{"vulnerability": "cve-2024-12205", "sightings": [{"uuid": "4cb24648-4723-4e01-be40-321787571d14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12205", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113790854151442414", "content": "", "creation_timestamp": "2025-01-08T04:30:41.469353Z"}, {"uuid": "e2cdf97e-e740-48c1-8683-9e6ad7e2b7e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12205", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf7ftn3rfu2i", "content": "", "creation_timestamp": "2025-01-08T05:15:29.613357Z"}, {"uuid": "134e6ee5-f245-482f-bf9e-46b12d441c43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12205", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf7h4ou33n2k", "content": "", "creation_timestamp": "2025-01-08T05:38:32.381824Z"}, {"uuid": "4c9d7823-403d-41d8-a14f-b8cdd1f6e65a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12205", "type": "seen", "source": "https://t.me/cvedetector/14654", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-12205 - \"Themesflat Addons for Elementor Stored Cross-Site Scripting Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-12205 \nPublished : Jan. 8, 2025, 5:15 a.m. | 21\u00a0minutes ago \nDescription : The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the TF E Slider Widget in all versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-08T06:37:08.000000Z"}, {"uuid": "ffe10344-5f28-4b89-a562-9c22fc40b0a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-12205", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/641", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-12205\n\ud83d\udd39 Description: The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the TF E Slider Widget in all versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-01-08T04:17:58.274Z\n\ud83d\udccf Modified: 2025-01-08T04:17:58.274Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/45c6c041-91b0-4abe-ba72-ec1251651fdb?source=cve\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3215859%40themesflat-addons-for-elementor&new=3215859%40themesflat-addons-for-elementor&sfp_email=&sfph_mail=", "creation_timestamp": "2025-01-08T04:38:42.000000Z"}]}