Most recent sightings.

https://vulnerability.circl.lu/sightings/feed Most recent sightings. 2026-05-07T16:00:44.821529+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/6efe9c4b-1ad1-4507-9fa8-0d59f8a376e0/export 6efe9c4b-1ad1-4507-9fa8-0d59f8a376e0 2026-05-07T16:00:45.013200+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "6efe9c4b-1ad1-4507-9fa8-0d59f8a376e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13446", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7311", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13446\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The Workreap plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.2.5. This is due to the plugin not properly validating a user's identity prior to (1) performing a social auto-login or (2) updating their profile details (e.g. password). This makes it possible for unauthenticated attackers to (1) login as an arbitrary user if their email address is known or (2) change an arbitrary user's password, including administrators, and leverage that to gain access to their account. NOTE: This vulnerability was partially fixed in version 3.2.5.\n\ud83d\udccf Published: 2025-03-12T09:22:25.914Z\n\ud83d\udccf Modified: 2025-03-12T14:20:41.049Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/78c1308b-0849-4235-b2d6-0b1750a5614f?source=cve\n2. https://themeforest.net/item/workreap-freelance-marketplace-wordpress-theme/23712454", "creation_timestamp": "2025-03-12T14:40:47.000000Z"} 2025-03-12T14:40:47+00:00 https://vulnerability.circl.lu/sighting/50e31c21-e3be-4851-8ad2-8120e8cdf951/export 50e31c21-e3be-4851-8ad2-8120e8cdf951 2026-05-07T16:00:45.013118+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "50e31c21-e3be-4851-8ad2-8120e8cdf951", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13446", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114150716747771514", "content": "", "creation_timestamp": "2025-03-12T17:48:29.104107Z"} 2025-03-12T17:48:29.104107+00:00 https://vulnerability.circl.lu/sighting/f2a27cc4-189a-495c-9f9b-85ecc4cc49a1/export f2a27cc4-189a-495c-9f9b-85ecc4cc49a1 2026-05-07T16:00:45.013039+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "f2a27cc4-189a-495c-9f9b-85ecc4cc49a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13442", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lkq7ddnhzo2v", "content": "", "creation_timestamp": "2025-03-19T12:40:14.326939Z"} 2025-03-19T12:40:14.326939+00:00 https://vulnerability.circl.lu/sighting/7dfb7c96-d2fc-47d7-85b5-ca9fcd34104b/export 7dfb7c96-d2fc-47d7-85b5-ca9fcd34104b 2026-05-07T16:00:45.012942+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "7dfb7c96-d2fc-47d7-85b5-ca9fcd34104b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13442", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8044", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13442\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.0. This is due to the plugin not properly validating a user's identity prior to (1) performing a post-booking auto-login or (2) updating their profile details (e.g. password). This makes it possible for unauthenticated attackers to (1) login as an arbitrary user if their email address is known or (2) change an arbitrary user's password, including administrators, and leverage that to gain access to their account.\n\ud83d\udccf Published: 2025-03-19T11:10:37.915Z\n\ud83d\udccf Modified: 2025-03-19T13:37:10.480Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/827b5482-cb42-4aaa-80b5-3d0143fcead8?source=cve\n2. https://themeforest.net/item/service-finder-service-and-business-listing-wordpress-theme/15208793", "creation_timestamp": "2025-03-19T13:49:13.000000Z"} 2025-03-19T13:49:13+00:00 https://vulnerability.circl.lu/sighting/097bb670-4867-4962-a772-104de04a7e55/export 097bb670-4867-4962-a772-104de04a7e55 2026-05-07T16:00:45.012857+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "097bb670-4867-4962-a772-104de04a7e55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13442", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkqfwt6ytl26", "content": "", "creation_timestamp": "2025-03-19T14:38:31.780927Z"} 2025-03-19T14:38:31.780927+00:00 https://vulnerability.circl.lu/sighting/bdc4898a-dafd-450e-b1c9-1ddcb57fea0e/export bdc4898a-dafd-450e-b1c9-1ddcb57fea0e 2026-05-07T16:00:45.012753+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "bdc4898a-dafd-450e-b1c9-1ddcb57fea0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13442", "type": "seen", "source": "https://t.me/cvedetector/20637", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-13442 - WordPress Service Finder Bookings Privilege Escalation Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-13442 \nPublished : March 19, 2025, 12:15 p.m. | 53\u00a0minutes ago \nDescription : The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.0. This is due to the plugin not properly validating a user's identity prior to (1) performing a post-booking auto-login or (2) updating their profile details (e.g. password). This makes it possible for unauthenticated attackers to (1) login as an arbitrary user if their email address is known or (2) change an arbitrary user's password, including administrators, and leverage that to gain access to their account. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"19 Mar 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-19T14:38:48.000000Z"} 2025-03-19T14:38:48+00:00 https://vulnerability.circl.lu/sighting/d64cd663-9923-4882-be03-0487c60d7aad/export d64cd663-9923-4882-be03-0487c60d7aad 2026-05-07T16:00:45.012667+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "d64cd663-9923-4882-be03-0487c60d7aad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13442", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114189644522048401", "content": "", "creation_timestamp": "2025-03-19T14:48:19.703465Z"} 2025-03-19T14:48:19.703465+00:00 https://vulnerability.circl.lu/sighting/ad4669df-60f6-46a1-a13c-94c295282822/export ad4669df-60f6-46a1-a13c-94c295282822 2026-05-07T16:00:45.012563+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "ad4669df-60f6-46a1-a13c-94c295282822", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13442", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lkrbxrrt7f2z", "content": "", "creation_timestamp": "2025-03-19T23:00:10.309354Z"} 2025-03-19T23:00:10.309354+00:00 https://vulnerability.circl.lu/sighting/c77c9e01-bfba-422b-a506-a31d2911b6ed/export c77c9e01-bfba-422b-a506-a31d2911b6ed 2026-05-07T16:00:45.012416+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "c77c9e01-bfba-422b-a506-a31d2911b6ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13442", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lksk77jor224", "content": "", "creation_timestamp": "2025-03-20T11:00:07.961796Z"} 2025-03-20T11:00:07.961796+00:00 https://vulnerability.circl.lu/sighting/acf22808-de6f-4cf9-81ef-2555be9c659a/export acf22808-de6f-4cf9-81ef-2555be9c659a 2026-05-07T16:00:45.009360+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "acf22808-de6f-4cf9-81ef-2555be9c659a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13448", "type": "seen", "source": "MISP/d0bda5d9-8cbc-4c6c-8803-a5e3150f9ec2", "content": "", "creation_timestamp": "2025-09-01T19:03:03.000000Z"} 2025-09-01T19:03:03+00:00