{"vulnerability": "cve-2024-1354", "sightings": [{"uuid": "8ac88c7f-5eed-49f7-ae9b-f0a5e7116a8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13549", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgxoecg53l2w", "content": "", "creation_timestamp": "2025-01-30T14:17:04.125367Z"}, {"uuid": "2edc61e4-04b4-4f3d-a985-a155978f7fd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13547", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lh3npevnhs27", "content": "", "creation_timestamp": "2025-02-01T04:16:01.135032Z"}, {"uuid": "d31cdc9b-31b8-4053-a11a-0f45d39a426d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13549", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113917848568461766", "content": "", "creation_timestamp": "2025-01-30T14:47:02.181925Z"}, {"uuid": "73a0f4e4-20ea-46f6-8e90-b73acdce7465", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13543", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113983764802916706", "content": "", "creation_timestamp": "2025-02-11T06:10:24.220315Z"}, {"uuid": "6d3784db-de03-456c-b01a-792d8fdc7538", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13544", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113983764817347521", "content": "", "creation_timestamp": "2025-02-11T06:10:24.526049Z"}, {"uuid": "0318d7fc-a222-4c0e-9d4a-35c646caf7ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13543", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhuz2gllud2h", "content": "", "creation_timestamp": "2025-02-11T06:15:36.519454Z"}, {"uuid": "0ea918a9-b283-49d4-acf8-2d657670bdcb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13544", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhuz2j4gi222", "content": "", "creation_timestamp": "2025-02-11T06:15:39.488861Z"}, {"uuid": "b036a930-18da-492f-838f-5a24c493169b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13544", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lhv7yeeocb2p", "content": "", "creation_timestamp": "2025-02-11T08:19:43.473878Z"}, {"uuid": "dc0808c1-d787-44df-973b-54aca98106fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13543", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lhv7yff5322m", "content": "", "creation_timestamp": "2025-02-11T08:19:47.494521Z"}, {"uuid": "4d29f929-fb73-4769-9c64-801f334dba34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13541", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113988772730198797", "content": "", "creation_timestamp": "2025-02-12T03:23:59.215010Z"}, {"uuid": "631d190f-5082-4dd1-bc86-670ef561112d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13541", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhxcuyzelv2i", "content": "", "creation_timestamp": "2025-02-12T04:16:51.465189Z"}, {"uuid": "2de6a545-ea2f-44cb-8dd8-bcc771c0283f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13540", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ligiyo7lv52h", "content": "", "creation_timestamp": "2025-02-18T05:16:12.921669Z"}, {"uuid": "80f0a892-875d-41d6-94b0-198514b7e73e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13543", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-13543.yaml", "content": "", "creation_timestamp": "2026-02-05T05:52:19.000000Z"}, {"uuid": "98f561cc-f8e5-425a-a878-8d4df1898807", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13546", "type": "seen", "source": "https://t.me/cvedetector/19229", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13546 - GenerateBlocks WordPress Sensitive Information Exposure\", \n  \"Content\": \"CVE ID : CVE-2024-13546 \nPublished : March 1, 2025, 10:15 a.m. | 36\u00a0minutes ago \nDescription : The GenerateBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.1 via the 'get_image_description' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the content of private, draft, and scheduled posts and pages. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-01T12:16:04.000000Z"}, {"uuid": "cc49abef-5ab0-4c53-b2b2-081ed1501d08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13541", "type": "seen", "source": "https://t.me/cvedetector/17808", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13541 - \"Directory Listing Plugin for WordPress Arbitrary Post Deletion Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-13541 \nPublished : Feb. 12, 2025, 4:15 a.m. | 17\u00a0minutes ago \nDescription : The aDirectory \u2013 WordPress Directory Listing Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the adqs_delete_listing() function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-12T05:59:50.000000Z"}, {"uuid": "7f3ed41c-66cd-4fb4-a819-6e0ba739d0d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13544", "type": "seen", "source": "https://t.me/cvedetector/17673", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13544 - Zarinpal Paid Download File Upload Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13544 \nPublished : Feb. 11, 2025, 6:15 a.m. | 1\u00a0hour, 50\u00a0minutes ago \nDescription : The Zarinpal Paid Download WordPress plugin through 2.3 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup) \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-11T09:49:33.000000Z"}, {"uuid": "324b353a-e9f4-4b20-8933-7cc3d0dd885f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13543", "type": "seen", "source": "https://t.me/cvedetector/17672", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13543 - Zarinpal Paid Download WordPress Reflected Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-13543 \nPublished : Feb. 11, 2025, 6:15 a.m. | 1\u00a0hour, 50\u00a0minutes ago \nDescription : The Zarinpal Paid Download WordPress plugin through 2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-11T09:49:32.000000Z"}, {"uuid": "36e29da8-a50a-4d15-85d9-631a2d455f7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13542", "type": "seen", "source": "https://t.me/cvedetector/16272", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13542 - WordPress Google Street View Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13542 \nPublished : Jan. 24, 2025, 11:15 a.m. | 28\u00a0minutes ago \nDescription : The WP Google Street View (with 360\u00b0 virtual tour) & Google maps + Local SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpgsv' shortcode in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-24T12:44:07.000000Z"}, {"uuid": "f0573ca4-0282-4f05-8187-d4a9d21e0128", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13545", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2885", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13545\n\ud83d\udd39 Description: The Bootstrap Ultimate theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.9 via the path parameter. This makes it possible for unauthenticated attackers to include PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included. If php://filter is enabled on the server, this issue may directly lead to Remote Code Execution.\n\ud83d\udccf Published: 2025-01-24T08:23:41.200Z\n\ud83d\udccf Modified: 2025-01-24T08:23:41.200Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/ae07af10-e5fc-4f28-a343-f56c0e2bc324?source=cve\n2. https://themes.trac.wordpress.org/browser/bootstrap-ultimate/1.4.9/docs/index.php#L8", "creation_timestamp": "2025-01-24T09:03:35.000000Z"}, {"uuid": "70bdfcc8-4e49-416a-a82d-37dc317d675b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13543", "type": "seen", "source": "Telegram/3rhUczMVjglw8l-CbftoJHaRJDTOOaonWDgBZmxSaFChIVsw", "content": "", "creation_timestamp": "2025-02-20T23:26:55.000000Z"}, {"uuid": "8fe649e3-5870-4249-bf36-55a4be9905d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13541", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4012", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13541\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-12T04:15:09.347\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/browser/adirectory/tags/1.3.4/inc/Frontend/Ajax.php#L115\n2. https://plugins.trac.wordpress.org/browser/adirectory/tags/1.9.5/inc/Frontend/Ajax.php#L115\n3. https://plugins.trac.wordpress.org/browser/adirectory/tags/2.1/inc/Frontend/Ajax.php#L113\n4. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3235167%40adirectory&new=3235167%40adirectory&sfp_email=&sfph_mail=\n5. https://www.wordfence.com/threat-intel/vulnerabilities/id/c99b8a94-c35b-43a1-bb14-2ca97be421cc?source=cve", "creation_timestamp": "2025-02-12T05:06:53.000000Z"}, {"uuid": "0ac4b520-fb6b-4675-9bcc-5f3078927e29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13541", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4030", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13541\n\ud83d\udd25 CVSS Score: 4.2 (CVSS_V3)\n\ud83d\udd39 Description: The aDirectory \u2013 WordPress Directory Listing Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the adqs_delete_listing() function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts.\n\ud83d\udccf Published: 2025-02-12T06:30:31Z\n\ud83d\udccf Modified: 2025-02-12T06:30:31Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13541\n2. https://plugins.trac.wordpress.org/browser/adirectory/tags/1.3.4/inc/Frontend/Ajax.php#L115\n3. https://plugins.trac.wordpress.org/browser/adirectory/tags/1.9.5/inc/Frontend/Ajax.php#L115\n4. https://plugins.trac.wordpress.org/browser/adirectory/tags/2.1/inc/Frontend/Ajax.php#L113\n5. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3235167%40adirectory&new=3235167%40adirectory&sfp_email=&sfph_mail=\n6. https://www.wordfence.com/threat-intel/vulnerabilities/id/c99b8a94-c35b-43a1-bb14-2ca97be421cc?source=cve", "creation_timestamp": "2025-02-12T07:11:47.000000Z"}, {"uuid": "7228295a-4485-4bfe-a79b-4eebbb85d2e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13540", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4749", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13540\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: The WooODT Lite \u2013 Delivery & pickup date time location for WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.5.1. This is due the /inc/bycwooodt_get_all_orders.php file being publicly accessible and generating a publicly visible error message. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.\n\ud83d\udccf Published: 2025-02-18T04:21:14.616Z\n\ud83d\udccf Modified: 2025-02-18T04:21:14.616Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/4158f6ff-8e0f-4531-8c94-f59220d6fea6?source=cve\n2. https://plugins.trac.wordpress.org/browser/byconsole-woo-order-delivery-time/trunk/inc/bycwooodt_get_all_orders.php", "creation_timestamp": "2025-02-18T07:57:02.000000Z"}, {"uuid": "20ed636c-3e11-424f-a629-3eed846b2dc3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13547", "type": "seen", "source": "https://t.me/cvedetector/17005", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13547 - aThemes Addons for Elementor Stored Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2024-13547 \nPublished : Feb. 1, 2025, 4:15 a.m. | 2\u00a0hours, 21\u00a0minutes ago \nDescription : The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-01T08:07:35.000000Z"}, {"uuid": "ee324080-ec65-46ea-873a-88e0bbee1084", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1354", "type": "seen", "source": "https://t.me/ctinow/184137", "content": "https://ift.tt/9bpR71H\nCVE-2024-1354", "creation_timestamp": "2024-02-13T20:22:12.000000Z"}, {"uuid": "e3dc2676-3d4f-4474-8b7c-d39469851fe8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13548", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113887990348463003", "content": "", "creation_timestamp": "2025-01-25T08:13:42.061833Z"}, {"uuid": "f2ddceca-c2cd-42e3-90bc-07d3582bce19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13545", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113882700844246084", "content": "", "creation_timestamp": "2025-01-24T09:48:31.306663Z"}, {"uuid": "f0bb58ed-9730-4f6e-bb30-b2aa2e5b3ef4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13543", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3meccxhjyui2s", "content": "", "creation_timestamp": "2026-02-07T21:02:57.893665Z"}, {"uuid": "2a80d7ed-d621-475c-b923-52f6f4ec4452", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13542", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2894", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13542\n\ud83d\udd39 Description: The WP Google Street View (with 360\u00b0 virtual tour) & Google maps + Local SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpgsv' shortcode in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-01-24T11:07:32.108Z\n\ud83d\udccf Modified: 2025-01-24T11:07:32.108Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/4b1944a9-4bc4-4ac2-83c3-55d6d61f405c?source=cve\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3227140%40wp-google-street-view&new=3227140%40wp-google-street-view&sfp_email=&sfph_mail=", "creation_timestamp": "2025-01-24T12:04:47.000000Z"}, {"uuid": "02aabc31-d52e-46bc-9eaf-587b4970ce81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13546", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6065", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13546\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: The GenerateBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.1 via the 'get_image_description' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the content of private, draft, and scheduled posts and pages.\n\ud83d\udccf Published: 2025-03-01T09:22:53.483Z\n\ud83d\udccf Modified: 2025-03-01T09:22:53.483Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/4f6f2a8c-ecd9-482c-a32e-0c3d7a7e4ec4?source=cve\n2. https://plugins.trac.wordpress.org/browser/generateblocks/trunk/includes/class-dynamic-content.php#L1047\n3. https://plugins.trac.wordpress.org/browser/generateblocks/trunk/includes/class-dynamic-content.php#L1054\n4. https://plugins.trac.wordpress.org/changeset/3239461/", "creation_timestamp": "2025-03-01T09:30:17.000000Z"}, {"uuid": "9cdc46d8-29ea-40ec-98f1-7cbc97a38ddd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13548", "type": "seen", "source": "https://t.me/cvedetector/16369", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13548 - \"Elementor Power Ups Stored Cross-Site Scripting\"\", \n  \"Content\": \"CVE ID : CVE-2024-13548 \nPublished : Jan. 25, 2025, 8:15 a.m. | 42\u00a0minutes ago \nDescription : The Power Ups for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'magic-button' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-25T10:28:45.000000Z"}, {"uuid": "9b088aa4-cff5-4400-b782-9b78d3d5bca7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13540", "type": "seen", "source": "Telegram/OF0ceqNR5eVV44rXfW8xnOoJN9EDHEVy479_R56Fc7d6aZTD", "content": "", "creation_timestamp": "2025-02-18T11:39:00.000000Z"}, {"uuid": "7d59501d-87db-4214-aaf4-a2b9a044213c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13544", "type": "seen", "source": "Telegram/kXfQS2SjChZB0Q3iH2QOhPBUhUSBwcKVZK2Ns9Zyr_ZykmQZ", "content": "", "creation_timestamp": "2025-02-20T23:26:55.000000Z"}, {"uuid": "7dfdb5bc-6be3-4684-9444-ee447d443e93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13547", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lh3z4774eb2w", "content": "", "creation_timestamp": "2025-02-01T07:40:05.418603Z"}, {"uuid": "84c1a451-5d4d-41db-9c73-8a59c9d8bf5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13545", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113882406502502942", "content": "", "creation_timestamp": "2025-01-24T08:33:39.282182Z"}, {"uuid": "06da237e-fcb6-4000-aa52-cb0404323159", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13546", "type": "seen", "source": "Telegram/jytQXdHmFjcmkhuhfbAe3PkV1HS7vhQ4ktCAVUb2pbh24Eac", "content": "", "creation_timestamp": "2025-03-02T11:46:58.000000Z"}, {"uuid": "c1a4c30a-9b09-40ef-a055-38738b090378", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13548", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3064", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13548\n\ud83d\udd39 Description: The Power Ups for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'magic-button' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-01-25T07:24:15.155Z\n\ud83d\udccf Modified: 2025-01-25T07:24:15.155Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/3b7ab552-1ec5-4479-84b9-3e44f6c0354d?source=cve\n2. https://plugins.trac.wordpress.org/browser/power-ups-for-elementor/trunk/modules/magic-buttons-for-elementor/magic_buttons_shortcodes.php\n3. https://wordpress.org/plugins/power-ups-for-elementor/", "creation_timestamp": "2025-01-25T08:05:43.000000Z"}, {"uuid": "f41aa56b-1782-4954-ada1-40e834d110e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13547", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3711", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13547\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-01T04:15:30.857\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/changeset/3230740/athemes-addons-for-elementor-lite/trunk/inc/modules/widgets/image-accordion/class-image-accordion.php\n2. https://www.wordfence.com/threat-intel/vulnerabilities/id/1e0f7686-1c8c-49d6-9d0b-3c8df6c24d0d?source=cve", "creation_timestamp": "2025-02-01T05:25:45.000000Z"}, {"uuid": "0ed9e185-7f30-42d8-98e0-6d466c728488", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13547", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3733", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13547\n\ud83d\udd25 CVSS Score: 6.2 (CVSS_V3)\n\ud83d\udd39 Description: The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-02-01T06:31:00Z\n\ud83d\udccf Modified: 2025-02-01T06:31:00Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13547\n2. https://plugins.trac.wordpress.org/changeset/3230740/athemes-addons-for-elementor-lite/trunk/inc/modules/widgets/image-accordion/class-image-accordion.php\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/1e0f7686-1c8c-49d6-9d0b-3c8df6c24d0d?source=cve", "creation_timestamp": "2025-02-01T07:16:31.000000Z"}, {"uuid": "e8bdb726-5ee5-4d31-a1fc-4b43babfb7bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13545", "type": "seen", "source": "https://t.me/cvedetector/16254", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13545 - \"WordPress Bootstrap Ultimate Remote File Inclusion Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-13545 \nPublished : Jan. 24, 2025, 9:15 a.m. | 38\u00a0minutes ago \nDescription : The Bootstrap Ultimate theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.9 via the path parameter. This makes it possible for unauthenticated attackers to include PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included. If php://filter is enabled on the server, this issue may directly lead to Remote Code Execution. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-24T11:03:25.000000Z"}, {"uuid": "5476a41c-2dc6-4bd0-8775-ce8cedc34933", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13549", "type": "seen", "source": "https://t.me/cvedetector/16783", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13549 - WordPress Bootstrap Blocks Stored Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-13549 \nPublished : Jan. 30, 2025, 2:15 p.m. | 46\u00a0minutes ago \nDescription : The All Bootstrap Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \"Accordion\" widget in all versions up to, and including, 1.3.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-30T16:46:35.000000Z"}, {"uuid": "827b0efa-8f44-405d-9f31-426511f04a95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13541", "type": "seen", "source": "Telegram/Ko77njhd0Sz0jOfKGQBbk5mFcOWnd5bl5qgkrNcYL4gE-BIS", "content": "", "creation_timestamp": "2025-02-14T10:04:02.000000Z"}, {"uuid": "7d4faa6e-37bf-46d5-8123-093ecd52885b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13542", "type": "seen", "source": "Telegram/RaqcPWITufAlbe3YttsQeU0eBYLcWeeJUvMXGFj09y6Es5oO", "content": "", "creation_timestamp": "2025-02-06T02:43:27.000000Z"}, {"uuid": "6f0b0a82-c9f9-4e5f-8a1c-9af2a1c9fa12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-1354", "type": "seen", "source": "https://t.me/ctinow/199797", "content": "https://ift.tt/pZM0PkB\nCVE-2024-1354 | GitHub Enterprise Server up to 3.8.14/3.9.9/3.10.6/3.11.4 Management Console access control", "creation_timestamp": "2024-03-05T01:33:07.000000Z"}]}