{"vulnerability": "cve-2024-1142", "sightings": [{"uuid": "befe244d-2895-43d9-829a-1cd369b2d355", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11424", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113518914590239183", "content": "", "creation_timestamp": "2024-11-21T03:52:52.854098Z"}, {"uuid": "90760970-f548-41f8-b1c3-86bb21ae6c78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11428", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113518914603776347", "content": "", "creation_timestamp": "2024-11-21T03:52:53.047836Z"}, {"uuid": "2e00840c-607b-4435-98e2-d412e3c72832", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11429", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113598580939522356", "content": "", "creation_timestamp": "2024-12-05T05:33:04.922661Z"}, {"uuid": "5018b097-f59c-4dd8-ac10-2b1289d582d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11420", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113599592130427797", "content": "", "creation_timestamp": "2024-12-05T09:50:14.814763Z"}, {"uuid": "b1cdd865-0290-47ab-9bb5-9a3b4f1355ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11426", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113530475433854395", "content": "", "creation_timestamp": "2024-11-23T04:52:57.342126Z"}, {"uuid": "b5227a33-36c3-42f7-a968-7878f3c40fb1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11427", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113637807553404847", "content": "", "creation_timestamp": "2024-12-12T03:48:55.647993Z"}, {"uuid": "3521e9d1-7ade-4823-a782-3bf9c6e7fb8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11422", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-24-1699/", "content": "", "creation_timestamp": "2024-12-19T05:00:00.000000Z"}, {"uuid": "abece6b6-8b5d-4258-ae58-e85a9cf8668d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11422", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113668837672027134", "content": "", "creation_timestamp": "2024-12-17T15:20:17.520206Z"}, {"uuid": "68ad7cea-a57c-47b0-835b-c7e06e0e1430", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11423", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113792436139547295", "content": "", "creation_timestamp": "2025-01-08T11:13:00.539126Z"}, {"uuid": "dcf3a25c-080a-4c84-b0ce-c6252640f58f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11423", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf7zxnzlxm2d", "content": "", "creation_timestamp": "2025-01-08T11:15:40.320463Z"}, {"uuid": "537de30b-55fe-4734-ba7a-536e7b191596", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11423", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfa43v4rfo2w", "content": "", "creation_timestamp": "2025-01-08T11:53:49.462227Z"}, {"uuid": "81dac053-4db4-4c05-9aee-e6d5563d386b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11423", "type": "seen", "source": "https://bsky.app/profile/gothburz.bsky.social/post/3lfbqnrjwik2y", "content": "", "creation_timestamp": "2025-01-09T03:34:23.579439Z"}, {"uuid": "081ea9b3-5b63-4625-a868-b97c89b8f5a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11423", "type": "seen", "source": "https://infosec.exchange/users/random_robbie/statuses/113826825965303615", "content": "", "creation_timestamp": "2025-01-14T12:58:47.468810Z"}, {"uuid": "dd12ccdb-c2b9-4449-89ff-afb810bb1e11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11425", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113842892528607736", "content": "", "creation_timestamp": "2025-01-17T09:04:43.888835Z"}, {"uuid": "a577ab78-1bb0-4f31-9dc2-75e2243a198e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11425", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfwhh2h46c2r", "content": "", "creation_timestamp": "2025-01-17T09:15:29.091773Z"}, {"uuid": "a4ecbb8f-8d36-4f77-b974-d0aa1e2d87b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11425", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfwizzv3q22g", "content": "", "creation_timestamp": "2025-01-17T09:44:00.006707Z"}, {"uuid": "d9b7ee17-1cbf-45d1-b185-34a2d22f9cc9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11425", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/113843982218783924", "content": "", "creation_timestamp": "2025-01-17T13:41:51.641141Z"}, {"uuid": "76066fd3-db16-42c4-a05d-8d2645e2d3b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11423", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lg7ad5jyvy2a", "content": "", "creation_timestamp": "2025-01-20T21:02:02.590203Z"}, {"uuid": "58198c50-2d84-44a4-90bb-27df9633f509", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11425", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-04", "content": "", "creation_timestamp": "2025-02-04T11:00:00.000000Z"}, {"uuid": "9a58fe99-8932-4963-929e-9cb1dc67ad3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11421", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ln42fpdyix2c", "content": "", "creation_timestamp": "2025-04-18T16:34:25.571383Z"}, {"uuid": "334a94a8-0c04-497f-9fea-34c09f940fce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11425", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2115", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11425\n\ud83d\udd39 Description: CWE-131: Incorrect Calculation of Buffer Size vulnerability exists that could cause Denial-of-Service of the\nproduct when an unauthenticated user is sending a crafted HTTPS packet to the webserver.\n\ud83d\udccf Published: 2025-01-17T09:00:32.335Z\n\ud83d\udccf Modified: 2025-01-17T09:00:32.335Z\n\ud83d\udd17 References:\n1. https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-014-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-014-01.pdf", "creation_timestamp": "2025-01-17T09:56:20.000000Z"}, {"uuid": "834d8d65-8fec-4fc4-a6eb-77138b90c018", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11423", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/693", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11423\n\ud83d\udd39 Description: The Ultimate Gift Cards for WooCommerce \u2013 Create WooCommerce Gift Cards, Gift Vouchers, Redeem & Manage Digital Gift Coupons. Offer Gift Certificates, Schedule Gift Cards, and Use Advance Coupons With Personalized Templates plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints such as /wp-json/gifting/recharge-giftcard in all versions up to, and including, 3.0.6. This makes it possible for unauthenticated attackers to recharge a gift card balance, without making a payment along with reducing gift card balances without purchasing anything.\n\ud83d\udccf Published: 2025-01-08T11:09:24.799Z\n\ud83d\udccf Modified: 2025-01-08T11:09:24.799Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/836884b5-f547-4f50-8a97-5d910d877e5e?source=cve\n2. https://plugins.trac.wordpress.org/changeset/3212554/woo-gift-cards-lite/trunk/includes/giftcard-redeem-api-addon.php\n3. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3208474%40woo-gift-cards-lite&new=3208474%40woo-gift-cards-lite&sfp_email=&sfph_mail=", "creation_timestamp": "2025-01-08T12:12:51.000000Z"}, {"uuid": "f37b57d3-83f0-448f-912e-b395133296f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11423", "type": "seen", "source": "https://t.me/cvedetector/14683", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11423 - WooCommerce Gift Cards Advanced Coupons Unauthorized Data Modification\", \n  \"Content\": \"CVE ID : CVE-2024-11423 \nPublished : Jan. 8, 2025, 11:15 a.m. | 42\u00a0minutes ago \nDescription : The Ultimate Gift Cards for WooCommerce \u2013 Create WooCommerce Gift Cards, Gift Vouchers, Redeem & Manage Digital Gift Coupons. Offer Gift Certificates, Schedule Gift Cards, and Use Advance Coupons With Personalized Templates plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints such as /wp-json/gifting/recharge-giftcard in all versions up to, and including, 3.0.6. This makes it possible for unauthenticated attackers to recharge a gift card balance, without making a payment along with reducing gift card balances without purchasing anything. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-08T13:18:10.000000Z"}, {"uuid": "46dee187-6c4d-46a1-b61b-dd095aa6db8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11425", "type": "seen", "source": "https://t.me/cvedetector/15692", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11425 - Apache Webserver Buffer Overflow Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11425 \nPublished : Jan. 17, 2025, 9:15 a.m. | 40\u00a0minutes ago \nDescription : CWE-131: Incorrect Calculation of Buffer Size vulnerability exists that could cause Denial-of-Service of the  \nproduct when an unauthenticated user is sending a crafted HTTPS packet to the webserver. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-17T10:56:16.000000Z"}, {"uuid": "8f93ade6-fd91-47e2-86b7-ca7bdacf724a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11427", "type": "seen", "source": "https://t.me/cvedetector/12700", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11427 - \"WordPress Catch Popup Stored Cross-Site Scripting Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-11427 \nPublished : Dec. 12, 2024, 4:15 a.m. | 36\u00a0minutes ago \nDescription : The Catch Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catch-popup' shortcode in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T06:17:37.000000Z"}, {"uuid": "cfa612b6-9f63-46cb-88e5-ecea16190dda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11422", "type": "seen", "source": "https://t.me/cvedetector/13111", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11422 - Autodesk Navisworks DWFX RCE\", \n  \"Content\": \"CVE ID : CVE-2024-11422 \nPublished : Dec. 17, 2024, 4:15 p.m. | 19\u00a0minutes ago \nDescription : A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-17T17:37:00.000000Z"}, {"uuid": "36931aaa-94c0-4986-b53c-1d16d358576f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11423", "type": "published-proof-of-concept", "source": "Telegram/7Mqw0CZUm1qIPt1F_gelWOs8kZmfdBYU-HTVnqqvQJce11k", "content": "", "creation_timestamp": "2025-01-08T22:00:05.000000Z"}, {"uuid": "7188b39a-eeda-4f5b-85d3-77722154d042", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11420", "type": "seen", "source": "https://t.me/cvedetector/12072", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11420 - The Blocksy theme for WordPress is vulnerable to S\", \n  \"Content\": \"CVE ID : CVE-2024-11420 \nPublished : Dec. 5, 2024, 10:31 a.m. | 1\u00a0hour, 10\u00a0minutes ago \nDescription : The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Info Block link parameter in all versions up to, and including, 2.0.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-05T12:50:40.000000Z"}, {"uuid": "4d5b1e97-6376-4acb-894a-56538fcc227f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11429", "type": "seen", "source": "https://t.me/cvedetector/12064", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11429 - The Free Responsive Testimonials, Social Proof Rev\", \n  \"Content\": \"CVE ID : CVE-2024-11429 \nPublished : Dec. 5, 2024, 6:15 a.m. | 24\u00a0minutes ago \nDescription : The Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews \u2013 Stars Testimonials plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'stars-testimonials-with-slider-and-masonry-grid' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-05T07:49:26.000000Z"}]}