{"vulnerability": "cve-2024-13651", "sightings": [{"uuid": "ff066a23-7d2a-406b-967a-3b0b0a0d1b56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13651", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lh3z46sf772q", "content": "", "creation_timestamp": "2025-02-01T07:40:02.981229Z"}, {"uuid": "fcb991b1-8097-4955-a8df-419ed56e9324", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13651", "type": "seen", "source": "Telegram/L52U5l6W3xy3rdQrvf36kXcTq4KcEW2Kv9bPv3Fljyf-aX8S", "content": "", "creation_timestamp": "2025-02-21T22:10:24.000000Z"}, {"uuid": "e81d69ff-2077-4bff-ae9d-5be9616e3fb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13651", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lh3nph5r7z2p", "content": "", "creation_timestamp": "2025-02-01T04:16:03.623450Z"}, {"uuid": "36b7231d-d77a-482c-9485-fe4d3cb26bbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13651", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3730", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13651\n\ud83d\udd25 CVSS Score: 4.2 (CVSS_V3)\n\ud83d\udd39 Description: The RapidLoad \u2013 Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_deactivate() function in all versions up to, and including, 2.4.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset some of the plugin's settings.\n\ud83d\udccf Published: 2025-02-01T06:31:00Z\n\ud83d\udccf Modified: 2025-02-01T06:31:00Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13651\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3232560%40unusedcss&new=3232560%40unusedcss&sfp_email=&sfph_mail=\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/87f9f052-2963-4548-9ff8-91dc2b4ecb43?source=cve", "creation_timestamp": "2025-02-01T07:16:25.000000Z"}, {"uuid": "d97ab091-9107-4b6a-9e1e-263ec72533da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13651", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3710", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13651\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-01T04:15:30.997\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3232560%40unusedcss&new=3232560%40unusedcss&sfp_email=&sfph_mail=\n2. https://www.wordfence.com/threat-intel/vulnerabilities/id/87f9f052-2963-4548-9ff8-91dc2b4ecb43?source=cve", "creation_timestamp": "2025-02-01T05:25:45.000000Z"}, {"uuid": "5b10ee52-73ed-4f92-874f-561037ac7c4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13651", "type": "seen", "source": "https://t.me/cvedetector/17003", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13651 - WordPress RapidLoad Unauthorized Data Modification Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13651 \nPublished : Feb. 1, 2025, 4:15 a.m. | 2\u00a0hours, 21\u00a0minutes ago \nDescription : The RapidLoad \u2013 Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_deactivate() function in all versions up to, and including, 2.4.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset some of the plugin's settings. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-01T08:07:31.000000Z"}]}