{"vulnerability": "cve-2024-1380", "sightings": [{"uuid": "0821818d-c04b-4a8e-8830-34600ef9f428", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13804", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114258301081662294", "content": "", "creation_timestamp": "2025-03-31T17:48:35.661724Z"}, {"uuid": "9baa8f30-772c-46e6-95c0-32a79667d9ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13804", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114258301081662294", "content": "", "creation_timestamp": "2025-03-31T17:48:35.665382Z"}, {"uuid": "0d7fb063-7d97-4cb3-ba80-4fe725b2d5cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13800", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113989151204757259", "content": "", "creation_timestamp": "2025-02-12T05:00:14.331573Z"}, {"uuid": "06d3bae0-19ac-4004-ac6e-f8bb038c399a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13805", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ljs6htq45r2s", "content": "", "creation_timestamp": "2025-03-07T14:04:59.310875Z"}, {"uuid": "ba8c7552-101c-4410-b6ca-06d202c6c88d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13800", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhxg6tnayf2i", "content": "", "creation_timestamp": "2025-02-12T05:16:02.795401Z"}, {"uuid": "b4561438-d192-44a5-a04d-e5425991de9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13802", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3limctggngv2y", "content": "", "creation_timestamp": "2025-02-20T12:41:55.810167Z"}, {"uuid": "591244c4-4d3a-4c29-bf9a-042817310284", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13800", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113989577689602048", "content": "", "creation_timestamp": "2025-02-12T06:48:42.639470Z"}, {"uuid": "5a44c375-8dfd-4f37-8c6a-4d70ffdccce8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13800", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lhxmbmwn2k2i", "content": "", "creation_timestamp": "2025-02-12T07:05:00.842512Z"}, {"uuid": "c6fdea4e-9e89-4ea3-acf0-4bd91ee8de01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13808", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lnoxcmccjna2", "content": "", "creation_timestamp": "2025-04-26T04:59:46.457086Z"}, {"uuid": "29242847-daed-49be-8cd5-73dced88fca7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13808", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114403160904498626", "content": "", "creation_timestamp": "2025-04-26T07:48:21.273651Z"}, {"uuid": "86b33ae0-1615-4df5-9960-1f66b1e8ff9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13808", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnpcjsy5cb2b", "content": "", "creation_timestamp": "2025-04-26T08:20:28.883425Z"}, {"uuid": "9094fd82-52a2-46fc-b933-948132498a98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13805", "type": "seen", "source": "https://t.me/cvedetector/19802", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13805 - WordPress Advanced File Manager Stored Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-13805 \nPublished : March 7, 2025, 10:15 a.m. | 46\u00a0minutes ago \nDescription : The Advanced File Manager \u2014 Ultimate WordPress File Manager and Document Library Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 5.2.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an Administrator, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-07T12:25:40.000000Z"}, {"uuid": "66c9a63f-09bf-4a17-b6a5-7871fc5362a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13806", "type": "seen", "source": "Telegram/f93JrHZIl9YtmInEh7SPVgVsBxQ6LLbQlk7fwDA_cT8p31_x", "content": "", "creation_timestamp": "2025-03-02T11:46:31.000000Z"}, {"uuid": "697c2947-d036-4079-a923-7bbe80deadd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13808", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13565", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13808\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The Xpro Elementor Addons - Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.4.9 via the custom PHP widget. This is due to their only being client side controls when determining who can access the widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.\n\ud83d\udccf Published: 2025-04-26T04:22:36.503Z\n\ud83d\udccf Modified: 2025-04-26T04:22:36.503Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/0833e55f-22aa-44c9-aff6-1f3b74016e4c?source=cve\n2. https://elementor.wpxpro.com", "creation_timestamp": "2025-04-26T05:08:31.000000Z"}, {"uuid": "0af6966c-6b43-4714-ab9d-8785d7cc70be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13802", "type": "seen", "source": "https://t.me/cvedetector/18522", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13802 - Bandsintown Events Stored Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2024-13802 \nPublished : Feb. 20, 2025, 10:15 a.m. | 1\u00a0hour, 3\u00a0minutes ago \nDescription : The Bandsintown Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bandsintown_events' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-20T13:08:53.000000Z"}, {"uuid": "da657a24-f07c-4e9f-a1d3-d8f8fe413c42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13800", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4021", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13800\n\ud83d\udd25 CVSS Score: 8.0 (CVSS_V3)\n\ud83d\udd39 Description: The ConvertPlus plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cp_dismiss_notice' AJAX endpoint in all versions up to, and including, 3.5.30. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to '1' on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny service to legitimate users or be used to set some values to true such as registration.\n\ud83d\udccf Published: 2025-02-12T06:30:33Z\n\ud83d\udccf Modified: 2025-02-12T06:30:33Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-13800\n2. https://www.convertplug.com/plus/product/convertplug\n3. https://www.wordfence.com/threat-intel/vulnerabilities/id/580ae2da-76f2-42b3-a26c-62ad8d6d1686?source=cve", "creation_timestamp": "2025-02-12T07:09:44.000000Z"}, {"uuid": "db3d6844-700c-41c9-adaa-82601d9db4a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13800", "type": "seen", "source": "https://t.me/cvedetector/17820", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13800 - WordPress ConvertPlus Unauthenticated AJAX Capability Check Denial of Service\", \n  \"Content\": \"CVE ID : CVE-2024-13800 \nPublished : Feb. 12, 2025, 5:15 a.m. | 1\u00a0hour, 26\u00a0minutes ago \nDescription : The ConvertPlus plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cp_dismiss_notice' AJAX endpoint in all versions up to, and including, 3.5.30. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to '1' on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny service to legitimate users or be used to set some values to true such as registration. \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-12T08:30:30.000000Z"}, {"uuid": "880cbeee-218b-4534-a14d-1d4b69d9b99d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13806", "type": "seen", "source": "https://t.me/cvedetector/19221", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13806 - WordPress Authors List Plugin Arbitrary Shortcode Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13806 \nPublished : March 1, 2025, 8:15 a.m. | 31\u00a0minutes ago \nDescription : The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-01T10:35:35.000000Z"}, {"uuid": "e880ca03-a839-4433-9fe0-24fd41ef8789", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13805", "type": "seen", "source": "Telegram/FeFQfPsIzNY4n2ciMF76puCptl9ABVeebL3KZ0290xcyhGLv", "content": "", "creation_timestamp": "2025-03-08T04:34:56.000000Z"}, {"uuid": "e662e8a3-b1cf-406a-b635-3a9c60c39bd4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13806", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6060", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13806\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.\n\ud83d\udccf Published: 2025-03-01T07:24:05.886Z\n\ud83d\udccf Modified: 2025-03-01T07:24:05.886Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/dbfa20ad-6411-4054-9973-cb12d17c57f6?source=cve\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3246757%40authors-list&new=3246757%40authors-list&sfp_email=&sfph_mail=", "creation_timestamp": "2025-03-01T08:27:07.000000Z"}, {"uuid": "fd7dfbdb-dbd0-422c-81ab-31fd8e824734", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13803", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5476", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13803\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018data-marker\u2019 parameter in all versions up to, and including, 5.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\ud83d\udccf Published: 2025-02-26T07:01:18.758Z\n\ud83d\udccf Modified: 2025-02-26T07:01:18.758Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/efdeca40-e021-478f-af75-c5566ae70735?source=cve\n2. http://localhost:1337/wp-content/plugins/essential-blocks/assets/admin/editor/editor.js\n3. https://plugins.trac.wordpress.org/changeset/3242493/", "creation_timestamp": "2025-02-26T07:23:59.000000Z"}, {"uuid": "71dab1eb-6eff-480f-9857-5cf4a62cfab5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13809", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6521", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13809\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: The Hero Slider - WordPress Slider Plugin plugin for WordPress is vulnerable to SQL Injection via several parameters in all versions up to, and including, 1.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n\ud83d\udccf Published: 2025-03-05T09:21:48.298Z\n\ud83d\udccf Modified: 2025-03-05T09:21:48.298Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/a692d9c4-66e0-4461-ad13-65e1446106c5?source=cve\n2. https://codecanyon.net/item/hero-slider-wordpress-slider-plugin/13067813", "creation_timestamp": "2025-03-05T09:35:57.000000Z"}, {"uuid": "b7f1a1ee-d8f2-4da9-85e4-7108ae720c92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13801", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8814", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13801\n\ud83d\udd25 CVSS Score: 8.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)\n\ud83d\udd39 Description: The BWL Advanced FAQ Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'baf_set_notice_status' AJAX action in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to '1' on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny service to legitimate users or be used to set some values to true such as registration.\n\ud83d\udccf Published: 2025-03-26T08:21:51.722Z\n\ud83d\udccf Modified: 2025-03-26T08:21:51.722Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/b3a84201-6cd8-4528-ae7a-7fd813c8da18?source=cve\n2. https://codecanyon.net/item/bwl-advanced-faq-manager/5007135", "creation_timestamp": "2025-03-26T09:25:58.000000Z"}, {"uuid": "4724a061-d1ef-40cf-9f7a-7c0bdffb6119", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13805", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6842", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13805\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Advanced File Manager \u2014 Ultimate WordPress File Manager and Document Library Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 5.2.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an Administrator, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.\n\ud83d\udccf Published: 2025-03-07T09:21:13.618Z\n\ud83d\udccf Modified: 2025-03-07T14:59:29.775Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/0fc6cc1b-7d49-48cd-9bce-d37c6dcfece9?source=cve\n2. https://plugins.trac.wordpress.org/browser/file-manager-advanced/trunk/application/class_fma_connector.php\n3. https://plugins.trac.wordpress.org/changeset/3249482/", "creation_timestamp": "2025-03-07T15:35:19.000000Z"}, {"uuid": "e1520790-2e18-4e26-b92a-a397e30dd3d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13809", "type": "seen", "source": "Telegram/IzNfIugkwcwwUuCrmtU8Uk-zLEjiJGfQLSksQB01w4185BJF", "content": "", "creation_timestamp": "2025-03-06T02:16:32.000000Z"}, {"uuid": "a58e72e5-68ee-4b7f-a5ac-acc6070da0bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13804", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9554", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13804\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Vulnerability in Hewlett Packard Enterprise HPE Insight Cluster Management Utility (CMU).This issue affects HPE Insight Cluster Management Utility (CMU): 8.2.\n\ud83d\udccf Published: 2025-03-30T21:10:54.859Z\n\ud83d\udccf Modified: 2025-03-30T21:26:47.732Z\n\ud83d\udd17 References:\n1. https://red.0xbad53c.com/vulnerability-research/rce-in-hpe-insight-cluster-management-utility-cve-2024-13804", "creation_timestamp": "2025-03-30T21:30:15.000000Z"}, {"uuid": "65af8db3-b5b3-4d55-b99e-630a27c76692", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13804", "type": "seen", "source": "https://t.me/cvedetector/21524", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13804 - HPE Insight Cluster Management Utility (CMU) Authentication Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-13804 \nPublished : March 30, 2025, 10:15 p.m. | 24\u00a0minutes ago \nDescription : Vulnerability in Hewlett Packard Enterprise HPE Insight Cluster Management Utility (CMU).This issue affects HPE Insight Cluster Management Utility (CMU): 8.2. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-31T00:47:01.000000Z"}, {"uuid": "08f32801-7984-460a-973c-c475cf4b2f3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13808", "type": "seen", "source": "https://t.me/cvedetector/23791", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13808 - Xpro Elementor Addons - Pro WordPress Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13808 \nPublished : April 26, 2025, 5:15 a.m. | 18\u00a0minutes ago \nDescription : The Xpro Elementor Addons - Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.4.9 via the custom PHP widget. This is due to their only being client side controls when determining who can access the widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-26T07:43:24.000000Z"}, {"uuid": "8ed0ba42-3e48-417b-b7d6-7adedea55a0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13809", "type": "seen", "source": "https://t.me/cvedetector/19613", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13809 - \"Hero Slider WordPress Slider Plugin SQL Injection Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-13809 \nPublished : March 5, 2025, 10:15 a.m. | 48\u00a0minutes ago \nDescription : The Hero Slider - WordPress Slider Plugin plugin for WordPress is vulnerable to SQL Injection via several parameters in all versions up to, and including, 1.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-05T12:45:54.000000Z"}, {"uuid": "62362c60-6d23-4e5c-9c6d-e8cbea53ece4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1380", "type": "seen", "source": "Telegram/kHT3_0yXpPDep_imDODFZdDEqhbXa4jYJbMvwyQAAdrf6ehA", "content": "", "creation_timestamp": "2025-02-01T17:28:08.000000Z"}, {"uuid": "17cc4165-8a3c-4e62-bfc5-c577f02a0232", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13801", "type": "seen", "source": "https://t.me/cvedetector/21162", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13801 - WordPress BWL Advanced FAQ Manager Unauthorized Data Modification and Denial of Service\", \n  \"Content\": \"CVE ID : CVE-2024-13801 \nPublished : March 26, 2025, 9:15 a.m. | 1\u00a0hour, 17\u00a0minutes ago \nDescription : The BWL Advanced FAQ Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'baf_set_notice_status' AJAX action in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to '1' on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny service to legitimate users or be used to set some values to true such as registration. \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-26T12:12:49.000000Z"}]}