{"vulnerability": "CVE-2024-2483", "sightings": [{"uuid": "62c99688-c85b-4dd6-94bf-05be8d4f5dae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24837", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12905", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-24837\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in Fr\u00e9d\u00e9ric GILLES FG PrestaShop to WooCommerce, Fr\u00e9d\u00e9ric GILLES FG Drupal to WordPress, Fr\u00e9d\u00e9ric GILLES FG Joomla to WordPress.This issue affects FG PrestaShop to WooCommerce: from n/a through 4.44.3; FG Drupal to WordPress: from n/a through 3.67.0; FG Joomla to WordPress: from n/a through 4.15.0.\n\n\n\ud83d\udccf Published: 2024-02-21T07:18:55.035Z\n\ud83d\udccf Modified: 2025-04-22T16:24:05.124Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/vulnerability/fg-drupal-to-wp/wordpress-fg-drupal-to-wordpress-plugin-3-67-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\n2. https://patchstack.com/database/vulnerability/fg-prestashop-to-woocommerce/wordpress-fg-prestashop-to-woocommerce-plugin-4-44-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\n3. https://patchstack.com/database/vulnerability/fg-joomla-to-wordpress/wordpress-fg-joomla-to-wordpress-plugin-4-15-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-22T17:03:29.000000Z"}, {"uuid": "a41b9a09-d335-4ae3-a1e0-52865864b641", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24831", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3likodrnw4425", "content": "", "creation_timestamp": "2025-02-19T21:02:42.030737Z"}, {"uuid": "606afa91-e647-459f-a75e-624b6cfe6d3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24833", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3likodrqg662w", "content": "", "creation_timestamp": "2025-02-19T21:02:42.508389Z"}, {"uuid": "fbedc91b-cac5-4dfe-9afc-3147d9d96fb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24831", "type": "seen", "source": "https://t.me/arpsyndicate/3467", "content": "#ExploitObserverAlert\n\nCVE-2024-24831\n\nDESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-24831. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.16.\n\nFIRST-EPSS: 0.000430000", "creation_timestamp": "2024-02-12T06:52:10.000000Z"}, {"uuid": "298a843e-8baa-4b47-88c5-ccf55e325287", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2483", "type": "seen", "source": "https://t.me/arpsyndicate/4263", "content": "#ExploitObserverAlert\n\nCVE-2024-2483\n\nDESCRIPTION: Exploit Observer has 30 entries in 5 file formats related to CVE-2024-2483. A vulnerability, which was classified as problematic, has been found in Surya2Developer Hostel Management Service 1.0. This issue affects some unknown processing of the file /change-password.php of the component Password Change Handler. The manipulation of the argument oldpassword leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256889 was assigned to this vulnerability.\n\nFIRST-EPSS: 0.000450000", "creation_timestamp": "2024-03-16T21:43:51.000000Z"}, {"uuid": "9982d761-17b4-4320-8d1c-48a88441bffe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24832", "type": "seen", "source": "Telegram/8cmJI3E7g0lApNkKYZwg1e6OstcAiwKMjXCOucUrMbHjk587", "content": "", "creation_timestamp": "2025-02-06T02:42:30.000000Z"}, {"uuid": "7c97beae-7ce4-44db-b6b6-023465bc0f2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24831", "type": "seen", "source": "https://t.me/arpsyndicate/3442", "content": "#ExploitObserverAlert\n\nCVE-2024-24831\n\nDESCRIPTION: Exploit Observer has 2 entries in 2 file formats related to CVE-2024-24831. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.16.\n\nFIRST-EPSS: 0.000430000", "creation_timestamp": "2024-02-12T05:42:25.000000Z"}, {"uuid": "2d516f68-bba1-4a15-8106-9100938f7e59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24830", "type": "seen", "source": "https://t.me/arpsyndicate/3441", "content": "#ExploitObserverAlert\n\nCVE-2024-24830\n\nDESCRIPTION: Exploit Observer has 3 entries in 3 file formats related to CVE-2024-24830. OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A vulnerability has been identified in the \"/api/{org_id}/users\" endpoint. This vulnerability allows any authenticated regular user ('member') to add new users with elevated privileges, including the 'root' role, to an organization. This issue circumvents the intended security controls for role assignments. The vulnerability resides in the user creation process, where the payload does not validate the user roles. A regular user can manipulate the payload to assign root-level privileges. This vulnerability leads to Unauthorized Privilege Escalation and significantly compromises the application's role-based access control system. It allows unauthorized control over application resources and poses a risk to data security. All users, particularly those in administrative roles, are impacted. This issue has been addressed in release version 0.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\nFIRST-EPSS: 0.000430000", "creation_timestamp": "2024-02-12T05:41:33.000000Z"}, {"uuid": "2dec5517-243a-4129-888d-5445ad16c29f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24831", "type": "seen", "source": "https://t.me/ctinow/198695", "content": "https://ift.tt/n4s2dWC\nCVE-2024-24831 | Leap13 Premium Addons for Elementor Plugin up to 4.10.16 on WordPress cross site scripting", "creation_timestamp": "2024-03-03T11:41:52.000000Z"}, {"uuid": "93b93ce8-34a0-4219-9962-2756ee84690e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24837", "type": "seen", "source": "https://t.me/arpsyndicate/3936", "content": "#ExploitObserverAlert\n\nCVE-2024-24837\n\nDESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2024-24837. Cross-Site Request Forgery (CSRF) vulnerability in Fr\u00e9d\u00e9ric GILLES FG PrestaShop to WooCommerce, Fr\u00e9d\u00e9ric GILLES FG Drupal to WordPress, Fr\u00e9d\u00e9ric GILLES FG Joomla to WordPress.This issue affects FG PrestaShop to WooCommerce: from n/a through 4.44.3; FG Drupal to WordPress: from n/a through 3.67.0; FG Joomla to WordPress: from n/a through 4.15.0.\n\nFIRST-EPSS: 0.000450000", "creation_timestamp": "2024-02-22T04:33:59.000000Z"}, {"uuid": "44aef7cb-7c96-4e45-b621-1f271faf4697", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2483", "type": "seen", "source": "https://t.me/ctinow/208506", "content": "https://ift.tt/DKTm0Wq\nCVE-2024-2483", "creation_timestamp": "2024-03-15T08:31:56.000000Z"}, {"uuid": "86a9a5b3-8913-43bb-a730-6eb4040236e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2483", "type": "seen", "source": "https://t.me/ctinow/208498", "content": "https://ift.tt/DKTm0Wq\nCVE-2024-2483", "creation_timestamp": "2024-03-15T08:26:10.000000Z"}, {"uuid": "28450a37-5767-484f-9a27-7a42267ceaa1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24830", "type": "seen", "source": "https://t.me/ctinow/198427", "content": "https://ift.tt/yp2wiVd\nCVE-2024-24830 | OpenObserve up to 0.7.x Role-Based Access Control /api/{org_id}/users improper authorization (GHSA-hfxx-g56f-8h5v)", "creation_timestamp": "2024-03-02T17:41:37.000000Z"}, {"uuid": "865f2b7a-3ae3-4a63-a7a0-01d945b1e398", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24836", "type": "seen", "source": "https://t.me/ctinow/198318", "content": "https://ift.tt/2gl783z\nCVE-2024-24836 | Audrasjb GDPR Data Request Form Plugin up to 1.6 on WordPress cross site scripting", "creation_timestamp": "2024-03-02T11:11:45.000000Z"}, {"uuid": "50628659-9642-43ce-9762-ec0189c8f4cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24837", "type": "seen", "source": "https://t.me/ctinow/196522", "content": "https://ift.tt/oI8ZhR7\nCVE-2024-24837 | FG Drupal Plugin up to 3.67.0 on WordPress ajax_importer cross-site request forgery", "creation_timestamp": "2024-02-29T11:27:03.000000Z"}, {"uuid": "e1836288-ecdb-46ae-b7ac-3d2e16e48dd4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2483", "type": "seen", "source": "https://t.me/ctinow/208470", "content": "https://ift.tt/xsUgbOH\nCVE-2024-2483 | Surya2Developer Hostel Management Service 1.0 Password Change /change-password.php oldpassword cross-site request forgery", "creation_timestamp": "2024-03-15T07:41:32.000000Z"}, {"uuid": "b4a4dbb4-d4e9-48bc-bdf2-93dffec4ac18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24839", "type": "seen", "source": "https://t.me/ctinow/179028", "content": "https://ift.tt/CLypYKI\nCVE-2024-24839", "creation_timestamp": "2024-02-05T08:26:32.000000Z"}, {"uuid": "42bcd2f3-f7db-4c20-a4f9-929d2c018676", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24834", "type": "seen", "source": "https://t.me/ctinow/196563", "content": "https://ift.tt/krcPBmD\nCVE-2024-24834 | BEAR Plugin up to 1.1.4 on WordPress cross site scripting", "creation_timestamp": "2024-02-29T12:26:36.000000Z"}, {"uuid": "442d4bdb-9cf3-4d34-ae97-118e1b6fc6dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24838", "type": "seen", "source": "https://t.me/ctinow/196309", "content": "https://ift.tt/gSDkmtV\nCVE-2024-24838 | Five Star Restaurant Reviews Plugin up to 2.3.5 on WordPress cross site scripting", "creation_timestamp": "2024-02-29T07:51:44.000000Z"}, {"uuid": "71077e89-b91d-461c-860b-69b7413ad7cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24839", "type": "seen", "source": "https://t.me/ctinow/196234", "content": "https://ift.tt/WtZ9mGD\nCVE-2024-24839 | Gordon B\u00f6hme & Antonio Leutsch Structured Content Plugin up to 1.6.1 on WordPress cross site scripting", "creation_timestamp": "2024-02-29T06:51:25.000000Z"}, {"uuid": "c88c36aa-af3b-456c-a986-52fe2e3054a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24837", "type": "seen", "source": "https://t.me/ctinow/189384", "content": "https://ift.tt/NPxMs21\nCVE-2024-24837", "creation_timestamp": "2024-02-21T09:21:32.000000Z"}, {"uuid": "d8d2325c-0e0d-49a3-8b79-cc1c00fabbfc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24830", "type": "seen", "source": "https://t.me/ctinow/185878", "content": "https://ift.tt/9cu2tXU\nCVE-2024-24830 Exploit", "creation_timestamp": "2024-02-15T21:17:00.000000Z"}, {"uuid": "9bb3a4da-77f9-472f-b0c8-eb6a6902560c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24837", "type": "seen", "source": "https://t.me/ctinow/189390", "content": "https://ift.tt/NPxMs21\nCVE-2024-24837", "creation_timestamp": "2024-02-21T09:27:01.000000Z"}, {"uuid": "42a4d049-52b3-4016-b209-9ce30200e588", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24831", "type": "seen", "source": "https://t.me/ctinow/182497", "content": "https://ift.tt/kBsMEg0\nCVE-2024-24831", "creation_timestamp": "2024-02-10T09:31:55.000000Z"}, {"uuid": "d3dc45f2-853e-48e5-81f2-0e0e4d0695be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24838", "type": "seen", "source": "https://t.me/ctinow/179027", "content": "https://ift.tt/ZnfcQJp\nCVE-2024-24838", "creation_timestamp": "2024-02-05T08:26:31.000000Z"}, {"uuid": "34b3fc9b-ba04-4566-a1ba-039920303e9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24836", "type": "seen", "source": "https://t.me/ctinow/181390", "content": "https://ift.tt/SpdRPY5\nCVE-2024-24836", "creation_timestamp": "2024-02-08T14:21:58.000000Z"}, {"uuid": "4a42773f-d277-40cb-9536-206ef5c61778", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24830", "type": "seen", "source": "https://t.me/ctinow/181728", "content": "https://ift.tt/3VzvJYM\nCVE-2024-24830", "creation_timestamp": "2024-02-09T00:26:30.000000Z"}, {"uuid": "7eafff6f-ca19-4097-8338-4a688566e470", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24834", "type": "seen", "source": "https://t.me/ctinow/181431", "content": "https://ift.tt/f3eQjkt\nCVE-2024-24834", "creation_timestamp": "2024-02-08T15:31:19.000000Z"}]}