{"vulnerability": "cve-2024-3669", "sightings": [{"uuid": "6156d6d4-70c5-43d0-844f-b76062674e53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-36694", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113675525609760259", "content": "", "creation_timestamp": "2024-12-18T19:41:07.355186Z"}, {"uuid": "756beae2-a32e-4c99-acfd-fa40d8e728f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-36694", "type": "seen", "source": "MISP/acd0294c-4561-4286-a04e-5c02a1c67b1f", "content": "", "creation_timestamp": "2025-09-16T03:45:05.000000Z"}, {"uuid": "f6fc1b2b-f6d7-4c8f-9c42-c32ed083dda9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-36694", "type": "seen", "source": "https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-3714", "content": "", "creation_timestamp": "2026-03-08T06:16:13.000000Z"}, {"uuid": "93aea42a-f692-44f2-9ae8-706151b8f70a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-36694", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2835", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-36694\n\ud83d\udd39 Description: OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection (SSTI) via the Theme Editor Function.\n\ud83d\udccf Published: 2024-12-18T00:00:00.000Z\n\ud83d\udccf Modified: 2025-01-23T20:35:17.819Z\n\ud83d\udd17 References:\n1. https://github.com/opencart/opencart/releases/tag/4.0.2.3\n2. https://github.com/A3h1nt/CVEs/blob/main/OpenCart/Readme.md\n3. https://github.com/opencart/opencart/issues/13863\n4. https://medium.com/@pawarit.sanguanpang/opencart-v4-0-2-3-server-side-template-injection-0b173a3bdcf9\n5. https://github.com/PawaritSanguanpang/CVEs/blob/main/OpenCart/CVE-2024-36694/README.md", "creation_timestamp": "2025-01-23T21:03:44.000000Z"}, {"uuid": "87718ba0-ae63-4841-a333-8184e5535ff7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-36694", "type": "seen", "source": "https://t.me/cvedetector/13250", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-36694 - OpenCart SSTI Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-36694 \nPublished : Dec. 18, 2024, 8:15 p.m. | 36\u00a0minutes ago \nDescription : OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection (SSTI) via the Theme Editor Function. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-18T22:04:02.000000Z"}, {"uuid": "4ca99ee6-27e4-4a19-a802-fdc47d91d5d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-36694", "type": "seen", "source": "MISP/acd0294c-4561-4286-a04e-5c02a1c67b1f", "content": "", "creation_timestamp": "2025-09-15T13:28:32.000000Z"}, {"uuid": "43ccc66a-6e64-44fb-9693-b3a4722a6ca9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-3669", "type": "seen", "source": "https://t.me/cvedetector/1987", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-3669 - \"Directory Free WordPress Cross-Site Scripting Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-3669 \nPublished : July 30, 2024, 6:15 a.m. | 40\u00a0minutes ago \nDescription : The Web Directory Free WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-30T09:02:46.000000Z"}]}