{"vulnerability": "cve-2024-11349", "sightings": [{"uuid": "8b37e209-d36c-4ded-a7f0-a44621a8b52f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11349", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113688938401502566", "content": "", "creation_timestamp": "2024-12-21T04:32:10.361288Z"}, {"uuid": "a8d5c939-34c6-4428-b1e7-17ab32818a46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11349", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lds5h3c6q222", "content": "", "creation_timestamp": "2024-12-21T05:15:30.548718Z"}, {"uuid": "a83f576b-92d2-474b-ab34-678dfd34b759", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11349", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9571", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-11349: Authentication Bypass Using an Alternate Path or Channel (CWE-288)\nURL\uff1ahttps://github.com/linunyang/CVE-2024-11349\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-12-23T13:00:48.000000Z"}, {"uuid": "359320db-f2e5-457a-abc6-3e855fc60288", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11349", "type": "seen", "source": "https://t.me/cvedetector/13476", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11349 - \"AdForest WordPress Authentication Bypass Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-11349 \nPublished : Dec. 21, 2024, 5:15 a.m. | 36\u00a0minutes ago \nDescription : The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the sb_login_user_with_otp_fun() function. This makes it possible for unauthenticated attackers to log in as arbitrary users, including administrators. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-21T06:58:13.000000Z"}]}