{"vulnerability": "cve-2024-1387", "sightings": [{"uuid": "5ac9b06e-000b-4758-96d9-afb2424e92a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13871", "type": "seen", "source": "https://bsky.app/profile/darkwebinformer.bsky.social/post/3lk6y3zhizs2r", "content": "", "creation_timestamp": "2025-03-12T16:15:37.800014Z"}, {"uuid": "47f3f668-4200-402d-9289-e6eec5f29beb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13872", "type": "seen", "source": "https://bsky.app/profile/darkwebinformer.bsky.social/post/3lk6y3zhizs2r", "content": "", "creation_timestamp": "2025-03-12T16:15:37.875367Z"}, {"uuid": "79775800-a88c-4fa2-8d21-8affe2d565b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13879", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/114019912283848794", "content": "", "creation_timestamp": "2025-02-17T15:23:10.937936Z"}, {"uuid": "5ad55eeb-6c54-4200-8da7-30d7b5a35e7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-13871", "type": "seen", "source": "https://infosec.exchange/users/DarkWebInformer/statuses/114150351492237731", "content": "", "creation_timestamp": "2025-03-12T16:15:35.364109Z"}, {"uuid": "c1f3dae9-b6a4-49a5-874d-dbf9aff6b122", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-13872", "type": "seen", "source": "https://infosec.exchange/users/DarkWebInformer/statuses/114150351492237731", "content": "", "creation_timestamp": "2025-03-12T16:15:35.432163Z"}, {"uuid": "6684906a-6f4a-4ba9-a787-cfa6b3ac0313", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13872", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lkfpimfwx223", "content": "", "creation_timestamp": "2025-03-15T08:30:16.242267Z"}, {"uuid": "ebc6f16f-c516-439a-8205-0e429266e21e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13878", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lksdolhcez2m", "content": "", "creation_timestamp": "2025-03-20T09:03:26.028707Z"}, {"uuid": "21e9c5b8-7884-40ad-8683-b18425894467", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13875", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lksdolx7is26", "content": "", "creation_timestamp": "2025-03-20T09:03:27.718421Z"}, {"uuid": "e6ab3846-18ad-4d2a-b91d-950f62b8887f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13877", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lksdomessz2s", "content": "", "creation_timestamp": "2025-03-20T09:03:30.038829Z"}, {"uuid": "7e0ccd95-3dba-401c-a0fe-03965da2e927", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13876", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lksdom2etj2s", "content": "", "creation_timestamp": "2025-03-20T09:03:28.318750Z"}, {"uuid": "920ac40e-4caa-4ce9-bde2-7d6e44619065", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13879", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lif5g65ocs2h", "content": "", "creation_timestamp": "2025-02-17T16:16:21.686933Z"}, {"uuid": "f5ff130d-b85f-453a-8a0d-b155090df78d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13879", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lifhigb7c32a", "content": "", "creation_timestamp": "2025-02-17T19:16:34.241014Z"}, {"uuid": "7d53c492-f695-4226-b994-47156759460a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13871", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114149569646900003", "content": "", "creation_timestamp": "2025-03-12T12:56:45.430745Z"}, {"uuid": "b33950f6-a273-42f4-a404-39d27f9dd588", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13872", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114149569646900003", "content": "", "creation_timestamp": "2025-03-12T12:56:45.505889Z"}, {"uuid": "dbbdc441-51d3-4875-a73c-d6103f144d2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13871", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lk6m32ne7q2s", "content": "", "creation_timestamp": "2025-03-12T12:40:19.700811Z"}, {"uuid": "61091a67-8ced-4c26-950b-70d7aebd8f0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13872", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lk6m33fr4b2g", "content": "", "creation_timestamp": "2025-03-12T12:40:20.551242Z"}, {"uuid": "6826b46a-2370-46f5-a4c9-2ebd28c85810", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13874", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmh73tkn3m2i", "content": "", "creation_timestamp": "2025-04-10T09:32:30.056096Z"}, {"uuid": "dcc76596-ce28-4395-9ec0-1635b1eb40ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13873", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5006", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13873\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: The WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.8 via the deleteUserPhoto() function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to remove profile photos from users accounts. Please note that this does not officially delete the file.\n\ud83d\udccf Published: 2025-02-22T03:20:59.210Z\n\ud83d\udccf Modified: 2025-02-22T03:20:59.210Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/5fdba3c5-382e-4d2b-83d8-0e0cebf2e63c?source=cve\n2. https://plugins.trac.wordpress.org/changeset/3242653/wp-job-portal/tags/2.2.9/includes/classes/uploads.php?old=3238353&old_path=wp-job-portal%2Ftags%2F2.2.8%2Fincludes%2Fclasses%2Fuploads.php", "creation_timestamp": "2025-02-22T04:18:43.000000Z"}, {"uuid": "96fb440e-d0c7-4694-bfad-bddb17de20db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13873", "type": "seen", "source": "https://t.me/cvedetector/18703", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13873 - \"WP Job Portal Insecure Direct Object Reference Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-13873 \nPublished : Feb. 22, 2025, 4:15 a.m. | 40\u00a0minutes ago \nDescription : The WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.8 via the deleteUserPhoto() function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to remove profile photos from users accounts. Please note that this does not officially delete the file. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-22T06:38:30.000000Z"}, {"uuid": "cd1fa297-ec7a-4ee6-8395-8e20d9209ed9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13871", "type": "seen", "source": "MISP/682bdba3-46b7-4a8f-b7be-c6bf4b4f9868", "content": "", "creation_timestamp": "2025-08-13T13:26:34.000000Z"}, {"uuid": "e9adb0f7-45dc-4fde-ab7b-9406f5785e4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13872", "type": "seen", "source": "MISP/682bdba3-46b7-4a8f-b7be-c6bf4b4f9868", "content": "", "creation_timestamp": "2025-08-13T13:26:34.000000Z"}, {"uuid": "3059cf7a-2d20-4274-b1d5-3cebc6d752af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13879", "type": "seen", "source": "https://t.me/cvedetector/18261", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13879 - WordPress Stream Plugin SSRF\", \n  \"Content\": \"CVE ID : CVE-2024-13879 \nPublished : Feb. 17, 2025, 4:15 p.m. | 44\u00a0minutes ago \nDescription : The Stream plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.2 due to insufficient validation on the webhook feature. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services. \nSeverity: 5.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-17T19:21:49.000000Z"}, {"uuid": "5384390d-3308-4ec7-9eac-de9eea812496", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13872", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7316", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13872\n\ud83d\udd25 CVSS Score: 9.4 (cvssV4_0, Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H)\n\ud83d\udd39 Description: Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules on the devices. Updates can be remotely triggered through the /set_temp_token API method. Then, an unauthenticated and network-adjacent attacker can use man-in-the-middle (MITM) techniques to return malicious responses. Restarted daemons that use malicious assets can then be exploited for remote code execution on the device.\n\ud83d\udccf Published: 2025-03-12T11:47:46.419Z\n\ud83d\udccf Modified: 2025-03-12T14:09:37.026Z\n\ud83d\udd17 References:\n1. https://bitdefender.com/support/security-advisories/insecure-update-mechanism-vulnerability-in-libboxhermes-so-in-bitdefender-box-v1", "creation_timestamp": "2025-03-12T14:40:55.000000Z"}, {"uuid": "022495ea-b85e-4d49-a384-db81576db475", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13875", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8176", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13875\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The WP-PManager WordPress plugin through 1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n\ud83d\udccf Published: 2025-03-20T06:00:02.741Z\n\ud83d\udccf Modified: 2025-03-20T06:00:02.741Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/82c54fb5-f1d9-4bae-a3de-d4335809b81c/", "creation_timestamp": "2025-03-20T06:18:11.000000Z"}, {"uuid": "f1aee4ae-0c16-4191-b236-2a6f096155ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13876", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8175", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13876\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The mEintopf WordPress plugin through 0.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n\ud83d\udccf Published: 2025-03-20T06:00:05.661Z\n\ud83d\udccf Modified: 2025-03-20T06:00:05.661Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/d80cd18a-065f-443b-b548-d780b785d68e/", "creation_timestamp": "2025-03-20T06:18:07.000000Z"}, {"uuid": "7d6041cc-cb2b-49b1-948a-2b5a6047a542", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13877", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8174", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13877\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Passbeemedia Web Push Notification WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n\ud83d\udccf Published: 2025-03-20T06:00:06.305Z\n\ud83d\udccf Modified: 2025-03-20T06:00:06.305Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/0e8ce3cf-1598-4c5d-b119-99d5f676e619/", "creation_timestamp": "2025-03-20T06:18:06.000000Z"}, {"uuid": "6a2ce5dc-0479-4caa-b61d-ec976b813443", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13878", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8173", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13878\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The SpotBot WordPress plugin through 0.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n\ud83d\udccf Published: 2025-03-20T06:00:06.978Z\n\ud83d\udccf Modified: 2025-03-20T06:00:06.978Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/882b2022-4ed6-4d9e-8b35-f48ea1580884/", "creation_timestamp": "2025-03-20T06:18:05.000000Z"}, {"uuid": "85149ffb-4d8a-45a2-8253-3ec2365410d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13875", "type": "seen", "source": "https://t.me/cvedetector/20701", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13875 - \"WordPress WP-PManager Reflected Cross-Site Scripting\"\", \n  \"Content\": \"CVE ID : CVE-2024-13875 \nPublished : March 20, 2025, 6:15 a.m. | 1\u00a0hour, 31\u00a0minutes ago \nDescription : The WP-PManager WordPress plugin through 1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-20T09:02:24.000000Z"}, {"uuid": "781949b7-e436-46f1-9b85-52ab522b9165", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13874", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11196", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13874\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Feedify  WordPress plugin before 2.4.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin\n\ud83d\udccf Published: 2025-04-10T06:00:05.480Z\n\ud83d\udccf Modified: 2025-04-10T06:00:05.480Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/c808e7cf-3285-402b-ab4f-a40ab822b12e/", "creation_timestamp": "2025-04-10T06:48:36.000000Z"}, {"uuid": "137d21d7-287c-491f-8f5f-cc2542376213", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13872", "type": "seen", "source": "https://t.me/DarkWebInformer_News/1789", "content": "\ud83d\udea8 News Alert!\n\nSource: Dark Web Informer - Cyber Threat Intelligence\nTitle: CVE-2024-13871, CVE-2024-13872: Unauthenticated Command Injection in Bitdefender BOX v1 and Insecure Update Mechanism Vulnerability in libboxhermes.so in Bitdefender BOX v1\nLink: https://darkwebinformer.com/cve-2024-13871-cve-2024-13872-unauthenticated-command-injection-in-bitdefender-box-v1-and-insecure-update-mechanism-vulnerability-in-libboxhermes-so-in-bitdefender-box-v1/", "creation_timestamp": "2025-03-12T16:15:20.000000Z"}, {"uuid": "1a554b86-f788-463c-a5b8-bcb6dd698eec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13871", "type": "seen", "source": "https://t.me/DarkWebInformer_News/1789", "content": "\ud83d\udea8 News Alert!\n\nSource: Dark Web Informer - Cyber Threat Intelligence\nTitle: CVE-2024-13871, CVE-2024-13872: Unauthenticated Command Injection in Bitdefender BOX v1 and Insecure Update Mechanism Vulnerability in libboxhermes.so in Bitdefender BOX v1\nLink: https://darkwebinformer.com/cve-2024-13871-cve-2024-13872-unauthenticated-command-injection-in-bitdefender-box-v1-and-insecure-update-mechanism-vulnerability-in-libboxhermes-so-in-bitdefender-box-v1/", "creation_timestamp": "2025-03-12T16:15:20.000000Z"}, {"uuid": "13a5c03d-0545-4e90-9965-d27909e525c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13878", "type": "seen", "source": "https://t.me/cvedetector/20694", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13878 - SpotBot WordPress Reflected Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13878 \nPublished : March 20, 2025, 6:15 a.m. | 1\u00a0hour, 31\u00a0minutes ago \nDescription : The SpotBot WordPress plugin through 0.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-20T09:02:12.000000Z"}, {"uuid": "90bda514-78b3-4201-bf49-39791025f9df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13877", "type": "seen", "source": "https://t.me/cvedetector/20693", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13877 - Passbeemedia Web Push Notification WordPress Reflected Cross-Site Scripting\", \n  \"Content\": \"CVE ID : CVE-2024-13877 \nPublished : March 20, 2025, 6:15 a.m. | 1\u00a0hour, 31\u00a0minutes ago \nDescription : The Passbeemedia Web Push Notification WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-20T09:02:11.000000Z"}, {"uuid": "096ac111-77a8-4c40-86cf-d58531cac02f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13876", "type": "seen", "source": "https://t.me/cvedetector/20700", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13876 - WordPress mEintopf Plugin Reflected Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13876 \nPublished : March 20, 2025, 6:15 a.m. | 1\u00a0hour, 31\u00a0minutes ago \nDescription : The mEintopf WordPress plugin through 0.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-20T09:02:20.000000Z"}, {"uuid": "09231124-882a-4e9f-8b90-81724d4aeb16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13879", "type": "seen", "source": "Telegram/L7yV7xVZbcpKroUMYZSwqS1Jlj1YZAiFe2L8zzTA-IjpKdv4", "content": "", "creation_timestamp": "2025-02-17T23:39:44.000000Z"}, {"uuid": "9d8e73b7-90bc-4453-b05e-d61487649557", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13872", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/14403", "content": "\ud83d\udea8CVE-2024-13871, CVE-2024-13872: Unauthenticated Command Injection in Bitdefender BOX v1 and Insecure Update Mechanism Vulnerability in libboxhermes.so in Bitdefender BOX v1\n\nhttps://darkwebinformer.com/cve-2024-13871-cve-2024-13872-unauthenticated-command-injection-in-bitdefender-box-v1-and-insecure-update-mechanism-vulnerability-in-libboxhermes-so-in-bitdefender-box-v1/", "creation_timestamp": "2025-03-12T17:57:55.000000Z"}, {"uuid": "8df5514c-640e-4aed-ae6e-195c087662e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13871", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/14403", "content": "\ud83d\udea8CVE-2024-13871, CVE-2024-13872: Unauthenticated Command Injection in Bitdefender BOX v1 and Insecure Update Mechanism Vulnerability in libboxhermes.so in Bitdefender BOX v1\n\nhttps://darkwebinformer.com/cve-2024-13871-cve-2024-13872-unauthenticated-command-injection-in-bitdefender-box-v1-and-insecure-update-mechanism-vulnerability-in-libboxhermes-so-in-bitdefender-box-v1/", "creation_timestamp": "2025-03-12T17:57:55.000000Z"}]}