{"vulnerability": "cve-2024-1184", "sightings": [{"uuid": "4934a8d4-9a0c-43b2-aeb4-edb5a6e98b3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11847", "type": "seen", "source": "https://t.me/cvedetector/21150", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11847 - WordPress SVG Upload Stored XSS Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11847 \nPublished : March 26, 2025, 6:15 a.m. | 2\u00a0hours, 17\u00a0minutes ago \nDescription : The wp-svg-upload WordPress plugin through 1.0.0 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-26T09:42:18.000000Z"}, {"uuid": "a07e8058-c4ce-4a2f-9b82-439992b921ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11848", "type": "seen", "source": "https://t.me/cvedetector/15437", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11848 - NitroPack WordPress Unauthenticated Capabilities Arbitrary Option Modification Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11848 \nPublished : Jan. 15, 2025, 12:15 p.m. | 46\u00a0minutes ago \nDescription : The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nitropack_dismiss_notice_forever' AJAX action in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options to a fixed value of '1' which can activate certain options (e.g., enable user registration) or modify certain options in a way that leads to a denial of service condition. \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-15T14:16:29.000000Z"}, {"uuid": "7ffca45c-e519-4537-a699-f7320e8fe888", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11849", "type": "seen", "source": "https://t.me/cvedetector/14337", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11849 - Pods WordPress Stored Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2024-11849 \nPublished : Jan. 6, 2025, 6:15 a.m. | 24\u00a0minutes ago \nDescription : The Pods  WordPress plugin before 3.2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-06T07:43:47.000000Z"}, {"uuid": "1abdc758-f5d1-477d-84db-c7c7cefe9bd9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11842", "type": "seen", "source": "https://t.me/cvedetector/13718", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11842 - DN Shipping by Weight for WooCommerce CSRF Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11842 \nPublished : Dec. 27, 2024, 6:15 a.m. | 15\u00a0minutes ago \nDescription : The DN Shipping by Weight for WooCommerce WordPress plugin before 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-27T07:37:36.000000Z"}, {"uuid": "5eb319fd-3862-4db3-8cb7-ccfc192bde26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11846", "type": "seen", "source": "https://t.me/cvedetector/14088", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11846 - Apache Struts Reflected Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-11846 \nPublished : Jan. 1, 2025, 6:15 a.m. | 43\u00a0minutes ago \nDescription : The  does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-01T08:08:23.000000Z"}, {"uuid": "674ba262-468d-4d04-bcda-39eb8f8a5821", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11841", "type": "seen", "source": "https://t.me/cvedetector/12966", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11841 - Tithe.ly Giving Button WordPressStored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11841 \nPublished : Dec. 16, 2024, 6:15 a.m. | 35\u00a0minutes ago \nDescription : The Tithe.ly Giving Button WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-16T08:08:46.000000Z"}, {"uuid": "bcebb574-53ea-40fa-8330-23d380b0eeae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11840", "type": "seen", "source": "https://t.me/cvedetector/12628", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11840 - WordPress RapidLoad Plugin Unauthenticated Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11840 \nPublished : Dec. 11, 2024, 11:15 a.m. | 20\u00a0minutes ago \nDescription : The RapidLoad \u2013 Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the uucss_data, update_rapidload_settings, wp_ajax_update_htaccess_file, uucss_update_rule, upload_rules, get_all_rules, update_titan_settings, preload_page, and activate_module functions in all versions up to, and including, 2.4.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify plugin settings or conduct SQL injection attacks. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-11T12:43:55.000000Z"}, {"uuid": "529c229d-f6c3-4d3b-9b6f-a77dfc215b64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11844", "type": "seen", "source": "https://t.me/cvedetector/11874", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11844 - WordPress IdeaPush Plugin Taxonomy Deletion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11844 \nPublished : Dec. 3, 2024, 9:15 a.m. | 18\u00a0minutes ago \nDescription : The IdeaPush plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the idea_push_taxonomy_save_routine function in all versions up to, and including, 8.71. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete terms for the \"boards\" taxonomy. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-03T10:39:05.000000Z"}, {"uuid": "b7b9e22c-e789-4f7d-bef1-77d5aeeaeeab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1184", "type": "seen", "source": "https://t.me/ctinow/192655", "content": "https://ift.tt/LfJECHP\nCVE-2024-1184 | Nsasoft Network Sleuth 3.0.0.0 Registration denial of service", "creation_timestamp": "2024-02-24T17:16:34.000000Z"}, {"uuid": "fc031b69-4269-4e10-a37a-67ecd6b8b503", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1184", "type": "seen", "source": "https://t.me/ctinow/182315", "content": "https://ift.tt/M3xwFs1\nCVE-2024-1184 Exploit", "creation_timestamp": "2024-02-09T23:16:27.000000Z"}, {"uuid": "b4229852-b974-45b3-89be-a776584e03fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11844", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113587982289348551", "content": "", "creation_timestamp": "2024-12-03T08:37:42.330037Z"}, {"uuid": "45475b99-539f-469c-bd58-1f2fd490aa03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11840", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113633848454946185", "content": "", "creation_timestamp": "2024-12-11T11:02:04.368102Z"}, {"uuid": "27edb520-b8f6-4b30-ad8d-f11bd6ea13ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11848", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lmuxxzoo5z27", "content": "", "creation_timestamp": "2025-04-15T21:02:26.004973Z"}, {"uuid": "377fd718-3782-496b-83f8-aabb546b7f02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11848", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1736", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11848\n\ud83d\udd39 Description: The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nitropack_dismiss_notice_forever' AJAX action in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options to a fixed value of '1' which can activate certain options (e.g., enable user registration) or modify certain options in a way that leads to a denial of service condition.\n\ud83d\udccf Published: 2025-01-15T11:24:35.912Z\n\ud83d\udccf Modified: 2025-01-15T11:24:35.912Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/1e1b06d0-f348-4a8b-8730-a87d8e2ba2a1?source=cve\n2. https://plugins.trac.wordpress.org/changeset/3211235/nitropack", "creation_timestamp": "2025-01-15T12:22:07.000000Z"}, {"uuid": "8d4b6c37-f07e-4ea7-b532-4af9ec6a08cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1184", "type": "seen", "source": "https://t.me/ctinow/178087", "content": "https://ift.tt/4StO3Ky\nCVE-2024-1184", "creation_timestamp": "2024-02-02T14:21:48.000000Z"}, {"uuid": "2d739e41-490d-43a8-80c4-2a4c847a8cd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11848", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfrqmsfhfn2s", "content": "", "creation_timestamp": "2025-01-15T12:16:27.184972Z"}, {"uuid": "6c33cff7-ce82-4e86-b04a-3b33ba5a3414", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11846", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113751581349312596", "content": "", "creation_timestamp": "2025-01-01T06:03:05.949490Z"}, {"uuid": "da0c9381-8ed4-4d7c-aa33-64ea0cb185ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11846", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lenvwt22uf25", "content": "", "creation_timestamp": "2025-01-01T06:15:41.474943Z"}, {"uuid": "f1867383-2a2c-47f8-ada5-fcbfff5449ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11841", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113660989239338784", "content": "", "creation_timestamp": "2024-12-16T06:04:19.931582Z"}, {"uuid": "555fafcd-37cf-4d6e-9b3d-da9677bc82e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11842", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113723304076717496", "content": "", "creation_timestamp": "2024-12-27T06:11:49.114149Z"}, {"uuid": "91ada732-3d01-4708-a1be-26e5073b6633", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11842", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lebdmdnjq722", "content": "", "creation_timestamp": "2024-12-27T06:15:45.276084Z"}, {"uuid": "25f7117c-c937-4813-a995-1b6994bda7f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11848", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfrseqgyak2y", "content": "", "creation_timestamp": "2025-01-15T12:47:44.030961Z"}, {"uuid": "a472af90-2e52-4ce6-a4c2-e40331a55ecb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11848", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfrserdgmu2e", "content": "", "creation_timestamp": "2025-01-15T12:47:45.807714Z"}, {"uuid": "5e46636e-a060-47dd-a531-7822e36a5e0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11848", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113832448233551723", "content": "", "creation_timestamp": "2025-01-15T12:48:37.465397Z"}, {"uuid": "3c81bb00-58ac-47d4-a24c-61b3926d5069", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11849", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113779894266060216", "content": "", "creation_timestamp": "2025-01-06T06:03:26.742682Z"}, {"uuid": "d61172af-33a7-4866-adfd-45211e65c26b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11849", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf2ib3s42j2k", "content": "", "creation_timestamp": "2025-01-06T06:15:30.165451Z"}, {"uuid": "aabc2bc9-7a4e-4bc7-b8d2-aef96ba93265", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11849", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf2k2xk7eb2u", "content": "", "creation_timestamp": "2025-01-06T06:47:52.278761Z"}, {"uuid": "8260a42f-8de8-4bb2-84fd-cd65be49565f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11848", "type": "seen", "source": "https://infosec.exchange/users/random_robbie/statuses/114059639239904191", "content": "", "creation_timestamp": "2025-02-24T15:46:16.214842Z"}, {"uuid": "f67d1457-2257-4b8e-99a6-c24a1d501ea3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11849", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/161", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: GHSA-7mxj-3f68-p2v6\n\ud83d\udd17 Aliases: CVE-2024-11849\n\ud83d\udd39 Details: The Pods  WordPress plugin before 3.2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n\ud83d\uddd3\ufe0f Modified: 2025-01-06T06:30:45Z\n\ud83d\uddd3\ufe0f Published: 2025-01-06T06:30:45Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-11849\n2. https://wpscan.com/vulnerability/85b25a5b-c30b-4a2a-96c1-f05b4eba8a9b", "creation_timestamp": "2025-01-06T06:40:36.000000Z"}, {"uuid": "8887ca8e-1c11-47b3-8017-3f983530ab78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11847", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8809", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11847\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The wp-svg-upload WordPress plugin through 1.0.0 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.\n\ud83d\udccf Published: 2025-03-26T06:00:02.270Z\n\ud83d\udccf Modified: 2025-03-26T06:00:02.270Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/f57ecff2-0cff-40c7-b6e4-5b162b847d65/", "creation_timestamp": "2025-03-26T06:25:18.000000Z"}, {"uuid": "20a42472-ac5c-48ea-8ea0-0025547182fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11843", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17063", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11843\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Panorama  WordPress plugin through 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n\ud83d\udccf Published: 2025-05-15T20:06:51.172Z\n\ud83d\udccf Modified: 2025-05-20T19:33:19.083Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/0dd41559-d88a-4018-a0f0-c8944b6d6f0a/", "creation_timestamp": "2025-05-20T19:43:02.000000Z"}]}