{"vulnerability": "cve-2024-1340", "sightings": [{"uuid": "4dcca815-abb9-4456-bbfc-eab5032bfc60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13401", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113841828796133710", "content": "", "creation_timestamp": "2025-01-17T04:34:12.777129Z"}, {"uuid": "c2784166-36a0-420a-a738-5f8d0a8ac25f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13401", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfvzzvq2qd2h", "content": "", "creation_timestamp": "2025-01-17T05:15:29.070526Z"}, {"uuid": "a0b75105-ece4-4d4d-af57-32a918242429", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13401", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfw3vi6ccn2i", "content": "", "creation_timestamp": "2025-01-17T05:48:48.921837Z"}, {"uuid": "f68cd585-851f-4484-acb4-07785d4a929c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13404", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113865629841252103", "content": "", "creation_timestamp": "2025-01-21T09:27:07.836716Z"}, {"uuid": "37810c98-498b-4529-99ab-73b6987f1495", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13404", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgamo62vj32p", "content": "", "creation_timestamp": "2025-01-21T10:15:33.724701Z"}, {"uuid": "27c2f0bf-ecd5-4d28-b0a1-b9bbb50aa331", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13404", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgaokmgwqy2h", "content": "", "creation_timestamp": "2025-01-21T10:49:25.032885Z"}, {"uuid": "97d8491b-5735-46bf-a301-56a03f6c75b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13406", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgct3tc6a62c", "content": "", "creation_timestamp": "2025-01-22T07:15:54.130214Z"}, {"uuid": "b23719b3-03e9-4ea0-8fcc-a898483424eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13406", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgcuxpwuow2i", "content": "", "creation_timestamp": "2025-01-22T07:49:23.939196Z"}, {"uuid": "a18f2530-1601-407f-9c1d-ca5b2b518cfc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13403", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113944684067505073", "content": "", "creation_timestamp": "2025-02-04T08:31:39.488370Z"}, {"uuid": "3d8094cc-2041-45b8-92e5-029634ace72c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13403", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhdpubbmom27", "content": "", "creation_timestamp": "2025-02-04T09:15:50.543173Z"}, {"uuid": "5407f102-1660-4929-acd9-199c863dd8bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13403", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lhe23zklbj2w", "content": "", "creation_timestamp": "2025-02-04T12:19:13.957509Z"}, {"uuid": "42633d1a-7279-419f-a9f9-b935deb56b6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13400", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgxoe3j2f42h", "content": "", "creation_timestamp": "2025-01-30T14:16:57.141799Z"}, {"uuid": "8bd3827b-a9cf-4527-938d-82566031fd80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13400", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113917848495901740", "content": "", "creation_timestamp": "2025-01-30T14:47:01.122276Z"}, {"uuid": "53f4bb92-b90f-4a97-bb1b-8cbffab2d2ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13402", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lj6asjceih27", "content": "", "creation_timestamp": "2025-02-27T15:53:31.132846Z"}, {"uuid": "320c5650-3b9b-4115-8983-aa8d685fb4df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13407", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkdgd6xdme2j", "content": "", "creation_timestamp": "2025-03-14T10:40:49.739597Z"}, {"uuid": "14891fb6-a7c2-4826-b2b0-e88f822e34a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13405", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lijdinatct2t", "content": "", "creation_timestamp": "2025-02-19T08:15:45.502818Z"}, {"uuid": "bdbaa2ff-b489-46b2-afbe-367a389a317e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13402", "type": "seen", "source": "https://t.me/cvedetector/19046", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13402 - Buddyboss Platform WordPress Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13402 \nPublished : Feb. 27, 2025, 1:15 p.m. | 2\u00a0hours, 14\u00a0minutes ago \nDescription : The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018link_title\u2019 parameter in all versions up to, and including, 2.7.70 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-27T16:45:13.000000Z"}, {"uuid": "b213eb3b-225c-4d8d-a0e4-1471415585d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13408", "type": "seen", "source": "https://t.me/cvedetector/16271", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13408 - WordPress Post Grid, Slider & Carousel Ultimate Local File Inclusion\", \n  \"Content\": \"CVE ID : CVE-2024-13408 \nPublished : Jan. 24, 2025, 11:15 a.m. | 28\u00a0minutes ago \nDescription : The Post Grid, Slider & Carousel Ultimate \u2013 with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' attribute of the `pgcu` shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php files can be uploaded and included. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-24T12:44:03.000000Z"}, {"uuid": "475cd875-254c-45dd-8aa0-858927bf4c60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13409", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2897", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13409\n\ud83d\udd39 Description: The Post Grid, Slider & Carousel Ultimate \u2013 with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' parameter of the post_type_ajax_handler() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.\n\ud83d\udccf Published: 2025-01-24T11:07:30.708Z\n\ud83d\udccf Modified: 2025-01-24T11:07:30.708Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/38672a45-b7a7-445f-9e77-7050df6920fa?source=cve\n2. https://plugins.trac.wordpress.org/browser/post-grid-carousel-ultimate/tags/1.6.10/includes/classes/ajax.php\n3. https://ja.wordpress.org/plugins/post-grid-carousel-ultimate/\n4. https://plugins.trac.wordpress.org/changeset/3227281/post-grid-carousel-ultimate/tags/1.7/includes/classes/ajax.php", "creation_timestamp": "2025-01-24T12:04:53.000000Z"}, {"uuid": "03ce8394-c07f-4e54-a2de-09bdc2dae452", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13401", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2096", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13401\n\ud83d\udd39 Description: The Payment Button for PayPal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_paypal_checkout' shortcode in all versions up to, and including, 1.2.3.35 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-01-17T04:30:18.971Z\n\ud83d\udccf Modified: 2025-01-17T04:30:18.971Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/20fc675c-08a4-4d77-9872-335d23146906?source=cve\n2. https://plugins.trac.wordpress.org/browser/wp-paypal/trunk/main.php#L72\n3. https://plugins.trac.wordpress.org/browser/wp-paypal/trunk/wp-paypal-checkout.php#L3\n4. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3223257%40wp-paypal&new=3223257%40wp-paypal&sfp_email=&sfph_mail=", "creation_timestamp": "2025-01-17T04:56:29.000000Z"}, {"uuid": "356fdbda-a6b9-4b9c-8a04-7036ab8f099a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13406", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2530", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13406\n\ud83d\udd39 Description: The XML for Google Merchant Center plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'feed_id' parameter in all versions up to, and including, 3.0.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-01-22T07:03:51.822Z\n\ud83d\udccf Modified: 2025-01-22T07:03:51.822Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/070f66ae-65aa-4670-8b69-103070a000a4?source=cve\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3226403%40xml-for-google-merchant-center&new=3226403%40xml-for-google-merchant-center&sfp_email=&sfph_mail=", "creation_timestamp": "2025-01-22T08:02:08.000000Z"}, {"uuid": "35abc1f4-1513-4304-b3d3-41ad37fccee3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13404", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2381", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13404\n\ud83d\udd39 Description: The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'searchll' parameter in all versions up to, and including, 7.7.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-01-21T09:21:10.545Z\n\ud83d\udccf Modified: 2025-01-21T09:21:10.545Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/f01362dc-4f3d-4b77-b802-01b436287237?source=cve\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3225694%40link-library&new=3225694%40link-library&sfp_email=&sfph_mail=", "creation_timestamp": "2025-01-21T10:01:17.000000Z"}, {"uuid": "cc96c354-57ee-43d8-abe0-972fd5436c2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13408", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2891", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13408\n\ud83d\udd39 Description: The Post Grid, Slider & Carousel Ultimate \u2013 with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' attribute of the `pgcu` shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php files can be uploaded and included.\n\ud83d\udccf Published: 2025-01-24T11:07:33.334Z\n\ud83d\udccf Modified: 2025-01-24T11:07:33.334Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/ff346465-62c2-4a2b-8a4a-c88558d7cabd?source=cve\n2. https://plugins.trac.wordpress.org/changeset/3227281/post-grid-carousel-ultimate/tags/1.7/includes/classes/shortcode.php", "creation_timestamp": "2025-01-24T12:04:45.000000Z"}, {"uuid": "5f3aabcb-57a8-41fd-ae8a-ee69f18cdedf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13405", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4779", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13405\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: The Apptivo Business Site CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.3. This is due to missing or incorrect nonce validation on the 'awp_ip_deny' page. This makes it possible for unauthenticated attackers to block IP addresses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-02-19T07:32:15.148Z\n\ud83d\udccf Modified: 2025-02-19T07:32:15.148Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/f8225e3c-5413-4406-a31b-80829b6b330a?source=cve\n2. https://wordpress.org/plugins/apptivo-business-site/", "creation_timestamp": "2025-02-19T08:40:55.000000Z"}, {"uuid": "98f5cc38-8eac-409f-a413-e41ee6580541", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13402", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5672", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13402\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018link_title\u2019 parameter in all versions up to, and including, 2.7.70 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-02-27T12:47:01.149Z\n\ud83d\udccf Modified: 2025-02-27T12:47:01.149Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/42743c2f-053b-4f14-bf11-865f978ec017?source=cve\n2. https://www.buddyboss.com/resources/buddyboss-platform-releases/2-8-00/", "creation_timestamp": "2025-02-27T13:27:43.000000Z"}, {"uuid": "d8b36f0b-21c7-4bab-8b36-9c9608ffb53e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13409", "type": "seen", "source": "https://t.me/cvedetector/16270", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13409 - WordPress Post Grid, Slider & Carousel Ultimate Local File Inclusion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13409 \nPublished : Jan. 24, 2025, 11:15 a.m. | 28\u00a0minutes ago \nDescription : The Post Grid, Slider & Carousel Ultimate \u2013 with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' parameter of the post_type_ajax_handler() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-24T12:44:02.000000Z"}, {"uuid": "a9189a42-ab12-4ff1-abb6-87c308394701", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13407", "type": "seen", "source": "https://t.me/cvedetector/20279", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13407 - Omnipress WordPress Information Exposure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13407 \nPublished : March 14, 2025, 8:15 a.m. | 1\u00a0hour, 1\u00a0minute ago \nDescription : The Omnipress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.5.4 via the megamenu block due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-14T10:51:25.000000Z"}, {"uuid": "8cdbfec3-e276-4688-a845-9e216d09987a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13403", "type": "seen", "source": "https://t.me/cvedetector/17183", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13403 - WordPress WPForms Stored Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2024-13403 \nPublished : Feb. 4, 2025, 9:15 a.m. | 1\u00a0hour, 47\u00a0minutes ago \nDescription : The WPForms \u2013 Easy Form Builder for WordPress \u2013 Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018fieldHTML\u2019 parameter in all versions up to, and including, 1.9.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-04T12:13:05.000000Z"}, {"uuid": "06a621f9-7f8e-41c9-8d98-425db9e644d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13404", "type": "seen", "source": "https://t.me/cvedetector/15914", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13404 - WordPress Link Library Plugin Reflected Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-13404 \nPublished : Jan. 21, 2025, 10:15 a.m. | 38\u00a0minutes ago \nDescription : The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'searchll' parameter in all versions up to, and including, 7.7.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-21T11:56:28.000000Z"}, {"uuid": "c2507f51-c1fc-4b04-b135-407d2b616200", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13401", "type": "seen", "source": "https://t.me/cvedetector/15679", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13401 - \"PayPal WordPress Stored Cross-Site Scripting Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-13401 \nPublished : Jan. 17, 2025, 5:15 a.m. | 20\u00a0minutes ago \nDescription : The Payment Button for PayPal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_paypal_checkout' shortcode in all versions up to, and including, 1.2.3.35 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-17T06:45:31.000000Z"}, {"uuid": "c995f1a9-3627-4bc8-8be3-0caed12acd7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13406", "type": "seen", "source": "https://t.me/cvedetector/16078", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13406 - Google Merchant Center Plugin for WordPress Reflected Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13406 \nPublished : Jan. 22, 2025, 7:15 a.m. | 30\u00a0minutes ago \nDescription : The XML for Google Merchant Center plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'feed_id' parameter in all versions up to, and including, 3.0.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-22T08:52:24.000000Z"}, {"uuid": "dde5ee46-760b-41bc-a20d-1f5bad15bbf9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13405", "type": "seen", "source": "Telegram/aoShcIu_PRXtYB36qaeLIpBPq4O0kVeww9wNpnFJJ_Xs7WbX", "content": "", "creation_timestamp": "2025-02-19T15:39:51.000000Z"}, {"uuid": "f483d187-e2d5-47f1-9f05-dd9cceb81b5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13409", "type": "seen", "source": "Telegram/wMdaHP1ZG2vdI-rNdyRgb9jGya3-w1UPhw7FaaM8JabJjNJ1", "content": "", "creation_timestamp": "2025-02-06T02:43:27.000000Z"}, {"uuid": "10a84caa-03fa-4382-a866-5dde62cc8c83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13408", "type": "seen", "source": "Telegram/_B35eMhkm_opkWcVCMqbrchLg4cbwfDTB1gR0fIAR6-w0qUL", "content": "", "creation_timestamp": "2025-02-06T02:43:27.000000Z"}, {"uuid": "ee9ba507-4526-4d06-abb3-d7dd6da961a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1340", "type": "seen", "source": "https://t.me/ctinow/198835", "content": "https://ift.tt/tvVfbns\nCVE-2024-1340 | Login Lockdown Plugin up to 2.08 on WordPress authorization", "creation_timestamp": "2024-03-03T17:21:44.000000Z"}]}