https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Thu, 11 Jun 2026 03:19:40 +0000 https://vulnerability.circl.lu/sighting/0995cdfa-5f7e-4410-b88f-5bc9f1cf1b12/export {"uuid": "0995cdfa-5f7e-4410-b88f-5bc9f1cf1b12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13719", "type": "seen", "source": "https://t.me/cvedetector/18429", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-13719 - PeproDev Ultimate Invoice WordPress Insecure Direct Object Reference\", \n \"Content\": \"CVE ID : CVE-2024-13719 \nPublished : Feb. 19, 2025, 8:15 a.m. | 2\u00a0hours, 7\u00a0minutes ago \nDescription : The PeproDev Ultimate Invoice plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.8 via the invoicing viewer due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view invoices for completed orders which can contain PII of users. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"19 Feb 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-19T12:03:17.000000Z"} {"uuid": "0995cdfa-5f7e-4410-b88f-5bc9f1cf1b12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13719", "type": "seen", "source": "https://t.me/cvedetector/18429", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-13719 - PeproDev Ultimate Invoice WordPress Insecure Direct Object Reference\", \n \"Content\": \"CVE ID : CVE-2024-13719 \nPublished : Feb. 19, 2025, 8:15 a.m. | 2\u00a0hours, 7\u00a0minutes ago \nDescription : The PeproDev Ultimate Invoice plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.8 via the invoicing viewer due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view invoices for completed orders which can contain PII of users. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"19 Feb 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-19T12:03:17.000000Z"} https://vulnerability.circl.lu/sighting/0995cdfa-5f7e-4410-b88f-5bc9f1cf1b12/export Wed, 19 Feb 2025 12:03:17 +0000 https://vulnerability.circl.lu/sighting/5ac5dfa5-3abf-4662-aa5b-e7a7b6c8f9f9/export {"uuid": "5ac5dfa5-3abf-4662-aa5b-e7a7b6c8f9f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13711", "type": "seen", "source": "Telegram/vGvYvC6BpTjB2Ain6vusWnVIDPRrEpxFyGaN8RwETM7ZCwAk", "content": "", "creation_timestamp": "2025-02-19T15:39:53.000000Z"} {"uuid": "5ac5dfa5-3abf-4662-aa5b-e7a7b6c8f9f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13711", "type": "seen", "source": "Telegram/vGvYvC6BpTjB2Ain6vusWnVIDPRrEpxFyGaN8RwETM7ZCwAk", "content": "", "creation_timestamp": "2025-02-19T15:39:53.000000Z"} https://vulnerability.circl.lu/sighting/5ac5dfa5-3abf-4662-aa5b-e7a7b6c8f9f9/export Wed, 19 Feb 2025 15:39:53 +0000 https://vulnerability.circl.lu/sighting/d9cdc734-0ae6-4819-85a4-742201fa0580/export {"uuid": "d9cdc734-0ae6-4819-85a4-742201fa0580", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13713", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4878", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13713\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: The WPExperts Square For GiveWP plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n\ud83d\udccf Published: 2025-02-21T11:09:34.028Z\n\ud83d\udccf Modified: 2025-02-21T11:09:34.028Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/7863c5fb-1eda-41a3-b8ec-054784ab2438?source=cve\n2. https://plugins.trac.wordpress.org/browser/wpexperts-square-for-give/trunk/includes/class-give-square.php#L189\n3. https://plugins.trac.wordpress.org/changeset/3242658/wpexperts-square-for-give/trunk/includes/class-give-square.php", "creation_timestamp": "2025-02-21T11:18:27.000000Z"} {"uuid": "d9cdc734-0ae6-4819-85a4-742201fa0580", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13713", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4878", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13713\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: The WPExperts Square For GiveWP plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n\ud83d\udccf Published: 2025-02-21T11:09:34.028Z\n\ud83d\udccf Modified: 2025-02-21T11:09:34.028Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/7863c5fb-1eda-41a3-b8ec-054784ab2438?source=cve\n2. https://plugins.trac.wordpress.org/browser/wpexperts-square-for-give/trunk/includes/class-give-square.php#L189\n3. https://plugins.trac.wordpress.org/changeset/3242658/wpexperts-square-for-give/trunk/includes/class-give-square.php", "creation_timestamp": "2025-02-21T11:18:27.000000Z"} https://vulnerability.circl.lu/sighting/d9cdc734-0ae6-4819-85a4-742201fa0580/export Fri, 21 Feb 2025 11:18:27 +0000 https://vulnerability.circl.lu/sighting/1d7eeb88-a6ca-4e3a-90f5-edddcb43809c/export {"uuid": "1d7eeb88-a6ca-4e3a-90f5-edddcb43809c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13713", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lip4jhmsok26", "content": "", "creation_timestamp": "2025-02-21T15:26:58.095650Z"} {"uuid": "1d7eeb88-a6ca-4e3a-90f5-edddcb43809c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13713", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lip4jhmsok26", "content": "", "creation_timestamp": "2025-02-21T15:26:58.095650Z"} https://vulnerability.circl.lu/sighting/1d7eeb88-a6ca-4e3a-90f5-edddcb43809c/export Fri, 21 Feb 2025 15:26:58 +0000 https://vulnerability.circl.lu/sighting/126f9a93-8c5a-4729-a122-0d950d2ff767/export {"uuid": "126f9a93-8c5a-4729-a122-0d950d2ff767", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13713", "type": "seen", "source": "https://t.me/cvedetector/18649", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-13713 - WordPress Square For GiveWP SQL Injection Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-13713 \nPublished : Feb. 21, 2025, 12:15 p.m. | 2\u00a0hours, 10\u00a0minutes ago \nDescription : The WPExperts Square For GiveWP plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"21 Feb 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-21T15:35:51.000000Z"} {"uuid": "126f9a93-8c5a-4729-a122-0d950d2ff767", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13713", "type": "seen", "source": "https://t.me/cvedetector/18649", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-13713 - WordPress Square For GiveWP SQL Injection Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-13713 \nPublished : Feb. 21, 2025, 12:15 p.m. | 2\u00a0hours, 10\u00a0minutes ago \nDescription : The WPExperts Square For GiveWP plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"21 Feb 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-21T15:35:51.000000Z"} https://vulnerability.circl.lu/sighting/126f9a93-8c5a-4729-a122-0d950d2ff767/export Fri, 21 Feb 2025 15:35:51 +0000 https://vulnerability.circl.lu/sighting/8d65a351-cdf0-4d5f-89b9-fed6b09d1f05/export {"uuid": "8d65a351-cdf0-4d5f-89b9-fed6b09d1f05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13716", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5864", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13716\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: The Forex Calculators plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_settings_callback() function in all versions up to, and including, 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings.\n\ud83d\udccf Published: 2025-02-28T08:23:15.098Z\n\ud83d\udccf Modified: 2025-02-28T08:23:15.098Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/49ce8ca1-c1ae-4dda-909e-70c3b6d2b561?source=cve\n2. https://plugins.trac.wordpress.org/browser/fx-calculators/tags/1.3.5/forex-calculators.php#L101", "creation_timestamp": "2025-02-28T09:27:39.000000Z"} {"uuid": "8d65a351-cdf0-4d5f-89b9-fed6b09d1f05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13716", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5864", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13716\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: The Forex Calculators plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_settings_callback() function in all versions up to, and including, 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings.\n\ud83d\udccf Published: 2025-02-28T08:23:15.098Z\n\ud83d\udccf Modified: 2025-02-28T08:23:15.098Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/49ce8ca1-c1ae-4dda-909e-70c3b6d2b561?source=cve\n2. https://plugins.trac.wordpress.org/browser/fx-calculators/tags/1.3.5/forex-calculators.php#L101", "creation_timestamp": "2025-02-28T09:27:39.000000Z"} https://vulnerability.circl.lu/sighting/8d65a351-cdf0-4d5f-89b9-fed6b09d1f05/export Fri, 28 Feb 2025 09:27:39 +0000 https://vulnerability.circl.lu/sighting/5214b615-f6c0-4fb3-8fdd-71725200f6cb/export {"uuid": "5214b615-f6c0-4fb3-8fdd-71725200f6cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13716", "type": "seen", "source": "https://t.me/cvedetector/19140", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-13716 - \"WordPress Forex Calculators Plugin Unauthorized Data Modification Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2024-13716 \nPublished : Feb. 28, 2025, 9:15 a.m. | 51\u00a0minutes ago \nDescription : The Forex Calculators plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_settings_callback() function in all versions up to, and including, 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"28 Feb 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-28T11:10:31.000000Z"} {"uuid": "5214b615-f6c0-4fb3-8fdd-71725200f6cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13716", "type": "seen", "source": "https://t.me/cvedetector/19140", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-13716 - \"WordPress Forex Calculators Plugin Unauthorized Data Modification Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2024-13716 \nPublished : Feb. 28, 2025, 9:15 a.m. | 51\u00a0minutes ago \nDescription : The Forex Calculators plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_settings_callback() function in all versions up to, and including, 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"28 Feb 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-28T11:10:31.000000Z"} https://vulnerability.circl.lu/sighting/5214b615-f6c0-4fb3-8fdd-71725200f6cb/export Fri, 28 Feb 2025 11:10:31 +0000 https://vulnerability.circl.lu/sighting/5f163af5-7e64-42e7-973d-872b474a73a9/export {"uuid": "5f163af5-7e64-42e7-973d-872b474a73a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13716", "type": "seen", "source": "Telegram/SpMAeTrXuvEQ6oF94hZ3vTQOaewaFhQfRtrIMKmGWKpfe74i", "content": "", "creation_timestamp": "2025-03-02T11:44:22.000000Z"} {"uuid": "5f163af5-7e64-42e7-973d-872b474a73a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13716", "type": "seen", "source": "Telegram/SpMAeTrXuvEQ6oF94hZ3vTQOaewaFhQfRtrIMKmGWKpfe74i", "content": "", "creation_timestamp": "2025-03-02T11:44:22.000000Z"} https://vulnerability.circl.lu/sighting/5f163af5-7e64-42e7-973d-872b474a73a9/export Sun, 02 Mar 2025 11:44:22 +0000 https://vulnerability.circl.lu/sighting/708b9440-9dd0-46c5-811c-3774c641c535/export {"uuid": "708b9440-9dd0-46c5-811c-3774c641c535", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13710", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8634", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13710\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: The Estatebud \u2013 Properties & Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.0. This is due to missing or incorrect nonce validation on the 'estatebud_settings' page. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-03-25T08:22:15.157Z\n\ud83d\udccf Modified: 2025-03-25T08:22:15.157Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/c43f4c91-329d-46b9-b2c8-f35e5baa38d7?source=cve\n2. https://wordpress.org/plugins/estatebud-properties-listings/", "creation_timestamp": "2025-03-25T09:24:23.000000Z"} {"uuid": "708b9440-9dd0-46c5-811c-3774c641c535", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13710", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8634", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13710\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: The Estatebud \u2013 Properties & Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.0. This is due to missing or incorrect nonce validation on the 'estatebud_settings' page. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-03-25T08:22:15.157Z\n\ud83d\udccf Modified: 2025-03-25T08:22:15.157Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/c43f4c91-329d-46b9-b2c8-f35e5baa38d7?source=cve\n2. https://wordpress.org/plugins/estatebud-properties-listings/", "creation_timestamp": "2025-03-25T09:24:23.000000Z"} https://vulnerability.circl.lu/sighting/708b9440-9dd0-46c5-811c-3774c641c535/export Tue, 25 Mar 2025 09:24:23 +0000 https://vulnerability.circl.lu/sighting/4fddea4b-6876-4c5c-bae5-1e7e7b7d0af2/export {"uuid": "4fddea4b-6876-4c5c-bae5-1e7e7b7d0af2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13710", "type": "seen", "source": "https://t.me/cvedetector/21077", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-13710 - Estatebud Properties & Listings Cross-Site Request Forgery\", \n \"Content\": \"CVE ID : CVE-2024-13710 \nPublished : March 25, 2025, 9:15 a.m. | 33\u00a0minutes ago \nDescription : The Estatebud \u2013 Properties & Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.0. This is due to missing or incorrect nonce validation on the 'estatebud_settings' page. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"25 Mar 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-25T11:08:04.000000Z"} {"uuid": "4fddea4b-6876-4c5c-bae5-1e7e7b7d0af2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13710", "type": "seen", "source": "https://t.me/cvedetector/21077", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-13710 - Estatebud Properties & Listings Cross-Site Request Forgery\", \n \"Content\": \"CVE ID : CVE-2024-13710 \nPublished : March 25, 2025, 9:15 a.m. | 33\u00a0minutes ago \nDescription : The Estatebud \u2013 Properties & Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.0. This is due to missing or incorrect nonce validation on the 'estatebud_settings' page. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"25 Mar 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-25T11:08:04.000000Z"} https://vulnerability.circl.lu/sighting/4fddea4b-6876-4c5c-bae5-1e7e7b7d0af2/export Tue, 25 Mar 2025 11:08:04 +0000