{"vulnerability": "CVE-2024-1254", "sightings": [{"uuid": "cd921d58-bb98-4ba1-bb1c-ff9c3c6a9d2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12547", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-24-1681/", "content": "", "creation_timestamp": "2024-12-11T05:00:00.000000Z"}, {"uuid": "a7420b0a-4e06-4fd0-9baf-322349335386", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12548", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-24-1680/", "content": "", "creation_timestamp": "2024-12-11T05:00:00.000000Z"}, {"uuid": "c57fbcc1-dbe8-49e7-bae2-1fbb8aff90db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12549", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-24-1679/", "content": "", "creation_timestamp": "2024-12-11T05:00:00.000000Z"}, {"uuid": "dcef1c8f-284c-489f-84d6-d3bcf635ff38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12540", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113785064306284750", "content": "", "creation_timestamp": "2025-01-07T03:58:16.250450Z"}, {"uuid": "3ce253e8-b5cc-4203-a427-c98afd2efc44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12541", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113785123309410684", "content": "", "creation_timestamp": "2025-01-07T04:13:15.570275Z"}, {"uuid": "0db59a64-1563-4bd9-820d-711646066d71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12541", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf4s2662mn2c", "content": "", "creation_timestamp": "2025-01-07T04:15:54.465910Z"}, {"uuid": "33e24aaa-cd15-4db5-a19c-e25890015535", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12540", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf4s23noby2i", "content": "", "creation_timestamp": "2025-01-07T04:15:52.352022Z"}, {"uuid": "2e532de5-dce6-41fe-8dd8-2b64a8705524", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12542", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfckhogqyj2a", "content": "", "creation_timestamp": "2025-01-09T11:16:16.344122Z"}, {"uuid": "6ed2f9c7-90e1-4f23-b669-22a9d58ed1e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12542", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113798237964155232", "content": "", "creation_timestamp": "2025-01-09T11:48:29.340128Z"}, {"uuid": "f5d5f711-207f-422a-8068-803419930072", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12542", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113798400346336384", "content": "", "creation_timestamp": "2025-01-09T12:29:47.092768Z"}, {"uuid": "dd503dc6-eb23-403e-af97-1221f8edbda7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12542", "type": "seen", "source": "https://infosec.exchange/users/random_robbie/statuses/113826808562336469", "content": "", "creation_timestamp": "2025-01-14T12:54:22.607078Z"}, {"uuid": "b7ae9dcf-3021-4367-8b10-bbcf74f344e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12545", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113768895264374934", "content": "", "creation_timestamp": "2025-01-04T07:26:19.968997Z"}, {"uuid": "af614fd6-873d-4ee6-8652-729f5ecf27a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12542", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lg7ad63ddn2c", "content": "", "creation_timestamp": "2025-01-20T21:02:07.105291Z"}, {"uuid": "75132913-021e-4e06-a524-ffcb26529866", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12547", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhwhz2molc2a", "content": "", "creation_timestamp": "2025-02-11T20:15:56.456294Z"}, {"uuid": "84037f08-ce8c-425d-ba74-4797e38f0714", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12548", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhwhz5vmwk2c", "content": "", "creation_timestamp": "2025-02-11T20:15:59.777457Z"}, {"uuid": "729d7ca9-a56e-4a63-a0e7-14926c368bd2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12549", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhwhzaf5ug2a", "content": "", "creation_timestamp": "2025-02-11T20:16:02.408969Z"}, {"uuid": "b91e0d34-f5ae-4afb-b36c-34dca1d86732", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12544", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114086542311660523", "content": "", "creation_timestamp": "2025-03-01T09:48:04.666651Z"}, {"uuid": "8d8ed079-cfda-40aa-80f0-88fc7397791e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12543", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lndtv7oqmo2c", "content": "", "creation_timestamp": "2025-04-21T18:59:10.982900Z"}, {"uuid": "bbe2aeb1-a50c-4e30-88db-62090347d354", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12543", "type": "seen", "source": "MISP/abd2a650-703d-4a2f-9f73-3051c1672e27", "content": "", "creation_timestamp": "2025-08-09T13:26:56.000000Z"}, {"uuid": "890ba9b3-7787-428d-8f1a-85ca95881be2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12543", "type": "seen", "source": "MISP/abd2a650-703d-4a2f-9f73-3051c1672e27", "content": "", "creation_timestamp": "2025-08-11T18:47:37.000000Z"}, {"uuid": "acd3c289-919c-413b-9f75-95fe28644172", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12545", "type": "seen", "source": "MISP/dd71e3c5-20f7-409a-8bcc-8df3cd8022a7", "content": "", "creation_timestamp": "2025-09-03T13:30:06.000000Z"}, {"uuid": "eff94ee1-2e03-4673-b421-54a409053b44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12544", "type": "seen", "source": "Telegram/5hND7R2w0kC3XleZJEnXoTUt0Lobi47ifkL0LXMwVPLDDpOF", "content": "", "creation_timestamp": "2025-03-02T11:46:31.000000Z"}, {"uuid": "8556bb50-4640-4ec1-a323-3dcfceaf6b8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12544", "type": "seen", "source": "https://t.me/cvedetector/19220", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12544 - SurveyJS WordPress Form Builder Arbitrary File Deletion Remote Code Execution\", \n  \"Content\": \"CVE ID : CVE-2024-12544 \nPublished : March 1, 2025, 8:15 a.m. | 31\u00a0minutes ago \nDescription : The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to arbitrary file deletion due to a missing capability check on the callback function of the SurveyJS_DeleteFile class in all versions up to, and including, 1.12.17. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). This function is still vulnerable to Cross-Site Request Forgery as of 1.12.20. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-01T10:35:34.000000Z"}, {"uuid": "0093d11c-1062-4394-8383-408b277c8c71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12541", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/289", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12541\n\ud83d\udd39 Description: The Chative Live chat and Chatbot plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the add_chative_widget_action() function. This makes it possible for unauthenticated attackers to change the channel ID or organization ID via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This could lead to redirecting the live chat widget to an attacker-controlled channel.\n\ud83d\udccf Published: 2025-01-07T03:21:56.199Z\n\ud83d\udccf Modified: 2025-01-07T03:21:56.199Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/61d3cb97-f12b-4480-88fc-2bdcbf4cdae3?source=cve\n2. https://plugins.trac.wordpress.org/browser/chative-live-chat-and-chatbot/trunk/chative-plugin.php#L51\n3. https://wordpress.org/plugins/chative-live-chat-and-chatbot/#developers", "creation_timestamp": "2025-01-07T03:36:53.000000Z"}, {"uuid": "ebf8ff7a-a498-4ab3-9bd1-3d6653522c39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12540", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/280", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12540\n\ud83d\udd39 Description: The LDD Directory Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-01-07T03:22:00.501Z\n\ud83d\udccf Modified: 2025-01-07T03:22:00.501Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/f7675e1c-7194-4cfe-81fb-a78d75e0bb1e?source=cve\n2. https://plugins.trac.wordpress.org/browser/ldd-directory-lite/trunk/templates/frontend/edit-submit.php#L10\n3. https://wordpress.org/plugins/ldd-directory-lite/#developers", "creation_timestamp": "2025-01-07T03:35:58.000000Z"}, {"uuid": "1ebf68ef-4380-41c9-a8cb-a1e963979242", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12542", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/930", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12542\n\ud83d\udd39 Description: The linkID plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 0.1.2. This makes it possible for unauthenticated attackers to read configuration settings and predefined variables on the site's server. The plugin does not need to be activated for the vulnerability to be exploited.\n\ud83d\udccf Published: 2025-01-09T11:11:04.098Z\n\ud83d\udccf Modified: 2025-01-09T11:11:04.098Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/b2fe5315-37b7-4009-b2e5-909e6b5ed1da?source=cve\n2. https://plugins.trac.wordpress.org/browser/linkid/trunk/lib/linkid/linkid-sdk-php/util/index.php#L1", "creation_timestamp": "2025-01-09T12:15:30.000000Z"}, {"uuid": "5ba928ec-6108-4db6-97d6-b3769debe200", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12544", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6059", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12544\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to arbitrary file deletion due to a missing capability check on the callback function of the SurveyJS_DeleteFile class in all versions up to, and including, 1.12.17. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). This function is still vulnerable to Cross-Site Request Forgery as of 1.12.20.\n\ud83d\udccf Published: 2025-03-01T07:24:06.268Z\n\ud83d\udccf Modified: 2025-03-01T07:24:06.268Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/e9404fe4-855e-4eb4-81c4-5246f6e9be0c?source=cve\n2. https://plugins.trac.wordpress.org/changeset/3222216/surveyjs/trunk/ajax_handlers/delete_file.php\n3. https://plugins.trac.wordpress.org/changeset/3214665/", "creation_timestamp": "2025-03-01T08:27:06.000000Z"}, {"uuid": "2057b823-8003-49d9-b15c-819a766a234a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12543", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12690", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12543\n\ud83d\udd25 CVSS Score: 5.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: User Enumeration and Data Integrity in Barcode functionality in OpenText Content Management versions 24.3-25.1on Windows and Linux allows a malicous authenticated attacker to potentially alter barcode attributes.\n\ud83d\udccf Published: 2025-04-21T15:14:20.984Z\n\ud83d\udccf Modified: 2025-04-21T15:36:51.036Z\n\ud83d\udd17 References:\n1. https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0839119", "creation_timestamp": "2025-04-21T16:02:59.000000Z"}, {"uuid": "2de74fc7-7b6b-45dd-8b9b-73616ec2564c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12543", "type": "seen", "source": "https://t.me/cvedetector/23457", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12543 - OpenText Content Management Barcode Attribute Manipulation\", \n  \"Content\": \"CVE ID : CVE-2024-12543 \nPublished : April 21, 2025, 4:15 p.m. | 1\u00a0hour, 27\u00a0minutes ago \nDescription : User Enumeration and Data Integrity in Barcode functionality in OpenText Content Management versions 24.3-25.1on Windows and Linux allows a malicous authenticated attacker to potentially alter barcode attributes. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-21T19:49:43.000000Z"}, {"uuid": "031371ab-b947-4675-a314-d4fdbfedb648", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12540", "type": "seen", "source": "https://t.me/cvedetector/14437", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12540 - WordPress LDD Directory Lite Reflected Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-12540 \nPublished : Jan. 7, 2025, 4:15 a.m. | 39\u00a0minutes ago \nDescription : The LDD Directory Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-07T06:19:46.000000Z"}, {"uuid": "3203dbf9-c3bb-4453-9f3c-48aa33faf921", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12541", "type": "seen", "source": "https://t.me/cvedetector/14428", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12541 - Chative Live Chat and Chatbot CSRF Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12541 \nPublished : Jan. 7, 2025, 4:15 a.m. | 39\u00a0minutes ago \nDescription : The Chative Live chat and Chatbot plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the add_chative_widget_action() function. This makes it possible for unauthenticated attackers to change the channel ID or organization ID via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This could lead to redirecting the live chat widget to an attacker-controlled channel. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-07T06:19:37.000000Z"}, {"uuid": "c3f24dd2-f0cd-48ae-bc47-7f6a38c51991", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12545", "type": "seen", "source": "https://t.me/cvedetector/14266", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12545 - \"Scratch & Win - Cross-Site Request Forgery in WordPress Plugin\"\", \n  \"Content\": \"CVE ID : CVE-2024-12545 \nPublished : Jan. 4, 2025, 8:15 a.m. | 26\u00a0minutes ago \nDescription : The Scratch & Win \u2013 Giveaways and Contests. Boost subscribers, traffic, repeat visits,  referrals, sales and more plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.1. This is due to missing nonce validation on the reset_installation() function. This makes it possible for unauthenticated attackers to reset the plugin\u2019s installation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-04T09:44:27.000000Z"}, {"uuid": "b14661f5-456f-4e1b-96a6-5f84e44b8c66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12542", "type": "seen", "source": "https://t.me/cvedetector/14836", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12542 - WordPress linkID Plugin Information Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12542 \nPublished : Jan. 9, 2025, 11:15 a.m. | 22\u00a0minutes ago \nDescription : The linkID plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 0.1.2. This makes it possible for unauthenticated attackers to read configuration settings and predefined variables on the site's server. The plugin does not need to be activated for the vulnerability to be exploited. \nSeverity: 8.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-09T12:44:46.000000Z"}, {"uuid": "a809c69e-68ba-4986-b870-ed475e7eb042", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12542", "type": "published-proof-of-concept", "source": "Telegram/AXGaw1ceyh_E-ZjbEf2s9J-O6L5Ne7SNm2QOhOOawMBRxWY", "content": "", "creation_timestamp": "2025-02-04T08:00:11.000000Z"}, {"uuid": "33acb486-fd1c-4ff6-ae6c-c44507383589", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12542", "type": "published-proof-of-concept", "source": "Telegram/blYNuS22oA3M4gwP55mU-0GZL2_-xpbiG9GK2fE4rHQlvxM", "content": "", "creation_timestamp": "2025-01-10T16:00:09.000000Z"}, {"uuid": "04412e08-9174-4ec2-a266-4d1b5f74bb24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1254", "type": "seen", "source": "https://t.me/ctinow/197360", "content": "https://ift.tt/FdEIhrY\nCVE-2024-1254 | Beijing Baichuo Smart S20 Management Platform up to 20231120 sysmanageajax.php id sql injection", "creation_timestamp": "2024-03-01T07:36:17.000000Z"}, {"uuid": "922188c0-7bfd-4682-b569-ea8a172a2814", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1254", "type": "seen", "source": "https://t.me/ctinow/184368", "content": "https://ift.tt/ImTfrQj\nCVE-2024-1254 Exploit", "creation_timestamp": "2024-02-14T02:16:36.000000Z"}, {"uuid": "93e02697-b311-40ab-8078-1bb791c9d075", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1254", "type": "seen", "source": "https://t.me/ctinow/180293", "content": "https://ift.tt/R1rwyqb\nCVE-2024-1254", "creation_timestamp": "2024-02-06T20:21:42.000000Z"}]}