{"vulnerability": "cve-2024-1337", "sightings": [{"uuid": "5feb8f88-e31d-4a17-9ddb-2ae2f6a14b04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13377", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113843027326954874", "content": "", "creation_timestamp": "2025-01-17T09:39:00.838118Z"}, {"uuid": "ed38955c-1b5c-41d4-8def-d125aeecc07c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13378", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113843027342736901", "content": "", "creation_timestamp": "2025-01-17T09:39:01.100288Z"}, {"uuid": "19e75acc-9697-47cd-a7d8-6e6f0b09597e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13377", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfwksgwkbk2e", "content": "", "creation_timestamp": "2025-01-17T10:15:32.354607Z"}, {"uuid": "fb01186e-2a9d-4530-b0e9-41ce51b922ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13378", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfwksj25tx2j", "content": "", "creation_timestamp": "2025-01-17T10:15:34.585536Z"}, {"uuid": "53a009b0-46ff-4b97-8b2d-7bbf6fb6c706", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13378", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfwmoeww4h2i", "content": "", "creation_timestamp": "2025-01-17T10:49:04.248940Z"}, {"uuid": "a3f6a740-b620-47d5-800c-8383f79c252c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13377", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfwmof2dpt25", "content": "", "creation_timestamp": "2025-01-17T10:49:04.777976Z"}, {"uuid": "88483e5c-e624-4b90-a67f-c0876394b994", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13375", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113848420106026783", "content": "", "creation_timestamp": "2025-01-18T08:30:28.077231Z"}, {"uuid": "a90416bd-dedb-4e80-960d-e609389c8f3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13375", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfyzapjh4l2i", "content": "", "creation_timestamp": "2025-01-18T09:39:23.280835Z"}, {"uuid": "ba8b10b7-9611-42fe-b14d-a7f6552b1be7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13375", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfyzapsvy72e", "content": "", "creation_timestamp": "2025-01-18T09:39:24.411409Z"}, {"uuid": "b3e49a46-2d47-434f-8c4f-6554bb333a82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13375", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113848726407319440", "content": "", "creation_timestamp": "2025-01-18T09:48:25.698189Z"}, {"uuid": "114dbb32-6955-4619-bb49-327b364bb2c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13375", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lg4snhtgdz2i", "content": "", "creation_timestamp": "2025-01-19T21:51:54.162864Z"}, {"uuid": "8c2589c0-758c-4225-8ac9-88e3e67b41c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13375", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lg7ad6iapl27", "content": "", "creation_timestamp": "2025-01-20T21:02:10.599021Z"}, {"uuid": "11b24dde-0cbe-4dcf-87cc-bbc89c37ccd0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13370", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113887931279618237", "content": "", "creation_timestamp": "2025-01-25T07:58:40.711440Z"}, {"uuid": "1f08cc5c-f5a2-4cc3-acf6-85850d23542a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13372", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lh433t6ha62e", "content": "", "creation_timestamp": "2025-02-01T08:15:37.548440Z"}, {"uuid": "cc8cea27-6e2a-4bcb-99d4-cf3648e0bdf3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13371", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lh433q7xnr2j", "content": "", "creation_timestamp": "2025-02-01T08:15:34.794099Z"}, {"uuid": "60d65642-d2ec-4b1e-a6c9-4d5cb2a63961", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13371", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lh4gsncoaz2r", "content": "", "creation_timestamp": "2025-02-01T11:45:14.468011Z"}, {"uuid": "533a9407-5fcd-44b7-a962-a4ebb4a4b581", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13372", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lh4gsnvbsg2u", "content": "", "creation_timestamp": "2025-02-01T11:45:17.290156Z"}, {"uuid": "8473b07c-2b4c-4e62-b668-abc16085e8fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13374", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113989286165533122", "content": "", "creation_timestamp": "2025-02-12T05:34:33.591709Z"}, {"uuid": "c52b65b8-dad1-4245-b53d-21f9403882e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13373", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114086542262965907", "content": "", "creation_timestamp": "2025-03-01T09:48:03.992608Z"}, {"uuid": "4e43481f-f8db-48fd-bdef-4f9e3b17a2ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13374", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhxjknunc52a", "content": "", "creation_timestamp": "2025-02-12T06:16:21.255807Z"}, {"uuid": "11413f1a-015f-40f6-84b1-406f72909460", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13376", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114159682348532537", "content": "", "creation_timestamp": "2025-03-14T07:48:34.968795Z"}, {"uuid": "4cc41933-ece2-4071-9009-4c4a5d42392d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1337", "type": "seen", "source": "https://gist.github.com/alon710/6eca4037be86e75855719d48f741002d", "content": "", "creation_timestamp": "2026-01-24T22:43:35.000000Z"}, {"uuid": "b3e77670-c04e-4e16-9cd3-ac4c0aad0ea7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13379", "type": "seen", "source": "https://t.me/cvedetector/18627", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13379 - WordPress C9 Admin Dashboard Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13379 \nPublished : Feb. 21, 2025, 4:15 a.m. | 1\u00a0hour, 40\u00a0minutes ago \nDescription : The C9 Admin Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-21T07:14:43.000000Z"}, {"uuid": "c59ccf2b-bb75-450c-a391-39e1e4dfa5e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13373", "type": "seen", "source": "https://t.me/cvedetector/19225", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13373 - Exertio Framework WordPress Password Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13373 \nPublished : March 1, 2025, 7:15 a.m. | 1\u00a0hour, 31\u00a0minutes ago \nDescription : The Exertio Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.1. This is due to the plugin not properly validating a user's identity prior to updating their password through the fl_forgot_pass_new() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account. \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-01T10:35:41.000000Z"}, {"uuid": "753f3a54-2a03-458c-90c1-05abddf4b58c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13374", "type": "seen", "source": "https://t.me/cvedetector/17812", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13374 - WordPress Table Manager Unauthenticated Directory Traversal\", \n  \"Content\": \"CVE ID : CVE-2024-13374 \nPublished : Feb. 12, 2025, 6:15 a.m. | 26\u00a0minutes ago \nDescription : The WP Table Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on thewptm_getFolders AJAX action in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read arbitrary file names and directories. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-12T08:30:22.000000Z"}, {"uuid": "eaa179ca-0816-45a7-9d04-0525e83dbfc8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13373", "type": "seen", "source": "Telegram/FNAUweDxS0rq3tXYE_HNTu0nsFH5FIBbsCUd6h7t_2fwz_ch", "content": "", "creation_timestamp": "2025-03-02T11:46:31.000000Z"}, {"uuid": "fb5274c2-706c-4387-8c49-c92242292460", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13378", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2113", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13378\n\ud83d\udd39 Description: The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018style_settings\u2019 parameter in versions 2.9.0.1 up to, and including, 2.9.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The attack is only successful in the Chrome web browser, and requires directly browsing the media file via the attachment post.\n\ud83d\udccf Published: 2025-01-17T09:36:39.054Z\n\ud83d\udccf Modified: 2025-01-17T09:36:39.054Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/f884ea43-e1a5-4b44-8a24-f68f71b0fcfb?source=cve\n2. https://docs.gravityforms.com/gravityforms-change-log/", "creation_timestamp": "2025-01-17T09:56:18.000000Z"}, {"uuid": "6e72ba67-5ef2-4560-90fa-252d726ca86b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13377", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2114", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13377\n\ud83d\udd39 Description: The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018alt\u2019 parameter in all versions up to, and including, 2.9.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-01-17T09:36:38.486Z\n\ud83d\udccf Modified: 2025-01-17T09:36:38.486Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/03623f00-2c3c-4590-92fe-a5eaac15b944?source=cve\n2. https://docs.gravityforms.com/gravityforms-change-log/", "creation_timestamp": "2025-01-17T09:56:19.000000Z"}, {"uuid": "a48bf132-7878-46a4-a9a9-0aca8411fd0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13371", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3747", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13371\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-01T08:15:08.567\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://gist.github.com/g1-nhantv/31b04bc057046ecc54c3552387eb7bca\n2. https://plugins.trac.wordpress.org/changeset/3229608/wp-job-portal/tags/2.2.7/modules/jobapply/model.php?old=3216415&old_path=wp-job-portal%2Ftags%2F2.2.6%2Fmodules%2Fjobapply%2Fmodel.php\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/a84a4c56-a44e-450d-91fc-024f8ddeedee?source=cve", "creation_timestamp": "2025-02-01T09:26:04.000000Z"}, {"uuid": "8b84499a-e0fc-47cb-a7c6-349734c80024", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13375", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2291", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13375\n\ud83d\udd39 Description: The Adifier System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.1.7. This is due to the plugin not properly validating a user's identity prior to updating their details like password through the adifier_recover() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.\n\ud83d\udccf Published: 2025-01-18T08:26:39.825Z\n\ud83d\udccf Modified: 2025-01-18T08:26:39.825Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/fbf2aeed-0f18-4ef6-aff8-9e8c4531d789?source=cve\n2. https://themeforest.net/item/adifier-classified-ads-wordpress-theme/21633950", "creation_timestamp": "2025-01-18T08:58:13.000000Z"}, {"uuid": "095cc23c-8fec-4d97-8e45-053ca6062451", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13374", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4017", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13374\n\ud83d\udd25 CVSS Score: 4.2 (CVSS_V3)\n\ud83d\udd39 Description: The WP Table Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on thewptm_getFolders AJAX action in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read arbitrary file names and directories.\n\ud83d\udccf Published: 2025-02-12T06:30:33Z\n\ud83d\udccf Modified: 2025-02-12T06:30:33Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13374\n2. https://www.joomunited.com/wordpress-products/wp-table-manager\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/128bc7ee-9763-415f-b726-0e63d4b62271?source=cve", "creation_timestamp": "2025-02-12T07:09:34.000000Z"}, {"uuid": "0b9824bc-1014-4ae1-b89b-6614b5f9d3bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13370", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3052", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13370\n\ud83d\udd39 Description: The Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the save_addon_key_license() function in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options to a value of a valid license key.\n\ud83d\udccf Published: 2025-01-25T07:24:19.893Z\n\ud83d\udccf Modified: 2025-01-25T07:24:19.893Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/f234d676-86ac-47ab-b8b3-b0459cbb4538?source=cve\n2. https://plugins.trac.wordpress.org/browser/youzify/tags/1.3.2/includes/admin/class-youzify-admin.php?desc=1#L1348", "creation_timestamp": "2025-01-25T08:05:27.000000Z"}, {"uuid": "c596348e-9384-463e-aca4-8c090d4758c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13371", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3762", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13371\n\ud83d\udd25 CVSS Score: 5.3 (CVSS_V3)\n\ud83d\udd39 Description: The WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized arbitrary emails sending due to a missing capability check on the sendEmailToJobSeeker() function in all versions up to, and including, 2.2.6. This makes it possible for unauthenticated attackers to send arbitrary emails with arbitrary content from the sites mail server.\n\ud83d\udccf Published: 2025-02-01T09:30:28Z\n\ud83d\udccf Modified: 2025-02-01T09:30:28Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13371\n2. https://gist.github.com/g1-nhantv/31b04bc057046ecc54c3552387eb7bca\n3. https://plugins.trac.wordpress.org/changeset/3229608/wp-job-portal/tags/2.2.7/modules/jobapply/model.php?old=3216415&old_path=wp-job-portal%2Ftags%2F2.2.6%2Fmodules%2Fjobapply%2Fmodel.php\n4. https://www.wordfence.com/threat-intel/vulnerabilities/id/a84a4c56-a44e-450d-91fc-024f8ddeedee?source=cve", "creation_timestamp": "2025-02-01T10:15:54.000000Z"}, {"uuid": "61553da3-d27e-4bf3-88b9-e929b87a4e00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13372", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3746", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13372\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-01T08:15:09.020\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/changeset/3229608/wp-job-portal/tags/2.2.7/modules/resume/controller.php?old=3216415&old_path=wp-job-portal%2Ftags%2F2.2.6%2Fmodules%2Fresume%2Fcontroller.php\n2. https://www.wordfence.com/threat-intel/vulnerabilities/id/e00e65ba-db58-4d13-8cb3-c4d62a2553fb?source=cve", "creation_timestamp": "2025-02-01T09:26:03.000000Z"}, {"uuid": "20c1a0c2-f5c0-4c19-a768-a903595c97d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13372", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3757", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13372\n\ud83d\udd25 CVSS Score: 5.3 (CVSS_V3)\n\ud83d\udd39 Description: The WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the getresumefiledownloadbyid() and getallresumefiles() functions due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to download users resumes without the appropriate authorization to do so.\n\ud83d\udccf Published: 2025-02-01T09:30:28Z\n\ud83d\udccf Modified: 2025-02-01T09:30:28Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13372\n2. https://plugins.trac.wordpress.org/changeset/3229608/wp-job-portal/tags/2.2.7/modules/resume/controller.php?old=3216415&old_path=wp-job-portal%2Ftags%2F2.2.6%2Fmodules%2Fresume%2Fcontroller.php\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/e00e65ba-db58-4d13-8cb3-c4d62a2553fb?source=cve", "creation_timestamp": "2025-02-01T10:15:47.000000Z"}, {"uuid": "1b148954-92d3-4ffb-bd8c-29b1bda0aefa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13379", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4849", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13379\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The C9 Admin Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.\n\ud83d\udccf Published: 2025-02-21T03:21:21.080Z\n\ud83d\udccf Modified: 2025-02-21T03:21:21.080Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/88f4af1b-5e3c-4129-93c3-4f368bd2b0db?source=cve\n2. https://plugins.trac.wordpress.org/browser/c9-admin-dashboard/trunk/c9-admin.php#L51\n3. https://plugins.trac.wordpress.org/browser/c9-admin-dashboard/trunk/c9-admin.php#L59\n4. https://wordpress.org/plugins/c9-admin-dashboard/#developers", "creation_timestamp": "2025-02-21T04:19:51.000000Z"}, {"uuid": "279af1de-c6bb-44e8-9da8-148501bd000f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13374", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4037", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13374\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-12T06:15:19.303\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://www.joomunited.com/wordpress-products/wp-table-manager\n2. https://www.wordfence.com/threat-intel/vulnerabilities/id/128bc7ee-9763-415f-b726-0e63d4b62271?source=cve", "creation_timestamp": "2025-02-12T07:13:40.000000Z"}, {"uuid": "1dca1b06-0e78-4db0-aa38-fe42c2a12c1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13373", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6057", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13373\n\ud83d\udd25 CVSS Score: 8.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The Exertio Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.1. This is due to the plugin not properly validating a user's identity prior to updating their password through the fl_forgot_pass_new() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.\n\ud83d\udccf Published: 2025-03-01T06:39:27.540Z\n\ud83d\udccf Modified: 2025-03-01T06:39:27.540Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/897ce9a9-8b3e-40bc-9815-c55cc7a838f9?source=cve\n2. https://themeforest.net/item/exertio-freelance-marketplace-wordpress-theme/30602587", "creation_timestamp": "2025-03-01T07:27:01.000000Z"}, {"uuid": "9b72f727-44c0-4983-a753-ba813d30f0d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13376", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7532", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13376\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The Industrial theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the _ajax_get_total_content_import_items() function in all versions up to, and including, 1.7.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.\n\ud83d\udccf Published: 2025-03-14T05:24:03.652Z\n\ud83d\udccf Modified: 2025-03-14T05:24:03.652Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/e25ca990-eee1-4f72-b543-7a65bc4855a8?source=cve\n2. https://themeforest.net/item/industrial-manufacturing-wordpress-theme/15776179", "creation_timestamp": "2025-03-14T05:46:51.000000Z"}, {"uuid": "c62d648a-3bf6-41d2-99e6-8a7994e67e74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13370", "type": "seen", "source": "https://t.me/cvedetector/16374", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13370 - Youzify \u2013 BuddyPress Unauthenticated License Key Option Update Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13370 \nPublished : Jan. 25, 2025, 8:15 a.m. | 42\u00a0minutes ago \nDescription : The Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the save_addon_key_license() function in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options to a value of a valid license key. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-25T10:28:52.000000Z"}, {"uuid": "e3e6c7f8-15cf-4c0e-8651-9c8dbe183baa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13370", "type": "seen", "source": "Telegram/3Lb6qUirsDaCqmtdLjATvMuXb9dsIybW9xhZ-XxT-KXkr-n3", "content": "", "creation_timestamp": "2025-02-06T02:42:29.000000Z"}, {"uuid": "06ccf5d9-1b45-4ae5-b1e9-2214b4f32ffb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13376", "type": "seen", "source": "https://t.me/cvedetector/20268", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13376 - WordPress Industrial Theme Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13376 \nPublished : March 14, 2025, 6:15 a.m. | 27\u00a0minutes ago \nDescription : The Industrial theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the _ajax_get_total_content_import_items() function in all versions up to, and including, 1.7.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-14T08:20:49.000000Z"}, {"uuid": "c03d2275-93cc-498a-80ad-b3ed1faa9ff4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13372", "type": "seen", "source": "https://t.me/cvedetector/17009", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13372 - WordPress WP Job Portal Insecure Direct Object Reference\", \n  \"Content\": \"CVE ID : CVE-2024-13372 \nPublished : Feb. 1, 2025, 8:15 a.m. | 23\u00a0minutes ago \nDescription : The WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the getresumefiledownloadbyid() and getallresumefiles() functions due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to download users resumes without the appropriate authorization to do so. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-01T09:47:52.000000Z"}, {"uuid": "6c17cccf-a21f-41db-9b11-c1b2077448cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13371", "type": "seen", "source": "https://t.me/cvedetector/17011", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13371 - WordPress Job Portal - Mail Server Email Sending Remote Code Execution\", \n  \"Content\": \"CVE ID : CVE-2024-13371 \nPublished : Feb. 1, 2025, 8:15 a.m. | 23\u00a0minutes ago \nDescription : The WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized arbitrary emails sending due to a missing capability check on the sendEmailToJobSeeker() function in all versions up to, and including, 2.2.6. This makes it possible for unauthenticated attackers to send arbitrary emails with arbitrary content from the sites mail server. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-01T09:47:53.000000Z"}, {"uuid": "cb0fd9b7-88e7-4952-a7a4-143c0a52f29e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13379", "type": "seen", "source": "Telegram/X3VsAfpXZlCWA5aAlVWjEBf6KNADaf-jnfwNVB--L6TKYUH6", "content": "", "creation_timestamp": "2025-02-21T08:03:23.000000Z"}, {"uuid": "8c37bda6-8054-434a-8aca-dff4006e66a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13375", "type": "seen", "source": "https://t.me/cvedetector/15799", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13375 - \"Adifier System WordPress Plugin Authentication Bypass\"\", \n  \"Content\": \"CVE ID : CVE-2024-13375 \nPublished : Jan. 18, 2025, 9:15 a.m. | 42\u00a0minutes ago \nDescription : The Adifier System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.1.7. This is due to the plugin not properly validating a user's identity prior to updating their details like password through the adifier_recover() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-18T11:13:06.000000Z"}, {"uuid": "b5dfd7c2-c9f6-4737-8698-8418275372de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13378", "type": "seen", "source": "https://t.me/cvedetector/15697", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13378 - \"Gravity Forms Stored Cross-Site Scripting Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-13378 \nPublished : Jan. 17, 2025, 10:15 a.m. | 22\u00a0minutes ago \nDescription : The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018style_settings\u2019 parameter in versions 2.9.0.1 up to, and including, 2.9.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The attack is only successful in the Chrome web browser, and requires directly browsing the media file via the attachment post. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-17T11:46:28.000000Z"}, {"uuid": "a74b2caf-cba9-4d3b-a383-1fbbaf9cd384", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13377", "type": "seen", "source": "https://t.me/cvedetector/15696", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13377 - \"Gravity Forms Stored Cross-Site Scripting (XSS)\"\", \n  \"Content\": \"CVE ID : CVE-2024-13377 \nPublished : Jan. 17, 2025, 10:15 a.m. | 22\u00a0minutes ago \nDescription : The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018alt\u2019 parameter in all versions up to, and including, 2.9.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 7.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-17T11:46:27.000000Z"}, {"uuid": "062755f5-ac08-45ef-8324-98c1b457a729", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13374", "type": "seen", "source": "Telegram/UNyVZQts5UVBBph6n70XOQ5wxVSd41mmm3MPdxRN9bwSFvDx", "content": "", "creation_timestamp": "2025-02-14T10:04:03.000000Z"}, {"uuid": "51ed0371-f410-4041-8516-d69665d17c8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13375", "type": "published-proof-of-concept", "source": "Telegram/IYQCJdoDg1iSlKbn8ZslzoAumxbXC4NXxOL9Gs1tonDBX0k", "content": "", "creation_timestamp": "2025-01-19T15:39:14.000000Z"}, {"uuid": "4b342d9f-4001-4a31-ba2d-7f830c7dc980", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1337", "type": "seen", "source": "https://t.me/ctinow/198826", "content": "https://ift.tt/ZnPtWXK\nCVE-2024-1337 | SKT Page Builder Plugin up to 4.1 on WordPress authorization (ID 3034383)", "creation_timestamp": "2024-03-03T16:51:24.000000Z"}]}