{"vulnerability": "cve-2024-4929", "sightings": [{"uuid": "3e1cd4bc-19da-427b-bbb1-dd2ac42f62b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-49294", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113786703691101687", "content": "", "creation_timestamp": "2025-01-07T10:55:10.582850Z"}, {"uuid": "b1e9dac5-c99f-4043-b784-23a7051249f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-49294", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf5jimb4f625", "content": "", "creation_timestamp": "2025-01-07T11:15:35.172736Z"}, {"uuid": "b9bad33d-9d82-4ffc-ba2b-98be241e04c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-49294", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf5jimb4f625", "content": "", "creation_timestamp": "2025-01-07T11:15:35.187310Z"}, {"uuid": "e16fff23-ffd5-4944-947c-73ff09cbcb4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-49294", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/398", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-49294\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team Bus Ticket Booking with Seat Reservation allows Cross Site Request Forgery.This issue affects Bus Ticket Booking with Seat Reservation: from n/a through 5.4.3.\n\ud83d\udccf Published: 2025-01-07T10:49:34.068Z\n\ud83d\udccf Modified: 2025-01-07T10:49:34.068Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/bus-ticket-booking-with-seat-reservation/vulnerability/wordpress-wpbusticketly-plugin-5-4-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "creation_timestamp": "2025-01-07T11:37:55.000000Z"}, {"uuid": "03ee21c1-4ce2-4557-adf8-b247025efb3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-49293", "type": "seen", "source": "https://t.me/cvedetector/8455", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-49293 - Rextheme WP VR Missing Authorization Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-49293 \nPublished : Oct. 21, 2024, 12:15 p.m. | 41\u00a0minutes ago \nDescription : Missing Authorization vulnerability in Rextheme WP VR allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP VR: from n/a through 8.5.4. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-21T15:09:36.000000Z"}, {"uuid": "947a78f9-ccc6-4a8c-8bea-f0d689e4bd3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-49295", "type": "seen", "source": "https://t.me/cvedetector/8236", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-49295 - PressTigers Simple Testimonials Showcase Cross-site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-49295 \nPublished : Oct. 17, 2024, 7:15 p.m. | 16\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PressTigers Simple Testimonials Showcase.This issue affects Simple Testimonials Showcase: from n/a through 1.1.6. \nSeverity: 5.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-17T21:40:27.000000Z"}, {"uuid": "293e9019-93fd-41f1-9185-1691a502f183", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-49292", "type": "seen", "source": "https://t.me/cvedetector/8234", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-49292 - Exclusive Addons Elementor Stored XSS\", \n  \"Content\": \"CVE ID : CVE-2024-49292 \nPublished : Oct. 17, 2024, 7:15 p.m. | 16\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.7.1. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-17T21:40:25.000000Z"}, {"uuid": "005e94fc-df7f-45af-b4d6-1a46853a33ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-49298", "type": "seen", "source": "https://t.me/cvedetector/8231", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-49298 - PeproDev Ultimate Invoice Cross-site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2024-49298 \nPublished : Oct. 17, 2024, 7:15 p.m. | 16\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pepro Dev. Group PeproDev Ultimate Invoice allows Stored XSS.This issue affects PeproDev Ultimate Invoice: from n/a through 2.0.6. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-17T21:40:20.000000Z"}, {"uuid": "e2985d88-58fd-45bb-b9fc-a75c4f68f01d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-49296", "type": "seen", "source": "https://t.me/cvedetector/8230", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-49296 - Coder426 Custom Add to Cart Button XSS Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-49296 \nPublished : Oct. 17, 2024, 7:15 p.m. | 16\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Coder426 Custom Add to Cart Button Label and Link allows Stored XSS.This issue affects Custom Add to Cart Button Label and Link: from n/a through 1.6.1. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-17T21:40:19.000000Z"}, {"uuid": "0ddb4255-1e01-4585-bd78-91fb6c4450a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-49299", "type": "seen", "source": "https://t.me/cvedetector/8211", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-49299 - Apache Surfer SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2024-49299 \nPublished : Oct. 17, 2024, 6:15 p.m. | 26\u00a0minutes ago \nDescription : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Surfer allows SQL Injection.This issue affects Surfer: from n/a through 1.5.0.502. \nSeverity: 7.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-17T20:49:44.000000Z"}, {"uuid": "a9f74dbb-35bd-4164-8045-6ca3820affa2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-49297", "type": "seen", "source": "https://t.me/cvedetector/8210", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-49297 - Zoho CRM Lead Magnet SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2024-49297 \nPublished : Oct. 17, 2024, 6:15 p.m. | 26\u00a0minutes ago \nDescription : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho CRM Zoho CRM Lead Magnet allows SQL Injection.This issue affects Zoho CRM Lead Magnet: from n/a through 1.7.9.0. \nSeverity: 8.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-17T20:49:43.000000Z"}, {"uuid": "5ca1a2c3-e348-447e-bfdd-5108cea75493", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-49291", "type": "seen", "source": "https://t.me/cvedetector/8209", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-49291 - Gora Tech LLC Cooked Pro Unrestricted File Upload Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-49291 \nPublished : Oct. 17, 2024, 6:15 p.m. | 26\u00a0minutes ago \nDescription : Unrestricted Upload of File with Dangerous Type vulnerability in Gora Tech LLC Cooked Pro.This issue affects Cooked Pro: from n/a before 1.8.0. \nSeverity: 10.0 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-17T20:49:42.000000Z"}, {"uuid": "d3c918ba-a410-4507-87d9-b9c6c2ccf776", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-49290", "type": "seen", "source": "https://t.me/cvedetector/8434", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-49290 - Gora Tech LLC Cooked Pro CSRF\", \n  \"Content\": \"CVE ID : CVE-2024-49290 \nPublished : Oct. 20, 2024, 11:15 a.m. | 44\u00a0minutes ago \nDescription : Cross-Site Request Forgery (CSRF) vulnerability in Gora Tech LLC Cooked Pro allows Cross Site Request Forgery.This issue affects Cooked Pro: from n/a before 1.8.0. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-20T14:05:08.000000Z"}]}