<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Mon, 06 Jul 2026 23:38:31 +0000</lastBuildDate>
    <item>
      <title>20a42472-ac5c-48ea-8ea0-0025547182fb</title>
      <link>https://vulnerability.circl.lu/sighting/20a42472-ac5c-48ea-8ea0-0025547182fb/export</link>
      <description>{"uuid": "20a42472-ac5c-48ea-8ea0-0025547182fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11843", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17063", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11843\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Panorama  WordPress plugin through 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n\ud83d\udccf Published: 2025-05-15T20:06:51.172Z\n\ud83d\udccf Modified: 2025-05-20T19:33:19.083Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/0dd41559-d88a-4018-a0f0-c8944b6d6f0a/", "creation_timestamp": "2025-05-20T19:43:02.000000Z"}</description>
      <content:encoded>{"uuid": "20a42472-ac5c-48ea-8ea0-0025547182fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11843", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17063", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11843\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Panorama  WordPress plugin through 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n\ud83d\udccf Published: 2025-05-15T20:06:51.172Z\n\ud83d\udccf Modified: 2025-05-20T19:33:19.083Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/0dd41559-d88a-4018-a0f0-c8944b6d6f0a/", "creation_timestamp": "2025-05-20T19:43:02.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/20a42472-ac5c-48ea-8ea0-0025547182fb/export</guid>
      <pubDate>Tue, 20 May 2025 19:43:02 +0000</pubDate>
    </item>
    <item>
      <title>27edb520-b8f6-4b30-ad8d-f11bd6ea13ea</title>
      <link>https://vulnerability.circl.lu/sighting/27edb520-b8f6-4b30-ad8d-f11bd6ea13ea/export</link>
      <description>{"uuid": "27edb520-b8f6-4b30-ad8d-f11bd6ea13ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11848", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lmuxxzoo5z27", "content": "", "creation_timestamp": "2025-04-15T21:02:26.004973Z"}</description>
      <content:encoded>{"uuid": "27edb520-b8f6-4b30-ad8d-f11bd6ea13ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11848", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lmuxxzoo5z27", "content": "", "creation_timestamp": "2025-04-15T21:02:26.004973Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/27edb520-b8f6-4b30-ad8d-f11bd6ea13ea/export</guid>
      <pubDate>Tue, 15 Apr 2025 21:02:26 +0000</pubDate>
    </item>
    <item>
      <title>4934a8d4-9a0c-43b2-aeb4-edb5a6e98b3d</title>
      <link>https://vulnerability.circl.lu/sighting/4934a8d4-9a0c-43b2-aeb4-edb5a6e98b3d/export</link>
      <description>{"uuid": "4934a8d4-9a0c-43b2-aeb4-edb5a6e98b3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11847", "type": "seen", "source": "https://t.me/cvedetector/21150", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11847 - WordPress SVG Upload Stored XSS Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11847 \nPublished : March 26, 2025, 6:15 a.m. | 2\u00a0hours, 17\u00a0minutes ago \nDescription : The wp-svg-upload WordPress plugin through 1.0.0 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-26T09:42:18.000000Z"}</description>
      <content:encoded>{"uuid": "4934a8d4-9a0c-43b2-aeb4-edb5a6e98b3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11847", "type": "seen", "source": "https://t.me/cvedetector/21150", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11847 - WordPress SVG Upload Stored XSS Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11847 \nPublished : March 26, 2025, 6:15 a.m. | 2\u00a0hours, 17\u00a0minutes ago \nDescription : The wp-svg-upload WordPress plugin through 1.0.0 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-26T09:42:18.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/4934a8d4-9a0c-43b2-aeb4-edb5a6e98b3d/export</guid>
      <pubDate>Wed, 26 Mar 2025 09:42:18 +0000</pubDate>
    </item>
    <item>
      <title>8887ca8e-1c11-47b3-8017-3f983530ab78</title>
      <link>https://vulnerability.circl.lu/sighting/8887ca8e-1c11-47b3-8017-3f983530ab78/export</link>
      <description>{"uuid": "8887ca8e-1c11-47b3-8017-3f983530ab78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11847", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8809", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11847\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The wp-svg-upload WordPress plugin through 1.0.0 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.\n\ud83d\udccf Published: 2025-03-26T06:00:02.270Z\n\ud83d\udccf Modified: 2025-03-26T06:00:02.270Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/f57ecff2-0cff-40c7-b6e4-5b162b847d65/", "creation_timestamp": "2025-03-26T06:25:18.000000Z"}</description>
      <content:encoded>{"uuid": "8887ca8e-1c11-47b3-8017-3f983530ab78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11847", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8809", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11847\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The wp-svg-upload WordPress plugin through 1.0.0 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.\n\ud83d\udccf Published: 2025-03-26T06:00:02.270Z\n\ud83d\udccf Modified: 2025-03-26T06:00:02.270Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/f57ecff2-0cff-40c7-b6e4-5b162b847d65/", "creation_timestamp": "2025-03-26T06:25:18.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/8887ca8e-1c11-47b3-8017-3f983530ab78/export</guid>
      <pubDate>Wed, 26 Mar 2025 06:25:18 +0000</pubDate>
    </item>
    <item>
      <title>8260a42f-8de8-4bb2-84fd-cd65be49565f</title>
      <link>https://vulnerability.circl.lu/sighting/8260a42f-8de8-4bb2-84fd-cd65be49565f/export</link>
      <description>{"uuid": "8260a42f-8de8-4bb2-84fd-cd65be49565f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11848", "type": "seen", "source": "https://infosec.exchange/users/random_robbie/statuses/114059639239904191", "content": "", "creation_timestamp": "2025-02-24T15:46:16.214842Z"}</description>
      <content:encoded>{"uuid": "8260a42f-8de8-4bb2-84fd-cd65be49565f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11848", "type": "seen", "source": "https://infosec.exchange/users/random_robbie/statuses/114059639239904191", "content": "", "creation_timestamp": "2025-02-24T15:46:16.214842Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/8260a42f-8de8-4bb2-84fd-cd65be49565f/export</guid>
      <pubDate>Mon, 24 Feb 2025 15:46:16 +0000</pubDate>
    </item>
    <item>
      <title>a07e8058-c4ce-4a2f-9b82-439992b921ae</title>
      <link>https://vulnerability.circl.lu/sighting/a07e8058-c4ce-4a2f-9b82-439992b921ae/export</link>
      <description>{"uuid": "a07e8058-c4ce-4a2f-9b82-439992b921ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11848", "type": "seen", "source": "https://t.me/cvedetector/15437", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11848 - NitroPack WordPress Unauthenticated Capabilities Arbitrary Option Modification Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11848 \nPublished : Jan. 15, 2025, 12:15 p.m. | 46\u00a0minutes ago \nDescription : The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nitropack_dismiss_notice_forever' AJAX action in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options to a fixed value of '1' which can activate certain options (e.g., enable user registration) or modify certain options in a way that leads to a denial of service condition. \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-15T14:16:29.000000Z"}</description>
      <content:encoded>{"uuid": "a07e8058-c4ce-4a2f-9b82-439992b921ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11848", "type": "seen", "source": "https://t.me/cvedetector/15437", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11848 - NitroPack WordPress Unauthenticated Capabilities Arbitrary Option Modification Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11848 \nPublished : Jan. 15, 2025, 12:15 p.m. | 46\u00a0minutes ago \nDescription : The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nitropack_dismiss_notice_forever' AJAX action in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options to a fixed value of '1' which can activate certain options (e.g., enable user registration) or modify certain options in a way that leads to a denial of service condition. \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-15T14:16:29.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/a07e8058-c4ce-4a2f-9b82-439992b921ae/export</guid>
      <pubDate>Wed, 15 Jan 2025 14:16:29 +0000</pubDate>
    </item>
    <item>
      <title>5e46636e-a060-47dd-a531-7822e36a5e0f</title>
      <link>https://vulnerability.circl.lu/sighting/5e46636e-a060-47dd-a531-7822e36a5e0f/export</link>
      <description>{"uuid": "5e46636e-a060-47dd-a531-7822e36a5e0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11848", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113832448233551723", "content": "", "creation_timestamp": "2025-01-15T12:48:37.465397Z"}</description>
      <content:encoded>{"uuid": "5e46636e-a060-47dd-a531-7822e36a5e0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11848", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113832448233551723", "content": "", "creation_timestamp": "2025-01-15T12:48:37.465397Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/5e46636e-a060-47dd-a531-7822e36a5e0f/export</guid>
      <pubDate>Wed, 15 Jan 2025 12:48:37 +0000</pubDate>
    </item>
    <item>
      <title>a472af90-2e52-4ce6-a4c2-e40331a55ecb</title>
      <link>https://vulnerability.circl.lu/sighting/a472af90-2e52-4ce6-a4c2-e40331a55ecb/export</link>
      <description>{"uuid": "a472af90-2e52-4ce6-a4c2-e40331a55ecb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11848", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfrserdgmu2e", "content": "", "creation_timestamp": "2025-01-15T12:47:45.807714Z"}</description>
      <content:encoded>{"uuid": "a472af90-2e52-4ce6-a4c2-e40331a55ecb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11848", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfrserdgmu2e", "content": "", "creation_timestamp": "2025-01-15T12:47:45.807714Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/a472af90-2e52-4ce6-a4c2-e40331a55ecb/export</guid>
      <pubDate>Wed, 15 Jan 2025 12:47:45 +0000</pubDate>
    </item>
    <item>
      <title>25f7117c-c937-4813-a995-1b6994bda7f6</title>
      <link>https://vulnerability.circl.lu/sighting/25f7117c-c937-4813-a995-1b6994bda7f6/export</link>
      <description>{"uuid": "25f7117c-c937-4813-a995-1b6994bda7f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11848", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfrseqgyak2y", "content": "", "creation_timestamp": "2025-01-15T12:47:44.030961Z"}</description>
      <content:encoded>{"uuid": "25f7117c-c937-4813-a995-1b6994bda7f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11848", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfrseqgyak2y", "content": "", "creation_timestamp": "2025-01-15T12:47:44.030961Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/25f7117c-c937-4813-a995-1b6994bda7f6/export</guid>
      <pubDate>Wed, 15 Jan 2025 12:47:44 +0000</pubDate>
    </item>
    <item>
      <title>377fd718-3782-496b-83f8-aabb546b7f02</title>
      <link>https://vulnerability.circl.lu/sighting/377fd718-3782-496b-83f8-aabb546b7f02/export</link>
      <description>{"uuid": "377fd718-3782-496b-83f8-aabb546b7f02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11848", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1736", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11848\n\ud83d\udd39 Description: The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nitropack_dismiss_notice_forever' AJAX action in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options to a fixed value of '1' which can activate certain options (e.g., enable user registration) or modify certain options in a way that leads to a denial of service condition.\n\ud83d\udccf Published: 2025-01-15T11:24:35.912Z\n\ud83d\udccf Modified: 2025-01-15T11:24:35.912Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/1e1b06d0-f348-4a8b-8730-a87d8e2ba2a1?source=cve\n2. https://plugins.trac.wordpress.org/changeset/3211235/nitropack", "creation_timestamp": "2025-01-15T12:22:07.000000Z"}</description>
      <content:encoded>{"uuid": "377fd718-3782-496b-83f8-aabb546b7f02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11848", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1736", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-11848\n\ud83d\udd39 Description: The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nitropack_dismiss_notice_forever' AJAX action in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options to a fixed value of '1' which can activate certain options (e.g., enable user registration) or modify certain options in a way that leads to a denial of service condition.\n\ud83d\udccf Published: 2025-01-15T11:24:35.912Z\n\ud83d\udccf Modified: 2025-01-15T11:24:35.912Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/1e1b06d0-f348-4a8b-8730-a87d8e2ba2a1?source=cve\n2. https://plugins.trac.wordpress.org/changeset/3211235/nitropack", "creation_timestamp": "2025-01-15T12:22:07.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/377fd718-3782-496b-83f8-aabb546b7f02/export</guid>
      <pubDate>Wed, 15 Jan 2025 12:22:07 +0000</pubDate>
    </item>
  </channel>
</rss>
