{"vulnerability": "cve-2024-1365", "sightings": [{"uuid": "a5f23927-5e71-40c7-915e-f97cf6e436da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13652", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113917907595823665", "content": "", "creation_timestamp": "2025-01-30T15:02:03.096365Z"}, {"uuid": "ff066a23-7d2a-406b-967a-3b0b0a0d1b56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13651", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lh3z46sf772q", "content": "", "creation_timestamp": "2025-02-01T07:40:02.981229Z"}, {"uuid": "615da158-c52d-41f2-9d14-777d0b00b0de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13659", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113881665846872445", "content": "", "creation_timestamp": "2025-01-24T05:25:17.830057Z"}, {"uuid": "8fe9f243-fb9e-4876-9484-237072bac4f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13652", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgxyucpk722e", "content": "", "creation_timestamp": "2025-01-30T17:25:00.914743Z"}, {"uuid": "44e393a5-3b25-4909-8e12-73f2b12ce3b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13652", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgxoejpfut2f", "content": "", "creation_timestamp": "2025-01-30T14:17:11.836204Z"}, {"uuid": "e81d69ff-2077-4bff-ae9d-5be9616e3fb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13651", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lh3nph5r7z2p", "content": "", "creation_timestamp": "2025-02-01T04:16:03.623450Z"}, {"uuid": "19828fb6-88ca-41fc-8f18-501d5635b6f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13653", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113989033129729285", "content": "", "creation_timestamp": "2025-02-12T04:30:12.846296Z"}, {"uuid": "c5166a85-083c-4d38-a671-94aaee2511a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13654", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113989092128308032", "content": "", "creation_timestamp": "2025-02-12T04:45:12.769043Z"}, {"uuid": "cfbb1405-db4f-4a0d-af0b-ad4ead00db79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13656", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113989092162277117", "content": "", "creation_timestamp": "2025-02-12T04:45:13.270097Z"}, {"uuid": "ba52cd2b-d724-4f24-85ad-4a353b742d1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13658", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113989092177355299", "content": "", "creation_timestamp": "2025-02-12T04:45:13.409339Z"}, {"uuid": "350546b5-804f-4edd-bfb3-8ac62d84164f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13653", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhxg6f33yg2a", "content": "", "creation_timestamp": "2025-02-12T05:15:47.382334Z"}, {"uuid": "6b3fe96f-0fd9-44b2-a952-7b5f86cf59e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13654", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhxg6hputm2x", "content": "", "creation_timestamp": "2025-02-12T05:15:50.179837Z"}, {"uuid": "c7357735-c557-476c-8405-6831d713f015", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13656", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhxg6kdgv42a", "content": "", "creation_timestamp": "2025-02-12T05:15:52.901471Z"}, {"uuid": "fb2666d4-15bc-4bd4-be6e-309d47f20e94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13658", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhxg6mqpeg2a", "content": "", "creation_timestamp": "2025-02-12T05:15:55.374519Z"}, {"uuid": "a813e5af-b22d-4dc6-98d2-56b9085977bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13657", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lijdk2delf2g", "content": "", "creation_timestamp": "2025-02-19T08:16:33.183393Z"}, {"uuid": "82fb70ee-fa74-4588-9af1-3d0bdd9ad8ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13653", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113989577540866285", "content": "", "creation_timestamp": "2025-02-12T06:48:39.610688Z"}, {"uuid": "6882ee62-1078-471c-ab6d-95283fa5a963", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13656", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113989577603123553", "content": "", "creation_timestamp": "2025-02-12T06:48:40.992182Z"}, {"uuid": "739b47a7-5e99-4c33-b50f-6440025116a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13654", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113989577570560335", "content": "", "creation_timestamp": "2025-02-12T06:48:41.335892Z"}, {"uuid": "ad1bd137-9589-4f8c-b539-c5d14b0e6fa4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13653", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lhxmbm6nm72v", "content": "", "creation_timestamp": "2025-02-12T07:04:58.064145Z"}, {"uuid": "5dab382f-0ef4-43ba-8a46-a97f9e283aef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13654", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lhxmbmirs22n", "content": "", "creation_timestamp": "2025-02-12T07:04:58.688457Z"}, {"uuid": "c0b6fa79-dbc3-43a1-8794-5996bee6ffaa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13656", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lhxmbmpkrw2v", "content": "", "creation_timestamp": "2025-02-12T07:04:59.742172Z"}, {"uuid": "e360ae61-cc1c-4d06-91a8-fed93a5345d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13655", "type": "seen", "source": "https://t.me/cvedetector/19796", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13655 - \"Flex Mag WordPress Theme Unauthenticated Option Deletion Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-13655 \nPublished : March 7, 2025, 7:15 a.m. | 1\u00a0hour, 46\u00a0minutes ago \nDescription : The Flex Mag - Responsive WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the propanel_of_ajax_callback() function in all versions up to, and including, 3.5.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary option values on the WordPress site. This can be leveraged to delete an option that would create an error on the site and deny service to legitimate users. \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-07T10:45:18.000000Z"}, {"uuid": "602cbeef-cc0b-4331-a0b9-64451ccd88dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13655", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ljrlz4vzhl2u", "content": "", "creation_timestamp": "2025-03-07T08:34:38.446046Z"}, {"uuid": "b3351278-b0a1-410c-ae9a-eb9282f52e63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13650", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ln2ykvszj22b", "content": "", "creation_timestamp": "2025-04-18T06:28:52.766384Z"}, {"uuid": "bb78b750-23c4-4858-add8-6c7f95eb9361", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13655", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114120519381596288", "content": "", "creation_timestamp": "2025-03-07T09:48:54.533019Z"}, {"uuid": "0f3bff24-f7cf-4570-ac51-7f2a79237958", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13654", "type": "seen", "source": "https://t.me/cvedetector/17823", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13654 - ZoxPress WordPress Theme - Unauthenticated Data Modification Denial of Service Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13654 \nPublished : Feb. 12, 2025, 5:15 a.m. | 1\u00a0hour, 26\u00a0minutes ago \nDescription : The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'reset_options' function in all versions up to, and including, 2.12.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary option values on the WordPress site. This can be leveraged to delete an option that would create an error on the site and deny service to legitimate users. \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-12T08:30:36.000000Z"}, {"uuid": "a7e9f935-72e9-4f2e-b091-27887fd8b3b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13653", "type": "seen", "source": "https://t.me/cvedetector/17822", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13653 - ZoxPress WordPress Theme Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13653 \nPublished : Feb. 12, 2025, 5:15 a.m. | 1\u00a0hour, 26\u00a0minutes ago \nDescription : The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backup_options' function in all versions up to, and including, 2.12.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-12T08:30:35.000000Z"}, {"uuid": "4d9ae964-cf54-46b8-b06e-15978b52a1b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13658", "type": "seen", "source": "https://t.me/cvedetector/17817", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13658 - \"NGG Smart Image Search Stored Cross-Site Scripting Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-13658 \nPublished : Feb. 12, 2025, 5:15 a.m. | 1\u00a0hour, 26\u00a0minutes ago \nDescription : The NGG Smart Image Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hr_SIS_nextgen_searchbox' shortcode in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-12T08:30:28.000000Z"}, {"uuid": "85ab592a-6561-42cb-838b-3f239e7896fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13656", "type": "seen", "source": "https://t.me/cvedetector/17816", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13656 - ClickMag WordPress Theme - Unauthenticated Option Deletion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13656 \nPublished : Feb. 12, 2025, 5:15 a.m. | 1\u00a0hour, 26\u00a0minutes ago \nDescription : The Click Mag - Viral WordPress News Magazine/Blog Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the propanel_of_ajax_callback() function in all versions up to, and including, 3.6.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary option values on the WordPress site. This can be leveraged to delete an option that would create an error on the site and deny service to legitimate users. \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-12T08:30:25.000000Z"}, {"uuid": "36b7231d-d77a-482c-9485-fe4d3cb26bbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13651", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3730", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13651\n\ud83d\udd25 CVSS Score: 4.2 (CVSS_V3)\n\ud83d\udd39 Description: The RapidLoad \u2013 Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_deactivate() function in all versions up to, and including, 2.4.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset some of the plugin's settings.\n\ud83d\udccf Published: 2025-02-01T06:31:00Z\n\ud83d\udccf Modified: 2025-02-01T06:31:00Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13651\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3232560%40unusedcss&new=3232560%40unusedcss&sfp_email=&sfph_mail=\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/87f9f052-2963-4548-9ff8-91dc2b4ecb43?source=cve", "creation_timestamp": "2025-02-01T07:16:25.000000Z"}, {"uuid": "7969f619-9c56-4d69-aa4a-3106237117b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13659", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2875", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13659\n\ud83d\udd39 Description: The Listamester plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'listamester' shortcode in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-01-24T05:23:53.815Z\n\ud83d\udccf Modified: 2025-01-24T05:23:53.815Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/68b4358d-d4b4-415b-a19f-e58b155ceac9?source=cve\n2. https://plugins.trac.wordpress.org/browser/listamester/trunk/includes/class-listamester.php#L105\n3. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3225538%40listamester&new=3225538%40listamester&sfp_email=&sfph_mail=", "creation_timestamp": "2025-01-24T06:12:33.000000Z"}, {"uuid": "2afa2e5a-f8f8-4895-8fe3-c5d7120822ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13655", "type": "seen", "source": "Telegram/WizLkRBIrwSdfwdXzZmDTlmxL-h_1ocoSK3xFbutIlRq028h", "content": "", "creation_timestamp": "2025-03-08T04:34:56.000000Z"}, {"uuid": "57ec781c-731d-45de-b0c1-7fc5dcd57299", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13656", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4019", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13656\n\ud83d\udd25 CVSS Score: 8.0 (CVSS_V3)\n\ud83d\udd39 Description: The Click Mag - Viral WordPress News Magazine/Blog Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the propanel_of_ajax_callback() function in all versions up to, and including, 3.6.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary option values on the WordPress site. This can be leveraged to delete an option that would create an error on the site and deny service to legitimate users.\n\ud83d\udccf Published: 2025-02-12T06:30:33Z\n\ud83d\udccf Modified: 2025-02-12T06:30:33Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13656\n2. https://themeforest.net/item/click-mag-viral-wordpress-news-magazineblog-theme/18081003\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/ee5df5fe-4213-4d36-aa8f-7eb2710c32b6?source=cve", "creation_timestamp": "2025-02-12T07:09:39.000000Z"}, {"uuid": "d97ab091-9107-4b6a-9e1e-263ec72533da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13651", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3710", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13651\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-01T04:15:30.997\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3232560%40unusedcss&new=3232560%40unusedcss&sfp_email=&sfph_mail=\n2. https://www.wordfence.com/threat-intel/vulnerabilities/id/87f9f052-2963-4548-9ff8-91dc2b4ecb43?source=cve", "creation_timestamp": "2025-02-01T05:25:45.000000Z"}, {"uuid": "917fd624-4a52-4789-8033-4c76690cefda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13658", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4015", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13658\n\ud83d\udd25 CVSS Score: 6.2 (CVSS_V3)\n\ud83d\udd39 Description: The NGG Smart Image Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hr_SIS_nextgen_searchbox' shortcode in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-02-12T06:30:33Z\n\ud83d\udccf Modified: 2025-02-12T06:30:33Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13658\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3233519%40ngg-smart-image-search&new=3233519%40ngg-smart-image-search&sfp_email=&sfph_mail=\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/d916e320-e78b-4305-a4da-10c6fb8db41a?source=cve", "creation_timestamp": "2025-02-12T07:09:28.000000Z"}, {"uuid": "414e9e57-81a4-4ed3-a58e-09b78c63c463", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13654", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4027", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13654\n\ud83d\udd25 CVSS Score: 8.0 (CVSS_V3)\n\ud83d\udd39 Description: The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'reset_options' function in all versions up to, and including, 2.12.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary option values on the WordPress site. This can be leveraged to delete an option that would create an error on the site and deny service to legitimate users.\n\ud83d\udccf Published: 2025-02-12T06:30:32Z\n\ud83d\udccf Modified: 2025-02-12T06:30:32Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13654\n2. https://themeforest.net/item/zoxpress-allinone-wordpress-news-theme/25586170\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/f616be03-229b-4c50-b837-508da4d2b090?source=cve", "creation_timestamp": "2025-02-12T07:11:34.000000Z"}, {"uuid": "488e41b0-708b-4ac8-b309-58b8ceacb087", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13653", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4026", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13653\n\ud83d\udd25 CVSS Score: 8.7 (CVSS_V3)\n\ud83d\udd39 Description: The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backup_options' function in all versions up to, and including, 2.12.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.\n\ud83d\udccf Published: 2025-02-12T06:30:32Z\n\ud83d\udccf Modified: 2025-02-12T06:30:32Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13653\n2. https://themeforest.net/item/zoxpress-allinone-wordpress-news-theme/25586170\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/b4599c7f-5e5d-4571-97d9-54d6fd0c9c63?source=cve", "creation_timestamp": "2025-02-12T07:11:22.000000Z"}, {"uuid": "4f6e0a49-68c1-43ed-a8db-a8a2f65a493e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13657", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4784", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13657\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Store Locator Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'storelocatorwidget' shortcode in all versions up to, and including, 20200131 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-02-19T07:32:13.110Z\n\ud83d\udccf Modified: 2025-02-19T07:32:13.110Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/c65b6793-42e3-40cb-a6fe-b000c879d41f?source=cve\n2. https://plugins.trac.wordpress.org/browser/store-locator-widget/trunk/store-locator-widget.php#L118", "creation_timestamp": "2025-02-19T08:41:02.000000Z"}, {"uuid": "f7592fc6-1872-4c1b-a6e1-98f3b3bcb2ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13650", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12378", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13650\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'PAFE Before After Image Comparison Slider' widget in all versions up to, and including, 2.4.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-04-18T01:44:10.501Z\n\ud83d\udccf Modified: 2025-04-18T01:44:10.501Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/4e3d0ffd-209b-4e29-bc1d-91f2498b4632?source=cve\n2. https://wordpress.org/plugins/piotnet-addons-for-elementor/", "creation_timestamp": "2025-04-18T01:58:02.000000Z"}, {"uuid": "b03c4007-7636-4f7e-9497-31bf0f6ed35b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13655", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6804", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13655\n\ud83d\udd25 CVSS Score: 8.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)\n\ud83d\udd39 Description: The Flex Mag - Responsive WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the propanel_of_ajax_callback() function in all versions up to, and including, 3.5.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary option values on the WordPress site. This can be leveraged to delete an option that would create an error on the site and deny service to legitimate users.\n\ud83d\udccf Published: 2025-03-07T06:40:03.580Z\n\ud83d\udccf Modified: 2025-03-07T06:40:03.580Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/23f53ff1-f0bc-4ad3-9b9e-cf365f064066?source=cve\n2. https://themeforest.net/item/flex-mag-responsive-wordpress-news-theme/12772303", "creation_timestamp": "2025-03-07T07:37:15.000000Z"}, {"uuid": "004aeae0-9d7d-419a-933d-94180517429d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13652", "type": "seen", "source": "https://t.me/cvedetector/16776", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13652 - WordPress ECPay Ecommerce for WooCommerce Unauthenticated Data Loss\", \n  \"Content\": \"CVE ID : CVE-2024-13652 \nPublished : Jan. 30, 2025, 2:15 p.m. | 46\u00a0minutes ago \nDescription : The ECPay Ecommerce for WooCommerce plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'clear_ecpay_debug_log' AJAX action in all versions up to, and including, 1.1.2411060. This makes it possible for authenticated attackers, with Subscriber-level access and above, to clear the plugin's log files. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-30T16:46:27.000000Z"}, {"uuid": "08967410-7813-4b44-9053-19bc794b05be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13659", "type": "seen", "source": "https://t.me/cvedetector/16251", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13659 - Listamester for WordPress Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13659 \nPublished : Jan. 24, 2025, 6:15 a.m. | 20\u00a0minutes ago \nDescription : The Listamester plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'listamester' shortcode in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-24T07:42:41.000000Z"}, {"uuid": "cae7ec91-12ca-4ea4-af02-ed18a96b8414", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13650", "type": "seen", "source": "https://t.me/cvedetector/23305", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13650 - Piotnet Addons For Elementor WordPress Stored Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-13650 \nPublished : April 18, 2025, 2:15 a.m. | 2\u00a0hours, 15\u00a0minutes ago \nDescription : The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'PAFE Before After Image Comparison Slider' widget in all versions up to, and including, 2.4.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-18T06:32:45.000000Z"}, {"uuid": "5b10ee52-73ed-4f92-874f-561037ac7c4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13651", "type": "seen", "source": "https://t.me/cvedetector/17003", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13651 - WordPress RapidLoad Unauthorized Data Modification Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13651 \nPublished : Feb. 1, 2025, 4:15 a.m. | 2\u00a0hours, 21\u00a0minutes ago \nDescription : The RapidLoad \u2013 Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_deactivate() function in all versions up to, and including, 2.4.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset some of the plugin's settings. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-01T08:07:31.000000Z"}, {"uuid": "9945b168-1f43-4af2-b2f6-a52a79123f96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13657", "type": "seen", "source": "Telegram/OPOmlcDO03NExi2mdnxrZMx1ErUEvlda9H8NZmxUIhIsCKYp", "content": "", "creation_timestamp": "2025-02-19T15:39:52.000000Z"}, {"uuid": "fcb991b1-8097-4955-a8df-419ed56e9324", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13651", "type": "seen", "source": "Telegram/L52U5l6W3xy3rdQrvf36kXcTq4KcEW2Kv9bPv3Fljyf-aX8S", "content": "", "creation_timestamp": "2025-02-21T22:10:24.000000Z"}, {"uuid": "1789d991-ed0e-46a1-90db-24f07d3583d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13656", "type": "seen", "source": "Telegram/-UxU4G0z0clLJepYEEIjU6j7ClLnTywyvTy9552g-6463w7C", "content": "", "creation_timestamp": "2025-02-14T10:04:03.000000Z"}, {"uuid": "94da52d0-fcfd-4e00-adaf-878c8183f79d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13654", "type": "seen", "source": "Telegram/oFAdjuVeEmnP5JeWP5Eo6axmhW05z7lySQa9aaOuFfUcAEpC", "content": "", "creation_timestamp": "2025-02-14T10:04:02.000000Z"}, {"uuid": "a7004bdc-8612-4e21-8258-77d4d3250d40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13653", "type": "seen", "source": "Telegram/FntiDlWnhurY7d3_OnfrAHjJiggRmuRPXr9yeqBKjgNiBVgF", "content": "", "creation_timestamp": "2025-02-14T10:04:02.000000Z"}]}