{"vulnerability": "cve-2024-1187", "sightings": [{"uuid": "71053ef2-e896-44ff-a674-e59e16d82c1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11870", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1712", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11870\n\ud83d\udd39 Description: The Event Registration Calendar By vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's  shortcodes in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-01-15T07:10:46.770Z\n\ud83d\udccf Modified: 2025-01-15T07:10:46.770Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/e8cadb97-2f3e-4b00-ad00-118cf23d1592?source=cve\n2. https://plugins.trac.wordpress.org/browser/event-registration-calendar-by-vcita/trunk/core/shortcodes.php#L22\n3. https://plugins.trac.wordpress.org/browser/event-registration-calendar-by-vcita/trunk/core/shortcodes.php#L50\n4. https://plugins.trac.wordpress.org/browser/event-registration-calendar-by-vcita/trunk/core/shortcodes.php#L91\n5. https://plugins.trac.wordpress.org/browser/event-registration-calendar-by-vcita/trunk/core/shortcodes.php#L129", "creation_timestamp": "2025-01-15T08:29:35.000000Z"}, {"uuid": "e2355df0-9748-428e-818a-35d58f5d5abf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11879", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7714", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11879\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2024-12-14T04:23:40.550Z\n\ud83d\udccf Modified: 2025-03-16T14:46:33.264Z\n\ud83d\udd17 References:\nNo references available.", "creation_timestamp": "2025-03-16T15:46:19.000000Z"}, {"uuid": "8c15ab88-f6de-4455-ac0b-b72bbd671650", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11874", "type": "seen", "source": "https://t.me/cvedetector/15050", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11874 - Wordpress Grid Accordion Lite Stored Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-11874 \nPublished : Jan. 11, 2025, 8:15 a.m. | 33\u00a0minutes ago \nDescription : The Grid Accordion Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'grid_accordion' shortcode in all versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-11T09:54:16.000000Z"}, {"uuid": "9d77888c-f75f-4b8c-bb3f-295f3a954252", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11872", "type": "seen", "source": "https://t.me/cvedetector/12666", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11872 - Epic Games Launcher Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11872 \nPublished : Dec. 12, 2024, 1:40 a.m. | 10\u00a0minutes ago \nDescription : Epic Games Launcher Incorrect Default Permissions Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Epic Games Launcher. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.  \n  \nThe specific flaw exists within the product installer. The product applies incorrect default permissions to a sensitive folder. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-24329. \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T02:56:47.000000Z"}, {"uuid": "2e445ae1-cdcf-405e-b3a6-599b17b60969", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1187", "type": "seen", "source": "https://t.me/ctinow/192664", "content": "https://ift.tt/M95blz4\nCVE-2024-1187 | Munsoft Easy Outlook Express Recovery 2.0 Registration Key denial of service", "creation_timestamp": "2024-02-24T17:46:20.000000Z"}, {"uuid": "35155ab4-3fc6-4dde-8822-36fcd3757656", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11873", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113649426056727389", "content": "", "creation_timestamp": "2024-12-14T05:03:39.880769Z"}, {"uuid": "0dd65cc4-63c1-4fef-846b-5619fdbe0f9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11876", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113649485053601965", "content": "", "creation_timestamp": "2024-12-14T05:18:39.962761Z"}, {"uuid": "547a822a-f185-4777-8e33-53cd245d46e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11877", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113649485067883451", "content": "", "creation_timestamp": "2024-12-14T05:18:40.666304Z"}, {"uuid": "f881d6c0-b0de-44f7-8953-34722579ce3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11879", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113649485081552117", "content": "", "creation_timestamp": "2024-12-14T05:18:40.731162Z"}, {"uuid": "764788cc-d44c-48d7-a91a-e858453cd7b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11874", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfhbctciua25", "content": "", "creation_timestamp": "2025-01-11T08:15:48.691188Z"}, {"uuid": "c0c8193c-d87f-4033-9000-8d5cb44cab0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11870", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113831144031216859", "content": "", "creation_timestamp": "2025-01-15T07:16:56.197643Z"}, {"uuid": "fa8b2c06-b2c3-4e51-914f-97ef700c97ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11870", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfreywewnc2w", "content": "", "creation_timestamp": "2025-01-15T08:48:29.686727Z"}, {"uuid": "75a1ee16-5eac-4ab1-b618-4058d2b9091d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11874", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1287", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11874\n\ud83d\udd39 Description: The Grid Accordion Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'grid_accordion' shortcode in all versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-01-11T07:21:51.502Z\n\ud83d\udccf Modified: 2025-01-11T07:21:51.502Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/7fc20069-5c1d-481a-b0fd-6f29ed6b41ee?source=cve\n2. https://plugins.trac.wordpress.org/browser/grid-accordion-lite/tags/1.5.1/public/class-grid-accordion.php#L98\n3. https://plugins.trac.wordpress.org/browser/grid-accordion-lite/tags/1.5.1/public/class-grid-accordion.php#L445\n4. https://plugins.trac.wordpress.org/browser/grid-accordion-lite/tags/1.5.1/public/class-grid-accordion.php#L310\n5. https://plugins.trac.wordpress.org/browser/grid-accordion-lite/tags/1.5.1/public/class-accordion-renderer.php#L172", "creation_timestamp": "2025-01-11T08:04:15.000000Z"}, {"uuid": "e97cdb23-4c87-4aab-91f0-71ccfec5766f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11878", "type": "seen", "source": "https://t.me/cvedetector/13421", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11878 - WordPress Category Post Slider Stored Cross-Site Scripting Vuln\", \n  \"Content\": \"CVE ID : CVE-2024-11878 \nPublished : Dec. 20, 2024, 7:15 a.m. | 43\u00a0minutes ago \nDescription : The Category Post Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'category-post-slider' shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-20T09:13:17.000000Z"}, {"uuid": "08eac1b3-2997-403e-a5e8-fdf24d029737", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11877", "type": "seen", "source": "https://t.me/cvedetector/12923", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11877 - Cricket Live Score Plugin WordPress Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11877 \nPublished : Dec. 14, 2024, 5:15 a.m. | 27\u00a0minutes ago \nDescription : The Cricket Live Score plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cricket_score' shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-14T06:49:51.000000Z"}, {"uuid": "2917f95d-c922-42d4-8092-09065eab8645", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11879", "type": "seen", "source": "https://t.me/cvedetector/12920", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11879 - Stripe Donation WordPress Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11879 \nPublished : Dec. 14, 2024, 5:15 a.m. | 27\u00a0minutes ago \nDescription : The Stripe Donation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stripe_donation' shortcode in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-14T06:49:46.000000Z"}, {"uuid": "c2098c06-67f9-494c-9462-fe9c1ecbe4e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1187", "type": "seen", "source": "https://t.me/ctinow/178238", "content": "https://ift.tt/JVkKf2w\nCVE-2024-1187", "creation_timestamp": "2024-02-02T19:21:35.000000Z"}, {"uuid": "8fa025ef-fea8-47ba-a8ed-de30433bf4eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11872", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-24-1646/", "content": "", "creation_timestamp": "2024-12-04T05:00:00.000000Z"}, {"uuid": "d4e889b4-c824-4322-9662-6f583c22e1a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11878", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ldptpbzniu2b", "content": "", "creation_timestamp": "2024-12-20T07:15:49.096186Z"}, {"uuid": "a1f39519-3ed1-4bf3-8981-bb8b553c39ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11878", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113683998121199882", "content": "", "creation_timestamp": "2024-12-20T07:35:47.726602Z"}, {"uuid": "8b1db30b-a1ce-471e-bfed-646a63c5fed8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11870", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfrd6be66w2p", "content": "", "creation_timestamp": "2025-01-15T08:15:40.975797Z"}, {"uuid": "7cd40cc0-5e6e-4d36-a7ec-8ac07ea890e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11870", "type": "seen", "source": "https://t.me/cvedetector/15413", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11870 - Vcita Event Registration Calendar by WordPress Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11870 \nPublished : Jan. 15, 2025, 8:15 a.m. | 45\u00a0minutes ago \nDescription : The Event Registration Calendar By vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's  shortcodes in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-15T10:05:22.000000Z"}, {"uuid": "cf6f4188-5bb8-4c10-8777-728ebf27841d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11871", "type": "seen", "source": "https://t.me/cvedetector/12738", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11871 - WordPress Social Media Shortcodes Stored Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-11871 \nPublished : Dec. 12, 2024, 6:15 a.m. | 42\u00a0minutes ago \nDescription : The Social Media Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'patreon' shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T07:58:38.000000Z"}, {"uuid": "6678d6c8-3f54-4c76-9190-6ccc2beebb66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11875", "type": "seen", "source": "https://t.me/cvedetector/12713", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11875 - WordPress Add Infos to Events Calendar Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11875 \nPublished : Dec. 12, 2024, 5:15 a.m. | 43\u00a0minutes ago \nDescription : The Add infos to the events calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fuss' shortcode in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T07:08:00.000000Z"}, {"uuid": "7c3090f5-3497-4bf4-bc21-0dd46e789213", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11872", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113636429972354770", "content": "", "creation_timestamp": "2024-12-11T21:58:35.376957Z"}, {"uuid": "7f94517d-d497-4c9a-b443-11af1a3fe0c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11871", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113638312515481785", "content": "", "creation_timestamp": "2024-12-12T05:57:21.074021Z"}, {"uuid": "f05c9dc9-68ae-4008-942c-886a51b1283c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-11874", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113808537703434993", "content": "", "creation_timestamp": "2025-01-11T07:27:51.665653Z"}]}