.trac.wordpress.org/browser/updraftplus/trunk/includes/class-search-replace.php#L411\n3. https://plugins.trac.wordpress.org/changeset/3212299\n4. https://www.wordfence.com/threat-intel/vulnerabilities/id/429ed3-96b2-41-8a2-89b9a21ec058?source=cve", "creation_timestamp": "2025-01-05T01:35:30.000000Z"}, {"uuid": "c3fcc9b0-9486-427d-9951-15c672c4aea6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1095", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/100", "content": "\ud83d\udccc **CVE ID**: GHSA-vcp4-p2mp-8fpq\n\ud83d\udd17 **Aliases**: CVE-2024-10957\n\ud83d\udd39 **Details**: The UpdraftPlus: WP Backup &amp; Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.24.11 via deserialization of untrusted input in the 'recursive_unserialized_replace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must perform a search and replace action to trigger the exploit.\n\ud83d\udd22 **Severity**: CVSS_V3: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n\ud83d\uddd3\ufe0f **Modified**: 2025-01-04T15:30:45Z\n\ud83d\uddd3\ufe0f **Published**: 2025-01-04T15:30:45Z\n\ud83c\udff7\ufe0f **CWE IDs**: CWE-502\n\ud83d\udd17 **References**:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-1095\n2. https://plugins.trac.wordpress.org/browser/updraftplus/trunk/includes/class-search-replace.php#L411\n3. https://plugins.trac.wordpress.org/changeset/3212299\n4. https://www.wordfence.com/threat-intel/vulnerabilities/id/429ed3-96b2-41-8a2-89b9a21ec058?source=cve", "creation_timestamp": "2025-01-05T01:38:16.000000Z"}, {"uuid": "67c9e324-c015-4eea-9370-0768b664080a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10957", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/100", "content": "\ud83d\udccc **CVE ID**: GHSA-vcp4-p2mp-8fpq\n\ud83d\udd17 **Aliases**: CVE-2024-10957\n\ud83d\udd39 **Details**: The UpdraftPlus: WP Backup &amp; Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.24.11 via deserialization of untrusted input in the 'recursive_unserialized_replace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must perform a search and replace action to trigger the exploit.\n\ud83d\udd22 **Severity**: CVSS_V3: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n\ud83d\uddd3\ufe0f **Modified**: 2025-01-04T15:30:45Z\n\ud83d\uddd3\ufe0f **Published**: 2025-01-04T15:30:45Z\n\ud83c\udff7\ufe0f **CWE IDs**: CWE-502\n\ud83d\udd17 **References**:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-1095\n2. https://plugins.trac.wordpress.org/browser/updraftplus/trunk/includes/class-search-replace.php#L411\n3. https://plugins.trac.wordpress.org/changeset/3212299\n4. https://www.wordfence.com/threat-intel/vulnerabilities/id/429ed3-96b2-41-8a2-89b9a21ec058?source=cve", "creation_timestamp": "2025-01-05T01:38:16.000000Z"}, {"uuid": "33b1eaab-877c-4b00-a8b2-3f44d83c285c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10957", "type": "seen", "source": "https://t.me/CyberBulletin/1941", "content": "\u26a1\ufe0fCVE-2024-10957 Exposes Over 3 Million WordPress Sites to Unauthenticated PHP Object Injection Exploits.\n\n#CyberBulletin", "creation_timestamp": "2025-01-05T12:10:02.000000Z"}, {"uuid": "2215467b-3914-4e23-90f9-d126b900edd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10957", "type": "seen", "source": "https://t.me/hackyourmom/10059", "content": "\ud83d\udd10 3 \u043c\u0456\u043b\u044c\u0439\u043e\u043d\u0438 \u0441\u0430\u0439\u0442\u0456\u0432 WordPress \u0443 \u043d\u0435\u0431\u0435\u0437\u043f\u0435\u0446\u0456 \u0447\u0435\u0440\u0435\u0437 \u0443\u0440\u0430\u0437\u043b\u0438\u0432\u0456\u0441\u0442\u044c CVE-2024-10957. \u0423\u0440\u0430\u0437\u043b\u0438\u0432\u0456\u0441\u0442\u044c \u0443 \u043f\u043b\u0430\u0433\u0456\u043d\u0456 UpdraftPlus Backup &amp; Migration \u043c\u043e\u0436\u0435 \u0434\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u0438 \u0437\u043b\u043e\u0432\u043c\u0438\u0441\u043d\u0438\u043a\u0430\u043c \u0432\u0438\u043a\u0440\u0430\u0441\u0442\u0438 \u0434\u0430\u043d\u0456 \u0430\u0431\u043e \u0432\u0438\u043a\u043e\u043d\u0430\u0442\u0438 \u0448\u043a\u0456\u0434\u043b\u0438\u0432\u0438\u0439 \u043a\u043e\u0434 \ud83c\udf10 #cybernews", "creation_timestamp": "2025-01-06T13:16:28.000000Z"}, {"uuid": "d9afcbe7-6790-4691-83e2-ae698bd9142b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10952", "type": "seen", "source": "https://t.me/cvedetector/11943", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10952 - WordPress Authors List Arbitrary Shortcode Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10952 \nPublished : Dec. 4, 2024, 3:15 a.m. | 39\u00a0minutes ago \nDescription : The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution via update_authors_list_ajax AJAX action in all versions up to, and including, 2.0.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-04T05:02:44.000000Z"}, {"uuid": "20beb845-0dab-4491-9eef-c84c0122362a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10957", "type": "seen", "source": "https://t.me/CyberBulletin/9354", "content": "\u26a1\ufe0fCVE-2024-10957 Exposes Over 3 Million WordPress Sites to Unauthenticated PHP Object Injection Exploits.\n\n#CyberBulletin", "creation_timestamp": "2025-01-06T06:36:04.000000Z"}, {"uuid": "8c270e3c-4879-46f0-9f2a-3f071269a9ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10957", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/78", "content": "\ud83d\udccc **CVE ID**: GHSA-vcp4-p2mp-8fpq\n\ud83d\udd17 **Aliases**: CVE-2024-10957\n\ud83d\udd39 **Details**: The UpdraftPlus: WP Backup &amp; Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.24.11 via deserialization of untrusted input in the 'recursive_unserialized_replace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must perform a search and replace action to trigger the exploit.\n\ud83d\udd22 **Severity**: CVSS_V3: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n\ud83d\uddd3\ufe0f **Modified**: 2025-01-04T15:30:45Z\n\ud83d\uddd3\ufe0f **Published**: 2025-01-04T15:30:45Z\n\ud83c\udff7\ufe0f **CWE IDs**: CWE-502\n\ud83d\udd17 **References**:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-1095\n2. https://plugins.trac.wordpress.org/browser/updraftplus/trunk/includes/class-search-replace.php#L411\n3. https://plugins.trac.wordpress.org/changeset/3212299\n4. https://www.wordfence.com/threat-intel/vulnerabilities/id/429ed3-96b2-41-8a2-89b9a21ec058?source=cve", "creation_timestamp": "2025-01-05T01:35:30.000000Z"}, {"uuid": "b9956592-c8fe-4da0-811e-ff8aa30947d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10956", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8180", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10956\n\ud83d\udd25 CVSS Score: 7.6 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L)\n\ud83d\udd39 Description: GPT Academy version 3.83 in the binary-husky/gpt_academic repository is vulnerable to Cross-Site WebSocket Hijacking (CSWSH). This vulnerability allows an attacker to hijack an existing WebSocket connection between the victim's browser and the server, enabling unauthorized actions such as deleting conversation history without the victim's consent. The issue arises due to insufficient WebSocket authentication and lack of origin validation.\n\ud83d\udccf Published: 2025-03-20T10:11:39.829Z\n\ud83d\udccf Modified: 2025-03-20T10:11:39.829Z\n\ud83d\udd17 References:\n1. https://huntr.com/bounties/0f8403ad-5f60-4eb9-9f51-8fbd2e41eda4", "creation_timestamp": "2025-03-20T10:19:17.000000Z"}, {"uuid": "78de05c8-c3af-476c-ba84-38e7ec8dec23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10957", "type": "seen", "source": "https://t.me/cvedetector/14281", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10957 - UpdraftPlus: WP Backup &amp; Migration Plugin PHP Object Injection\", \n  \"Content\": \"CVE ID : CVE-2024-10957 \nPublished : Jan. 4, 2025, 2:15 p.m. | 15\u00a0minutes ago \nDescription : The UpdraftPlus: WP Backup &amp; Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.24.11 via deserialization of untrusted input in the 'recursive_unserialized_replace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must perform a search and replace action to trigger the exploit. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-04T15:35:42.000000Z"}, {"uuid": "04da87ff-cc3f-4104-b387-5bdf17d10e6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10959", "type": "seen", "source": "https://t.me/cvedetector/12496", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10959 - WooCommerce Active Products Tables Plugin Shortcode Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10959 \nPublished : Dec. 10, 2024, 11:15 a.m. | 41\u00a0minutes ago \nDescription : The The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to arbitrary shortcode execution via woot_get_smth AJAX action in all versions up to, and including, 1.0.6.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-10T13:17:32.000000Z"}, {"uuid": "27a185fc-d64c-4eb7-b817-2301bf99c557", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10953", "type": "seen", "source": "https://t.me/cvedetector/10254", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10953 - Apache Airbyte Notification Update Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10953 \nPublished : Nov. 9, 2024, 1:15 a.m. | 44\u00a0minutes ago \nDescription : An authenticated data.all user is able to perform mutating UPDATE operations on persisted Notification records in data.all for group notifications that their user is not a member of. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-09T03:15:01.000000Z"}, {"uuid": "9431d5c3-0f78-47d7-b7b6-cd6ac754a725", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10958", "type": "published-proof-of-concept", "source": "https://t.me/DEVIL_La_RSx/742", "content": "https://github.com/reinh3rz/CVE-2024-10958-WPPA-Exploit", "creation_timestamp": "2024-11-22T10:05:08.000000Z"}, {"uuid": "c4443cd6-f0d1-4e20-aaaa-931308c8d7d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10958", "type": "published-proof-of-concept", "source": "https://t.me/DEVIL_La_RSx/1581", "content": "https://github.com/reinh3rz/CVE-2024-10958-WPPA-Exploit", "creation_timestamp": "2024-12-02T01:56:49.000000Z"}, {"uuid": "c6941728-c270-42b1-90b6-12594323de81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10958", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113458727343148206", "content": "", "creation_timestamp": "2024-11-10T12:46:28.487887Z"}, {"uuid": "404f2aab-13ca-4681-a894-20dda5ffd63c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10958", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/113459014691733654", "content": "", "creation_timestamp": "2024-11-10T13:59:32.796178Z"}, {"uuid": "e9baeae1-bb84-4158-8b5b-28799102c6a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10952", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113592288895692725", "content": "", "creation_timestamp": "2024-12-04T02:52:56.030811Z"}, {"uuid": "5174f2ca-5901-417a-9245-b518ba9838ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10959", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113628229621507746", "content": "", "creation_timestamp": "2024-12-10T11:13:07.894819Z"}, {"uuid": "5999c38c-fda7-4489-ae66-40f8ec32a405", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1095", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/56", "content": "\ud83d\udccc **CVE ID**: GHSA-vcp4-p2mp-8fpq\n\ud83d\udd17 **References**:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-1095\n2. https://plugins.trac.wordpress.org/browser/updraftplus/trunk/includes/class-search-replace.php#L411\n3. https://plugins.trac.wordpress.org/changeset/3212299\n4. https://www.wordfence.com/threat-intel/vulnerabilities/id/429ed3-96b2-41-8a2-89b9a21ec058?source=cve", "creation_timestamp": "2025-01-05T01:32:48.000000Z"}, {"uuid": "69daf256-61f2-4dfa-abae-1a23aea040fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-10958", "type": "seen", "source": "https://t.me/cvedetector/10427", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10958 - \"WordPress Photo Album Plus Shortcode Execution Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-10958 \nPublished : Nov. 10, 2024, 1:15 p.m. | 38\u00a0minutes ago \nDescription : The The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via getshortcodedrenderedfenodelay AJAX action in all versions up to, and including, 8.8.08.007 . This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-10T15:00:37.000000Z"}]}