{"vulnerability": "CVE-2024-1032", "sightings": [{"uuid": "a1f546f2-664d-4e0e-8c99-4727792cc7b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-10327", "type": "seen", "source": null, "content": "", "creation_timestamp": "2024-10-25T09:30:08.976450Z"}, {"uuid": "de197c91-4e1e-4b3d-9d92-cb38c256a773", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-10327", "type": "confirmed", "source": null, "content": "", "creation_timestamp": "2024-10-25T09:30:14.076948Z"}, {"uuid": "30fc0da0-baa3-4e71-a0cf-c5c8410d8b65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10329", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113430712301584701", "content": "", "creation_timestamp": "2024-11-05T14:01:52.726158Z"}, {"uuid": "73257d92-6322-4abd-a80a-a1de3d38f2ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10325", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113447119670926541", "content": "", "creation_timestamp": "2024-11-08T11:34:29.178387Z"}, {"uuid": "d5df56e4-a0aa-498c-a012-25233fb30ba8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10323", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113468664439791463", "content": "", "creation_timestamp": "2024-11-12T06:53:36.398181Z"}, {"uuid": "ac9f268a-2edb-4f0e-844c-c98c62691fc5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10320", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113604963571532502", "content": "", "creation_timestamp": "2024-12-06T08:36:16.063352Z"}, {"uuid": "5e857115-fa75-47bf-a806-a946ec9bd900", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10324", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113883622007417317", "content": "", "creation_timestamp": "2025-01-24T13:42:46.433806Z"}, {"uuid": "ceb2b9b9-4392-4724-b6e0-81c4b3776965", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10321", "type": "seen", "source": "https://t.me/cvedetector/19892", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10321 - Elementor WidgetKit Sensitive Information Exposure\", \n  \"Content\": \"CVE ID : CVE-2024-10321 \nPublished : March 8, 2025, 9:15 a.m. | 37\u00a0minutes ago \nDescription : The All-in-One Addons for Elementor \u2013 WidgetKit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.4 in elements/advanced-tab/template/view.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-08T11:00:25.000000Z"}, {"uuid": "fa306e9c-a4a7-4784-8fa0-afbef3a3c27b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10322", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113990941775308867", "content": "", "creation_timestamp": "2025-02-12T12:35:36.099201Z"}, {"uuid": "6dfdcdb7-29be-46cb-85fc-597825de9436", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10322", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhyaygkedt2x", "content": "", "creation_timestamp": "2025-02-12T13:15:38.823330Z"}, {"uuid": "2993c327-a788-400b-8e8a-ea47761f602a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10321", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ljujwoy7i32s", "content": "", "creation_timestamp": "2025-03-08T12:35:31.978422Z"}, {"uuid": "f7be0308-2382-4568-89fb-aeb2d9d448f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10326", "type": "seen", "source": "https://t.me/cvedetector/19900", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10326 - Elementor RomethemeKit WordPress Unauthenticated Data Modification Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10326 \nPublished : March 8, 2025, 1:15 p.m. | 44\u00a0minutes ago \nDescription : The RomethemeKit For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_options and reset_widgets functions in all versions up to, and including, 1.5.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify plugin settings or reset plugin widgets to their default state (all enabled). NOTE: This vulnerability was partially fixed in version 1.5.3. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-08T15:11:18.000000Z"}, {"uuid": "4238b3c6-2cc1-4aeb-8f04-b7817a7736cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10324", "type": "seen", "source": "https://t.me/cvedetector/16280", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10324 - Elementor RomethemeKit Sensitive Information Exposure\", \n  \"Content\": \"CVE ID : CVE-2024-10324 \nPublished : Jan. 24, 2025, 2:15 p.m. | 38\u00a0minutes ago \nDescription : The RomethemeKit For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.2 via the register_controls function in widgets/offcanvas-rometheme.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-24T16:04:37.000000Z"}, {"uuid": "c49bdfe8-e2c9-4d91-aba9-0703cb743466", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10324", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2900", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10324\n\ud83d\udd39 Description: The RomethemeKit For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.2 via the register_controls function in widgets/offcanvas-rometheme.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.\n\ud83d\udccf Published: 2025-01-24T13:40:58.082Z\n\ud83d\udccf Modified: 2025-01-24T13:40:58.082Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/cd726b20-75c9-408e-86fc-061db591a9db?source=cve\n2. https://plugins.trac.wordpress.org/changeset/3220079/rometheme-for-elementor", "creation_timestamp": "2025-01-24T14:04:34.000000Z"}, {"uuid": "7feaebd4-e6f0-40d1-9b3a-53ffa60f37c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10327", "type": "seen", "source": "https://t.me/CyberBulletin/1287", "content": "\u26a1\ufe0fCVE-2024-10327: Okta Verify for iOS Vulnerability Could Allow Unauthorized Access.\n\n#CyberBulletin", "creation_timestamp": "2024-10-26T11:38:09.000000Z"}, {"uuid": "2525ecc1-cab0-48cd-9cca-0322a4014f1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10326", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6946", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10326\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: The RomethemeKit For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_options and reset_widgets functions in all versions up to, and including, 1.5.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify plugin settings or reset plugin widgets to their default state (all enabled). NOTE: This vulnerability was partially fixed in version 1.5.3.\n\ud83d\udccf Published: 2025-03-08T12:21:31.426Z\n\ud83d\udccf Modified: 2025-03-08T12:21:31.426Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/230b3f2f-44cf-46eb-8e6a-3c52f2ea2fb9?source=cve\n2. https://plugins.trac.wordpress.org/changeset/3231792/rometheme-for-elementor\n3. https://plugins.trac.wordpress.org/changeset/3220079/rometheme-for-elementor", "creation_timestamp": "2025-03-08T12:36:27.000000Z"}, {"uuid": "0fc41e7a-7bfb-41ae-ae66-26707dec84b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10321", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6934", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10321\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: The All-in-One Addons for Elementor \u2013 WidgetKit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.4 in elements/advanced-tab/template/view.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.\n\ud83d\udccf Published: 2025-03-08T08:22:55.687Z\n\ud83d\udccf Modified: 2025-03-08T08:22:55.687Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/2e470017-c453-435d-8342-66874a794537?source=cve\n2. https://plugins.trac.wordpress.org/browser/widgetkit-for-elementor/trunk/elements/advanced-tab/template/view.php#L68", "creation_timestamp": "2025-03-08T08:37:33.000000Z"}, {"uuid": "1ede58d5-b833-4912-8cbb-120cb07fb3ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10329", "type": "seen", "source": "https://t.me/cvedetector/9868", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10329 - \"Elementor Bootstrap Sensitive Information Exposure Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-10329 \nPublished : Nov. 5, 2024, 2:15 p.m. | 41\u00a0minutes ago \nDescription : The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6 via the 'ube_get_page_templates' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the contents of templates that are private. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-05T16:22:43.000000Z"}, {"uuid": "45986751-f7a0-4bfd-bd60-bf6731d21a96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10323", "type": "seen", "source": "https://t.me/cvedetector/10592", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10323 - JetWidgets For Elementor Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10323 \nPublished : Nov. 12, 2024, 7:15 a.m. | 30\u00a0minutes ago \nDescription : The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.0.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-12T08:50:24.000000Z"}, {"uuid": "2cc90e9c-21fd-4212-95d7-d883185a6d4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10327", "type": "seen", "source": "https://t.me/cvedetector/8865", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10327 - Okta Verify iOS Push Notification Authentication Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-10327 \nPublished : Oct. 24, 2024, 9:15 p.m. | 36\u00a0minutes ago \nDescription : A vulnerability in Okta Verify for iOS versions 9.25.1 (beta) and 9.27.0 (including beta) allows push notification responses through the iOS ContextExtension feature allowing the authentication to proceed regardless of the user\u2019s selection. When a user long-presses the notification banner and selects an option, both options allow the authentication to succeed.   \nThe ContextExtension feature is one of several push mechanisms available when using Okta Verify Push on iOS devices. The vulnerable flows include:   \n* When a user is presented with a notification on a locked screen, the user presses on the notification directly and selects their reply without unlocking the device;   \n* When a user is presented with a notification on the home screen and drags the notification down and selects their reply;   \n* When an Apple Watch is used to reply directly to a notification.   \n  \n A pre-condition for this vulnerability is that the user must have enrolled in Okta Verify while the Okta customer was using Okta Classic. This applies irrespective of whether the organization has since upgraded to Okta Identity Engine. \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T00:21:45.000000Z"}, {"uuid": "528a2232-6d90-4cd5-a81a-c798cabea7c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10325", "type": "seen", "source": "https://t.me/cvedetector/10195", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10325 - Elementor Header & Footer Builder Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10325 \nPublished : Nov. 8, 2024, 12:15 p.m. | 29\u00a0minutes ago \nDescription : The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.6.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-08T13:50:41.000000Z"}, {"uuid": "d69c089f-859d-497b-bb78-dd3834a9a3a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10322", "type": "seen", "source": "Telegram/mKOpkUw9JKfRG5xdOlX-w0IuVkL5TZkwg_CDTaZFFu1Aq38b", "content": "", "creation_timestamp": "2025-02-20T23:27:06.000000Z"}, {"uuid": "be2656bc-c79b-4cf8-8ccb-6ead9eb9e8e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10322", "type": "seen", "source": "Telegram/IGwQqvMWPLF0lFsGZAOuKX5iwJ166NIqgCOiqn5cFM6itoKS", "content": "", "creation_timestamp": "2025-02-20T23:26:57.000000Z"}, {"uuid": "9a2d78d0-eb87-4502-b3b8-1250354d87d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1032", "type": "seen", "source": "https://t.me/ctinow/175971", "content": "https://ift.tt/waBCMAs\nCVE-2024-1032", "creation_timestamp": "2024-01-30T15:22:22.000000Z"}, {"uuid": "4f91a887-3af9-484c-b05b-42656d2d9b9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10326", "type": "seen", "source": "Telegram/oTNeDddZVNsSAQ9hTaWQhQvIDwL96hCOavxqk1ZBE4YVh7Dc", "content": "", "creation_timestamp": "2025-03-08T16:29:02.000000Z"}, {"uuid": "397ffae7-2349-43b2-bc2a-96bd9a2ca6f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10322", "type": "seen", "source": "Telegram/7cF667uRE0u1Y6HvK1LL3ywl4VIftqnHQP2rEc3fULdJ9Rbv", "content": "", "creation_timestamp": "2025-02-14T10:04:59.000000Z"}, {"uuid": "445c28f6-5dab-4bae-ab90-d4c6dc791df0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1032", "type": "seen", "source": "https://t.me/ctinow/189651", "content": "https://ift.tt/MoWUNjX\nCVE-2024-1032 | openBI up to 1.0.8 Test Connection Databasesource.php testConnection deserialization", "creation_timestamp": "2024-02-21T15:11:54.000000Z"}, {"uuid": "d0a2b6a7-b62f-46c4-92f5-005303f94a61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10327", "type": "seen", "source": "https://t.me/CyberBulletin/26229", "content": "\u26a1\ufe0fCVE-2024-10327: Okta Verify for iOS Vulnerability Could Allow Unauthorized Access.\n\n#CyberBulletin", "creation_timestamp": "2024-10-26T11:38:09.000000Z"}]}