Most recent sightings.

Most recent sightings. https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Mon, 04 May 2026 14:33:54 +0000 0abbd10e-6ddb-4f5b-8b8a-476416ff6082 https://vulnerability.circl.lu/sighting/0abbd10e-6ddb-4f5b-8b8a-476416ff6082/export {"uuid": "0abbd10e-6ddb-4f5b-8b8a-476416ff6082", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1355", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3ll5mifm7ss22", "content": "", "creation_timestamp": "2025-03-24T20:40:19.223475Z"} {"uuid": "0abbd10e-6ddb-4f5b-8b8a-476416ff6082", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1355", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3ll5mifm7ss22", "content": "", "creation_timestamp": "2025-03-24T20:40:19.223475Z"} https://vulnerability.circl.lu/sighting/0abbd10e-6ddb-4f5b-8b8a-476416ff6082/export Mon, 24 Mar 2025 20:40:19 +0000 b9cfa2a9-56a7-4d44-a7c3-40b02fbf8a20 https://vulnerability.circl.lu/sighting/b9cfa2a9-56a7-4d44-a7c3-40b02fbf8a20/export {"uuid": "b9cfa2a9-56a7-4d44-a7c3-40b02fbf8a20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13557", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9536", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13557\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Shortcodes by United Themes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.1.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.\n\ud83d\udccf Published: 2025-03-29T07:03:31.749Z\n\ud83d\udccf Modified: 2025-03-29T07:03:31.749Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/e4ca7dad-bfe2-443e-b575-362d8ff93242?source=cve\n2. https://unitedthemes.com/", "creation_timestamp": "2025-03-29T07:28:41.000000Z"} {"uuid": "b9cfa2a9-56a7-4d44-a7c3-40b02fbf8a20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13557", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9536", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13557\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Shortcodes by United Themes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.1.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.\n\ud83d\udccf Published: 2025-03-29T07:03:31.749Z\n\ud83d\udccf Modified: 2025-03-29T07:03:31.749Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/e4ca7dad-bfe2-443e-b575-362d8ff93242?source=cve\n2. https://unitedthemes.com/", "creation_timestamp": "2025-03-29T07:28:41.000000Z"} https://vulnerability.circl.lu/sighting/b9cfa2a9-56a7-4d44-a7c3-40b02fbf8a20/export Sat, 29 Mar 2025 07:28:41 +0000 452b7bb0-d0f9-490e-bd52-69f061018199 https://vulnerability.circl.lu/sighting/452b7bb0-d0f9-490e-bd52-69f061018199/export {"uuid": "452b7bb0-d0f9-490e-bd52-69f061018199", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13557", "type": "seen", "source": "https://t.me/cvedetector/21508", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-13557 - United Themes WordPress Shortcodes Arbitrary Execution Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-13557 \nPublished : March 29, 2025, 7:15 a.m. | 2\u00a0hours, 2\u00a0minutes ago \nDescription : The Shortcodes by United Themes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.1.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"29 Mar 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-29T10:29:02.000000Z"} {"uuid": "452b7bb0-d0f9-490e-bd52-69f061018199", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13557", "type": "seen", "source": "https://t.me/cvedetector/21508", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-13557 - United Themes WordPress Shortcodes Arbitrary Execution Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-13557 \nPublished : March 29, 2025, 7:15 a.m. | 2\u00a0hours, 2\u00a0minutes ago \nDescription : The Shortcodes by United Themes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.1.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"29 Mar 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-29T10:29:02.000000Z"} https://vulnerability.circl.lu/sighting/452b7bb0-d0f9-490e-bd52-69f061018199/export Sat, 29 Mar 2025 10:29:02 +0000 ca985ecd-5831-4a6f-b63e-41259536bedb https://vulnerability.circl.lu/sighting/ca985ecd-5831-4a6f-b63e-41259536bedb/export {"uuid": "ca985ecd-5831-4a6f-b63e-41259536bedb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13557", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/114248301386235895", "content": "", "creation_timestamp": "2025-03-29T23:25:32.035903Z"} {"uuid": "ca985ecd-5831-4a6f-b63e-41259536bedb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13557", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/114248301386235895", "content": "", "creation_timestamp": "2025-03-29T23:25:32.035903Z"} https://vulnerability.circl.lu/sighting/ca985ecd-5831-4a6f-b63e-41259536bedb/export Sat, 29 Mar 2025 23:25:32 +0000 fb8cd677-cce0-4d16-a709-b36bd1c0e145 https://vulnerability.circl.lu/sighting/fb8cd677-cce0-4d16-a709-b36bd1c0e145/export {"uuid": "fb8cd677-cce0-4d16-a709-b36bd1c0e145", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13557", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/114248301386235895", "content": "", "creation_timestamp": "2025-03-29T23:25:32.039378Z"} {"uuid": "fb8cd677-cce0-4d16-a709-b36bd1c0e145", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13557", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/114248301386235895", "content": "", "creation_timestamp": "2025-03-29T23:25:32.039378Z"} https://vulnerability.circl.lu/sighting/fb8cd677-cce0-4d16-a709-b36bd1c0e145/export Sat, 29 Mar 2025 23:25:32 +0000 9a74f541-cd81-48c9-b8ef-0c577eb9be08 https://vulnerability.circl.lu/sighting/9a74f541-cd81-48c9-b8ef-0c577eb9be08/export {"uuid": "9a74f541-cd81-48c9-b8ef-0c577eb9be08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13553", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9873", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13553\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The SMS Alert Order Notifications \u2013 WooCommerce plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.7.9. This is due to the plugin using the Host header to determine if the plugin is in a playground environment. This makes it possible for unauthenticated attackers to spoof the Host header to make the OTP code \"1234\" and authenticate as any user, including administrators.\n\ud83d\udccf Published: 2025-04-01T11:12:28.510Z\n\ud83d\udccf Modified: 2025-04-01T11:12:28.510Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/4e444a30-11c5-4219-b4fe-635084cbac3a?source=cve\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3248017%40sms-alert&new=3248017%40sms-alert&sfp_email=&sfph_mail=\n3. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3227241%40sms-alert&new=3227241%40sms-alert&sfp_email=&sfph_mail=", "creation_timestamp": "2025-04-01T11:34:31.000000Z"} {"uuid": "9a74f541-cd81-48c9-b8ef-0c577eb9be08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13553", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9873", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13553\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The SMS Alert Order Notifications \u2013 WooCommerce plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.7.9. This is due to the plugin using the Host header to determine if the plugin is in a playground environment. This makes it possible for unauthenticated attackers to spoof the Host header to make the OTP code \"1234\" and authenticate as any user, including administrators.\n\ud83d\udccf Published: 2025-04-01T11:12:28.510Z\n\ud83d\udccf Modified: 2025-04-01T11:12:28.510Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/4e444a30-11c5-4219-b4fe-635084cbac3a?source=cve\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3248017%40sms-alert&new=3248017%40sms-alert&sfp_email=&sfph_mail=\n3. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3227241%40sms-alert&new=3227241%40sms-alert&sfp_email=&sfph_mail=", "creation_timestamp": "2025-04-01T11:34:31.000000Z"} https://vulnerability.circl.lu/sighting/9a74f541-cd81-48c9-b8ef-0c577eb9be08/export Tue, 01 Apr 2025 11:34:31 +0000 2abd1280-0336-4ef7-abba-17ed8714ca33 https://vulnerability.circl.lu/sighting/2abd1280-0336-4ef7-abba-17ed8714ca33/export {"uuid": "2abd1280-0336-4ef7-abba-17ed8714ca33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13553", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3llqvfffeth2v", "content": "", "creation_timestamp": "2025-04-01T12:40:17.154075Z"} {"uuid": "2abd1280-0336-4ef7-abba-17ed8714ca33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13553", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3llqvfffeth2v", "content": "", "creation_timestamp": "2025-04-01T12:40:17.154075Z"} https://vulnerability.circl.lu/sighting/2abd1280-0336-4ef7-abba-17ed8714ca33/export Tue, 01 Apr 2025 12:40:17 +0000 8d51b0ec-b192-4e3d-89c1-d5f6315b6e95 https://vulnerability.circl.lu/sighting/8d51b0ec-b192-4e3d-89c1-d5f6315b6e95/export {"uuid": "8d51b0ec-b192-4e3d-89c1-d5f6315b6e95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13553", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114263019273052265", "content": "", "creation_timestamp": "2025-04-01T13:48:33.199163Z"} {"uuid": "8d51b0ec-b192-4e3d-89c1-d5f6315b6e95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13553", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114263019273052265", "content": "", "creation_timestamp": "2025-04-01T13:48:33.199163Z"} https://vulnerability.circl.lu/sighting/8d51b0ec-b192-4e3d-89c1-d5f6315b6e95/export Tue, 01 Apr 2025 13:48:33 +0000 4809743e-717b-4fa5-b97e-02f059685cc5 https://vulnerability.circl.lu/sighting/4809743e-717b-4fa5-b97e-02f059685cc5/export {"uuid": "4809743e-717b-4fa5-b97e-02f059685cc5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13553", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114263019273052265", "content": "", "creation_timestamp": "2025-04-01T13:48:33.201103Z"} {"uuid": "4809743e-717b-4fa5-b97e-02f059685cc5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13553", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114263019273052265", "content": "", "creation_timestamp": "2025-04-01T13:48:33.201103Z"} https://vulnerability.circl.lu/sighting/4809743e-717b-4fa5-b97e-02f059685cc5/export Tue, 01 Apr 2025 13:48:33 +0000 cfb09197-2245-4564-bc68-51b605ac3de1 https://vulnerability.circl.lu/sighting/cfb09197-2245-4564-bc68-51b605ac3de1/export {"uuid": "cfb09197-2245-4564-bc68-51b605ac3de1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13553", "type": "seen", "source": "https://t.me/cvedetector/21753", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-13553 - WooCommerce WordPress Host Header Spoofing Privilege Escalation Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-13553 \nPublished : April 1, 2025, 12:15 p.m. | 1\u00a0hour, 13\u00a0minutes ago \nDescription : The SMS Alert Order Notifications \u2013 WooCommerce plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.7.9. This is due to the plugin using the Host header to determine if the plugin is in a playground environment. This makes it possible for unauthenticated attackers to spoof the Host header to make the OTP code \"1234\" and authenticate as any user, including administrators. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"01 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-01T16:23:20.000000Z"} {"uuid": "cfb09197-2245-4564-bc68-51b605ac3de1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13553", "type": "seen", "source": "https://t.me/cvedetector/21753", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-13553 - WooCommerce WordPress Host Header Spoofing Privilege Escalation Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-13553 \nPublished : April 1, 2025, 12:15 p.m. | 1\u00a0hour, 13\u00a0minutes ago \nDescription : The SMS Alert Order Notifications \u2013 WooCommerce plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.7.9. This is due to the plugin using the Host header to determine if the plugin is in a playground environment. This makes it possible for unauthenticated attackers to spoof the Host header to make the OTP code \"1234\" and authenticate as any user, including administrators. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"01 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-01T16:23:20.000000Z"} https://vulnerability.circl.lu/sighting/cfb09197-2245-4564-bc68-51b605ac3de1/export Tue, 01 Apr 2025 16:23:20 +0000