{"vulnerability": "cve-2024-1202", "sightings": [{"uuid": "f42f08bb-b5f7-4541-864b-dbb93277401b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12028", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113605199851739398", "content": "", "creation_timestamp": "2024-12-06T09:36:21.757608Z"}, {"uuid": "583f27f1-186e-4a17-ae56-057cc649baa2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12027", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113605199837773929", "content": "", "creation_timestamp": "2024-12-06T09:36:21.805348Z"}, {"uuid": "ce072bbe-af62-4d3d-bf1a-fb76b800d9f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12026", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113609125984523478", "content": "", "creation_timestamp": "2024-12-07T02:14:49.655360Z"}, {"uuid": "79d66fbd-4e89-4e0f-a4e4-07ab85445016", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12025", "type": "seen", "source": "https://infosec.exchange/users/random_robbie/statuses/113680243429065741", "content": "", "creation_timestamp": "2024-12-19T15:40:55.436125Z"}, {"uuid": "fbe6a2d9-638a-4e28-9011-1d9b09d7c1d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12024", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113667467477451646", "content": "", "creation_timestamp": "2024-12-17T09:31:50.027282Z"}, {"uuid": "31621ab4-ae9b-4244-9048-9dac7c06982e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12024", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113667480582218226", "content": "", "creation_timestamp": "2024-12-17T09:35:09.989165Z"}, {"uuid": "cb491ef1-b3e4-4420-9d6b-babaa2a7d06e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12024", "type": "seen", "source": "https://social.circl.lu/users/vulnerability_lookup/statuses/113667616543118902", "content": "", "creation_timestamp": "2024-12-17T10:10:06.992966Z"}, {"uuid": "9be438e5-4318-41c6-9188-3935cb01a1fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12025", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113671721678348988", "content": "", "creation_timestamp": "2024-12-18T03:33:44.018454Z"}, {"uuid": "f5535626-db69-4a5d-9dcf-1bb1b86f2e57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12022", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113785005172029402", "content": "", "creation_timestamp": "2025-01-07T03:43:12.879819Z"}, {"uuid": "d38751c6-d140-4451-a9e6-2a9b5bcfacd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12022", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf4rzlokbh2f", "content": "", "creation_timestamp": "2025-01-07T04:15:35.175457Z"}, {"uuid": "41fbff28-c262-4c5d-814f-31976e32c372", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12025", "type": "seen", "source": "https://infosec.exchange/users/random_robbie/statuses/113783258487585133", "content": "", "creation_timestamp": "2025-01-06T20:19:00.442421Z"}, {"uuid": "ac9d16c4-7e5c-47b2-8451-4d2c79065d31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12029", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3likodpy6go25", "content": "", "creation_timestamp": "2025-02-19T21:02:31.658664Z"}, {"uuid": "4e88f721-31f9-4c9a-9a61-7ca8201c9e19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12020", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkei5xsxod2l", "content": "", "creation_timestamp": "2025-03-14T20:46:25.349872Z"}, {"uuid": "a7e62ac5-2594-4008-94f4-945b0f761a33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12029", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:11:06.000000Z"}, {"uuid": "4c073ad8-6df6-4567-9222-d5f1dd568707", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12029", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lksmhd4oyc2v", "content": "", "creation_timestamp": "2025-03-20T11:40:27.339433Z"}, {"uuid": "d5c2cb17-def4-447f-be99-620b68976909", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12029", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-19T02:34:22.000000Z"}, {"uuid": "596051e0-336a-4df6-9899-d98e1b749d4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12025", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3mimmlfjlkl22", "content": "", "creation_timestamp": "2026-04-03T21:02:35.395310Z"}, {"uuid": "90a71859-616c-49ad-9f32-0024190ac71f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12029", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/invokeai_rce_cve_2024_12029.rb", "content": "", "creation_timestamp": "2025-02-18T13:08:28.000000Z"}, {"uuid": "7e45c0d2-7b12-4dd8-94e9-934dea8744ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12029", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:02.000000Z"}, {"uuid": "233cd77f-182b-4539-948c-c63dd8219275", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12023", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14431", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12023\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: The FULL \u2013 Cliente plugin for WordPress is vulnerable to SQL Injection via the 'formId' parameter in all versions 3.1.5 to 3.1.25 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This is only exploitable when the PRO version of the plugin is activated, along with Elementor Pro and  Elementor CRM.\n\ud83d\udccf Published: 2025-05-02T03:21:19.928Z\n\ud83d\udccf Modified: 2025-05-02T03:21:19.928Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/86e990ae-6bfe-4f2b-8c37-b0675430a638?source=cve\n2. https://plugins.trac.wordpress.org/browser/full-customer/tags/3.1.26/app/controller/elementor-crm/Hooks.php#L181\n3. https://plugins.trac.wordpress.org/browser/full-customer/tags/3.1.25/app/controller/elementor-crm/Hooks.php#L181", "creation_timestamp": "2025-05-02T04:15:43.000000Z"}, {"uuid": "2080af7c-f7cc-4ed6-bd06-456daef34408", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12022", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/282", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12022\n\ud83d\udd39 Description: The WP Menu Image plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wmi_delete_img_menu' function in all versions up to, and including, 2.2. This makes it possible for unauthenticated attackers to delete images from menus.\n\ud83d\udccf Published: 2025-01-07T03:21:59.218Z\n\ud83d\udccf Modified: 2025-01-07T03:21:59.218Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/e96193c0-ddde-463b-a68e-672ab6f812c7?source=cve\n2. https://plugins.trac.wordpress.org/browser/wp-menu-image/trunk/init/wmi-functions.php#L126", "creation_timestamp": "2025-01-07T03:36:08.000000Z"}, {"uuid": "db343f91-a617-42b0-ad3c-34adf5dbcdd9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12029", "type": "seen", "source": "Telegram/yG0q3IpDztUHkWGWcBfSkFN1RblCcRFZP5pQldEwVfp_P8g", "content": "", "creation_timestamp": "2026-04-16T09:00:04.000000Z"}, {"uuid": "704593be-3695-4528-ae1d-d3111b3ea330", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12029", "type": "published-proof-of-concept", "source": "Telegram/z3TvDyHJ2ZNCRJ0X9w9PtwT_1v_yQk-ihtqyZcMIGAQJgDU", "content": "", "creation_timestamp": "2026-04-16T03:00:06.000000Z"}, {"uuid": "61d9e8e5-3db3-4b4c-a356-14bdb69dc2fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12029", "type": "published-proof-of-concept", "source": "Telegram/ZISkoB043557Xv37GGFJzYg7Y_iIJ-ZMm0BHFwXa3auXqi8", "content": "", "creation_timestamp": "2026-04-15T23:00:08.000000Z"}, {"uuid": "13d02d19-f535-4f27-a714-d86a29cd2c3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12021", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9661", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12021\n\ud83d\udd25 CVSS Score: 8.5 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: Coverity versions prior to 2024.9.0 are vulnerable to stored cross-site scripting (XSS) in various administrative interfaces. The impact of exploitation may result in the compromise of local accounts managed by the Coverity platform as well as other standard impacts resulting from cross-site scripting.\n\ud83d\udccf Published: 2025-03-31T14:00:20.216Z\n\ud83d\udccf Modified: 2025-03-31T14:00:20.216Z\n\ud83d\udd17 References:\n1. https://community.blackduck.com/s/article/Black-Duck-Product-Security-Advisory-CVE-2024-12021", "creation_timestamp": "2025-03-31T14:32:10.000000Z"}, {"uuid": "643f5442-74c1-4eb5-88e8-4b53c486a290", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12029", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8217", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12029\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: A remote code execution vulnerability exists in invoke-ai/invokeai versions 5.3.1 through 5.4.2 via the /api/v2/models/install API. The vulnerability arises from unsafe deserialization of model files using torch.load without proper validation. Attackers can exploit this by embedding malicious code in model files, which is executed upon loading. This issue is fixed in version 5.4.3.\n\ud83d\udccf Published: 2025-03-20T10:08:45.570Z\n\ud83d\udccf Modified: 2025-03-20T14:33:03.024Z\n\ud83d\udd17 References:\n1. https://huntr.com/bounties/9b790f94-1b1b-4071-bc27-78445d1a87a3\n2. https://github.com/invoke-ai/invokeai/commit/756008dc5899081c5aa51e5bd8f24c1b3975a59e", "creation_timestamp": "2025-03-20T15:18:31.000000Z"}, {"uuid": "f1c48243-893f-4cfe-a155-a653eb6e617a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12029", "type": "published-proof-of-concept", "source": "https://t.me/information_security_channel/53868", "content": "CVE-2024-12029 \u2013 InvokeAI Deserialization of Untrusted Data vulnerability\nhttps://www.offsec.com/blog/cve-2024-12029/\n\nCVE-2024-12029: A critical deserialization vulnerability in InvokeAI's /api/v2/models/install endpoint allows remote code execution via malicious model files. Exploit risk for AI art servers.\nThe post CVE-2024-12029 \u2013 InvokeAI Deserialization of Untrusted Data vulnerability (https://www.offsec.com/blog/cve-2024-12029/) appeared first on OffSec (https://www.offsec.com/).", "creation_timestamp": "2025-07-17T18:03:20.000000Z"}, {"uuid": "790576ab-cefa-44c4-82b7-91598e7f1126", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12020", "type": "seen", "source": "https://t.me/cvedetector/20338", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12020 - LogicalDOC Enterprise Reflected Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-12020 \nPublished : March 14, 2025, 6:15 p.m. | 1\u00a0hour, 22\u00a0minutes ago \nDescription : There is a reflected cross-site scripting (XSS) within JSP files used to control application appearance. An unauthenticated attacker could deceive a user into clicking a crafted link to trigger the vulnerability.\u00a0Stealing the session cookie is not possible due to cookie security flags, however the XSS may be used to induce a victim to perform on-site requests without their knowledge.  \n  \nThis vulnerability only affects LogicalDOC Enterprise. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-14T20:53:50.000000Z"}, {"uuid": "9434896f-1fa1-4563-93cb-4b5ded708e07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12021", "type": "seen", "source": "https://t.me/cvedetector/21594", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12021 - Coverity Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12021 \nPublished : March 31, 2025, 2:15 p.m. | 39\u00a0minutes ago \nDescription : Coverity versions prior to 2024.9.0 are vulnerable to stored cross-site scripting (XSS) in various administrative interfaces. The impact of exploitation may result in the compromise of local accounts managed by the Coverity platform as well as other standard impacts resulting from cross-site scripting. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-31T17:31:36.000000Z"}, {"uuid": "2a443c14-0491-4c6b-9a52-e0a4de7459e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12022", "type": "seen", "source": "https://t.me/cvedetector/14443", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12022 - WordPress Menu Image Unauthorized Data Modification Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12022 \nPublished : Jan. 7, 2025, 4:15 a.m. | 39\u00a0minutes ago \nDescription : The WP Menu Image plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wmi_delete_img_menu' function in all versions up to, and including, 2.2. This makes it possible for unauthenticated attackers to delete images from menus. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-07T06:19:57.000000Z"}, {"uuid": "f5da81a2-256a-4022-a786-16f518c01762", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12026", "type": "seen", "source": "https://t.me/cvedetector/12305", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12026 - The Message Filter for Contact Form 7 plugin for W\", \n  \"Content\": \"CVE ID : CVE-2024-12026 \nPublished : Dec. 7, 2024, 2:15 a.m. | 37\u00a0minutes ago \nDescription : The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveFilter() function in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create new filters. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-07T04:10:46.000000Z"}, {"uuid": "f81af4dc-057f-4bf1-809e-463ef109f1f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12024", "type": "seen", "source": "https://t.me/cvedetector/13079", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12024 - EventPrime \u2013 WordPress Events Calendar, Bookings and Tickets Persistent Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12024 \nPublished : Dec. 17, 2024, 10:15 a.m. | 23\u00a0minutes ago \nDescription : The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the em_ticket_category_data and em_ticket_individual_data parameters in all versions up to, and including, 4.0.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an administrative user accesses an injected page.  \nNote: this vulnerability requires the \"Guest Submissions\" setting to be enabled. It is disabled by default. \nSeverity: 7.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-17T11:45:46.000000Z"}, {"uuid": "b0bbde81-b87f-4de2-837b-c5f53caa8a96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12025", "type": "seen", "source": "https://t.me/cvedetector/13153", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12025 - WordPress Collapsing Categories SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-12025 \nPublished : Dec. 18, 2024, 4:15 a.m. | 43\u00a0minutes ago \nDescription : The Collapsing Categories plugin for WordPress is vulnerable to SQL Injection via the 'taxonomy' parameter of the /wp-json/collapsing-categories/v1/get REST API in all versions up to, and including, 3.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-18T06:09:50.000000Z"}, {"uuid": "d31d1965-7770-4077-be53-12cff04cfb05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12028", "type": "seen", "source": "https://t.me/cvedetector/12186", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12028 - The Friends plugin for WordPress is vulnerable to\", \n  \"Content\": \"CVE ID : CVE-2024-12028 \nPublished : Dec. 6, 2024, 9:15 a.m. | 19\u00a0minutes ago \nDescription : The Friends plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to send arbitrary friend requests on behalf of another website, accept the friend request for the targeted website, and then communicate with the site as an accepted friend. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-06T10:36:02.000000Z"}, {"uuid": "63b06a62-b94d-4803-b572-f80525cb4bc9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12027", "type": "seen", "source": "https://t.me/cvedetector/12185", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12027 - The Message Filter for Contact Form 7 plugin for W\", \n  \"Content\": \"CVE ID : CVE-2024-12027 \nPublished : Dec. 6, 2024, 9:15 a.m. | 19\u00a0minutes ago \nDescription : The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateFilter() and deleteFilter() functions in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to update and delete filters. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-06T10:36:01.000000Z"}, {"uuid": "01e5750e-da25-4ef7-a6bd-53402874d47b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12029", "type": "published-proof-of-concept", "source": "Telegram/TH2kPKxkcvQyb1m-8snBxNJYC7rG2GntpZED8loGES4uw-U", "content": "", "creation_timestamp": "2025-02-20T20:00:06.000000Z"}, {"uuid": "d1b00728-9908-479c-b4e2-6f7e5840e2ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12023", "type": "seen", "source": "https://t.me/cvedetector/24324", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12023 - \"Elementor CRM FULL Cliente SQL Injection Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-12023 \nPublished : May 2, 2025, 4:15 a.m. | 33\u00a0minutes ago \nDescription : The FULL \u2013 Cliente plugin for WordPress is vulnerable to SQL Injection via the 'formId' parameter in all versions 3.1.5 to 3.1.25 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This is only exploitable when the PRO version of the plugin is activated, along with Elementor Pro and  Elementor CRM. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-02T07:34:51.000000Z"}]}