{"vulnerability": "cve-2024-1371", "sightings": [{"uuid": "16ba8b94-0c20-42b3-8409-d6842af587a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13717", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113921353197918767", "content": "", "creation_timestamp": "2025-01-31T05:38:19.065125Z"}, {"uuid": "14910799-b274-4d35-8456-126fc858366a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13715", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113918025690544421", "content": "", "creation_timestamp": "2025-01-30T15:32:05.697697Z"}, {"uuid": "5d76b2ea-9968-481c-88c8-d48f796a3db4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13717", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgzdxzhpc72f", "content": "", "creation_timestamp": "2025-01-31T06:16:34.172832Z"}, {"uuid": "32e2d68a-c2e3-4796-9a74-f941735f9bf2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13715", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgxyucipb62r", "content": "", "creation_timestamp": "2025-01-30T17:24:59.774159Z"}, {"uuid": "61b5ca8a-50be-4e7b-9d3d-4a1491b5291c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13717", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgzi4p2xcd2h", "content": "", "creation_timestamp": "2025-01-31T07:30:47.596608Z"}, {"uuid": "e80d55d4-df9a-4d02-b7c9-22edc16b762f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13715", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgxof6d2t42h", "content": "", "creation_timestamp": "2025-01-30T14:17:33.391303Z"}, {"uuid": "40aba8a2-db11-4128-942d-ade8fd67b6c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13714", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113989286209392203", "content": "", "creation_timestamp": "2025-02-12T05:34:34.545346Z"}, {"uuid": "203c476b-25ca-4093-bacf-b1729b96c6ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13714", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhxjkvjlzg2z", "content": "", "creation_timestamp": "2025-02-12T06:16:28.442722Z"}, {"uuid": "73907d6f-a888-461c-bd06-40f69b63079c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13714", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113989577795308079", "content": "", "creation_timestamp": "2025-02-12T06:48:43.520364Z"}, {"uuid": "33491742-df98-4df6-93c2-67e1c0ee3cc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13714", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lhxmbmm65c24", "content": "", "creation_timestamp": "2025-02-12T07:04:59.215869Z"}, {"uuid": "ced03ab7-4377-4a10-948f-3f9ea13b6e52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13718", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ligwemhbue2p", "content": "", "creation_timestamp": "2025-02-18T09:15:32.475922Z"}, {"uuid": "5d70c9a8-2de0-43a1-9429-76da3537d3e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13711", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lijdkitlhi2o", "content": "", "creation_timestamp": "2025-02-19T08:16:47.995529Z"}, {"uuid": "7131ea5d-11e4-4dc9-b874-55dd7f7571b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13712", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lijdkli5662n", "content": "", "creation_timestamp": "2025-02-19T08:16:50.901522Z"}, {"uuid": "fb239c36-810e-4b9e-a203-cf174b055791", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13719", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lijdknorun2g", "content": "", "creation_timestamp": "2025-02-19T08:16:53.186839Z"}, {"uuid": "88d2f003-56ef-4c38-a7e5-4946f1d8456f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13719", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lijq3vusn52a", "content": "", "creation_timestamp": "2025-02-19T12:01:16.969130Z"}, {"uuid": "c8ada44f-1bf5-48e9-8a99-2444236790f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13711", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lijq3x7qd22a", "content": "", "creation_timestamp": "2025-02-19T12:01:22.665469Z"}, {"uuid": "1d7eeb88-a6ca-4e3a-90f5-edddcb43809c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13713", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lip4jhmsok26", "content": "", "creation_timestamp": "2025-02-21T15:26:58.095650Z"}, {"uuid": "126f9a93-8c5a-4729-a122-0d950d2ff767", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13713", "type": "seen", "source": "https://t.me/cvedetector/18649", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13713 - WordPress Square For GiveWP SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13713 \nPublished : Feb. 21, 2025, 12:15 p.m. | 2\u00a0hours, 10\u00a0minutes ago \nDescription : The WPExperts Square For GiveWP plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-21T15:35:51.000000Z"}, {"uuid": "f6434cc8-a796-4ae5-9d43-d44050a096fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13712", "type": "seen", "source": "https://t.me/cvedetector/18428", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13712 - WordPress Pollin SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2024-13712 \nPublished : Feb. 19, 2025, 8:15 a.m. | 2\u00a0hours, 7\u00a0minutes ago \nDescription : The Pollin plugin for WordPress is vulnerable to SQL Injection via the 'question' parameter in all versions up to, and including, 1.01.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. \nSeverity: 4.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-19T12:03:16.000000Z"}, {"uuid": "701c66ef-b6a8-4668-a91c-42da7a17657f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13711", "type": "seen", "source": "https://t.me/cvedetector/18427", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13711 - WordPress Pollin Reflected Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13711 \nPublished : Feb. 19, 2025, 8:15 a.m. | 2\u00a0hours, 7\u00a0minutes ago \nDescription : The Pollin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'question' parameter in all versions up to, and including, 1.01.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-19T12:03:12.000000Z"}, {"uuid": "0995cdfa-5f7e-4410-b88f-5bc9f1cf1b12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13719", "type": "seen", "source": "https://t.me/cvedetector/18429", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13719 - PeproDev Ultimate Invoice WordPress Insecure Direct Object Reference\", \n  \"Content\": \"CVE ID : CVE-2024-13719 \nPublished : Feb. 19, 2025, 8:15 a.m. | 2\u00a0hours, 7\u00a0minutes ago \nDescription : The PeproDev Ultimate Invoice plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.8 via the invoicing viewer due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view invoices for completed orders which can contain PII of users. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-19T12:03:17.000000Z"}, {"uuid": "09e3a9ee-24e3-416f-b32b-f9addc34d8ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13718", "type": "seen", "source": "https://t.me/cvedetector/18297", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13718 - WooCommerce Flexible Wishlist CSRF Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13718 \nPublished : Feb. 18, 2025, 9:15 a.m. | 17\u00a0minutes ago \nDescription : The Flexible Wishlist for WooCommerce \u2013 Ecommerce Wishlist & Save for later plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.26. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to modify/update/create other user's wishlists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-18T10:57:31.000000Z"}, {"uuid": "5214b615-f6c0-4fb3-8fdd-71725200f6cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13716", "type": "seen", "source": "https://t.me/cvedetector/19140", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13716 - \"WordPress Forex Calculators Plugin Unauthorized Data Modification Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-13716 \nPublished : Feb. 28, 2025, 9:15 a.m. | 51\u00a0minutes ago \nDescription : The Forex Calculators plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_settings_callback() function in all versions up to, and including, 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-28T11:10:31.000000Z"}, {"uuid": "a793596c-da1f-4a2d-aff2-20343d9a7599", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13714", "type": "seen", "source": "https://t.me/cvedetector/17815", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13714 - All-Images.ai for WordPress - Unvalidated File Upload Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13714 \nPublished : Feb. 12, 2025, 6:15 a.m. | 26\u00a0minutes ago \nDescription : The All-Images.ai \u2013 IA Image Bank and Custom Image creation plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the '_get_image_by_url' function in all versions up to, and including, 1.0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-12T08:30:24.000000Z"}, {"uuid": "b484cf61-9e22-4d7c-953d-a68a4a2180d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13717", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3604", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13717\n\ud83d\udd25 CVSS Score: 4.2 (CVSS_V3)\n\ud83d\udd39 Description: The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_ajax_toggle_ae and vcita_ajax_toggle_contact functions in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to enabled and disable widgets.\n\ud83d\udccf Published: 2025-01-31T06:30:53Z\n\ud83d\udccf Modified: 2025-01-31T06:30:53Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13717\n2. https://plugins.trac.wordpress.org/browser/lead-capturing-call-to-actions-by-vcita/trunk/vcita-ajax-function.php#L5\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/93800bd9-5d11-4d5b-99b2-4c5c78510af7?source=cve", "creation_timestamp": "2025-01-31T08:14:53.000000Z"}, {"uuid": "64637fbd-9af8-4414-9856-6f9d58f1b344", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13715", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3514", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13715\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-01-30T14:15:36.513\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/browser/zstore-manager-basic/trunk/zstore-manager.php#L441\n2. https://www.wordfence.com/threat-intel/vulnerabilities/id/974ffc87-369a-431e-b601-8c6679d963c3?source=cve", "creation_timestamp": "2025-01-30T19:19:49.000000Z"}, {"uuid": "3b9f34c5-9f19-40e7-ae8d-a1dbb5456c13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13717", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3585", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13717\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-01-31T06:15:29.770\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/browser/lead-capturing-call-to-actions-by-vcita/trunk/vcita-ajax-function.php#L5\n2. https://www.wordfence.com/threat-intel/vulnerabilities/id/93800bd9-5d11-4d5b-99b2-4c5c78510af7?source=cve", "creation_timestamp": "2025-01-31T07:24:01.000000Z"}, {"uuid": "23dc5b8c-58bd-4a7c-830b-fca0871f0db4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13714", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4034", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13714\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-12T06:15:19.987\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3231889%40all-images-ai&new=3231889%40all-images-ai&sfp_email=&sfph_mail=\n2. https://www.wordfence.com/threat-intel/vulnerabilities/id/422c634c-5119-40ef-adf7-681c3d8c09a2?source=cve", "creation_timestamp": "2025-02-12T07:13:23.000000Z"}, {"uuid": "8568ba04-0b0e-4442-a977-61ed37e35cde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13714", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4018", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13714\n\ud83d\udd25 CVSS Score: 8.7 (CVSS_V3)\n\ud83d\udd39 Description: The All-Images.ai \u2013 IA Image Bank and Custom Image creation plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the '_get_image_by_url' function in all versions up to, and including, 1.0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.\n\ud83d\udccf Published: 2025-02-12T06:30:33Z\n\ud83d\udccf Modified: 2025-02-12T06:30:33Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13714\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3231889%40all-images-ai&new=3231889%40all-images-ai&sfp_email=&sfph_mail=\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/422c634c-5119-40ef-adf7-681c3d8c09a2?source=cve", "creation_timestamp": "2025-02-12T07:09:36.000000Z"}, {"uuid": "97100c4f-b6af-4894-bf98-00d02ae57f8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13711", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4795", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13711\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Pollin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'question' parameter in all versions up to, and including, 1.01.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-02-19T07:32:08.537Z\n\ud83d\udccf Modified: 2025-02-19T07:32:08.537Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/4beb01c1-2144-4b1f-9d32-cf2725a8d4ae?source=cve\n2. https://wordpress.org/plugins/pollin/", "creation_timestamp": "2025-02-19T08:41:17.000000Z"}, {"uuid": "590bbc63-bcc8-491b-9996-75197944dce2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13719", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4797", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13719\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: The PeproDev Ultimate Invoice plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.8 via the invoicing viewer due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view invoices for completed orders which can contain PII of users.\n\ud83d\udccf Published: 2025-02-19T07:32:07.577Z\n\ud83d\udccf Modified: 2025-02-19T07:32:07.577Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/46186f8d-e50c-476a-9480-b6121412474a?source=cve\n2. https://wordpress.org/plugins/pepro-ultimate-invoice/", "creation_timestamp": "2025-02-19T08:41:19.000000Z"}, {"uuid": "d9cdc734-0ae6-4819-85a4-742201fa0580", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13713", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4878", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13713\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: The WPExperts Square For GiveWP plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n\ud83d\udccf Published: 2025-02-21T11:09:34.028Z\n\ud83d\udccf Modified: 2025-02-21T11:09:34.028Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/7863c5fb-1eda-41a3-b8ec-054784ab2438?source=cve\n2. https://plugins.trac.wordpress.org/browser/wpexperts-square-for-give/trunk/includes/class-give-square.php#L189\n3. https://plugins.trac.wordpress.org/changeset/3242658/wpexperts-square-for-give/trunk/includes/class-give-square.php", "creation_timestamp": "2025-02-21T11:18:27.000000Z"}, {"uuid": "8d65a351-cdf0-4d5f-89b9-fed6b09d1f05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13716", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5864", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13716\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: The Forex Calculators plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_settings_callback() function in all versions up to, and including, 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings.\n\ud83d\udccf Published: 2025-02-28T08:23:15.098Z\n\ud83d\udccf Modified: 2025-02-28T08:23:15.098Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/49ce8ca1-c1ae-4dda-909e-70c3b6d2b561?source=cve\n2. https://plugins.trac.wordpress.org/browser/fx-calculators/tags/1.3.5/forex-calculators.php#L101", "creation_timestamp": "2025-02-28T09:27:39.000000Z"}, {"uuid": "708b9440-9dd0-46c5-811c-3774c641c535", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13710", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8634", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13710\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: The Estatebud \u2013 Properties & Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.0. This is due to missing or incorrect nonce validation on the 'estatebud_settings' page. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.\n\ud83d\udccf Published: 2025-03-25T08:22:15.157Z\n\ud83d\udccf Modified: 2025-03-25T08:22:15.157Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/c43f4c91-329d-46b9-b2c8-f35e5baa38d7?source=cve\n2. https://wordpress.org/plugins/estatebud-properties-listings/", "creation_timestamp": "2025-03-25T09:24:23.000000Z"}, {"uuid": "27d92374-cecf-4c8b-9e9d-22ebb2bde5cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13717", "type": "seen", "source": "https://t.me/cvedetector/16893", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13717 - \"vcita WordPress Plugin Unauthorized Data Modification Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-13717 \nPublished : Jan. 31, 2025, 6:15 a.m. | 1\u00a0hour, 29\u00a0minutes ago \nDescription : The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_ajax_toggle_ae and vcita_ajax_toggle_contact functions in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to enabled and disable widgets. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-31T09:30:57.000000Z"}, {"uuid": "328e14f8-49cc-45a8-a947-ba5e29074ed2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13715", "type": "seen", "source": "https://t.me/cvedetector/16773", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13715 - \"WordPress zStore Manager Basic Plugin Cache Clearance Unauthorized Access\"\", \n  \"Content\": \"CVE ID : CVE-2024-13715 \nPublished : Jan. 30, 2025, 2:15 p.m. | 46\u00a0minutes ago \nDescription : The zStore Manager Basic plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the zstore_clear_cache() function in all versions up to, and including, 3.311. This makes it possible for authenticated attackers, with Subscriber-level access and above, to clear the plugin's cache. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-30T16:46:22.000000Z"}, {"uuid": "4fddea4b-6876-4c5c-bae5-1e7e7b7d0af2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13710", "type": "seen", "source": "https://t.me/cvedetector/21077", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13710 - Estatebud Properties & Listings Cross-Site Request Forgery\", \n  \"Content\": \"CVE ID : CVE-2024-13710 \nPublished : March 25, 2025, 9:15 a.m. | 33\u00a0minutes ago \nDescription : The Estatebud \u2013 Properties & Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.0. This is due to missing or incorrect nonce validation on the 'estatebud_settings' page. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-25T11:08:04.000000Z"}, {"uuid": "5f163af5-7e64-42e7-973d-872b474a73a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13716", "type": "seen", "source": "Telegram/SpMAeTrXuvEQ6oF94hZ3vTQOaewaFhQfRtrIMKmGWKpfe74i", "content": "", "creation_timestamp": "2025-03-02T11:44:22.000000Z"}, {"uuid": "5ac5dfa5-3abf-4662-aa5b-e7a7b6c8f9f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13711", "type": "seen", "source": "Telegram/vGvYvC6BpTjB2Ain6vusWnVIDPRrEpxFyGaN8RwETM7ZCwAk", "content": "", "creation_timestamp": "2025-02-19T15:39:53.000000Z"}, {"uuid": "8d7a8725-427d-45cc-b9b2-8602ea4537de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13714", "type": "seen", "source": "Telegram/-XCJKEhz18ssWVwoRAXjVWwC9JZ7rZOrnDRDaN7Omi3IRYyk", "content": "", "creation_timestamp": "2025-02-14T10:04:03.000000Z"}, {"uuid": "c8e9edf2-8168-4536-9e76-5743d0fd855b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1371", "type": "seen", "source": "Telegram/TC3hkhsB1_ogBjjjuypfrk1BL-Y_U6oebancwcJCI0QT6U0Q", "content": "", "creation_timestamp": "2024-04-30T13:38:34.000000Z"}]}