{"vulnerability": "CVE-2024-1119", "sightings": [{"uuid": "540a9973-b30f-404b-aace-af7561271efa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11193", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113477705663465661", "content": "", "creation_timestamp": "2024-11-13T21:12:54.616207Z"}, {"uuid": "b9de98c7-29ae-42bd-bf69-e13a987aeafa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11197", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113518737425546041", "content": "", "creation_timestamp": "2024-11-21T03:07:49.563147Z"}, {"uuid": "7e4884c4-e242-4c9f-ab06-76c22d5457e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11195", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113509312880725172", "content": "", "creation_timestamp": "2024-11-19T11:11:02.471748Z"}, {"uuid": "ba6ee4b1-544a-4364-a603-e07e37e35134", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11194", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113509420405370342", "content": "", "creation_timestamp": "2024-11-19T11:38:23.717677Z"}, {"uuid": "cac61c57-2b34-40fe-a29d-9fb7f71036db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11198", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113509707125664008", "content": "", "creation_timestamp": "2024-11-19T12:51:18.124781Z"}, {"uuid": "3860cf26-7940-45e2-9e57-5486c3aa2fd0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11192", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113548367183215007", "content": "", "creation_timestamp": "2024-11-26T08:43:03.851960Z"}, {"uuid": "8954c763-1648-4466-b010-5b8dd3fd7163", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11199", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113531616676160741", "content": "", "creation_timestamp": "2024-11-23T09:43:11.754318Z"}, {"uuid": "340fda0f-b690-4edd-8194-81e3fbbfe0e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11196", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ldse5j2lbu2k", "content": "", "creation_timestamp": "2024-12-21T07:15:25.357254Z"}, {"uuid": "03e8772a-28e6-4f69-bf98-95b908a6a7ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11196", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113689564858678109", "content": "", "creation_timestamp": "2024-12-21T07:11:29.359240Z"}, {"uuid": "5dc36628-618d-414b-ab1c-2fd5cc704bc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11196", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113689577437995032", "content": "", "creation_timestamp": "2024-12-21T07:14:41.332967Z"}, {"uuid": "20035517-7170-4d49-be6a-9b77da2a8e29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11190", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17049", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11190\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The jwp-a11y WordPress plugin through 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n\ud83d\udccf Published: 2025-05-15T20:06:48.117Z\n\ud83d\udccf Modified: 2025-05-20T19:36:31.023Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/66b914ba-4253-4849-a38a-05ab246a9a32/", "creation_timestamp": "2025-05-20T19:42:11.000000Z"}, {"uuid": "710b728e-8c90-44be-9d8c-fa466c7ffc8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11191", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhulqvicn52x", "content": "", "creation_timestamp": "2025-02-11T02:17:38.015169Z"}, {"uuid": "b9b586c0-58d0-4f31-a4a8-12c3563c1556", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11199", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9154", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-11199 poc exploit\nURL\uff1ahttps://github.com/windz3r0day/CVE-2024-11199\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-11-23T21:46:49.000000Z"}, {"uuid": "34a1cde0-76f5-47de-aaf4-c9cccfd644b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11196", "type": "seen", "source": "https://t.me/cvedetector/13490", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11196 - WordPress Multi-column Tag Map Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11196 \nPublished : Dec. 21, 2024, 7:15 a.m. | 16\u00a0minutes ago \nDescription : The Multi-column Tag Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mctagmap shortcode in all versions up to, and including, 17.0.33 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-21T08:38:48.000000Z"}, {"uuid": "09b12be6-b5de-416a-98e8-056b9929512f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11195", "type": "seen", "source": "https://t.me/cvedetector/11441", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11195 - WordPress Email Subscription Popup Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11195 \nPublished : Nov. 19, 2024, 11:15 a.m. | 45\u00a0minutes ago \nDescription : The Email Subscription Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's print_email_subscribe_form shortcode in all versions up to, and including, 1.2.22 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-19T13:27:54.000000Z"}, {"uuid": "19600e5f-5ee4-4243-97e4-295e69036e61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11198", "type": "seen", "source": "https://t.me/cvedetector/11446", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11198 - GD Rating System WordPress Stored Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-11198 \nPublished : Nov. 19, 2024, 1:15 p.m. | 35\u00a0minutes ago \nDescription : The GD Rating System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018extra_class\u2019 parameter in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-19T15:08:14.000000Z"}, {"uuid": "66248f6c-fa74-4911-8957-28ef0070f5d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11194", "type": "seen", "source": "https://t.me/cvedetector/11444", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11194 - The Classified Listing \u2013 Classified ads & Business\", \n  \"Content\": \"CVE ID : CVE-2024-11194 \nPublished : Nov. 19, 2024, 12:15 p.m. | 44\u00a0minutes ago \nDescription : The Classified Listing \u2013 Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a misconfigured check on the 'rtcl_import_settings' function in all versions up to, and including, 3.1.15.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update limited arbitrary options on the WordPress site. This can be leveraged to update the Subscriber role with Administrator-level capabilities to gain administrative user access to a vulnerable site. The vulnerability is limited in that the option updated must have a value that is an array. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-19T14:18:02.000000Z"}, {"uuid": "2eb585b7-e492-48f5-95d7-6f4a54fb97e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11190", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mmqnfyvpxm2c", "content": "CVE-2024-11190 - Stored XSS in Jwp-a11y WordPress plugin through 4.1.7. High privilege users can inject scripts even with unfiltered_html disabled. CVSS 0? No patch available. Review and restrict plugin use immediately. #CVE #WordPress #inf...\n\nhttps://www.valtersit.com/cve/CVE-2024-11190/", "creation_timestamp": "2026-05-26T09:08:51.203900Z"}]}