{"vulnerability": "cve-2024-1070", "sightings": [{"uuid": "65bcb068-d9dc-455e-beb1-6a0cb95c23d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10704", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113564728926318669", "content": "", "creation_timestamp": "2024-11-29T06:04:04.039458Z"}, {"uuid": "5028010c-4283-424f-a2de-17cf6f143670", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10709", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113542072727186061", "content": "", "creation_timestamp": "2024-11-25T06:02:18.036406Z"}, {"uuid": "53b74e61-48ff-4a42-8c9d-fcf508891a6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10708", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113627002384730507", "content": "", "creation_timestamp": "2024-12-10T06:01:01.624622Z"}, {"uuid": "7e773aa5-a189-4052-ab51-03563ac08b82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10706", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ldpqdrtpth23", "content": "", "creation_timestamp": "2024-12-20T06:15:41.847803Z"}, {"uuid": "c829a8f0-14ae-4ab2-bad7-8dc775ba1073", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10706", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113683628341919652", "content": "", "creation_timestamp": "2024-12-20T06:01:45.386081Z"}, {"uuid": "19ab9e4f-7af7-4b1c-8d01-0ae6f586159f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10708", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-10708.yaml", "content": "", "creation_timestamp": "2025-10-08T00:18:12.000000Z"}, {"uuid": "729690dc-76aa-4845-8b66-4dbf7194a800", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10705", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgmzfktr2x2i", "content": "", "creation_timestamp": "2025-01-26T08:35:22.645286Z"}, {"uuid": "9b755e0e-505e-4dc0-b0b1-acab1af66bec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10705", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113893307619009077", "content": "", "creation_timestamp": "2025-01-26T06:45:57.102877Z"}, {"uuid": "9fe75ed2-892f-4d30-b2e5-74f05eccc5f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10705", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgmuwubikn2c", "content": "", "creation_timestamp": "2025-01-26T07:15:32.395889Z"}, {"uuid": "875345b7-fff0-4743-abbe-5bd063c4c814", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10705", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3129", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: GHSA-c6x3-v7hq-94wf\n\ud83d\udd25 CVSS Score: N/A (CVSS_V3)\n\ud83d\udd39 Description: The Multiple Page Generator Plugin \u2013 MPG plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.5 via the 'mpg_download_file_by_link' function. This makes it possible for authenticated attackers, with editor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.\n\ud83d\udccf Published: 2025-01-26T09:30:31Z\n\ud83d\udccf Modified: 2025-01-26T09:30:31Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-10705\n2. https://plugins.trac.wordpress.org/changeset/3205550/multiple-pages-generator-by-porthas\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/7b3446e5-ca01-4468-927a-86e951e662ab?source=cve", "creation_timestamp": "2025-01-26T10:06:17.000000Z"}, {"uuid": "98ae14ff-b220-4080-ac69-473e1628dbdc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10703", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8615", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10703\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Registrations for the Events Calendar  WordPress plugin before 2.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n\ud83d\udccf Published: 2025-03-25T06:00:09.599Z\n\ud83d\udccf Modified: 2025-03-25T06:00:09.599Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/5601ac03-09e4-4b4e-b03e-98323bd36dba/", "creation_timestamp": "2025-03-25T06:23:55.000000Z"}, {"uuid": "9196896d-3198-49f6-a8ff-7c6057236779", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10706", "type": "seen", "source": "https://t.me/cvedetector/13412", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10706 - WordPress Download Manager Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10706 \nPublished : Dec. 20, 2024, 6:15 a.m. | 42\u00a0minutes ago \nDescription : The Download Manager WordPress plugin before 3.3.03 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-20T08:23:02.000000Z"}, {"uuid": "6dc684c3-8acc-4263-a471-1ab245a78060", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10702", "type": "seen", "source": "https://t.me/cvedetector/9646", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10702 - \"Oracle Code-Projects Simple Car Rental System SQL Injection Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-10702 \nPublished : Nov. 2, 2024, 6:15 p.m. | 26\u00a0minutes ago \nDescription : A vulnerability classified as critical has been found in code-projects Simple Car Rental System 1.0. Affected is an unknown function of the file /signup.php. The manipulation of the argument fname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-02T19:46:47.000000Z"}, {"uuid": "de940d08-5bf8-4afc-bb70-64f88aaf5aae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10701", "type": "seen", "source": "https://t.me/cvedetector/9645", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10701 - PHPGurukul Car Rental Portal Cross Site Scripting(Vulnerability)\", \n  \"Content\": \"CVE ID : CVE-2024-10701 \nPublished : Nov. 2, 2024, 6:15 p.m. | 26\u00a0minutes ago \nDescription : A vulnerability was found in PHPGurukul Car Rental Portal 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 3.5 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-02T19:46:46.000000Z"}, {"uuid": "9a68913c-0bdf-48d8-90e2-2d52f28e527a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10700", "type": "seen", "source": "https://t.me/cvedetector/9644", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10700 - Apache University Event Management System SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2024-10700 \nPublished : Nov. 2, 2024, 4:15 p.m. | 38\u00a0minutes ago \nDescription : A vulnerability was found in code-projects University Event Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file submit.php. The manipulation of the argument name/email/title/Year/gender/fromdate/todate/people leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter \"name\" to be affected. But it must be assumed that a variety of other parameters is affected too. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-02T18:06:25.000000Z"}, {"uuid": "36eb465d-dd60-40d0-9b85-400643c667c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1070", "type": "seen", "source": "https://t.me/ctinow/199021", "content": "https://ift.tt/04yhUPC\nCVE-2024-1070 | SiteOrigin Widgets Bundle up to 1.58.2 on WordPress cross site scripting", "creation_timestamp": "2024-03-04T06:42:06.000000Z"}, {"uuid": "e677509e-2627-4946-9ed9-830cdc88faa0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10707", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lz4sorx5hk27", "content": "", "creation_timestamp": "2025-09-18T16:51:22.924724Z"}, {"uuid": "2e615baa-6cc4-46e9-bc7f-7f47ac6c9025", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10705", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3126", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10705\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-01-26T07:15:07.350\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/changeset/3205550/multiple-pages-generator-by-porthas\n2. https://www.wordfence.com/threat-intel/vulnerabilities/id/7b3446e5-ca01-4468-927a-86e951e662ab?source=cve", "creation_timestamp": "2025-01-26T09:14:40.000000Z"}, {"uuid": "bfffddce-9da4-4811-8156-14414aed6249", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10705", "type": "seen", "source": "https://t.me/cvedetector/16407", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10705 - WordPress Multiple Page Generator Plugin SSRF Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10705 \nPublished : Jan. 26, 2025, 7:15 a.m. | 37\u00a0minutes ago \nDescription : The Multiple Page Generator Plugin \u2013 MPG plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.5 via the 'mpg_download_file_by_link' function. This makes it possible for authenticated attackers, with editor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-26T09:03:12.000000Z"}, {"uuid": "4a2ef892-0812-46c0-b744-5ddab2cb9689", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10708", "type": "seen", "source": "https://t.me/cvedetector/12482", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10708 - \"WordPress System Dashboard Path Traversal Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-10708 \nPublished : Dec. 10, 2024, 6:15 a.m. | 41\u00a0minutes ago \nDescription : The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, which could allow high privilege users such as admin to perform path traversal attacks an read arbitrary files on the server \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-10T08:16:31.000000Z"}]}