{"vulnerability": "cve-2024-1225", "sightings": [{"uuid": "6e7242d6-77ba-4334-aaec-7f8e50d28b27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12253", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113610893265289911", "content": "", "creation_timestamp": "2024-12-07T09:44:16.083880Z"}, {"uuid": "0dea11d8-a58c-4b27-a638-94d337ee9786", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12257", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113609244029314690", "content": "", "creation_timestamp": "2024-12-07T02:44:50.912757Z"}, {"uuid": "711d5c32-1646-484d-9a3e-e8222920884d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12258", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113637925659841653", "content": "", "creation_timestamp": "2024-12-12T04:18:57.690518Z"}, {"uuid": "d1c7dd1e-e10b-4e94-bbbb-58420ec6421f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12255", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113638371624411984", "content": "", "creation_timestamp": "2024-12-12T06:12:22.827567Z"}, {"uuid": "ec2ccbc1-cf4d-4a77-b326-da85692dd715", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12250", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113671721708328118", "content": "", "creation_timestamp": "2024-12-18T03:33:44.711214Z"}, {"uuid": "bdd9d757-6922-4d15-9e50-dfe6e5eae4b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12259", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113671780710103256", "content": "", "creation_timestamp": "2024-12-18T03:48:44.838321Z"}, {"uuid": "aee34d95-daeb-4b10-8330-1ce32b3b5b3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12256", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf4vgz25d62i", "content": "", "creation_timestamp": "2025-01-07T05:16:46.613166Z"}, {"uuid": "500f76ec-db24-4eca-8540-14af66e12fcc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12252", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113785496346083664", "content": "", "creation_timestamp": "2025-01-07T05:48:08.186448Z"}, {"uuid": "7e38f7b3-1ac6-4f8c-94b6-8d20e0fcf984", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12252", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf4xi2ymzp2h", "content": "", "creation_timestamp": "2025-01-07T05:53:12.294517Z"}, {"uuid": "f919c6e2-fe35-4657-9725-7db22baee34f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12252", "type": "seen", "source": "https://infosec.exchange/users/random_robbie/statuses/113826826488173623", "content": "", "creation_timestamp": "2025-01-14T12:58:55.348195Z"}, {"uuid": "52ae951b-19fb-4110-99ef-27d3f401c3ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12252", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lg7ad5sdja2a", "content": "", "creation_timestamp": "2025-01-20T21:02:04.771007Z"}, {"uuid": "4d66eec4-35e6-4fb0-b563-5e29658ecef6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12254", "type": "seen", "source": "https://bsky.app/profile/mitsuhiko.at/post/3lgvrgcpcws24", "content": "", "creation_timestamp": "2025-01-29T20:06:38.137325Z"}, {"uuid": "e2629bf4-cf96-48a8-96f3-bb1a361d438e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12254", "type": "seen", "source": "https://bsky.app/profile/mitsuhiko.at/post/3lgvrgdrdsk24", "content": "", "creation_timestamp": "2025-01-29T20:06:38.617316Z"}, {"uuid": "03669567-5fca-4fe9-a3d7-defd8ddf8eca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12254", "type": "seen", "source": "https://gist.github.com/Vizonex/8242da16ed2d6a48b7acb812fee88957", "content": "", "creation_timestamp": "2025-09-11T23:45:45.000000Z"}, {"uuid": "6434155c-f917-464d-b08a-3893992bf0b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12252", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/325", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12252\n\ud83d\udd39 Description: The SEO LAT Auto Post plugin for WordPress is vulnerable to file overwrite due to a missing capability check on the remote_update AJAX action in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to overwrite the seo-beginner-auto-post.php file which can be leveraged to achieve remote code execution.\n\ud83d\udccf Published: 2025-01-07T04:22:02.465Z\n\ud83d\udccf Modified: 2025-01-07T04:22:02.465Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/67df10cc-ce3c-4157-9860-7e367062f710?source=cve\n2. https://wordpress.org/plugins/seo-beginner-auto-post/", "creation_timestamp": "2025-01-07T04:39:17.000000Z"}, {"uuid": "8d2f5f37-6109-442a-a5cb-d0bece4dae42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12254", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10589", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12254\n\ud83d\udd25 CVSS Score: 8.7 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines()\n method would not \"pause\" writing and signal to the Protocol to drain \nthe buffer to the wire once the write buffer reached the \"high-water \nmark\". Because of this, Protocols would not periodically drain the write\n buffer potentially leading to memory exhaustion.\n\n\n\n\n\nThis\n vulnerability likely impacts a small number of users, you must be using\n Python 3.12.0 or later, on macOS or Linux, using the asyncio module \nwith protocols, and using .writelines() method which had new \nzero-copy-on-write behavior in Python 3.12.0 and later. If not all of \nthese factors are true then your usage of Python is unaffected.\n\ud83d\udccf Published: 2024-12-06T15:19:41.576Z\n\ud83d\udccf Modified: 2025-04-04T23:03:00.653Z\n\ud83d\udd17 References:\n1. https://github.com/python/cpython/issues/127655\n2. https://github.com/python/cpython/pull/127656\n3. https://mail.python.org/archives/list/security-announce@python.org/thread/H4O3UBAOAQQXGT4RE3E4XQYR5XLROORB/\n4. https://github.com/python/cpython/commit/71e8429ac8e2adc10084ab5ec29a62f4b6671a82\n5. https://github.com/python/cpython/commit/9aa0deb2eef2655a1029ba228527b152353135b5\n6. https://github.com/python/cpython/commit/e991ac8f2037d78140e417cc9a9486223eb3e786", "creation_timestamp": "2025-04-04T23:37:53.000000Z"}, {"uuid": "dac36234-48d5-4b20-bae5-873c591c3c1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12253", "type": "seen", "source": "https://t.me/cvedetector/12315", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12253 - PayPal WordPress Sell Products Unauthorized Access\", \n  \"Content\": \"CVE ID : CVE-2024-12253 \nPublished : Dec. 7, 2024, 10:15 a.m. | 20\u00a0minutes ago \nDescription : The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'save_settings', 'export_csv', and 'simpleecommcart-action' actions in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the plugins settings and retrieve order and log data (which is also accessible to unauthenticated users). \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-07T11:41:56.000000Z"}, {"uuid": "1d244a2e-a02f-4955-9699-859bd7ab6cdb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12257", "type": "seen", "source": "https://t.me/cvedetector/12300", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12257 - The CardGate Payments for WooCommerce plugin for W\", \n  \"Content\": \"CVE ID : CVE-2024-12257 \nPublished : Dec. 7, 2024, 2:15 a.m. | 37\u00a0minutes ago \nDescription : The CardGate Payments for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-07T04:10:39.000000Z"}, {"uuid": "1dc06714-4aa4-4e0b-a127-ed47f18b41e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1225", "type": "seen", "source": "https://t.me/ctinow/196351", "content": "https://ift.tt/a65jhfo\nCVE-2024-1225 | QiboSoft QiboCMS X1 up to 1.0.6 Pay.php rmb_pay callback_class deserialization", "creation_timestamp": "2024-02-29T08:47:10.000000Z"}, {"uuid": "73e25841-3cfe-4be1-a8f7-2dcfeac0192b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12251", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhyhqdfchq2s", "content": "", "creation_timestamp": "2025-02-12T15:16:23.407033Z"}, {"uuid": "5a200459-4954-4820-9a1e-44692455b892", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12256", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/310", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12256\n\ud83d\udd39 Description: The Simple Video Management System plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'analytics_video' parameter in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-01-07T04:22:19.453Z\n\ud83d\udccf Modified: 2025-01-07T04:22:19.453Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/cdaa6b7c-bf38-44b5-9d83-2918cbedc683?source=cve\n2. https://wordpress.org/plugins/simple-video-management-system/", "creation_timestamp": "2025-01-07T04:37:24.000000Z"}, {"uuid": "54aba3af-e062-4674-8e5c-254f212fb48b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12255", "type": "seen", "source": "https://t.me/cvedetector/12732", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12255 - Stripe Payments Using Contact Form 7 Information Exposure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12255 \nPublished : Dec. 12, 2024, 6:15 a.m. | 42\u00a0minutes ago \nDescription : The Accept Stripe Payments Using Contact Form 7 plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5 via the cf7sa-info.php file that returns phpinfo() data. This makes it possible for unauthenticated attackers to extract configuration information that can be leveraged in another attack. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T07:58:31.000000Z"}, {"uuid": "64dc576d-2e27-4b45-9558-498395a4cbd9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12258", "type": "seen", "source": "https://t.me/cvedetector/12687", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12258 - \"Authorize.net WordPress Reflected Cross-Site Scripting\"\", \n  \"Content\": \"CVE ID : CVE-2024-12258 \nPublished : Dec. 12, 2024, 4:15 a.m. | 36\u00a0minutes ago \nDescription : The WP Service Payment Form With Authorize.net plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T06:17:22.000000Z"}, {"uuid": "13f3815f-659e-4399-873e-8d897333ff24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12259", "type": "seen", "source": "https://t.me/cvedetector/13156", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12259 - WordPress RepairBuddy Plugin Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12259 \nPublished : Dec. 18, 2024, 4:15 a.m. | 43\u00a0minutes ago \nDescription : The CRM WordPress Plugin \u2013 RepairBuddy plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.8120. This is due to the plugin not properly validating a user's identity prior to updating their email through the wc_update_user_data AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-18T06:09:55.000000Z"}, {"uuid": "fc4b0dd7-0021-44a6-b153-fc76b718a798", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12250", "type": "seen", "source": "https://t.me/cvedetector/13155", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12250 - Authorize.NET Payments Using Contact Form 7 WordPress Information Exposure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12250 \nPublished : Dec. 18, 2024, 4:15 a.m. | 43\u00a0minutes ago \nDescription : The Accept Authorize.NET Payments Using Contact Form 7 plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2 via the cf7adn-info.php file. This makes it possible for unauthenticated attackers to extract configuration data which can be used to aid in other attacks. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-18T06:09:54.000000Z"}, {"uuid": "c71cb4c3-fa80-469c-be73-4d5e46a37ed8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12252", "type": "published-proof-of-concept", "source": "Telegram/vQ0Sm3TCgGLw115KTy13Xlz5wNa50qfz0GIGSnr52V26EMk", "content": "", "creation_timestamp": "2025-03-26T20:00:07.000000Z"}, {"uuid": "91465536-f7c0-430c-8b23-322d8f0e290e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1225", "type": "seen", "source": "https://t.me/ctinow/179212", "content": "https://ift.tt/qTOkYft\nCVE-2024-1225", "creation_timestamp": "2024-02-05T14:21:45.000000Z"}, {"uuid": "865092cb-f454-4db3-8043-abf0f12ada5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2024-12254", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3miogaw2zts22", "content": "", "creation_timestamp": "2026-04-04T14:14:41.812524Z"}, {"uuid": "262c15ef-1943-4202-9354-67cc280ea339", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12251", "type": "seen", "source": "https://t.me/cvedetector/17902", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12251 - Telerik UI for WinUI Command Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12251 \nPublished : Feb. 12, 2025, 3:15 p.m. | 1\u00a0hour, 46\u00a0minutes ago \nDescription : In Progress\u00ae Telerik\u00ae UI for WinUI versions prior to 2025 Q1 (3.0.0), a command injection attack is possible through improper neutralization of hyperlink elements. \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-12T18:33:44.000000Z"}, {"uuid": "18995740-313c-48e3-a1c6-fdda259beeb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12252", "type": "seen", "source": "https://t.me/cvedetector/14464", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12252 - WordPress SEO LAT Auto Post File Overwrite Remote Code Execution\", \n  \"Content\": \"CVE ID : CVE-2024-12252 \nPublished : Jan. 7, 2025, 5:15 a.m. | 40\u00a0minutes ago \nDescription : The SEO LAT Auto Post plugin for WordPress is vulnerable to file overwrite due to a missing capability check on the remote_update AJAX action in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to overwrite the seo-beginner-auto-post.php file which can be leveraged to achieve remote code execution. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-07T07:10:25.000000Z"}, {"uuid": "d2587000-02a7-4437-8f5d-42e128b2394c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12254", "type": "seen", "source": "https://t.me/cvedetector/12242", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12254 - Starting in Python 3.12.0, the asyncio._SelectorSo\", \n  \"Content\": \"CVE ID : CVE-2024-12254 \nPublished : Dec. 6, 2024, 4:15 p.m. | 44\u00a0minutes ago \nDescription : Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines()  \n method would not \"pause\" writing and signal to the Protocol to drain   \nthe buffer to the wire once the write buffer reached the \"high-water   \nmark\". Because of this, Protocols would not periodically drain the write  \n buffer potentially leading to memory exhaustion.  \n  \n  \n  \n  \n  \nThis  \n vulnerability likely impacts a small number of users, you must be using  \n Python 3.12.0 or later, on macOS or Linux, using the asyncio module   \nwith protocols, and using .writelines() method which had new   \nzero-copy-on-write behavior in Python 3.12.0 and later. If not all of   \nthese factors are true then your usage of Python is unaffected. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-06T18:08:03.000000Z"}, {"uuid": "1b0e109a-bb95-4571-9603-686c4fdbbdec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12252", "type": "published-proof-of-concept", "source": "Telegram/yRj3rvTPwwJJrmgfCfqzU7qpeXOxuv70IH7oKMdEI3GidpE", "content": "", "creation_timestamp": "2025-03-26T10:00:06.000000Z"}]}