{"vulnerability": "CVE-2024-13752", "sightings": [{"uuid": "4f3221f1-e497-4817-8170-92a03e1c69ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13752", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/114007194740959636", "content": "", "creation_timestamp": "2025-02-15T09:28:56.992775Z"}, {"uuid": "d123acf5-2884-428c-8f2f-e1026f14ed31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13752", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li7icztwba2o", "content": "", "creation_timestamp": "2025-02-15T10:15:29.083034Z"}, {"uuid": "1b3a5bb6-41e3-4606-a751-afe187855331", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13752", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3li7le5ledk2m", "content": "", "creation_timestamp": "2025-02-15T11:09:50.423614Z"}, {"uuid": "01854297-69ea-4bc9-a816-ea7e9120f844", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13752", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4547", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13752\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-15T10:15:08.533\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/browser/wedevs-project-manager/trunk/core/Upgrades/Upgrade_2_0.php#L255\n2. https://plugins.trac.wordpress.org/browser/wedevs-project-manager/trunk/core/Upgrades/Upgrade_2_3.php#L151\n3. https://plugins.trac.wordpress.org/changeset/3239348/\n4. https://plugins.trac.wordpress.org/changeset?old_path=%2Fwedevs-project-manager%2Ftags%2F2.6.17%2Fsrc%2FSettings%2FControllers%2FSettings_Controller.php&old=3213295&new_path=%2Fwedevs-project-manager%2Ftags%2F2.6.18%2Fsrc%2FSettings%2FControllers%2FSettings_Controller.php&new=3240807&sfp_email=&sfph_mail=\n5. https://plugins.trac.wordpress.org/changeset?old_path=%2Fwedevs-project-manager%2Ftrunk%2Froutes%2Fsettings.php&old=3213295&new_path=%2Fwedevs-project-manager%2Ftrunk%2Froutes%2Fsettings.php&new=3240806&sfp_email=&sfph_mail=\n6. https://wordpress.org/plugins/wedevs-project-manager/#developers\n7. https://www.wordfence.com/threat-intel/vulnerabilities/id/bd54a50b-13ce-43ce-bce1-8fe132abc07e?source=cve", "creation_timestamp": "2025-02-15T11:10:49.000000Z"}, {"uuid": "9f4d549b-4a30-4c97-abc0-8447c609da6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13752", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4555", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13752\n\ud83d\udd25 CVSS Score: 6.4 (CVSS_V3)\n\ud83d\udd39 Description: The WP Project Manager \u2013 Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check in the '/pm/v2/settings/notice' endpoint all versions up to, and including, 2.6.17. This makes it possible for authenticated attackers, with Subscriber-level access and above, to cause a persistent denial of service condition.\n\ud83d\udccf Published: 2025-02-15T12:30:50Z\n\ud83d\udccf Modified: 2025-02-15T12:30:50Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13752\n2. https://plugins.trac.wordpress.org/browser/wedevs-project-manager/trunk/core/Upgrades/Upgrade_2_0.php#L255\n3. https://plugins.trac.wordpress.org/browser/wedevs-project-manager/trunk/core/Upgrades/Upgrade_2_3.php#L151\n4. https://plugins.trac.wordpress.org/changeset/3239348\n5. https://plugins.trac.wordpress.org/changeset?old_path=%2Fwedevs-project-manager%2Ftags%2F2.6.17%2Fsrc%2FSettings%2FControllers%2FSettings_Controller.php&old=3213295&new_path=%2Fwedevs-project-manager%2Ftags%2F2.6.18%2Fsrc%2FSettings%2FControllers%2FSettings_Controller.php&new=3240807&sfp_email=&sfph_mail=\n6. https://plugins.trac.wordpress.org/changeset?old_path=%2Fwedevs-project-manager%2Ftrunk%2Froutes%2Fsettings.php&old=3213295&new_path=%2Fwedevs-project-manager%2Ftrunk%2Froutes%2Fsettings.php&new=3240806&sfp_email=&sfph_mail=\n7. https://wordpress.org/plugins/wedevs-project-manager/#developers\n8. https://www.wordfence.com/threat-intel/vulnerabilities/id/bd54a50b-13ce-43ce-bce1-8fe132abc07e?source=cve", "creation_timestamp": "2025-02-15T13:11:15.000000Z"}, {"uuid": "bd7f0312-85f7-4cec-8027-117bfc5623e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13752", "type": "seen", "source": "https://t.me/cvedetector/18164", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13752 - WordPress Project Manager Unauthenticated Data Disclosure and Denial of Service Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13752 \nPublished : Feb. 15, 2025, 10:15 a.m. | 1\u00a0hour, 4\u00a0minutes ago \nDescription : The WP Project Manager \u2013 Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check in the '/pm/v2/settings/notice' endpoint all versions up to, and including, 2.6.17. This makes it possible for authenticated attackers, with Subscriber-level access and above, to cause a persistent denial of service condition. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-15T12:41:23.000000Z"}, {"uuid": "0706157f-e754-4002-9250-4fc6dbb7cdf0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13752", "type": "seen", "source": "Telegram/sDf-5Rsi3rlakJ0rcpb3cBRsqYmOkZqUPuiIHF12RZDYVcrn", "content": "", "creation_timestamp": "2025-02-24T14:08:42.000000Z"}, {"uuid": "78702a6a-51ac-4164-a198-8d9b88d46cac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13752", "type": "seen", "source": "Telegram/S9-QpAEMb-HMLj6Oz7Py6itwShvV7DTEzJGHq-OpG810DTa5", "content": "", "creation_timestamp": "2025-02-15T23:50:18.000000Z"}]}