{"vulnerability": "CVE-2024-1323", "sightings": [{"uuid": "b11f6554-6454-4569-b17d-80f30eb4d307", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13237", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113799784007008040", "content": "", "creation_timestamp": "2025-01-09T18:21:39.966953Z"}, {"uuid": "eedf78ab-3e82-4cc0-be9d-d565db1f367c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13238", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113799835600368183", "content": "", "creation_timestamp": "2025-01-09T18:34:47.700100Z"}, {"uuid": "98a6f7b4-2b3a-489b-b037-e3794df62fe7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13239", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113799874404488763", "content": "", "creation_timestamp": "2025-01-09T18:44:39.290205Z"}, {"uuid": "6adc1c1d-a14c-44a6-863b-dbf6817e4f19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13237", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfdfaowe5z2f", "content": "", "creation_timestamp": "2025-01-09T19:15:33.003198Z"}, {"uuid": "2f33357d-4369-4594-b521-6a0e630f8fe2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13238", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfdfarm67d2m", "content": "", "creation_timestamp": "2025-01-09T19:15:35.863631Z"}, {"uuid": "41cf7d1f-f8b2-4467-bbdc-e20a822ceb71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13239", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfdfau52es2l", "content": "", "creation_timestamp": "2025-01-09T19:15:38.413675Z"}, {"uuid": "a4bf6e9e-b1dc-43a6-b656-e22d3a4a44b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13230", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgapzgi53y2t", "content": "", "creation_timestamp": "2025-01-21T11:15:32.743251Z"}, {"uuid": "f7d01ba0-ccdf-4f3a-81e1-2d112da235dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13230", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113866055399154408", "content": "", "creation_timestamp": "2025-01-21T11:15:21.258180Z"}, {"uuid": "31aa0744-c012-4d22-9559-cd89f597e2d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13230", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgas6vkyvj2i", "content": "", "creation_timestamp": "2025-01-21T11:54:24.089070Z"}, {"uuid": "c707caf3-71d3-4a1a-8f2d-89afa589a14b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13230", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113866040035703869", "content": "", "creation_timestamp": "2025-01-21T11:11:26.962657Z"}, {"uuid": "a00eb286-81f8-4f58-814a-7a7f5c2a988a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13234", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113877374722127246", "content": "", "creation_timestamp": "2025-01-23T11:14:00.502227Z"}, {"uuid": "e866dc74-dbbc-4a17-8490-ff6c7443788a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13234", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgfqxkklc62j", "content": "", "creation_timestamp": "2025-01-23T11:15:42.557203Z"}, {"uuid": "6f1b632d-98a1-4b64-9baf-d9c68f963b80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13234", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgfscmlv5h2e", "content": "", "creation_timestamp": "2025-01-23T11:39:47.763889Z"}, {"uuid": "60d6c621-f920-4aa3-a6b9-f99bb7bab604", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13236", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgfudotpdd2j", "content": "", "creation_timestamp": "2025-01-23T12:16:10.737541Z"}, {"uuid": "3eb2c236-201d-4e2b-b53a-2809be9a81e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13236", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgfvnyuvxn2y", "content": "", "creation_timestamp": "2025-01-23T12:39:53.371309Z"}, {"uuid": "e0c1ffe5-6b40-4c4a-b5c1-081fb49e0233", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13231", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lijq3wut2p2v", "content": "", "creation_timestamp": "2025-02-19T12:01:20.990952Z"}, {"uuid": "d3a4f94b-0f4d-49d3-9871-d35cab302d95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13232", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ljmvyh2o2m2a", "content": "", "creation_timestamp": "2025-03-05T11:49:54.305766Z"}, {"uuid": "cedfbdb8-2716-4d63-85e0-60d898bffb46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13231", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lijgtfps3m2t", "content": "", "creation_timestamp": "2025-02-19T09:15:28.274519Z"}, {"uuid": "d0a49170-9bee-483f-a461-0dbba4d69b84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13235", "type": "seen", "source": "https://t.me/cvedetector/18626", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13235 - Pinpoint Booking System WordPress SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13235 \nPublished : Feb. 21, 2025, 4:15 a.m. | 1\u00a0hour, 40\u00a0minutes ago \nDescription : The Pinpoint Booking System \u2013 #1 WordPress Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the 'language' parameter in all versions up to, and including, 2.9.9.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-21T07:14:42.000000Z"}, {"uuid": "111ada97-b93e-4e24-8f52-dc378f81b836", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13231", "type": "seen", "source": "https://t.me/cvedetector/18423", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13231 - WordPress Portfolio Builder - Portfolio Gallery Unauthenticated Video Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13231 \nPublished : Feb. 19, 2025, 9:15 a.m. | 1\u00a0hour, 7\u00a0minutes ago \nDescription : The WordPress Portfolio Builder \u2013 Portfolio Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'add_video' function in all versions up to, and including, 1.1.7. This makes it possible for unauthenticated attackers to add arbitrary videos to any portfolio gallery. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-19T12:03:10.000000Z"}, {"uuid": "2a8bb7b2-e42f-4dd8-99e2-1677ff78ff7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13237", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1072", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13237\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal File Entity (fieldable files) allows Cross-Site Scripting (XSS).This issue affects File Entity (fieldable files): from 7.X-* before 7.X-2.38.\n\ud83d\udccf Published: 2025-01-09T18:15:23.691Z\n\ud83d\udccf Modified: 2025-01-09T20:58:24.055Z\n\ud83d\udd17 References:\n1. https://www.drupal.org/sa-contrib-2024-001", "creation_timestamp": "2025-01-09T21:15:33.000000Z"}, {"uuid": "76f0bf83-2800-4f2d-91a6-b4f1272d105f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13238", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1070", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13238\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Typogrify allows Cross-Site Scripting (XSS).This issue affects Typogrify: from 0.0.0 before 1.3.0.\n\ud83d\udccf Published: 2025-01-09T18:33:30.339Z\n\ud83d\udccf Modified: 2025-01-09T21:01:34.194Z\n\ud83d\udd17 References:\n1. https://www.drupal.org/sa-contrib-2024-002", "creation_timestamp": "2025-01-09T21:15:22.000000Z"}, {"uuid": "2ce5773d-c401-4713-9999-e740f3d96c8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13239", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1208", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13239\n\ud83d\udd39 Description: Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication Abuse.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.5.0.\n\ud83d\udccf Published: 2025-01-09T18:35:46.333Z\n\ud83d\udccf Modified: 2025-01-10T17:18:02.874Z\n\ud83d\udd17 References:\n1. https://www.drupal.org/sa-contrib-2024-003", "creation_timestamp": "2025-01-10T18:04:29.000000Z"}, {"uuid": "a1bbee35-ff32-413b-bf52-d5959b247742", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13236", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2725", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13236\n\ud83d\udd39 Description: The Tainacan plugin for WordPress is vulnerable to SQL Injection via the 'collection_id' parameter in all versions up to, and including, 0.21.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n\ud83d\udccf Published: 2025-01-23T11:13:28.519Z\n\ud83d\udccf Modified: 2025-01-23T11:13:28.519Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/9638fb98-045b-44ec-8b53-15cfa3693ee7?source=cve\n2. https://plugins.trac.wordpress.org/browser/tainacan/tags/0.21.12/classes/api/endpoints/class-tainacan-rest-reports-controller.php#L707\n3. https://plugins.trac.wordpress.org/browser/tainacan/tags/0.21.12/classes/api/endpoints/class-tainacan-rest-reports-controller.php#L732\n4. https://plugins.trac.wordpress.org/changeset/3226475/tainacan/trunk/classes/api/endpoints/class-tainacan-rest-reports-controller.php", "creation_timestamp": "2025-01-23T12:03:37.000000Z"}, {"uuid": "7465ae91-d5a5-4ff5-bb7d-6a39ff1fca93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13234", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2727", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13234\n\ud83d\udd39 Description: The Product Table by WBW plugin for WordPress is vulnerable to SQL Injection via the 'additionalCondition' parameter in all versions up to, and including, 2.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n\ud83d\udccf Published: 2025-01-23T11:13:27.688Z\n\ud83d\udccf Modified: 2025-01-23T11:13:27.688Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/67db430e-d796-4ace-b5d1-de492edb8ea8?source=cve\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3221872%40woo-product-tables&new=3221872%40woo-product-tables&sfp_email=&sfph_mail=", "creation_timestamp": "2025-01-23T12:03:39.000000Z"}, {"uuid": "20d06916-3a6a-486c-95ea-d7e6095291bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13235", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4852", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13235\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: The Pinpoint Booking System \u2013 #1 WordPress Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the 'language' parameter in all versions up to, and including, 2.9.9.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n\ud83d\udccf Published: 2025-02-21T03:21:19.714Z\n\ud83d\udccf Modified: 2025-02-21T03:21:19.714Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/59cba7f0-cb06-4408-abba-49552dddd04c?source=cve\n2. https://plugins.trac.wordpress.org/browser/booking-system/trunk/includes/translation/class-backend-translation.php#L125", "creation_timestamp": "2025-02-21T04:19:53.000000Z"}, {"uuid": "09d262fc-474c-4014-81cd-77c5831df8bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13232", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6514", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13232\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The WordPress Awesome Import & Export Plugin - Import & Export WordPress Data plugin for WordPress is vulnerable arbitrary SQL Execution and privilege escalation due to a missing capability check on the renderImport() function in all versions up to, and including, 4.1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary SQL statements that can leveraged to create a new administrative user account.\n\ud83d\udccf Published: 2025-03-05T09:21:50.957Z\n\ud83d\udccf Modified: 2025-03-05T09:21:50.957Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/f24f0673-b5c8-4086-8795-692228a413af?source=cve\n2. https://codecanyon.net/item/wordpress-awesome-import-export-plugin-v-24/12896266", "creation_timestamp": "2025-03-05T09:35:48.000000Z"}, {"uuid": "f69a9260-bb65-4f5d-a235-bdd90395ccb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13230", "type": "seen", "source": "https://t.me/cvedetector/15918", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13230 - WordPress Super Socializer Limited SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13230 \nPublished : Jan. 21, 2025, 11:15 a.m. | 29\u00a0minutes ago \nDescription : The Social Share, Social Login and Social Comments Plugin \u2013 Super Socializer plugin for WordPress is vulnerable to Limited SQL Injection via the \u2018SuperSocializerKey\u2019 parameter in all versions up to, and including, 7.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional values into the already existing query that can be used to extract user metadata from the database. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-21T12:46:38.000000Z"}, {"uuid": "953f0dba-6e16-4c29-9b2b-21a5a3c74e59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13232", "type": "seen", "source": "Telegram/NoV7mjL4Q0lhYmWJQInrmGiNcNmnh11qQ-RYJZZiMmp9kVnZ", "content": "", "creation_timestamp": "2025-03-06T02:16:31.000000Z"}, {"uuid": "ae0adf0c-481a-444c-aa21-ec8394fc9060", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13232", "type": "seen", "source": "https://t.me/cvedetector/19621", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13232 - WordPress Awesome Import & Export Plugin SQL Injection and Privilege Escalation\", \n  \"Content\": \"CVE ID : CVE-2024-13232 \nPublished : March 5, 2025, 10:15 a.m. | 48\u00a0minutes ago \nDescription : The WordPress Awesome Import & Export Plugin - Import & Export WordPress Data plugin for WordPress is vulnerable arbitrary SQL Execution and privilege escalation due to a missing capability check on the renderImport() function in all versions up to, and including, 4.1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary SQL statements that can leveraged to create a new administrative user account. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-05T12:46:06.000000Z"}, {"uuid": "d714e2ce-d115-4a5f-b8bd-01044ccb7119", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13236", "type": "seen", "source": "https://t.me/cvedetector/16181", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13236 - Tainacan WordPress SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2024-13236 \nPublished : Jan. 23, 2025, 12:15 p.m. | 45\u00a0minutes ago \nDescription : The Tainacan plugin for WordPress is vulnerable to SQL Injection via the 'collection_id' parameter in all versions up to, and including, 0.21.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-23T14:08:07.000000Z"}, {"uuid": "053b82e3-037f-4763-8e46-f50a0a770ca4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13234", "type": "seen", "source": "https://t.me/cvedetector/16173", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13234 - WordPress WBW Product Table SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13234 \nPublished : Jan. 23, 2025, 11:15 a.m. | 42\u00a0minutes ago \nDescription : The Product Table by WBW plugin for WordPress is vulnerable to SQL Injection via the 'additionalCondition' parameter in all versions up to, and including, 2.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-23T13:17:51.000000Z"}, {"uuid": "5fc941c7-ca6d-4f5d-aa0c-f661e6d05f2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13235", "type": "seen", "source": "Telegram/5mGTbbG6Ifz65ey1EjV8IzDC49dorRCuSLi_7K6xQWX4n3yn", "content": "", "creation_timestamp": "2025-02-21T08:03:23.000000Z"}, {"uuid": "ccb8ad73-d6a2-4257-a379-f80eba649aa1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1323", "type": "seen", "source": "https://t.me/ctinow/194023", "content": "https://ift.tt/jxCWDuI\nCVE-2024-1323", "creation_timestamp": "2024-02-27T06:21:59.000000Z"}, {"uuid": "5cb6f49a-ad78-4025-a77f-12e072f193ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13234", "type": "seen", "source": "Telegram/O3peDQih7zybQpjO0kgfWIMOI6hPQnRDkpbdINXQ_9tZSYNj", "content": "", "creation_timestamp": "2025-02-06T02:42:30.000000Z"}, {"uuid": "4baac835-2df8-4612-b24d-62d4f1789144", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1323", "type": "seen", "source": "https://t.me/ctinow/207636", "content": "https://ift.tt/N5ojtTv\nCVE-2024-1323 | ThemeIsle Orbit Fox Plugin up to 2.10.30 on WordPress cross site scripting (ID 3040304)", "creation_timestamp": "2024-03-14T11:21:26.000000Z"}, {"uuid": "39860e72-bf27-48ac-9f13-4058f1045246", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1323", "type": "seen", "source": "https://t.me/ctinow/194022", "content": "https://ift.tt/jxCWDuI\nCVE-2024-1323", "creation_timestamp": "2024-02-27T06:21:59.000000Z"}]}