{"vulnerability": "cve-2024-1389", "sightings": [{"uuid": "0d3ca5e2-fee4-43ff-b8cd-828ae6a6e97d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13896", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmh73todsg2r", "content": "", "creation_timestamp": "2025-04-10T09:32:30.624007Z"}, {"uuid": "184812f6-7cd8-4501-81c0-dd938d6d4d34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13890", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ljtosibozv2s", "content": "", "creation_timestamp": "2025-03-08T04:29:57.311863Z"}, {"uuid": "d3432527-17cd-4926-93be-cf54559953fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13897", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ljp77j3v542a", "content": "", "creation_timestamp": "2025-03-06T09:40:14.467280Z"}, {"uuid": "583a50e5-fb0f-4725-9c4b-75218825397f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13892", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ljptkzxwfu2j", "content": "", "creation_timestamp": "2025-03-06T15:44:37.390848Z"}, {"uuid": "496cb65e-49e4-4c8a-a849-56f2ccd7d825", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1389", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13240", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-1389\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: The Paid Membership Subscriptions \u2013 Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pms_stripe_connect_handle_authorization_return function in all versions up to, and including, 2.11.1. This makes it possible for unauthenticated attackers to change the Stripe payment keys.\n\ud83d\udccf Published: 2024-02-20T18:56:46.095Z\n\ud83d\udccf Modified: 2025-04-24T15:02:56.401Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/cd5f5861-5be4-456d-915d-bafb7bff2110?source=cve\n2. https://plugins.trac.wordpress.org/browser/paid-member-subscriptions/trunk/includes/gateways/stripe/admin/functions-admin-connect.php#L11\n3. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3034497%40paid-member-subscriptions%2Ftrunk&old=3031453%40paid-member-subscriptions%2Ftrunk&sfp_email=&sfph_mail=", "creation_timestamp": "2025-04-24T15:06:28.000000Z"}, {"uuid": "e233b987-7d9a-44ee-816b-7d010b042456", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13897", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6656", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13897\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H)\n\ud83d\udd39 Description: The Moving Media Library plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the generate_json_page function in all versions up to, and including, 1.22. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).\n\ud83d\udccf Published: 2025-03-06T08:21:38.783Z\n\ud83d\udccf Modified: 2025-03-06T08:21:38.783Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/815ce00b-3753-4c38-8a30-5242a5841734?source=cve\n2. https://plugins.trac.wordpress.org/browser/moving-media-library/trunk/lib/class-movingmedialibraryadmin.php#L166\n3. https://plugins.trac.wordpress.org/changeset/3244709/moving-media-library/trunk/lib/class-movingmedialibraryadmin.php", "creation_timestamp": "2025-03-06T08:37:18.000000Z"}, {"uuid": "44579067-1dad-4e66-90ac-1ed427405e2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13899", "type": "seen", "source": "https://t.me/cvedetector/18704", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13899 - WordPress Mambo Importer PHP Object Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13899 \nPublished : Feb. 22, 2025, 4:15 a.m. | 40\u00a0minutes ago \nDescription : The Mambo Importer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0 via deserialization of untrusted input via the $data parameter in the fImportMenu function. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. \nSeverity: 7.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-22T06:38:31.000000Z"}, {"uuid": "0c631bdf-dfd3-4260-8332-95c5bfc5bac4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13892", "type": "seen", "source": "Telegram/DEIiyQ8B1O6r1F6bVJHeWwE7deeSDUv4jQQ7VPKtsMYCeXrN", "content": "", "creation_timestamp": "2025-03-08T04:34:09.000000Z"}, {"uuid": "eeae4156-ca21-4fe9-8374-39532df83111", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13899", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5003", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13899\n\ud83d\udd25 CVSS Score: 7.2 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The Mambo Importer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0 via deserialization of untrusted input via the $data parameter in the fImportMenu function. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.\n\ud83d\udccf Published: 2025-02-22T03:21:00.665Z\n\ud83d\udccf Modified: 2025-02-22T03:21:00.665Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/b6d448c2-5acc-47f8-8e86-9ef10fa01513?source=cve\n2. https://plugins.trac.wordpress.org/browser/mambo-joomla-importer/trunk/mamboImporter.php#L45", "creation_timestamp": "2025-02-22T04:18:40.000000Z"}, {"uuid": "d45fdefb-1f92-4689-8625-4e990f93362c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13891", "type": "seen", "source": "https://t.me/cvedetector/20198", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13891 - \"WordPress Schedule Plugin Reflected Cross-Site Scripting Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-13891 \nPublished : March 13, 2025, 6:15 a.m. | 1\u00a0hour, 20\u00a0minutes ago \nDescription : The Schedule WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-13T08:55:49.000000Z"}, {"uuid": "7a9eb8be-2ed0-422b-9219-b111d51c0eb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13890", "type": "seen", "source": "https://t.me/cvedetector/19879", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13890 - WordPress Allow PHP Execute Plugin PHP Code Injection\", \n  \"Content\": \"CVE ID : CVE-2024-13890 \nPublished : March 8, 2025, 3:15 a.m. | 2\u00a0hours, 19\u00a0minutes ago \nDescription : The Allow PHP Execute plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0. This is due to allowing PHP code to be entered by all users for whom unfiltered HTML is allowed. This makes it possible for authenticated attackers, with Editor-level access and above, to inject PHP code into posts and pages. \nSeverity: 7.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-08T06:49:40.000000Z"}, {"uuid": "c2af5fa6-e0f5-44d7-a641-c12b5127e07e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13895", "type": "seen", "source": "https://t.me/cvedetector/19874", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13895 - WordPress Code Snippets CPT Plugin Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13895 \nPublished : March 8, 2025, 3:15 a.m. | 2\u00a0hours, 19\u00a0minutes ago \nDescription : The The Code Snippets CPT plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.1.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-08T06:49:33.000000Z"}, {"uuid": "3a94d1b7-ab87-4a13-9b93-d14b6e0e75c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13897", "type": "seen", "source": "Telegram/4JQLWnQNXJFGISSo9VMJyBDgNGLwnrHcvMFhkQuQwLVRERnP", "content": "", "creation_timestamp": "2025-03-08T04:34:09.000000Z"}, {"uuid": "3795f539-5c1f-4b3d-96c8-8f7d5cd7e317", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13892", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6674", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13892\n\ud83d\udd25 CVSS Score: 7.7 (cvssV4_0, Vector: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: Smartwares cameras\u00a0CIP-37210AT and\u00a0C724IP, as well as others which share the same firmware in versions up to 3.3.0, are vulnerable to command injection. \nDuring the initialization process, a user has to use a mobile app to provide devices with Access Point credentials. This input is not properly sanitized, what allows for command injection.\nThe vendor has not replied to reports, so the patching status remains unknown. Newer firmware versions might be vulnerable as well.\n\ud83d\udccf Published: 2025-03-06T14:00:41.444Z\n\ud83d\udccf Modified: 2025-03-06T14:04:52.687Z\n\ud83d\udd17 References:\n1. https://cert.pl/en/posts/2025/03/CVE-2024-13892/\n2. https://www.smartwares.eu/en-gb/smartwares-cip-37210at-indoor-wi-fi-camera-cip--37210at", "creation_timestamp": "2025-03-06T15:10:43.000000Z"}, {"uuid": "0cb258f0-8acd-4f80-91f7-2e059440bd7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13895", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6912", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13895\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: The The Code Snippets CPT plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.1.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.\n\ud83d\udccf Published: 2025-03-08T02:24:04.601Z\n\ud83d\udccf Modified: 2025-03-08T02:24:04.601Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/65f521f4-1968-4c43-a3f0-b0f81632d7aa?source=cve\n2. https://plugins.trac.wordpress.org/browser/code-snippets-cpt/trunk/lib/CodeSnippitButton.php#L201", "creation_timestamp": "2025-03-08T02:35:23.000000Z"}, {"uuid": "4bc46403-97dc-46ff-ab3c-2d9f14a38a17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13894", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6676", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13894\n\ud83d\udd25 CVSS Score: 5.9 (cvssV4_0, Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: Smartwares cameras\u00a0CIP-37210AT and\u00a0C724IP, as well as others which share the same firmware in versions up to 3.3.0, are vulnerable to path traversal. \nWhen an affected device is connected to a mobile app, it opens a port 10000 enabling a user to download pictures shot at specific moments by providing paths to the files. However, the directories to which a user has access are not limited, allowing for path traversal attacks and downloading sensitive information.\nThe vendor has not replied to reports, so the patching status remains unknown. Newer firmware versions might be vulnerable as well.\n\ud83d\udccf Published: 2025-03-06T14:03:20.063Z\n\ud83d\udccf Modified: 2025-03-06T14:04:12.789Z\n\ud83d\udd17 References:\n1. https://cert.pl/en/posts/2025/03/CVE-2024-13892/\n2. https://www.smartwares.eu/en-gb/smartwares-cip-37210at-indoor-wi-fi-camera-cip--37210at", "creation_timestamp": "2025-03-06T15:10:48.000000Z"}, {"uuid": "b062d46b-eb5c-4197-b5cc-12536981c009", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13892", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6676", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13894\n\ud83d\udd25 CVSS Score: 5.9 (cvssV4_0, Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: Smartwares cameras\u00a0CIP-37210AT and\u00a0C724IP, as well as others which share the same firmware in versions up to 3.3.0, are vulnerable to path traversal. \nWhen an affected device is connected to a mobile app, it opens a port 10000 enabling a user to download pictures shot at specific moments by providing paths to the files. However, the directories to which a user has access are not limited, allowing for path traversal attacks and downloading sensitive information.\nThe vendor has not replied to reports, so the patching status remains unknown. Newer firmware versions might be vulnerable as well.\n\ud83d\udccf Published: 2025-03-06T14:03:20.063Z\n\ud83d\udccf Modified: 2025-03-06T14:04:12.789Z\n\ud83d\udd17 References:\n1. https://cert.pl/en/posts/2025/03/CVE-2024-13892/\n2. https://www.smartwares.eu/en-gb/smartwares-cip-37210at-indoor-wi-fi-camera-cip--37210at", "creation_timestamp": "2025-03-06T15:10:48.000000Z"}, {"uuid": "cfb5de71-dcc9-4656-8fda-0a3a23c4fc78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13893", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6675", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13893\n\ud83d\udd25 CVSS Score: 7.5 (cvssV4_0, Vector: CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: Smartwares cameras\u00a0CIP-37210AT and\u00a0C724IP, as well as others which share the same firmware in versions up to 3.3.0, might share same credentials for telnet service. Hash of the password can be retrieved through physical access to SPI connected memory.\nFor the telnet service to be enabled, the inserted SD card needs to have a folder with a specific name created.\u00a0\nTwo products were tested, but since the vendor has not replied to reports, patching status remains unknown, as well as groups of devices and firmware ranges in which the same password is shared.\n Newer firmware versions might be vulnerable as well.\n\ud83d\udccf Published: 2025-03-06T14:01:06.389Z\n\ud83d\udccf Modified: 2025-03-06T14:04:35.995Z\n\ud83d\udd17 References:\n1. https://cert.pl/en/posts/2025/03/CVE-2024-13892/\n2. https://www.smartwares.eu/en-gb/smartwares-cip-37210at-indoor-wi-fi-camera-cip--37210at", "creation_timestamp": "2025-03-06T15:10:47.000000Z"}, {"uuid": "7b41c9c8-19bf-4a8b-970a-8d984225bdaa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13892", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6675", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13893\n\ud83d\udd25 CVSS Score: 7.5 (cvssV4_0, Vector: CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: Smartwares cameras\u00a0CIP-37210AT and\u00a0C724IP, as well as others which share the same firmware in versions up to 3.3.0, might share same credentials for telnet service. Hash of the password can be retrieved through physical access to SPI connected memory.\nFor the telnet service to be enabled, the inserted SD card needs to have a folder with a specific name created.\u00a0\nTwo products were tested, but since the vendor has not replied to reports, patching status remains unknown, as well as groups of devices and firmware ranges in which the same password is shared.\n Newer firmware versions might be vulnerable as well.\n\ud83d\udccf Published: 2025-03-06T14:01:06.389Z\n\ud83d\udccf Modified: 2025-03-06T14:04:35.995Z\n\ud83d\udd17 References:\n1. https://cert.pl/en/posts/2025/03/CVE-2024-13892/\n2. https://www.smartwares.eu/en-gb/smartwares-cip-37210at-indoor-wi-fi-camera-cip--37210at", "creation_timestamp": "2025-03-06T15:10:47.000000Z"}, {"uuid": "72b3340f-5365-4385-b15b-e7ecff42219e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13898", "type": "seen", "source": "https://t.me/cvedetector/22099", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13898 - WordPress Simple Banner Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13898 \nPublished : April 4, 2025, 6:15 a.m. | 1\u00a0hour, 39\u00a0minutes ago \nDescription : The Simple Banner \u2013 Easily add multiple Banners/Bars/Notifications/Announcements to the top or bottom of your website plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. \nSeverity: 4.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-04T10:29:37.000000Z"}, {"uuid": "5ebf0821-bf9f-4211-b26e-78c6c28e98a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13896", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11195", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13896\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The WP-GeSHi-Highlight \u2014 rock-solid syntax highlighting for 259 languages WordPress plugin through 1.4.3 processes user-supplied input as a regular expression via the wp_geshi_filter_replace_code() function, which could lead to Regular Expression Denial of Service (ReDoS) issue\n\ud83d\udccf Published: 2025-04-10T06:00:06.303Z\n\ud83d\udccf Modified: 2025-04-10T06:00:06.303Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/b8b622ea-e090-45ad-8755-b050fc055231/", "creation_timestamp": "2025-04-10T06:48:35.000000Z"}, {"uuid": "d35511a3-c4b5-478c-8ab5-2b5a6659b0f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13898", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10397", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13898\n\ud83d\udd25 CVSS Score: 4.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: The Simple Banner \u2013 Easily add multiple Banners/Bars/Notifications/Announcements to the top or bottom of your website plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.\n\ud83d\udccf Published: 2025-04-04T05:22:44.837Z\n\ud83d\udccf Modified: 2025-04-04T05:22:44.837Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/6a2dea28-14cf-4e83-ac72-efc7c97ecf54?source=cve\n2. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3264130%40simple-banner%2Ftrunk&old=3210193%40simple-banner%2Ftrunk&sfp_email=&sfph_mail=", "creation_timestamp": "2025-04-04T05:35:56.000000Z"}, {"uuid": "61206d15-50dc-4145-b107-dbe8ef668fd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13890", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6915", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13890\n\ud83d\udd25 CVSS Score: 7.2 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The Allow PHP Execute plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0. This is due to allowing PHP code to be entered by all users for whom unfiltered HTML is allowed. This makes it possible for authenticated attackers, with Editor-level access and above, to inject PHP code into posts and pages.\n\ud83d\udccf Published: 2025-03-08T02:24:03.309Z\n\ud83d\udccf Modified: 2025-03-08T02:24:03.309Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/412c39e9-9378-4c2c-817c-8d37f156af6e?source=cve\n2. https://plugins.trac.wordpress.org/browser/allow-php-execute/trunk/allow-php-execute.php#L10", "creation_timestamp": "2025-03-08T02:35:25.000000Z"}, {"uuid": "774a9c0b-32fc-499c-9d0a-ca908c5512dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13893", "type": "seen", "source": "https://t.me/cvedetector/19713", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13893 - Smartwares Cameras Telnet Service Credential Exposure\", \n  \"Content\": \"CVE ID : CVE-2024-13893 \nPublished : March 6, 2025, 2:15 p.m. | 1\u00a0hour, 52\u00a0minutes ago \nDescription : Smartwares cameras\u00a0CIP-37210AT and\u00a0C724IP, as well as others which share the same firmware in versions up to 3.3.0, might share same credentials for telnet service. Hash of the password can be retrieved through physical access to SPI connected memory.  \nFor the telnet service to be enabled, the inserted SD card needs to have a folder with a specific name created.\u00a0  \nTwo products were tested, but since the vendor has not replied to reports, patching status remains unknown, as well as groups of devices and firmware ranges in which the same password is shared.  \n Newer firmware versions might be vulnerable as well. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-06T17:11:08.000000Z"}, {"uuid": "3763a01e-32e6-4728-b12e-27f7cf283982", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13895", "type": "seen", "source": "Telegram/bTs0sJgsr5z_ksbA9agrV_lTVbNxYEXkJNGUqjoZK--oiPiM", "content": "", "creation_timestamp": "2025-03-08T04:37:51.000000Z"}, {"uuid": "c2f031f5-1856-4b9c-a417-2dca865173f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13890", "type": "seen", "source": "Telegram/TTl1EQKcX_FDS65fbwLwB6vG2tjVhuV6kcy2NrdGgtSLjP4k", "content": "", "creation_timestamp": "2025-03-08T04:37:51.000000Z"}, {"uuid": "6cd79640-9f28-432b-8d5a-cb10a910b35d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1389", "type": "seen", "source": "https://t.me/ctinow/203650", "content": "https://ift.tt/WDk98hJ\nCVE-2024-1389 | iovamihai Paid Membership Subscriptions Plugin up to 2.11.1 on WordPress pms_stripe_connect_handle_authorization_return", "creation_timestamp": "2024-03-08T23:26:06.000000Z"}, {"uuid": "42eb36a7-e1dc-40fa-8c40-7fd8d8ab62cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13894", "type": "seen", "source": "https://t.me/cvedetector/19714", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13894 - Smartwares Cameras Path Traversal Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13894 \nPublished : March 6, 2025, 2:15 p.m. | 1\u00a0hour, 52\u00a0minutes ago \nDescription : Smartwares cameras\u00a0CIP-37210AT and\u00a0C724IP, as well as others which share the same firmware in versions up to 3.3.0, are vulnerable to path traversal.   \nWhen an affected device is connected to a mobile app, it opens a port 10000 enabling a user to download pictures shot at specific moments by providing paths to the files. However, the directories to which a user has access are not limited, allowing for path traversal attacks and downloading sensitive information.  \nThe vendor has not replied to reports, so the patching status remains unknown. Newer firmware versions might be vulnerable as well. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-06T17:11:09.000000Z"}, {"uuid": "611d4a7f-3fa9-4855-8a93-96a3c220e2ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13892", "type": "seen", "source": "https://t.me/cvedetector/19712", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13892 - Smartwares Cameras Command Injection\", \n  \"Content\": \"CVE ID : CVE-2024-13892 \nPublished : March 6, 2025, 2:15 p.m. | 1\u00a0hour, 52\u00a0minutes ago \nDescription : Smartwares cameras\u00a0CIP-37210AT and\u00a0C724IP, as well as others which share the same firmware in versions up to 3.3.0, are vulnerable to command injection.   \nDuring the initialization process, a user has to use a mobile app to provide devices with Access Point credentials. This input is not properly sanitized, what allows for command injection.  \nThe vendor has not replied to reports, so the patching status remains unknown. Newer firmware versions might be vulnerable as well. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-06T17:11:05.000000Z"}, {"uuid": "4a42a434-446e-4ccf-b899-4fb5ab84c1ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-13897", "type": "seen", "source": "https://t.me/cvedetector/19691", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-13897 - WordPress Moving Media Library Arbitrary File Deletion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-13897 \nPublished : March 6, 2025, 9:15 a.m. | 46\u00a0minutes ago \nDescription : The Moving Media Library plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the generate_json_page function in all versions up to, and including, 1.22. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-06T11:20:05.000000Z"}]}