{"vulnerability": "CVE-2024-1377", "sightings": [{"uuid": "69f646d2-d75d-4827-932e-6f503a7bc73c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13771", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lkepn5xpwi2d", "content": "", "creation_timestamp": "2025-03-14T23:00:08.652498Z"}, {"uuid": "d086d66c-bc90-41ae-96b8-3ab0fc87118b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13775", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lh4tsb5g6b2g", "content": "", "creation_timestamp": "2025-02-01T15:37:40.301478Z"}, {"uuid": "1e92c098-0020-4a16-9b90-67e449819e79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13775", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lh4luad33y2t", "content": "", "creation_timestamp": "2025-02-01T13:15:36.259545Z"}, {"uuid": "cc36ebb9-04a9-48f0-845a-c1c348791f13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13774", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ljtosh5erf26", "content": "", "creation_timestamp": "2025-03-08T04:29:55.077382Z"}, {"uuid": "26c437c9-4ba4-4ed7-bd4a-5bfd2ef743c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13770", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3li22shpdyw2c", "content": "", "creation_timestamp": "2025-02-13T06:30:17.379895Z"}, {"uuid": "f6528f72-8a0c-43bb-9753-b5d0177b9d23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13770", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113995241082689236", "content": "", "creation_timestamp": "2025-02-13T06:48:58.432027Z"}, {"uuid": "f091a927-9168-4de5-96bc-72fb45c52942", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13777", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ljmvyhgb6x2u", "content": "", "creation_timestamp": "2025-03-05T11:49:55.053332Z"}, {"uuid": "91a90d94-713f-4812-b3d4-46c7778c4060", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13770", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113994705643201856", "content": "", "creation_timestamp": "2025-02-13T04:32:48.240436Z"}, {"uuid": "4e098377-19df-4610-8cda-ecab9142f56b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13770", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113994723814995240", "content": "", "creation_timestamp": "2025-02-13T04:37:25.512259Z"}, {"uuid": "8a3ba5a9-a271-46e6-b853-d08c72dbbe4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13770", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhzwnf3iek2g", "content": "", "creation_timestamp": "2025-02-13T05:15:49.949995Z"}, {"uuid": "c13c9514-d824-4302-a259-6ff96b354675", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13771", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lkfxumegol23", "content": "", "creation_timestamp": "2025-03-15T11:00:07.135903Z"}, {"uuid": "4a75ffd9-1a8c-455e-8dab-b335d8574e21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13771", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkdra5ylr72l", "content": "", "creation_timestamp": "2025-03-14T13:55:59.389415Z"}, {"uuid": "a67846fb-91a4-440e-817a-0b7f42fee125", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13771", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114161097294048919", "content": "", "creation_timestamp": "2025-03-14T13:48:23.524812Z"}, {"uuid": "9c0e66ae-4911-4d61-af10-26625f7cbdbb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13771", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lkdmymtmnl2g", "content": "", "creation_timestamp": "2025-03-14T12:40:10.579967Z"}, {"uuid": "941ef1f4-50ba-4a37-9569-5363ff703917", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13776", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114284253377794641", "content": "", "creation_timestamp": "2025-04-05T07:48:36.179419Z"}, {"uuid": "193d08f9-5d0c-4e88-b006-992b048a59f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13776", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114284253377794641", "content": "", "creation_timestamp": "2025-04-05T07:48:36.177431Z"}, {"uuid": "04384b67-8716-441a-bd78-bbb93ba2ace4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13776", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lm2hyuehkn26", "content": "", "creation_timestamp": "2025-04-05T08:07:15.311694Z"}, {"uuid": "7e9cd6af-7a84-4411-968c-f45bb15ac3e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13770", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4219", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13770\n\ud83d\udd25 CVSS Score: 8.1 (CVSS_V3)\n\ud83d\udd39 Description: The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2.4 via deserialization of untrusted input 'view_more_posts' AJAX action. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. The developer opted to remove the software from the repository, so an update is not available and it is recommended to find a replacement software.\n\ud83d\udccf Published: 2025-02-13T06:31:42Z\n\ud83d\udccf Modified: 2025-02-13T06:31:42Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13770\n2. https://themeforest.net/item/puzzles-wordpress-magazinereview-with-wooc/5690583\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/950d1c8f-6715-4b0d-bf3d-af978a146838?source=cve", "creation_timestamp": "2025-02-13T07:11:46.000000Z"}, {"uuid": "22b5bf08-e013-498f-accd-427113f30d1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13770", "type": "seen", "source": "MISP/db121278-a8f5-4f36-a226-e45f3a86f55e", "content": "", "creation_timestamp": "2025-08-26T13:26:34.000000Z"}, {"uuid": "4ecdfd6e-47f1-4e4d-8d42-9b4dc35d5114", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13774", "type": "seen", "source": "https://t.me/cvedetector/19877", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13774 - WooCommerce Multi Wishlists Per Customer CSRF\", \n  \"Content\": \"CVE ID : CVE-2024-13774 \nPublished : March 8, 2025, 3:15 a.m. | 2\u00a0hours, 19\u00a0minutes ago \nDescription : The Wishlist for WooCommerce: Multi Wishlists Per Customer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.7. This is due to missing or incorrect nonce validation on the 'save_to_multiple_wishlist' function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-08T06:49:35.000000Z"}, {"uuid": "ceb339bc-36cc-442e-8e81-406f713537af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13775", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3768", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13775\n\ud83d\udd25 CVSS Score: 5.3 (CVSS_V3)\n\ud83d\udd39 Description: The WooCommerce Support Ticket System plugin for WordPress is vulnerable to unauthorized access and loss of data due to missing capability checks on the 'ajax_delete_message', 'ajax_get_customers_partial_list', and 'ajax_get_admins_list' functions in all versions up to, and including, 17.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts, and read names, emails, and capabilities of all users.\n\ud83d\udccf Published: 2025-02-01T15:32:58Z\n\ud83d\udccf Modified: 2025-02-01T15:32:58Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13775\n2. https://codecanyon.net/item/woocommerce-support-ticket-system/17930050#item-description__change-log\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/72dc919a-c13d-49b4-927d-a0bb837b63dd?source=cve", "creation_timestamp": "2025-02-01T16:16:52.000000Z"}, {"uuid": "6b17b914-cec1-4ede-a2cb-bfeb70c5df8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13778", "type": "seen", "source": "Telegram/AxQZtGmyR1CWDTFGO8TvFp0g-11mYTAXNT3n9VbOVI1yHHg_", "content": "", "creation_timestamp": "2025-03-06T02:16:32.000000Z"}, {"uuid": "a8221e35-bac5-4dae-a69b-40aeb121011e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13776", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10710", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13776\n\ud83d\udd25 CVSS Score: 8.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)\n\ud83d\udd39 Description: The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'dzsap_delete_notice' AJAX action in all versions up to, and including, 6.91. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to 'seen' on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny service to legitimate users or be used to set some values to true such as registration. There are several other functions also vulnerable to missing authorization.\n\ud83d\udccf Published: 2025-04-05T05:32:12.407Z\n\ud83d\udccf Modified: 2025-04-07T14:11:57.825Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/0c8e538b-7157-42d3-abee-8259c6715cd5?source=cve\n2. https://codecanyon.net/item/zoomsounds-wordpress-wave-audio-player-with-playlist/6181433", "creation_timestamp": "2025-04-07T14:45:09.000000Z"}, {"uuid": "21f780e8-586d-487f-9942-b1befb198cca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13778", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6525", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13778\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: The Hero Mega Menu - Responsive WordPress Menu Plugin plugin for WordPress is vulnerable to SQL Injection via several functions in all versions up to, and including, 1.16.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n\ud83d\udccf Published: 2025-03-05T09:21:46.801Z\n\ud83d\udccf Modified: 2025-03-05T09:21:46.801Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/5bdf04e6-6d9d-41a3-ac54-1a95f4617ea4?source=cve\n2. https://codecanyon.net/item/hero-menu-responsive-wordpress-mega-menu-plugin/10324895", "creation_timestamp": "2025-03-05T09:36:03.000000Z"}, {"uuid": "d2c52a12-5e26-4c91-919a-e8df9d1af3a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13779", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6530", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13779\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Hero Mega Menu - Responsive WordPress Menu Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'index' parameter in all versions up to, and including, 1.16.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-03-05T09:21:44.519Z\n\ud83d\udccf Modified: 2025-03-05T09:21:44.519Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/18d37650-057d-4cd1-bfeb-e40885d22566?source=cve\n2. https://codecanyon.net/item/hero-menu-responsive-wordpress-mega-menu-plugin/10324895", "creation_timestamp": "2025-03-05T09:36:10.000000Z"}, {"uuid": "5279ddef-a51d-4224-8afd-776e9a594a4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13777", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6529", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13777\n\ud83d\udd25 CVSS Score: 8.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.91 via deserialization of untrusted input from the 'margs' parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.\n\ud83d\udccf Published: 2025-03-05T09:21:44.881Z\n\ud83d\udccf Modified: 2025-03-05T09:21:44.881Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/1ec4633a-0742-4646-accd-cc0b9e01302a?source=cve\n2. https://codecanyon.net/item/zoomsounds-wordpress-wave-audio-player-with-playlist/6181433", "creation_timestamp": "2025-03-05T09:36:10.000000Z"}, {"uuid": "b0719ef9-74a6-43a4-bb73-7a977a884efb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13774", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6911", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13774\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Wishlist for WooCommerce: Multi Wishlists Per Customer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.7. This is due to missing or incorrect nonce validation on the 'save_to_multiple_wishlist' function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-03-08T02:24:04.980Z\n\ud83d\udccf Modified: 2025-03-08T02:24:04.980Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/c11456bb-dde3-4ab8-b00b-a6cdcc68a760?source=cve\n2. https://plugins.trac.wordpress.org/browser/wish-list-for-woocommerce/tags/3.1.7/includes/free/class-alg-wc-wish-list-ajax.php#L337\n3. https://plugins.trac.wordpress.org/browser/wish-list-for-woocommerce/tags/3.1.7/includes/free/class-alg-wc-wish-list-ajax.php#L789", "creation_timestamp": "2025-03-08T02:35:22.000000Z"}, {"uuid": "61e3a413-c950-42a8-9a1a-8b212bc0035f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13779", "type": "seen", "source": "Telegram/MpSzr-G1mUK1I_MNyUSso-547KNtoaDNXaO-0lcFHoq_Zjur", "content": "", "creation_timestamp": "2025-03-06T02:16:32.000000Z"}, {"uuid": "40080517-c927-4867-ba13-f20ac924ede2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13777", "type": "seen", "source": "Telegram/U-3yHnmwFQp6ZAjzpVvI0EIB-sg8MNH2lkF90AyaqyHoGZdG", "content": "", "creation_timestamp": "2025-03-06T02:16:32.000000Z"}, {"uuid": "aac9e2c5-7e68-481d-8d9e-3b8f7e6f32f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13771", "type": "seen", "source": "https://t.me/cvedetector/20289", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13771 - Civi WordPress Theme Unauthenticated Password Change Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-13771 \nPublished : March 14, 2025, 12:15 p.m. | 1\u00a0hour, 11\u00a0minutes ago \nDescription : The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of user validation before changing a password. This makes it possible for unauthenticated attackers to change the password of arbitrary users, including administrators, if the attacker knows the username of the victim. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-14T15:02:12.000000Z"}, {"uuid": "705e7ce9-c85c-413e-b95d-4d44e0b04986", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13770", "type": "seen", "source": "https://t.me/cvedetector/17974", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13770 - \"WP Magazine / Review with Store PHP Object Injection Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-13770 \nPublished : Feb. 13, 2025, 5:15 a.m. | 2\u00a0hours, 13\u00a0minutes ago \nDescription : The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2.4 via deserialization of untrusted input 'view_more_posts' AJAX action. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. The developer opted to remove the software from the repository, so an update is not available and it is recommended to find a replacement software. \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-13T08:48:01.000000Z"}, {"uuid": "a7c86ba5-d70b-452a-96b0-b81ab324397f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13772", "type": "seen", "source": "https://t.me/cvedetector/20290", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13772 - Civi Job Board & Freelance Marketplace WordPress Theme Plugin Authentication Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-13772 \nPublished : March 14, 2025, 12:15 p.m. | 1\u00a0hour, 11\u00a0minutes ago \nDescription : The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of randomization of a password created during Single Sign-On via Google or Facebook. This makes it possible for unauthenticated attackers to change the password of arbitrary Candidate-level users if the attacker knows the username assigned to the victim during account creation. \nSeverity: 5.6 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-14T15:02:12.000000Z"}, {"uuid": "8dae5337-062e-4e1a-897e-a6bfc93d6aa6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13773", "type": "seen", "source": "https://t.me/cvedetector/20286", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13773 - Civi WordPress Theme Exposed Credentials\", \n  \"Content\": \"CVE ID : CVE-2024-13773 \nPublished : March 14, 2025, 12:15 p.m. | 1\u00a0hour, 11\u00a0minutes ago \nDescription : The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via hard-coded credentials. This makes it possible for unauthenticated attackers to extract sensitive data including LinkedIn client and secret keys. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-14T15:02:10.000000Z"}, {"uuid": "dfd27d04-0586-4e9d-aa7b-87f452adb061", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13776", "type": "seen", "source": "https://t.me/cvedetector/22183", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13776 - \"ZoomSounds WordPress Wave Audio Player with Playlist Unauthorized Data Modification Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-13776 \nPublished : April 5, 2025, 6:15 a.m. | 19\u00a0minutes ago \nDescription : The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'dzsap_delete_notice' AJAX action in all versions up to, and including, 6.91. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to 'seen' on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny service to legitimate users or be used to set some values to true such as registration. There are several other functions also vulnerable to missing authorization. \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-05T09:04:04.000000Z"}, {"uuid": "e36fc398-944b-4c18-8e00-60c91c682b5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13774", "type": "seen", "source": "Telegram/lU0oEwK_HwRIuUUsuaxjk9g-VFfC82mNwtRO3772hwSxPN0T", "content": "", "creation_timestamp": "2025-03-08T04:37:51.000000Z"}, {"uuid": "a25ed1eb-585f-411e-8761-33e461439bed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13778", "type": "seen", "source": "https://t.me/cvedetector/19620", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13778 - Hero Mega Menu - WordPress SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13778 \nPublished : March 5, 2025, 10:15 a.m. | 48\u00a0minutes ago \nDescription : The Hero Mega Menu - Responsive WordPress Menu Plugin plugin for WordPress is vulnerable to SQL Injection via several functions in all versions up to, and including, 1.16.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-05T12:46:02.000000Z"}, {"uuid": "584c08e5-f7b4-4856-810f-b2707d1cd251", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13777", "type": "seen", "source": "https://t.me/cvedetector/19619", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13777 - ZoomSounds - WordPress Wave Audio Player with Playlist PHP Object Injection\", \n  \"Content\": \"CVE ID : CVE-2024-13777 \nPublished : March 5, 2025, 10:15 a.m. | 48\u00a0minutes ago \nDescription : The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.91 via deserialization of untrusted input from the 'margs' parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-05T12:46:01.000000Z"}, {"uuid": "d3e65051-d1c4-4437-9b5a-53167f1bbf31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13779", "type": "seen", "source": "https://t.me/cvedetector/19618", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13779 - Hero Mega Menu WordPress Menu Plugin Reflected Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-13779 \nPublished : March 5, 2025, 10:15 a.m. | 48\u00a0minutes ago \nDescription : The Hero Mega Menu - Responsive WordPress Menu Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'index' parameter in all versions up to, and including, 1.16.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-05T12:46:00.000000Z"}, {"uuid": "ffb6f9ee-93a1-4006-ab13-ceac765cdd95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13775", "type": "seen", "source": "https://t.me/cvedetector/17019", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13775 - WooCommerce Support Ticket System for WordPress Unauthorized Access and Data Loss Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13775 \nPublished : Feb. 1, 2025, 1:15 p.m. | 1\u00a0hour, 27\u00a0minutes ago \nDescription : The WooCommerce Support Ticket System plugin for WordPress is vulnerable to unauthorized access and loss of data due to missing capability checks on the 'ajax_delete_message', 'ajax_get_customers_partial_list', and 'ajax_get_admins_list' functions in all versions up to, and including, 17.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts, and read names, emails, and capabilities of all users. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-01T16:29:03.000000Z"}, {"uuid": "834ee842-0a7f-4e8b-9238-f3dc2ea5f26e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1377", "type": "seen", "source": "https://t.me/ctinow/202146", "content": "https://ift.tt/fQDeizt\nCVE-2024-1377", "creation_timestamp": "2024-03-07T07:26:08.000000Z"}, {"uuid": "1fc927a2-b207-4e46-94c4-b9e189b5978d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13770", "type": "seen", "source": "Telegram/ZsNl_dtqQ2XSngZF2H0A713mrv8ppvg8c-J3YfTe3UqXdzMA", "content": "", "creation_timestamp": "2025-02-14T10:08:07.000000Z"}, {"uuid": "6b614429-8d05-415a-ba00-6e2374433578", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1377", "type": "seen", "source": "https://t.me/ctinow/202150", "content": "https://ift.tt/fQDeizt\nCVE-2024-1377", "creation_timestamp": "2024-03-07T07:26:12.000000Z"}, {"uuid": "1382ca6b-92fd-4649-b0ee-92f6ea83d4db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13770", "type": "seen", "source": "Telegram/dOpSBZh4Xj0Gwbqp__Y8L8wIU2OTvHcmD0m_O8gIpeOfB5-d", "content": "", "creation_timestamp": "2025-02-14T10:06:08.000000Z"}]}