{"vulnerability": "cve-2024-1190", "sightings": [{"uuid": "593fe09e-616e-40ac-ba21-55c900e5d539", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11903", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113593482736206767", "content": "", "creation_timestamp": "2024-12-04T07:56:32.487928Z"}, {"uuid": "136580f2-1717-44ad-9b86-b9f40c6d4bb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11904", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113609125955564886", "content": "", "creation_timestamp": "2024-12-07T02:14:49.088305Z"}, {"uuid": "d38b0d9e-3f5a-4ef9-945d-bc6020171b60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11901", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113637925631177383", "content": "", "creation_timestamp": "2024-12-12T04:18:57.422621Z"}, {"uuid": "d373126f-6e60-4aa8-b007-8d97f4d7007c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11900", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113665111722538368", "content": "", "creation_timestamp": "2024-12-16T23:32:44.004343Z"}, {"uuid": "46117427-ea72-4f3d-b5b3-5beaf9db4922", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11902", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113665111737557669", "content": "", "creation_timestamp": "2024-12-16T23:32:44.226673Z"}, {"uuid": "0244dd4c-3567-4a8e-b07c-1ee557735efe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11905", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113665111752100329", "content": "", "creation_timestamp": "2024-12-16T23:32:44.659957Z"}, {"uuid": "4fce9f01-66aa-4dfc-9e3d-fc0850bdac45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11906", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113665111766370042", "content": "", "creation_timestamp": "2024-12-16T23:32:44.932567Z"}, {"uuid": "2b452151-9c70-4f12-adf5-2f6d1d04c37b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11907", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfckgg5jsv27", "content": "", "creation_timestamp": "2025-01-09T11:15:35.414334Z"}, {"uuid": "450b7ebf-4f5e-471a-a603-99edc1610ea5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11907", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113798164145069141", "content": "", "creation_timestamp": "2025-01-09T11:29:42.916730Z"}, {"uuid": "56d68bfa-7227-4f42-bef7-bf8b35315bf8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11904", "type": "seen", "source": "https://t.me/cvedetector/12303", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11904 - The \ucf54\ub4dc\uc5e0\uc0f5 \uc18c\uc15c\ud1a1 plugin for WordPress is vulnerable to\", \n  \"Content\": \"CVE ID : CVE-2024-11904 \nPublished : Dec. 7, 2024, 2:15 a.m. | 37\u00a0minutes ago \nDescription : The \ucf54\ub4dc\uc5e0\uc0f5 \uc18c\uc15c\ud1a1 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'msntt_add_plus_talk' shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-07T04:10:44.000000Z"}, {"uuid": "96229708-287d-4bb9-b859-d2bf62863a58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11907", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/939", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11907\n\ud83d\udd39 Description: The Skyword API Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'skyword_iframe' shortcode in all versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-01-09T11:10:59.760Z\n\ud83d\udccf Modified: 2025-01-09T11:10:59.760Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/615eb349-c5ed-4b6e-bd60-b92b8790427f?source=cve\n2. https://plugins.trac.wordpress.org/browser/skyword-plugin/trunk/php/class-skyword-shortcode.php#L93\n3. https://wordpress.org/plugins/skyword-plugin/", "creation_timestamp": "2025-01-09T12:16:11.000000Z"}, {"uuid": "9db9dcf3-ff16-4f74-a45e-6fb4e8716807", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11906", "type": "seen", "source": "https://t.me/cvedetector/13056", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11906 - WordPress TPG Get Posts Stored Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-11906 \nPublished : Dec. 17, 2024, 12:15 a.m. | 23\u00a0minutes ago \nDescription : The TPG Get Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tpg_get_posts' shortcode in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-17T01:44:09.000000Z"}, {"uuid": "73a7e195-27f4-4991-93fe-6a92ed8f7ebf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11900", "type": "seen", "source": "https://t.me/cvedetector/13059", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11900 - WordPress Portfolio \u2013 Filterable Masonry Portfolio Gallery Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11900 \nPublished : Dec. 17, 2024, 12:15 a.m. | 23\u00a0minutes ago \nDescription : The Portfolio \u2013 Filterable Masonry Portfolio Gallery for Professionals plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'portfolio-pro' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-17T01:44:11.000000Z"}, {"uuid": "2cc646cd-360e-447f-86f9-09299dbceb89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11902", "type": "seen", "source": "https://t.me/cvedetector/13058", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11902 - WordPress Slope Widgets Stored Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-11902 \nPublished : Dec. 17, 2024, 12:15 a.m. | 23\u00a0minutes ago \nDescription : The Slope Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slope-reservations' shortcode in all versions up to, and including, 4.2.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-17T01:44:10.000000Z"}, {"uuid": "8e9eef4d-63c8-41c2-ae00-969c8840cad8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11905", "type": "seen", "source": "https://t.me/cvedetector/13057", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11905 - WordPress Animated Counters Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11905 \nPublished : Dec. 17, 2024, 12:15 a.m. | 23\u00a0minutes ago \nDescription : The Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animatedcounte' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-17T01:44:09.000000Z"}, {"uuid": "675293e2-8f70-4c20-9224-75bc7a8df9ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11901", "type": "seen", "source": "https://t.me/cvedetector/12696", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11901 - PowerBI Embed Reports Stored Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-11901 \nPublished : Dec. 12, 2024, 4:15 a.m. | 36\u00a0minutes ago \nDescription : The PowerBI Embed Reports plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'MO_API_POWER_BI' shortcode in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-12T06:17:31.000000Z"}, {"uuid": "6c0dcf85-276c-42f7-8b31-fa7ce177db7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11903", "type": "seen", "source": "https://t.me/cvedetector/11960", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11903 - The WP eCards plugin for WordPress is vulnerable t\", \n  \"Content\": \"CVE ID : CVE-2024-11903 \nPublished : Dec. 4, 2024, 8:15 a.m. | 44\u00a0minutes ago \nDescription : The WP eCards plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ecard' shortcode in all versions up to, and including, 1.3.904 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-04T10:03:44.000000Z"}, {"uuid": "301a8cf8-e345-4fa3-b495-cb98d0845866", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1190", "type": "seen", "source": "https://t.me/ctinow/192680", "content": "https://ift.tt/TvlGRDQ\nCVE-2024-1190 | Global Scape CuteFTP 9.3.0.3 Host/Username/Password denial of service", "creation_timestamp": "2024-02-24T18:51:13.000000Z"}, {"uuid": "3249bc60-8612-4aed-8f08-474c2a4d1d49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1190", "type": "seen", "source": "https://t.me/ctinow/178259", "content": "https://ift.tt/Fb0RxMG\nCVE-2024-1190", "creation_timestamp": "2024-02-02T20:31:19.000000Z"}]}