{"vulnerability": "CVE-2023-2833", "sightings": [{"uuid": "4ee94fa7-bf93-45ce-8771-34a9e99e68a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28336", "type": "seen", "source": "https://t.me/cibsecurity/60622", "content": "\u203c CVE-2023-28336 \u203c\n\nInsufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-23T23:37:02.000000Z"}, {"uuid": "37c02a98-197e-4ff4-8f58-d80392f070c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2833", "type": "seen", "source": "https://t.me/cibsecurity/65004", "content": "\u203c CVE-2023-2833 \u203c\n\nThe ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rx_set_screen_options' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_screen_options[option]' and 'wp_screen_options[value]' parameters during a screen option update.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-06T14:29:14.000000Z"}, {"uuid": "8f0f505e-425b-44e3-a5ad-10c38df32736", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28333", "type": "seen", "source": "https://t.me/cibsecurity/60629", "content": "\u203c CVE-2023-28333 \u203c\n\nThe Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-23T23:37:12.000000Z"}, {"uuid": "23d864f3-e76c-4adc-a9aa-bc4365f5c79e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28332", "type": "seen", "source": "https://t.me/cibsecurity/60618", "content": "\u203c CVE-2023-28332 \u203c\n\nIf the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented an XSS risk.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-23T23:36:56.000000Z"}, {"uuid": "1b47765f-f9fc-4bc4-a0c7-10b91f00caaf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28330", "type": "seen", "source": "https://t.me/cibsecurity/60616", "content": "\u203c CVE-2023-28330 \u203c\n\nInsufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-23T23:36:54.000000Z"}, {"uuid": "a68c221b-183a-4fa5-bcb3-7ac6ca9c85da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28339", "type": "seen", "source": "https://t.me/cibsecurity/60023", "content": "\u203c CVE-2023-28339 \u203c\n\nOpenDoas through 6.8.2, when TIOCSTI is available, allows privilege escalation because of sharing a terminal with the original session. NOTE: TIOCSTI is unavailable in OpenBSD 6.0 and later, and can be made unavailable in the Linux kernel 6.2 and later.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-14T21:23:17.000000Z"}]}