{"vulnerability": "cve-2024-1287", "sightings": [{"uuid": "55b1f990-306e-424f-8174-9ea42111349c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12877", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113808655813154438", "content": "", "creation_timestamp": "2025-01-11T07:57:54.624124Z"}, {"uuid": "1bd03c4f-e532-4e07-a5a9-dd36d2b54445", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12872", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113921455062062975", "content": "", "creation_timestamp": "2025-01-31T06:04:12.968255Z"}, {"uuid": "45daade2-4d5a-4ee3-9a62-4a9c080b2934", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12872", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgzdwqvq572f", "content": "", "creation_timestamp": "2025-01-31T06:15:51.754432Z"}, {"uuid": "34237848-bcfd-4fd0-ac96-f0e309ea759e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12876", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3ljt7pyy5wp2w", "content": "", "creation_timestamp": "2025-03-08T00:00:09.943324Z"}, {"uuid": "89d7913d-1a2b-426d-bc2d-2ea3a10a19cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12877", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lxnhuahphd2g", "content": "", "creation_timestamp": "2025-08-30T21:02:25.916371Z"}, {"uuid": "a292a231-00b4-4657-af29-b69f7687833e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12878", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3meovcdbtcz2i", "content": "", "creation_timestamp": "2026-02-12T21:03:17.412297Z"}, {"uuid": "275e84d1-ee58-43d7-a71d-56c352b4eb1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12876", "type": "seen", "source": "https://t.me/cvedetector/19820", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12876 - Golo City Travel Guide WordPress Theme Password Reset Privilege Escalation\", \n  \"Content\": \"CVE ID : CVE-2024-12876 \nPublished : March 7, 2025, 9:15 a.m. | 1\u00a0hour, 46\u00a0minutes ago \nDescription : The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.10. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-07T12:26:39.000000Z"}, {"uuid": "c632a877-d689-4caa-8f66-dca2f02075c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12872", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3602", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12872\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-01-31T06:15:27.870\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/a8a706c6-7f0f-4148-9f6f-40c0ca95dd9a/", "creation_timestamp": "2025-01-31T07:24:22.000000Z"}, {"uuid": "ceb30ea3-d3bf-481e-841a-cb9a36d9b6df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12876", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6808", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12876\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.10. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.\n\ud83d\udccf Published: 2025-03-07T08:21:28.125Z\n\ud83d\udccf Modified: 2025-03-07T08:21:28.125Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/e6cb81e5-61a4-4b67-a668-d8a7d46b2cea?source=cve\n2. https://themeforest.net/item/golo-directory-listing-travel-wordpress-theme/25397810", "creation_timestamp": "2025-03-07T08:34:51.000000Z"}, {"uuid": "a53e6b87-f49e-4092-9ad4-90ff5fa89fe6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12877", "type": "seen", "source": "https://t.me/cvedetector/15042", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12877 - GiveWP - Donation Plugin and Fundraising Platform PHP Object Injection and Remote Code Execution\", \n  \"Content\": \"CVE ID : CVE-2024-12877 \nPublished : Jan. 11, 2025, 8:15 a.m. | 33\u00a0minutes ago \nDescription : The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.2 via deserialization of untrusted input from the donation form like 'firstName'. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files on the server that makes remote code execution possible. Please note this was only partially patched in 3.19.3, a fully sufficient patch was not released until 3.19.4. However, another CVE was assigned by another CNA for version 3.19.3 so we will leave this as affecting 3.19.2 and before. We have recommended the vendor use JSON encoding to prevent any further deserialization vulnerabilities from being present. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-11T09:54:07.000000Z"}, {"uuid": "b106e78d-bc72-4a7a-8415-f48e1f29913c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12875", "type": "seen", "source": "https://t.me/cvedetector/13501", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12875 - Easy Digital Downloads WordPress Directory Traversal Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12875 \nPublished : Dec. 21, 2024, 12:15 p.m. | 15\u00a0minutes ago \nDescription : The Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.2 via the file download functionality. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. \nSeverity: 4.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-21T13:39:42.000000Z"}, {"uuid": "99cb149e-992b-4c74-b087-4795bb70be5f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12879", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgcpqffaax2f", "content": "", "creation_timestamp": "2025-01-22T06:15:49.537179Z"}, {"uuid": "f7a0c5b7-99a8-40be-8b7d-64f505c4d43c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12879", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgcrdfxswe2e", "content": "", "creation_timestamp": "2025-01-22T06:44:22.369879Z"}, {"uuid": "69cfdfd7-2bbb-4130-981a-5e5849981bb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12876", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ljrxr4ossd2q", "content": "", "creation_timestamp": "2025-03-07T12:04:56.120695Z"}, {"uuid": "49887299-b3b5-452a-9420-916d5d7640fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12878", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-12878.yaml", "content": "", "creation_timestamp": "2026-02-11T12:41:17.000000Z"}, {"uuid": "24df1378-4ada-4b31-9ec8-25b0a07e7518", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12873", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-12873.yaml", "content": "", "creation_timestamp": "2026-02-06T15:51:26.000000Z"}, {"uuid": "89bb2034-45ea-4218-8fc0-7405e964622f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12877", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1282", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12877\n\ud83d\udd39 Description: The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.2 via deserialization of untrusted input from the donation form like 'firstName'. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files on the server that makes remote code execution possible. Please note this was only partially patched in 3.19.3, a fully sufficient patch was not released until 3.19.4. However, another CVE was assigned by another CNA for version 3.19.3 so we will leave this as affecting 3.19.2 and before. We have recommended the vendor use JSON encoding to prevent any further deserialization vulnerabilities from being present.\n\ud83d\udccf Published: 2025-01-11T07:21:53.510Z\n\ud83d\udccf Modified: 2025-01-11T07:21:53.510Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/b2143edf-5423-4e79-8638-a5b98490d292?source=cve\n2. https://plugins.trac.wordpress.org/changeset/3212723/give/tags/3.19.3/src/Helpers/Utils.php", "creation_timestamp": "2025-01-11T08:04:03.000000Z"}, {"uuid": "e9ab5187-82fc-4d56-8d40-8d4b7930ee58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12879", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2519", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12879\n\ud83d\udd39 Description: The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'qc_wp_latest_update_check_pro' function in all versions up to, and including, 13.5.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create Simple Text Responses to chat queries.\n\ud83d\udccf Published: 2025-01-22T05:23:04.823Z\n\ud83d\udccf Modified: 2025-01-22T05:23:04.823Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/91427e3e-fedb-407e-8af6-8f4411a4166a?source=cve\n2. https://www.wpbot.pro/", "creation_timestamp": "2025-01-22T06:03:31.000000Z"}, {"uuid": "60e335a1-bcbd-4d7a-822c-ea0da3b98dd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1287", "type": "seen", "source": "https://t.me/cvedetector/1988", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-1287 - WordPress pmpro-member-directory Password Hash Information Disclosure\", \n  \"Content\": \"CVE ID : CVE-2024-1287 \nPublished : July 30, 2024, 6:15 a.m. | 40\u00a0minutes ago \nDescription : The pmpro-member-directory WordPress plugin before 1.2.6 does not prevent users with at least the contributor role from leaking other users' sensitive information, including password hashes. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-30T09:02:47.000000Z"}, {"uuid": "65071096-580a-4233-af26-b3162f3835af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12875", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113690566969863839", "content": "", "creation_timestamp": "2024-12-21T11:26:20.406582Z"}, {"uuid": "040843e0-ad54-494c-bd54-766f1d02f2ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12875", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ldsuwi5ii425", "content": "", "creation_timestamp": "2024-12-21T12:15:43.356868Z"}, {"uuid": "529a106a-44c7-4548-ab5c-a64b3d81e4e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12877", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfhbdkx4ri25", "content": "", "creation_timestamp": "2025-01-11T08:16:13.676631Z"}, {"uuid": "b037acad-fdbc-4ef6-ab18-edf4b781db78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12877", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113808854560997226", "content": "", "creation_timestamp": "2025-01-11T08:48:27.427928Z"}, {"uuid": "3b3919ea-251d-421a-be20-7476122e1472", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12872", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgzi2xkuds2g", "content": "", "creation_timestamp": "2025-01-31T07:29:48.267890Z"}, {"uuid": "2575b45c-63f8-4c60-b435-794f58ad8d47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12876", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114120991585951470", "content": "", "creation_timestamp": "2025-03-07T11:48:59.472291Z"}, {"uuid": "606eeaca-654a-44c5-8ef0-fab04f13b687", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12876", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3ljuhxhhv5z2w", "content": "", "creation_timestamp": "2025-03-08T12:00:07.537391Z"}, {"uuid": "6010800a-e391-44cd-b8c3-a007a5c7e22b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12877", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3mejue7qywc2c", "content": "", "creation_timestamp": "2026-02-10T21:02:57.948705Z"}, {"uuid": "e56f4dde-b08c-4caa-b61e-40e8e9d0f6c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12878", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5470", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12878\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Custom Block Builder  WordPress plugin before 3.8.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n\ud83d\udccf Published: 2025-02-26T06:00:07.209Z\n\ud83d\udccf Modified: 2025-02-26T06:00:07.209Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/827444d1-87cb-4057-827a-d802eac82cf8/", "creation_timestamp": "2025-02-26T06:25:24.000000Z"}, {"uuid": "6f120b8b-321d-448c-965a-aae6e74abf33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-12879", "type": "seen", "source": "https://t.me/cvedetector/16077", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12879 - \"WordPress WPBot Pro Unauthorized Data Modification - Arbitrary Chat Response Injection\"\", \n  \"Content\": \"CVE ID : CVE-2024-12879 \nPublished : Jan. 22, 2025, 6:15 a.m. | 38\u00a0minutes ago \nDescription : The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'qc_wp_latest_update_check_pro' function in all versions up to, and including, 13.5.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create Simple Text Responses to chat queries. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-22T08:02:14.000000Z"}]}