{"vulnerability": "cve-2024-1258", "sightings": [{"uuid": "04c0fc95-4fcc-4fab-bbdb-ce9b87102a77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12586", "type": "seen", "source": "MISP/db121278-a8f5-4f36-a226-e45f3a86f55e", "content": "", "creation_timestamp": "2025-08-26T13:26:34.000000Z"}, {"uuid": "51195d1e-e5c1-4549-8531-39fe56af3f76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12585", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3meovccxtun2k", "content": "", "creation_timestamp": "2026-02-12T21:03:15.071148Z"}, {"uuid": "d71cb0c2-3481-4137-95ea-d6a172dc74a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12587", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1276", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12587\n\ud83d\udd39 Description: The Contact Form Master  WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n\ud83d\udccf Published: 2025-01-11T06:00:02.900Z\n\ud83d\udccf Modified: 2025-01-11T06:00:02.900Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/7cb040f5-d154-48ea-a54e-80451054bad8/", "creation_timestamp": "2025-01-11T07:04:49.000000Z"}, {"uuid": "8c9e18c4-cdc9-4c6d-9620-dd066d5eb83f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12582", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16037", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12582\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H)\n\ud83d\udd39 Description: A flaw was found in the skupper console,  a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud environment. When the default authentication method is used, a random password is generated for the \"admin\" user and is persisted in either a Kubernetes secret or a podman volume in a plaintext file. This authentication method can be manipulated by an attacker, leading to the reading of any user-readable file in the container filesystem, directly impacting data confidentiality. Additionally, the attacker may induce skupper to read extremely large files into memory, resulting in resource exhaustion and a denial of service attack.\n\ud83d\udccf Published: 2024-12-24T03:31:24.896Z\n\ud83d\udccf Modified: 2025-05-12T20:08:42.332Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/errata/RHSA-2025:1413\n2. https://access.redhat.com/security/cve/CVE-2024-12582\n3. https://bugzilla.redhat.com/show_bug.cgi?id=2333540", "creation_timestamp": "2025-05-12T20:29:37.000000Z"}, {"uuid": "72a7bebd-fb07-41a5-a2e1-2bf1b719f2c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12583", "type": "seen", "source": "https://t.me/cvedetector/14270", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12583 - Dynamics 365 Integration Plugin for WordPress Remote Code Execution and Arbitrary File Read Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12583 \nPublished : Jan. 4, 2025, 9:15 a.m. | 16\u00a0minutes ago \nDescription : The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server. \nSeverity: 9.9 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-04T10:34:41.000000Z"}, {"uuid": "1fca4a53-2a23-44ec-a0ee-5014965c6d53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12585", "type": "seen", "source": "https://t.me/cvedetector/14658", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12585 - Property Hive WordPress XSS Governance Failure\", \n  \"Content\": \"CVE ID : CVE-2024-12585 \nPublished : Jan. 8, 2025, 6:15 a.m. | 40\u00a0minutes ago \nDescription : The Property Hive WordPress plugin before 2.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-08T08:17:24.000000Z"}, {"uuid": "51e708e6-6937-4c4b-a390-10a19266e8bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12584", "type": "seen", "source": "https://t.me/cvedetector/14667", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12584 - Xpro Addons For Elementor Privileged Information Disclosure\", \n  \"Content\": \"CVE ID : CVE-2024-12584 \nPublished : Jan. 8, 2025, 7:15 a.m. | 40\u00a0minutes ago \nDescription : The 140+ Widgets | Xpro Addons For Elementor \u2013 FREE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6.2 via the 'duplicate' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract potentially sensitive data from draft, scheduled (future), private, and password protected posts. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-08T09:07:38.000000Z"}, {"uuid": "3527e9c7-3260-4c4e-aea5-02e300c51c3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12581", "type": "seen", "source": "https://t.me/cvedetector/12830", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12581 - Kadence WP Gutenberg Blocks with AI Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12581 \nPublished : Dec. 13, 2024, 6:15 a.m. | 40\u00a0minutes ago \nDescription : The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.53 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. \nSeverity: 4.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-13T08:14:25.000000Z"}, {"uuid": "57c61067-4dfb-41c0-bcd0-dadeb43382de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1258", "type": "seen", "source": "https://t.me/ctinow/180364", "content": "https://ift.tt/KtGMVyz\nCVE-2024-1258", "creation_timestamp": "2024-02-06T22:22:20.000000Z"}, {"uuid": "e9679257-ed5f-4f4e-a2ea-77813a4ef778", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12588", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ldsku47rvf2m", "content": "", "creation_timestamp": "2024-12-21T09:15:26.140392Z"}, {"uuid": "d7119ddb-0d06-4aac-92ec-f3cf17a181cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12588", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113689861796627690", "content": "", "creation_timestamp": "2024-12-21T08:27:00.584792Z"}, {"uuid": "01452138-4ca6-46bb-b65e-4e99ba576c7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12583", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lf4q6rtkck22", "content": "", "creation_timestamp": "2025-01-07T03:42:43.465948Z"}, {"uuid": "4ef0aa67-ec3e-4e4d-bdd7-6c1269f24f68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12585", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113791241188437876", "content": "", "creation_timestamp": "2025-01-08T06:09:07.009930Z"}, {"uuid": "e80d31dd-ff19-4ba3-8477-36fa1a2396e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12585", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf7j7d6sa62k", "content": "", "creation_timestamp": "2025-01-08T06:15:43.083494Z"}, {"uuid": "a0511049-2f83-4309-b299-9b5925612e5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12585", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf7khza3pj2b", "content": "", "creation_timestamp": "2025-01-08T06:38:29.073495Z"}, {"uuid": "38b03d6d-689a-42af-a8bf-25f71cb8e61d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12584", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113791376022240183", "content": "", "creation_timestamp": "2025-01-08T06:43:24.680870Z"}, {"uuid": "b7b9b21e-4ba4-4869-98b5-4ebd0f194bee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12584", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113791390788597629", "content": "", "creation_timestamp": "2025-01-08T06:47:09.788548Z"}, {"uuid": "e7b38c31-9d9e-4056-be68-0e3ae97f93cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12584", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf7mksupyu25", "content": "", "creation_timestamp": "2025-01-08T07:15:50.064867Z"}, {"uuid": "37db4796-a232-450d-b5d5-9b3107d2765d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12584", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf7rqpng3r2q", "content": "", "creation_timestamp": "2025-01-08T08:48:36.770331Z"}, {"uuid": "d1fa95c6-0ec8-4904-b664-f63e1c2635b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12586", "type": "seen", "source": "Telegram/Kzcu-nWqygACCMOWBfIjlz_eAnGqhMjZ8fsj3WAwZDq0RWMl", "content": "", "creation_timestamp": "2025-02-14T10:08:08.000000Z"}, {"uuid": "ed1009ea-90fb-4098-bed1-0d3bb0172de3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12585", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/665", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12585\n\ud83d\udd39 Description: The Property Hive WordPress plugin before 2.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n\ud83d\udccf Published: 2025-01-08T06:00:14.363Z\n\ud83d\udccf Modified: 2025-01-08T06:00:14.363Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/afecf367-d298-4f4c-8f47-4e19b3937d3e/", "creation_timestamp": "2025-01-08T06:38:06.000000Z"}, {"uuid": "e633ce08-b2f3-4188-b932-22989a44be3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12584", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/672", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12584\n\ud83d\udd39 Description: The 140+ Widgets | Xpro Addons For Elementor \u2013 FREE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6.2 via the 'duplicate' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract potentially sensitive data from draft, scheduled (future), private, and password protected posts.\n\ud83d\udccf Published: 2025-01-08T06:41:38.596Z\n\ud83d\udccf Modified: 2025-01-08T06:41:38.596Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/fa085bc0-af0b-4797-a10f-4d41b4988c02?source=cve\n2. https://plugins.trac.wordpress.org/changeset/3212531/xpro-elementor-addons", "creation_timestamp": "2025-01-08T07:39:02.000000Z"}, {"uuid": "9db3d7c0-5efd-4388-ba10-ae00d61654a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12586", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4213", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12586\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Chalet-Montagne.com Tools WordPress plugin through 2.7.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n\ud83d\udccf Published: 2025-02-13T06:31:43Z\n\ud83d\udccf Modified: 2025-02-13T06:31:43Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-12586\n2. https://wpscan.com/vulnerability/2ce05a44-762b-4aaf-b88a-92c830fd8ec4", "creation_timestamp": "2025-02-13T07:10:29.000000Z"}, {"uuid": "38dfa59b-10f1-469b-a2e4-aa5956e8e5fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12589", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7290", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12589\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Finale Lite \u2013 Sales Countdown Timer &amp; Discount for WooCommerce plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting via the countdown timer in all versions up to, and including, 2.19.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-03-12T07:00:22.816Z\n\ud83d\udccf Modified: 2025-03-12T07:00:22.816Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/ae0a001b-0792-4a32-8f49-5d4b1550f4be?source=cve\n2. https://plugins.trac.wordpress.org/changeset/3247611/finale-woocommerce-sales-countdown-timer-discount", "creation_timestamp": "2025-03-12T07:43:57.000000Z"}, {"uuid": "6d11ddee-8f6d-43fd-912f-518cfc4fb48d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12586", "type": "seen", "source": "https://t.me/cvedetector/17969", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12586 - Chalet-Montagne.com Tools WordPress Reflected Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-12586 \nPublished : Feb. 13, 2025, 6:15 a.m. | 1\u00a0hour, 13\u00a0minutes ago \nDescription : The Chalet-Montagne.com Tools WordPress plugin through 2.7.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-13T08:47:53.000000Z"}, {"uuid": "2fa56c66-10e7-4853-9293-e45fbcfcb45f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12582", "type": "seen", "source": "https://t.me/cvedetector/13552", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12582 - \"Skupper Console Plaintext Authentication Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-12582 \nPublished : Dec. 24, 2024, 4:15 a.m. | 37\u00a0minutes ago \nDescription : A flaw was found in the skupper console,  a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud environment. When the default authentication method is used, a random password is generated for the \"admin\" user and is persisted in either a Kubernetes secret or a podman volume in a plaintext file. This authentication method can be manipulated by an attacker, leading to the reading of any user-readable file in the container filesystem, directly impacting data confidentiality. Additionally, the attacker may induce skupper to read extremely large files into memory, resulting in resource exhaustion and a denial of service attack. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-24T06:02:16.000000Z"}, {"uuid": "bfc419f1-72f6-4ce0-a396-8e540becc714", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1258", "type": "seen", "source": "https://t.me/ctinow/197377", "content": "https://ift.tt/YNQLOIS\nCVE-2024-1258 | Juanpao JPShop up to 1.5.02 API api/config/params.php JWT_KEY_ADMIN hard-coded key", "creation_timestamp": "2024-03-01T08:11:32.000000Z"}, {"uuid": "b7576802-c282-49b8-83b0-d240de2f7876", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12581", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113643879513000912", "content": "", "creation_timestamp": "2024-12-13T05:33:07.007314Z"}, {"uuid": "08031de2-86a3-4c18-84b3-9019361a180c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12582", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113705709008355890", "content": "", "creation_timestamp": "2024-12-24T03:37:09.477611Z"}, {"uuid": "b15878ae-33ea-4325-9baf-48bda99d0ed6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12582", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ldzli7bp5a2i", "content": "", "creation_timestamp": "2024-12-24T04:15:18.770948Z"}, {"uuid": "a3692162-c91d-427a-b25f-030e11cc315e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12587", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113808208981525101", "content": "", "creation_timestamp": "2025-01-11T06:04:16.656342Z"}, {"uuid": "75b23777-5786-4b1c-bedb-ec858fd4d16f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12587", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfh2lyvdww2x", "content": "", "creation_timestamp": "2025-01-11T06:15:40.637792Z"}, {"uuid": "ad91d7b0-a6b0-4f0d-8e66-895b076801db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12587", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfh4hglgf52g", "content": "", "creation_timestamp": "2025-01-11T06:48:54.624070Z"}, {"uuid": "efb1d9ab-d7fe-4238-9be4-fd7c79ba7ea2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12583", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113769121406411898", "content": "", "creation_timestamp": "2025-01-04T08:23:51.020777Z"}, {"uuid": "ebf44f20-83ac-4dac-bb36-4696e1a30c1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12586", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113995088985958672", "content": "", "creation_timestamp": "2025-02-13T06:10:17.358569Z"}, {"uuid": "a883719d-0b47-44a1-83f8-d7a58672236c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12586", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhzzyjusar2z", "content": "", "creation_timestamp": "2025-02-13T06:15:45.338587Z"}, {"uuid": "6a500519-1bdc-4115-bc41-49f5f880b566", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12587", "type": "seen", "source": "https://t.me/cvedetector/15036", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12587 - Contact Form Master WordPress XSS\", \n  \"Content\": \"CVE ID : CVE-2024-12587 \nPublished : Jan. 11, 2025, 6:15 a.m. | 41\u00a0minutes ago \nDescription : The Contact Form Master  WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-11T08:13:56.000000Z"}, {"uuid": "be938fb8-a584-4aab-9806-2c7f12fa7afb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12588", "type": "seen", "source": "https://t.me/cvedetector/13492", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12588 - WordPress Phlox Theme Phlox Theme Stored Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-12588 \nPublished : Dec. 21, 2024, 9:15 a.m. | 40\u00a0minutes ago \nDescription : The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Staff widget in all versions up to, and including, 2.16.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-21T11:09:08.000000Z"}]}