{"vulnerability": "CVE-2023-2715", "sightings": [{"uuid": "11073e9c-47e7-4e8e-aa16-30f515143db2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27159", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-03-09)", "content": "", "creation_timestamp": "2025-03-09T00:00:00.000000Z"}, {"uuid": "67903ec5-ad37-4e3f-b725-76d43d77540a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27152", "type": "seen", "source": "https://t.me/cibsecurity/72793", "content": "\u203c CVE-2023-27152 \u203c\n\nDECISO OPNsense 23.1 does not impose rate limits for authentication, allowing attackers to perform a brute-force attack to bypass authentication.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-24T00:37:47.000000Z"}, {"uuid": "4759d05e-8b16-44b0-8954-69a1de3dbff6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2715", "type": "seen", "source": "https://t.me/cibsecurity/64478", "content": "\u203c CVE-2023-2715 \u203c\n\nThe Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submit_ticket' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers to create a support ticket that sends the website's data to the plugin developer, and it is also possible to create an admin access with an auto login link that is also sent to the plugin developer with the ticket. It only works if the plugin is activated with a valid license.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-20T07:23:37.000000Z"}, {"uuid": "af7b8b10-2fe7-4208-a6f9-81a05007ed4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27150", "type": "seen", "source": "https://t.me/ctinow/159253", "content": "https://ift.tt/xI76LED\nCVE-2023-27150", "creation_timestamp": "2023-12-26T05:26:23.000000Z"}, {"uuid": "6b2e609d-6e6b-4cea-aba6-b8ecddc2d91f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27150", "type": "seen", "source": "https://t.me/ctinow/162723", "content": "https://ift.tt/B0m6GcL\nCVE-2023-27150 Exploit", "creation_timestamp": "2024-01-04T01:17:24.000000Z"}, {"uuid": "f9bfd82b-95ad-4878-8b7b-8302b35a44a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27159", "type": "seen", "source": "https://t.me/cibsecurity/61274", "content": "\u203c CVE-2023-27159 \u203c\n\nAppwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-31T22:22:25.000000Z"}]}