{"vulnerability": "cve-2024-1128", "sightings": [{"uuid": "7c91a4c6-b4b9-4b40-9883-a9133f3bdb76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11287", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ldse5lhi3k25", "content": "", "creation_timestamp": "2024-12-21T07:15:28.608263Z"}, {"uuid": "138a853b-46f9-42d1-bf23-866075a9d4e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11287", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113689564873714213", "content": "", "creation_timestamp": "2024-12-21T07:11:29.704068Z"}, {"uuid": "a26f6b4e-ad05-45aa-99e3-2c93bdceffba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11280", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113667924935342936", "content": "", "creation_timestamp": "2024-12-17T11:28:10.368955Z"}, {"uuid": "87952358-dc04-4bed-9181-f06c47a76289", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11287", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113689577453876508", "content": "", "creation_timestamp": "2024-12-21T07:14:41.612426Z"}, {"uuid": "a91c4108-3fbb-4294-80a9-d58fb6199a03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11282", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113785725661174733", "content": "", "creation_timestamp": "2025-01-07T06:46:27.674342Z"}, {"uuid": "3a683506-4fe9-4068-896d-73a602f59701", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11282", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf543ubx6f2m", "content": "", "creation_timestamp": "2025-01-07T07:15:48.857551Z"}, {"uuid": "c461fc41-d76d-4743-8be6-db98f585eeb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11281", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113712111287479752", "content": "", "creation_timestamp": "2024-12-25T06:45:20.648122Z"}, {"uuid": "d565c6a0-5a0b-4058-be24-7bfb20c6e4b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11281", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3le4fzk4rsr2i", "content": "", "creation_timestamp": "2024-12-25T07:15:37.152929Z"}, {"uuid": "64ae4967-3697-404e-9a24-500c0e73f851", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11288", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhulr2jimr2n", "content": "", "creation_timestamp": "2025-02-11T02:17:43.423048Z"}, {"uuid": "fc0d9735-c4ad-4a7b-b013-00d95782b840", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11284", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lkcvjuanhc2n", "content": "", "creation_timestamp": "2025-03-14T05:40:18.993245Z"}, {"uuid": "1ea37d79-9daa-40f5-86af-bda61c2dd38c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11285", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lkcvjuw6mi2p", "content": "", "creation_timestamp": "2025-03-14T05:40:19.619039Z"}, {"uuid": "977cebb9-78ab-47d9-9d8d-e98c682715af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11284", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lkepn4vbz72t", "content": "", "creation_timestamp": "2025-03-14T23:00:05.580260Z"}, {"uuid": "6628797b-4dde-40d7-9f44-8936776be5bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11286", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lkcvjvkwwg2s", "content": "", "creation_timestamp": "2025-03-14T05:40:20.509622Z"}, {"uuid": "cb5eb0cc-e290-48e5-bc09-79c8958a967c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11285", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lkepn54yhz2p", "content": "", "creation_timestamp": "2025-03-14T23:00:06.300175Z"}, {"uuid": "d8c1d6c7-efe0-41fb-b763-9712f9213b7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11286", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lkepn5gogi2r", "content": "", "creation_timestamp": "2025-03-14T23:00:07.076526Z"}, {"uuid": "1c8cf1a0-a7af-4953-8b8e-c91bf1b4b2ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11284", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114159209974035158", "content": "", "creation_timestamp": "2025-03-14T05:48:25.063907Z"}, {"uuid": "a023e9e1-1126-4607-84b5-e89c78d819ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11285", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114159210004454378", "content": "", "creation_timestamp": "2025-03-14T05:48:25.614314Z"}, {"uuid": "5bb97c51-4953-47b4-8fd0-936b613e16c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11286", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114159210032312734", "content": "", "creation_timestamp": "2025-03-14T05:48:26.282293Z"}, {"uuid": "cb614114-5d35-4119-8357-37f0272a2ac1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11284", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lkdhfoqyak2t", "content": "", "creation_timestamp": "2025-03-14T11:00:07.329236Z"}, {"uuid": "cf8c345c-1d33-43e9-9342-f019c58e7899", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11285", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkcyxixbyz2l", "content": "", "creation_timestamp": "2025-03-14T06:41:38.575842Z"}, {"uuid": "7dba9489-5d11-4924-a1b9-943841d53e1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11286", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkcyxj2rq62m", "content": "", "creation_timestamp": "2025-03-14T06:41:39.119260Z"}, {"uuid": "316a697c-416e-46f9-b717-891115b91384", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11284", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkcyxjamjk2m", "content": "", "creation_timestamp": "2025-03-14T06:41:39.728959Z"}, {"uuid": "d41decbd-f137-4ed5-b684-f77ea814bfb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11283", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkcyxjhp3d2x", "content": "", "creation_timestamp": "2025-03-14T06:41:40.298982Z"}, {"uuid": "646d2d64-c059-4ed3-bc56-3afe5f596d6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11285", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lkdhfoyato2d", "content": "", "creation_timestamp": "2025-03-14T11:00:08.078957Z"}, {"uuid": "4dd553a7-6d03-45e2-b503-2880e6fa3d00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11286", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lkdhfpaabw24", "content": "", "creation_timestamp": "2025-03-14T11:00:08.760759Z"}, {"uuid": "9e8f4eec-9fa1-42dc-92ab-28212682752f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11285", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7529", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11285\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 7.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the account_settings_callback() function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.\n\ud83d\udccf Published: 2025-03-14T04:22:31.482Z\n\ud83d\udccf Modified: 2025-03-14T04:22:31.482Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/0e61c98d-a6f4-4ac0-b9f9-2b936c030413?source=cve\n2. https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636", "creation_timestamp": "2025-03-14T04:53:36.000000Z"}, {"uuid": "6397f6b4-2c63-471d-8d88-699f22f44067", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11286", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7524", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11286\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the cs_parse_request() function. This makes it possible for unauthenticated attackers to to log in to any user's account, including administrators.\n\ud83d\udccf Published: 2025-03-14T04:22:33.776Z\n\ud83d\udccf Modified: 2025-03-14T04:22:33.776Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/91754c4d-a0d0-4d35-a70a-446d2bdf6c73?source=cve\n2. https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636", "creation_timestamp": "2025-03-14T04:53:29.000000Z"}, {"uuid": "d5984db7-f3d7-449e-aab6-06b5a7985b4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11282", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/376", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11282\n\ud83d\udd39 Description: The Passster \u2013 Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.\n\ud83d\udccf Published: 2025-01-07T06:40:55.512Z\n\ud83d\udccf Modified: 2025-01-07T06:40:55.512Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/11782a65-30b9-400e-8fe0-ab9f05ba5e42?source=cve\n2. https://plugins.trac.wordpress.org/changeset/3211004/content-protector", "creation_timestamp": "2025-01-07T07:38:02.000000Z"}, {"uuid": "f1f214db-ff34-471f-80cf-dea795d8f0ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11287", "type": "seen", "source": "https://t.me/cvedetector/13485", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11287 - Ebook Store WordPress Reflected Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-11287 \nPublished : Dec. 21, 2024, 7:15 a.m. | 16\u00a0minutes ago \nDescription : The Ebook Store plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.8001. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-21T08:38:41.000000Z"}, {"uuid": "279af1f5-ff65-4451-a923-8cd69e94309c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11283", "type": "seen", "source": "https://t.me/cvedetector/20277", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11283 - WordPress JobHunt Plugin Authentication Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11283 \nPublished : March 14, 2025, 5:15 a.m. | 1\u00a0hour, 27\u00a0minutes ago \nDescription : The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to wp_ajax_google_api_login_callback function not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to access arbitrary candidate accounts. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-14T08:20:59.000000Z"}, {"uuid": "0d4de52b-22ab-4373-8719-748cb46e676e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11285", "type": "seen", "source": "https://t.me/cvedetector/20276", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11285 - \"WordPress JobHunt Plugin Privilege Escalation Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-11285 \nPublished : March 14, 2025, 5:15 a.m. | 1\u00a0hour, 27\u00a0minutes ago \nDescription : The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 7.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the account_settings_callback() function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-14T08:20:58.000000Z"}, {"uuid": "3e81fc00-a68c-4d6d-b1e4-d2118264f740", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11284", "type": "seen", "source": "https://t.me/cvedetector/20275", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11284 - WordPress JobHunt Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11284 \nPublished : March 14, 2025, 5:15 a.m. | 1\u00a0hour, 27\u00a0minutes ago \nDescription : The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.9. This is due to the plugin not properly validating a user's identity prior to updating their password through the account_settings_save_callback() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-14T08:20:57.000000Z"}, {"uuid": "8b9b5605-df52-4800-b118-3ae0e950001f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11286", "type": "seen", "source": "https://t.me/cvedetector/20274", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11286 - WordPress JobHunt Plugin Authentication Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11286 \nPublished : March 14, 2025, 5:15 a.m. | 1\u00a0hour, 27\u00a0minutes ago \nDescription : The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the cs_parse_request() function. This makes it possible for unauthenticated attackers to to log in to any user's account, including administrators. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-14T08:20:56.000000Z"}, {"uuid": "6ce58c3d-c695-4b69-af7b-5723a9cb303f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11284", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7526", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11284\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.9. This is due to the plugin not properly validating a user's identity prior to updating their password through the account_settings_save_callback() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.\n\ud83d\udccf Published: 2025-03-14T04:22:32.912Z\n\ud83d\udccf Modified: 2025-03-14T04:22:32.912Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/8afe386e-1e4f-4668-8309-6d47dedb008a?source=cve\n2. https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636", "creation_timestamp": "2025-03-14T04:53:31.000000Z"}, {"uuid": "3b2f1b92-4ff9-4f27-851c-0b4a58d4fdbd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11283", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7523", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11283\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to wp_ajax_google_api_login_callback function not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to access arbitrary candidate accounts.\n\ud83d\udccf Published: 2025-03-14T04:22:34.127Z\n\ud83d\udccf Modified: 2025-03-14T04:22:34.127Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/cfa487fb-c014-47f1-9537-73881ede30b4?source=cve\n2. https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636", "creation_timestamp": "2025-03-14T04:53:25.000000Z"}, {"uuid": "cd49696a-e181-4d0e-8f47-4cfa11e69144", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11282", "type": "seen", "source": "https://t.me/cvedetector/14494", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11282 - WordPress Passster Sensitive Information Exposure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11282 \nPublished : Jan. 7, 2025, 7:15 a.m. | 30\u00a0minutes ago \nDescription : The Passster \u2013 Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-07T08:51:08.000000Z"}, {"uuid": "d5e8a55a-1f22-4f15-a947-e9c9eb8c72b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11280", "type": "seen", "source": "https://t.me/cvedetector/13088", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11280 - WordPress PPWP Password Protect Pages Sensitive Information Exposure\", \n  \"Content\": \"CVE ID : CVE-2024-11280 \nPublished : Dec. 17, 2024, 12:15 p.m. | 43\u00a0minutes ago \nDescription : The PPWP \u2013 Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-17T14:16:05.000000Z"}, {"uuid": "236726e3-6d4f-4eef-ba36-0428df3f6966", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11281", "type": "seen", "source": "https://t.me/cvedetector/13620", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11281 - WooCommerce Point of Sale WordPress Store Variable Administrator Email Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-11281 \nPublished : Dec. 25, 2024, 7:15 a.m. | 30\u00a0minutes ago \nDescription : The WooCommerce Point of Sale plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0. This is due to insufficient validation on the 'logged_in_user_id' value when option values are empty and the ability for attackers to change the email of arbitrary user accounts. This makes it possible for unauthenticated attackers to change the email of arbitrary user accounts, including administrators, and reset their password to gain access to the account. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-25T08:47:49.000000Z"}, {"uuid": "1a2cb76f-3489-423b-9a01-1cec119abf9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1128", "type": "seen", "source": "https://t.me/ctinow/203549", "content": "https://ift.tt/UmgxjKr\nCVE-2024-1128 | Tutor LMS Plugin up to 2.6.0 on WordPress Q/A cross site scripting (ID 3037911)", "creation_timestamp": "2024-03-08T19:56:58.000000Z"}, {"uuid": "e721ec9d-c50c-44a1-92aa-a0cbd1a8cbd0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11289", "type": "seen", "source": "https://t.me/cvedetector/12198", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11289 - The Soledad theme for WordPress is vulnerable to L\", \n  \"Content\": \"CVE ID : CVE-2024-11289 \nPublished : Dec. 6, 2024, 10:15 a.m. | 41\u00a0minutes ago \nDescription : The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.5.9 via several functions like penci_archive_more_post_ajax_func, penci_more_post_ajax_func, and penci_more_featured_post_ajax_func. This makes it possible for unauthenticated attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included. The exploitability of this is limited to Windows. \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-06T12:16:22.000000Z"}]}