{"vulnerability": "cve-2024-1351", "sightings": [{"uuid": "0c83128d-3496-47e7-80da-b33ef8ffa665", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13515", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113847749138111489", "content": "", "creation_timestamp": "2025-01-18T05:39:49.902257Z"}, {"uuid": "3ba91c6f-d3fd-48b0-a2ad-a1151284de6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13516", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113847749153311562", "content": "", "creation_timestamp": "2025-01-18T05:39:50.117137Z"}, {"uuid": "3e33ab81-eed8-44a8-ab56-76f08faf11a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13515", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfynuiwkbt2p", "content": "", "creation_timestamp": "2025-01-18T06:15:42.560045Z"}, {"uuid": "ad5fae9b-44d3-49aa-b5df-4f7bd957ef98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13516", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfynulclix2j", "content": "", "creation_timestamp": "2025-01-18T06:15:44.893626Z"}, {"uuid": "a151ee12-0b1d-45b1-aca4-aefcd8317930", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13515", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfyovkronk2w", "content": "", "creation_timestamp": "2025-01-18T06:34:11.502769Z"}, {"uuid": "ab3b7d83-3cfd-4b3e-a9c2-17864dea77df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13516", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfyovl5lds2i", "content": "", "creation_timestamp": "2025-01-18T06:34:12.119089Z"}, {"uuid": "af0dbdfb-a9ec-4dde-b2b9-aa938b8d8ade", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13517", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfyrblnn4s2t", "content": "", "creation_timestamp": "2025-01-18T07:16:42.668475Z"}, {"uuid": "3363c5ec-cb42-4b7a-839c-5fd8a0d08202", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13519", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfyrbpdfok2t", "content": "", "creation_timestamp": "2025-01-18T07:16:46.551492Z"}, {"uuid": "9812554d-8d94-47a3-92c0-b7500d5d2c42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13517", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113848216432770567", "content": "", "creation_timestamp": "2025-01-18T07:38:40.215602Z"}, {"uuid": "84640564-44ba-49d9-a9bd-93a4872852ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13519", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113848216447243308", "content": "", "creation_timestamp": "2025-01-18T07:38:40.576059Z"}, {"uuid": "21dbb920-c3ea-4353-b199-971edb6739db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13519", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfysjwo2em2q", "content": "", "creation_timestamp": "2025-01-18T07:39:17.943739Z"}, {"uuid": "428ee259-1d8b-4511-ac0e-65b27773db68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13517", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfysjws2ga2e", "content": "", "creation_timestamp": "2025-01-18T07:39:18.470487Z"}, {"uuid": "3205811c-a2c8-423b-8cdd-7b071c50495a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13514", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113944437753593214", "content": "", "creation_timestamp": "2025-02-04T07:29:01.004413Z"}, {"uuid": "df869e90-2b77-4b88-baff-5d950fb030e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13511", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113876959734326674", "content": "", "creation_timestamp": "2025-01-23T09:28:28.312402Z"}, {"uuid": "a0faff3d-1f70-4f0a-ba76-4c01bd23b9d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13511", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgfnlxy4ex2w", "content": "", "creation_timestamp": "2025-01-23T10:15:32.598816Z"}, {"uuid": "c78808eb-10cf-46dc-b09e-ca2646f0d103", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13511", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgfoobk4mr2i", "content": "", "creation_timestamp": "2025-01-23T10:34:43.423749Z"}, {"uuid": "6ec4464e-1783-42e7-b5bf-746fd52f95bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13514", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhdmj7t67m2r", "content": "", "creation_timestamp": "2025-02-04T08:15:58.763531Z"}, {"uuid": "264d0fee-ce3b-4666-95e8-f3e96e897dd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13510", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113944905529847273", "content": "", "creation_timestamp": "2025-02-04T09:27:58.800101Z"}, {"uuid": "6cc1d642-49c2-412a-a116-5d3403c752ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13510", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhdt6xxmf62c", "content": "", "creation_timestamp": "2025-02-04T10:15:31.116919Z"}, {"uuid": "3f60524b-6ad2-4808-9701-d87775075b28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13510", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lheaqviv452u", "content": "", "creation_timestamp": "2025-02-04T14:18:11.188608Z"}, {"uuid": "32192168-d36d-4edd-b918-51dafe143b4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13512", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgxoea3ldt2w", "content": "", "creation_timestamp": "2025-01-30T14:17:01.665444Z"}, {"uuid": "fb4daa62-8c93-42b7-a73a-a7a01964f228", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13513", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3liawfn7fl72w", "content": "", "creation_timestamp": "2025-02-16T00:00:11.090998Z"}, {"uuid": "77b5fafc-1ea9-407a-bb52-b43a4fd84783", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13512", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113917848525203835", "content": "", "creation_timestamp": "2025-01-30T14:47:01.718273Z"}, {"uuid": "ab9a664b-ab8e-44d8-b76f-ea0d25573ee8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13513", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/114006746171699870", "content": "", "creation_timestamp": "2025-02-15T07:34:52.232553Z"}, {"uuid": "69d13b0d-325c-4fdc-87af-d3a552b84bb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13513", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li7bmj2giw2o", "content": "", "creation_timestamp": "2025-02-15T08:15:30.681816Z"}, {"uuid": "0a85c33f-d9d1-464a-94b4-fa88768418e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13513", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114007035031705174", "content": "", "creation_timestamp": "2025-02-15T08:48:20.259345Z"}, {"uuid": "47d28124-943b-4ffe-95fb-d590e889e0c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13513", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3li7g24c7j322", "content": "", "creation_timestamp": "2025-02-15T09:34:42.002904Z"}, {"uuid": "3c24943c-edc9-4277-a953-2a67e531da2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13513", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lic6mzeozh2e", "content": "", "creation_timestamp": "2025-02-16T12:00:05.465685Z"}, {"uuid": "89793434-23ed-4bc7-bc1f-af2ad4328e02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13518", "type": "seen", "source": "https://t.me/cvedetector/19216", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13518 - SimplePress WordPress CSRF\", \n  \"Content\": \"CVE ID : CVE-2024-13518 \nPublished : March 1, 2025, 5:15 a.m. | 1\u00a0hour, 28\u00a0minutes ago \nDescription : The Simple:Press Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.10.11. This is due to missing or incorrect nonce validation on the 'sp_save_edited_post' function. This makes it possible for unauthenticated attackers to modify a forum post via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-01T08:05:13.000000Z"}, {"uuid": "d86b33e0-550f-46ee-b138-735fa5e1846d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13517", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2283", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13517\n\ud83d\udd39 Description: The Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.\n\ud83d\udccf Published: 2025-01-18T07:05:09.175Z\n\ud83d\udccf Modified: 2025-01-18T07:05:09.175Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/8d745937-4b0a-480a-9771-8af3288ee98f?source=cve\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3131805%40easy-digital-downloads&new=3131805%40easy-digital-downloads&sfp_email=&sfph_mail=", "creation_timestamp": "2025-01-18T07:57:22.000000Z"}, {"uuid": "48e762fa-bb50-4291-8fba-f78c478ef4f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13518", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6046", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13518\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: The Simple:Press Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.10.11. This is due to missing or incorrect nonce validation on the 'sp_save_edited_post' function. This makes it possible for unauthenticated attackers to modify a forum post via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-03-01T04:21:49.340Z\n\ud83d\udccf Modified: 2025-03-01T04:21:49.340Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/4484fa86-5878-426d-92b9-8eb0751075e5?source=cve\n2. https://plugins.trac.wordpress.org/browser/simplepress/trunk/forum/database/sp-db-management.php#L173", "creation_timestamp": "2025-03-01T05:27:14.000000Z"}, {"uuid": "f20ea38e-0b8f-4762-9681-de83092ba513", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13515", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2274", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13515\n\ud83d\udd39 Description: The Image Source Control Lite \u2013 Show Image Credits and Captions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'path' parameter in all versions up to, and including, 2.28.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-01-18T05:33:49.723Z\n\ud83d\udccf Modified: 2025-01-18T05:33:49.723Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/c4debc89-d5ea-4cf1-8e69-197a75794d0b?source=cve\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3188412%40image-source-control-isc&new=3188412%40image-source-control-isc&sfp_email=&sfph_mail=\n3. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3172639%40image-source-control-isc&new=3172639%40image-source-control-isc&sfp_email=&sfph_mail=\n4. https://github.com/webzunft/image-source-control/commit/d1461b886ed2991281c2eb95e98c9b211e737a93", "creation_timestamp": "2025-01-18T05:57:12.000000Z"}, {"uuid": "51a839f8-07dd-4d7c-9fe8-27fd3e155caa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13516", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2273", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13516\n\ud83d\udd39 Description: The Kubio AI Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 2.3.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-01-18T05:33:50.087Z\n\ud83d\udccf Modified: 2025-01-18T05:33:50.087Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/d2246fac-0d95-4ff5-ad1e-aa1fefa03b4d?source=cve\n2. https://plugins.trac.wordpress.org/changeset/3186251/kubio/trunk/static/kubio-iframe-loader.html", "creation_timestamp": "2025-01-18T05:57:11.000000Z"}, {"uuid": "ebb3f716-6a17-4b3a-8646-a4d8974b4263", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13519", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2285", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13519\n\ud83d\udd39 Description: The MarketKing \u2014 Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's settings in all versions up to, and including, 1.9.80 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Shop Manager-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.\n\ud83d\udccf Published: 2025-01-18T07:05:08.206Z\n\ud83d\udccf Modified: 2025-01-18T07:05:08.206Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/5061e0be-1785-476a-9528-d6f95656bd61?source=cve\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3180752%40marketking-multivendor-marketplace-for-woocommerce&new=3180752%40marketking-multivendor-marketplace-for-woocommerce&sfp_email=&sfph_mail=", "creation_timestamp": "2025-01-18T07:57:23.000000Z"}, {"uuid": "e8393f6c-d781-4cd0-a0b7-8b7fbed7fc45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13511", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2718", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13511\n\ud83d\udd39 Description: The Variation Swatches for WooCommerce plugin, in all versions starting at 1.0.8 up until 1.3.2, contains a vulnerability due to improper nonce verification in its settings reset functionality. The issue exists in the settings_init() function, which processes a reset action based on specific query parameters in the URL. The related delete_settings() function performs a faulty nonce validation check, making the reset operation insecure and susceptible to unauthorized access.\n\ud83d\udccf Published: 2025-01-23T09:21:08.768Z\n\ud83d\udccf Modified: 2025-01-23T09:21:08.768Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/6c43b9b4-4394-428a-b381-d6a776fcd130?source=cve\n2. https://plugins.trac.wordpress.org/browser/th-variation-swatches/tags/1.3.1/inc/thvs-settings.php\n3. https://plugins.trac.wordpress.org/changeset/3226822/th-variation-swatches/trunk/inc/thvs-settings.php", "creation_timestamp": "2025-01-23T10:03:16.000000Z"}, {"uuid": "df471b37-5d33-4ac2-9ebe-5fa296fc14fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13513", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4543", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13513\n\ud83d\udd25 CVSS Score: 9.8 (CVSS_V3)\n\ud83d\udd39 Description: The Oliver POS \u2013 A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.2.3 via the logging functionality. This makes it possible for unauthenticated attackers to extract sensitive data including the plugin's clientToken, which in turn can be used to change user account information including emails and account type. This allows attackers to then change account passwords resulting in a complete site takeover. Version 2.4.2.3 disabled logging but left sites with existing log files vulnerable.\n\ud83d\udccf Published: 2025-02-15T09:30:28Z\n\ud83d\udccf Modified: 2025-02-15T09:30:28Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13513\n2. https://plugins.trac.wordpress.org/browser/oliver-pos/trunk/includes/models/class-pos-bridge-user.php#L373\n3. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3234731%40oliver-pos%2Ftrunk&old=3056051%40oliver-pos%2Ftrunk&sfp_email=&sfph_mail=\n4. https://www.wordfence.com/threat-intel/vulnerabilities/id/bf6b7d8d-fb13-4eb4-b0b4-d0a10ad2a21e?source=cve", "creation_timestamp": "2025-02-15T10:11:05.000000Z"}, {"uuid": "7c37e9d8-d1ed-4a63-85ca-29087b5c59bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13513", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4539", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13513\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-15T08:15:07.790\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/browser/oliver-pos/trunk/includes/models/class-pos-bridge-user.php#L373\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3234731%40oliver-pos%2Ftrunk&old=3056051%40oliver-pos%2Ftrunk&sfp_email=&sfph_mail=\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/bf6b7d8d-fb13-4eb4-b0b4-d0a10ad2a21e?source=cve", "creation_timestamp": "2025-02-15T09:10:34.000000Z"}, {"uuid": "af369c16-271a-4567-bed4-22bd6720c9c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13513", "type": "seen", "source": "https://t.me/cvedetector/18162", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13513 - Oliver POS - WooCommerce Point of Sale WordPress Sensitive Information Exposure\", \n  \"Content\": \"CVE ID : CVE-2024-13513 \nPublished : Feb. 15, 2025, 8:15 a.m. | 1\u00a0hour, 3\u00a0minutes ago \nDescription : The Oliver POS \u2013 A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.2.3 via the logging functionality. This makes it possible for unauthenticated attackers to extract sensitive data including the plugin's clientToken, which in turn can be used to change user account information including emails and account type. This allows attackers to then change account passwords resulting in a complete site takeover. Version 2.4.2.3 disabled logging but left sites with existing log files vulnerable. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-15T11:00:59.000000Z"}, {"uuid": "0bdfdd42-4f0f-461f-87ee-ab92aa119274", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13512", "type": "seen", "source": "https://t.me/cvedetector/16782", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13512 - WordPress FontAwesome Cross-Site Request Forgery\", \n  \"Content\": \"CVE ID : CVE-2024-13512 \nPublished : Jan. 30, 2025, 2:15 p.m. | 46\u00a0minutes ago \nDescription : The Wonder FontAwesome plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-30T16:46:35.000000Z"}, {"uuid": "e27aa7a3-cd63-4243-a571-ee7b0ce0dd22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13513", "type": "seen", "source": "Telegram/OTtf03GpOR4iB4YWWiuCFMo8BU_y6rjUQ-K-0dRZrcSnqZkz", "content": "", "creation_timestamp": "2025-02-15T23:50:18.000000Z"}, {"uuid": "f7ff8ca5-62ae-4d21-b85b-0f46b06c91e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13519", "type": "seen", "source": "https://t.me/cvedetector/15788", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13519 - MarketKing (WordPress) - Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13519 \nPublished : Jan. 18, 2025, 7:15 a.m. | 18\u00a0minutes ago \nDescription : The MarketKing \u2014 Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's settings in all versions up to, and including, 1.9.80 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Shop Manager-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. \nSeverity: 4.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-18T08:42:26.000000Z"}, {"uuid": "1c0761b0-d25a-41b8-a03c-7d323888c372", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13517", "type": "seen", "source": "https://t.me/cvedetector/15787", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13517 - Easy Digital Downloads Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13517 \nPublished : Jan. 18, 2025, 7:15 a.m. | 18\u00a0minutes ago \nDescription : The Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. \nSeverity: 4.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-18T08:42:25.000000Z"}, {"uuid": "62445007-1c30-4dce-9ee4-9d1efacbc00c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13511", "type": "seen", "source": "https://t.me/cvedetector/16169", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13511 - WooCommerce Variation Swatches CSRF\", \n  \"Content\": \"CVE ID : CVE-2024-13511 \nPublished : Jan. 23, 2025, 10:15 a.m. | 21\u00a0minutes ago \nDescription : The Variation Swatches for WooCommerce plugin, in all versions starting at 1.0.8 up until 1.3.2, contains a vulnerability due to improper nonce verification in its settings reset functionality. The issue exists in the settings_init() function, which processes a reset action based on specific query parameters in the URL. The related delete_settings() function performs a faulty nonce validation check, making the reset operation insecure and susceptible to unauthorized access. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-23T11:37:38.000000Z"}, {"uuid": "78b9b0ae-441b-4615-8779-7c74408ac3b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13510", "type": "seen", "source": "https://t.me/cvedetector/17178", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13510 - ShopSite for WordPress Cross-Site Request Forgery Attack\", \n  \"Content\": \"CVE ID : CVE-2024-13510 \nPublished : Feb. 4, 2025, 10:15 a.m. | 47\u00a0minutes ago \nDescription : The ShopSite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.10. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-04T12:12:58.000000Z"}, {"uuid": "2b5cfb87-76e8-4dcf-b3f0-6f5893d7d4f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13516", "type": "seen", "source": "https://t.me/cvedetector/15781", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13516 - Kubio AI Page Builder WordPress Reflected Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-13516 \nPublished : Jan. 18, 2025, 6:15 a.m. | 29\u00a0minutes ago \nDescription : The Kubio AI Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 2.3.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-18T07:52:14.000000Z"}, {"uuid": "98054495-2c39-4769-8a79-3abc256d4599", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13515", "type": "seen", "source": "https://t.me/cvedetector/15784", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13515 - WordPress Image Source Control Lite Reflected Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-13515 \nPublished : Jan. 18, 2025, 6:15 a.m. | 29\u00a0minutes ago \nDescription : The Image Source Control Lite \u2013 Show Image Credits and Captions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'path' parameter in all versions up to, and including, 2.28.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-18T07:52:19.000000Z"}, {"uuid": "0a3bbcda-2905-40db-a660-f8ed5dfb5415", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13518", "type": "seen", "source": "Telegram/Izg7xXIBKA_YSNAYyd41hEZ3DfML9ZuPt3Qi_RxLlOS8TB0b", "content": "", "creation_timestamp": "2025-03-02T11:46:31.000000Z"}, {"uuid": "4e2973dd-71d9-4c35-b3fa-cccda3316f26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13511", "type": "seen", "source": "Telegram/cmvkNzz8uW4nrmzmPwekPfRRU8s3veDZ318IU1Plz73BmDbw", "content": "", "creation_timestamp": "2025-02-06T02:44:20.000000Z"}, {"uuid": "92d45fd1-4610-4164-960b-2f4ca75f5121", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1351", "type": "seen", "source": "https://t.me/ctinow/203201", "content": "https://ift.tt/gH1o2si\nCVE-2024-1351 | MongoDB Server up to 4.4.28/5.0.24/6.0.13/7.0.5 tls.CAFile certificate validation (SERVER-72839)", "creation_timestamp": "2024-03-08T10:22:17.000000Z"}, {"uuid": "75824e2d-706f-4f15-9337-3233742d6ff8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1351", "type": "seen", "source": "https://t.me/ctinow/202636", "content": "https://ift.tt/HgXBe4j\nCVE-2024-1351", "creation_timestamp": "2024-03-07T18:32:35.000000Z"}, {"uuid": "43fac9a3-e098-4c9a-a530-edc4c0afa8a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1351", "type": "seen", "source": "https://t.me/ctinow/202621", "content": "https://ift.tt/HgXBe4j\nCVE-2024-1351", "creation_timestamp": "2024-03-07T18:27:05.000000Z"}]}