{"vulnerability": "CVE-2024-1135", "sightings": [{"uuid": "3f587d97-8c4a-49eb-8cb2-05a3e54d4584", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11354", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113518737458774262", "content": "", "creation_timestamp": "2024-11-21T03:07:50.054744Z"}, {"uuid": "c87cf87e-c424-4a47-b02d-b77b04d235e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11355", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113525070780251396", "content": "", "creation_timestamp": "2024-11-22T05:58:28.877688Z"}, {"uuid": "cc3d9752-1095-4b95-958d-d10898c71251", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11352", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113605081727215425", "content": "", "creation_timestamp": "2024-12-06T09:06:19.377085Z"}, {"uuid": "3465e763-2de0-493a-af4f-522b0709f8c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11353", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113609066930276320", "content": "", "creation_timestamp": "2024-12-07T01:59:48.494420Z"}, {"uuid": "9f357c40-f1ef-422a-92a2-6fb142000cf9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11351", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113634210252964752", "content": "", "creation_timestamp": "2024-12-11T12:34:05.117308Z"}, {"uuid": "a06189ed-f624-49dd-83b8-76dda4b373f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11359", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113638194437783016", "content": "", "creation_timestamp": "2024-12-12T05:27:18.898864Z"}, {"uuid": "852ff34d-f3cf-4734-9bb9-41352593ba31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11350", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf7yqiaklv2g", "content": "", "creation_timestamp": "2025-01-08T10:53:47.138599Z"}, {"uuid": "4671cf7d-ae48-4a99-89b1-6f52e7bdc721", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11350", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf7yqihpn42k", "content": "", "creation_timestamp": "2025-01-08T10:53:48.205410Z"}, {"uuid": "94cf4abc-d3f7-4352-a7f5-3ce9e632d64e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11357", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3leqgf5zzml2c", "content": "", "creation_timestamp": "2025-01-02T06:15:21.857225Z"}, {"uuid": "c4bc5460-d363-4b44-a291-db1d5ba2d150", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11357", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3leqi6bj5cm2b", "content": "", "creation_timestamp": "2025-01-02T06:47:17.994572Z"}, {"uuid": "f3e757ff-4a95-4c33-bf9e-9b79fcbfd518", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11356", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113779894250355990", "content": "", "creation_timestamp": "2025-01-06T06:03:26.458296Z"}, {"uuid": "988920bf-8352-47ec-b2bb-78e020b02a8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11356", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf2iazdc3g2a", "content": "", "creation_timestamp": "2025-01-06T06:15:27.855549Z"}, {"uuid": "d2195feb-4065-409d-a566-d496b234385f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11356", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf2k2x2pnx25", "content": "", "creation_timestamp": "2025-01-06T06:47:51.515581Z"}, {"uuid": "cdf6f9ca-a1fe-4be7-ad45-c2c866afd3d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11350", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113791754993524405", "content": "", "creation_timestamp": "2025-01-08T08:19:46.991504Z"}, {"uuid": "4b71c9c1-b3c6-4007-9ee8-4a838d5b6d71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11350", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf7taqketz27", "content": "", "creation_timestamp": "2025-01-08T09:15:28.481278Z"}, {"uuid": "1ee12f3a-f1c5-41d1-b07f-f448f1795ded", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11350", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113792103683671445", "content": "", "creation_timestamp": "2025-01-08T09:48:28.178774Z"}, {"uuid": "918185fd-4143-405e-b66f-b505af4a1188", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11357", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/216", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11357\n\ud83d\udd39 Description: The goodlayers-core WordPress plugin before 2.0.10 does not sanitise and escape some of its settings, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.\n\ud83d\udccf Published: 2025-01-02T06:00:10.840Z\n\ud83d\udccf Modified: 2025-01-06T20:28:18.246Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/7e8c6816-9b7a-43e8-9508-789c8051dd9b/", "creation_timestamp": "2025-01-06T20:48:51.000000Z"}, {"uuid": "3d822a64-0b9c-4996-ba50-14a7a7bb4016", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11350", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/684", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11350\n\ud83d\udd39 Description: The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.1.6. This is due to the plugin not properly validating a user's identity prior to updating their password through the adforest_reset_password() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.\n\ud83d\udccf Published: 2025-01-08T08:18:16.723Z\n\ud83d\udccf Modified: 2025-01-08T08:18:16.723Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/4ebb766a-44e9-460c-be84-356b7403e593?source=cve\n2. https://themeforest.net/item/adforest-classified-wordpress-theme/19481695", "creation_timestamp": "2025-01-08T09:12:53.000000Z"}, {"uuid": "9da2c59e-3f8b-48e0-87ee-71a150aa2f5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11356", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/156", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: GHSA-hj25-chfx-qmx5\n\ud83d\udd17 Aliases: CVE-2024-11356\n\ud83d\udd39 Details: The tourmaster WordPress plugin before 5.3.4 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks.\n\ud83d\uddd3\ufe0f Modified: 2025-01-06T06:30:45Z\n\ud83d\uddd3\ufe0f Published: 2025-01-06T06:30:45Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-11356\n2. https://wpscan.com/vulnerability/d0df54e-e99e-4539-9fd9-002c064213e", "creation_timestamp": "2025-01-06T06:40:27.000000Z"}, {"uuid": "e76f73fb-f18a-4686-bde1-6fe1c5ff4db3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11356", "type": "seen", "source": "https://t.me/cvedetector/14335", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11356 - Tourmaster WordPress Cross-Site Scripting (XSS) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11356 \nPublished : Jan. 6, 2025, 6:15 a.m. | 24\u00a0minutes ago \nDescription : The tourmaster WordPress plugin before 5.3.4 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-06T07:43:45.000000Z"}, {"uuid": "f81f3268-b4c7-41e0-b96d-cd11aa6fce2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11350", "type": "seen", "source": "https://t.me/cvedetector/14676", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11350 - AdForest WordPress Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11350 \nPublished : Jan. 8, 2025, 9:15 a.m. | 30\u00a0minutes ago \nDescription : The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.1.6. This is due to the plugin not properly validating a user's identity prior to updating their password through the adforest_reset_password() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-08T10:47:54.000000Z"}, {"uuid": "7a845e78-40be-4731-919b-7838921d7d0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11357", "type": "seen", "source": "https://t.me/cvedetector/14095", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11357 - Goodlayers Core WordPress Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11357 \nPublished : Jan. 2, 2025, 6:15 a.m. | 41\u00a0minutes ago \nDescription : The goodlayers-core WordPress plugin before 2.0.10 does not sanitise and escape some of its settings, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-02T08:23:28.000000Z"}, {"uuid": "6469b60a-7748-465e-8eb3-cdb6e1ebb2e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11359", "type": "seen", "source": "https://t.me/cvedetector/12739", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11359 - WordPress Library Bookshelves Reflected Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11359 \nPublished : Dec. 12, 2024, 6:15 a.m. | 42\u00a0minutes ago \nDescription : The Library Bookshelves plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.8. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T07:58:39.000000Z"}, {"uuid": "6a0b65c4-e47b-4075-82e0-5b48e9712371", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11353", "type": "seen", "source": "https://t.me/cvedetector/12312", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11353 - The SMS for Lead Capture Forms plugin for WordPres\", \n  \"Content\": \"CVE ID : CVE-2024-11353 \nPublished : Dec. 7, 2024, 2:15 a.m. | 37\u00a0minutes ago \nDescription : The SMS for Lead Capture Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_message() function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary messages. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-07T04:10:54.000000Z"}, {"uuid": "19690f81-19b3-43e3-a5d6-d985b048ceff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11351", "type": "seen", "source": "https://t.me/cvedetector/12633", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11351 - WordPress Restrict Plugin Sensitive Information Exposure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11351 \nPublished : Dec. 11, 2024, 1:15 p.m. | 36\u00a0minutes ago \nDescription : The Restrict \u2013 membership, site, content and user access restrictions for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.8 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-11T15:14:18.000000Z"}, {"uuid": "9aaf4c5e-f600-457b-8d7a-bbd9e69caf90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11358", "type": "seen", "source": "https://t.me/cvedetector/13023", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11358 - Mattermost Android File Provider Misconfiguration\", \n  \"Content\": \"CVE ID : CVE-2024-11358 \nPublished : Dec. 16, 2024, 5:15 p.m. | 40\u00a0minutes ago \nDescription : Mattermost Android Mobile Apps versions <=2.21.0\nSeverity: 5.7 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-16T19:02:42.000000Z"}, {"uuid": "c7d12b26-7534-4109-b520-caed6142101f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11352", "type": "seen", "source": "https://t.me/cvedetector/12191", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11352 - The TwentyTwenty plugin for WordPress is vulnerabl\", \n  \"Content\": \"CVE ID : CVE-2024-11352 \nPublished : Dec. 6, 2024, 9:15 a.m. | 19\u00a0minutes ago \nDescription : The TwentyTwenty plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'twentytwenty' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-06T10:36:09.000000Z"}]}