{"vulnerability": "CVE-2023-5435", "sightings": [{"uuid": "cd6d63c8-a047-4f3d-bd19-204bf592e6b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-5435", "type": "seen", "source": "https://t.me/cibsecurity/73216", "content": "\u203c CVE-2023-5435 \u203c\n\nThe Up down image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-31T11:21:03.000000Z"}, {"uuid": "61580b41-9bd6-4afa-b325-28a92cc398bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-54352", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnquhzn7fz2y", "content": "CVE-2023-54352 - WordPress Seotheme Remote Code Execution Unauthenticated\nCVE ID : CVE-2023-54352\n \n Published : June 8, 2026, 2:16 a.m. | 27\u00a0minutes ago\n \n Description : WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to...", "creation_timestamp": "2026-06-08T04:40:27.053558Z"}, {"uuid": "a890bacf-9354-4131-8af5-d62567fb9335", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-54350", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnqunkjorx24", "content": "CVE-2023-54350 - WordPress Augmented-Reality Plugin Remote Code Execution Unauthenticated\nCVE ID : CVE-2023-54350\n \n Published : June 8, 2026, 2:16 a.m. | 27\u00a0minutes ago\n \n Description : WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the e...", "creation_timestamp": "2026-06-08T04:43:32.382373Z"}, {"uuid": "ee4d09e6-90e1-411f-a021-ed919ef35a8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-54351", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnqux3eoj524", "content": "CVE-2023-54351 - WordPress Sonaar Music Plugin 4.7 Stored XSS via Comments\nCVE ID : CVE-2023-54351\n \n Published : June 8, 2026, 2:16 a.m. | 27\u00a0minutes ago\n \n Description : WordPress Sonaar Music Plugin 4.7 contains a stored cross-site scripting vulnerability that allows unauth...", "creation_timestamp": "2026-06-08T04:48:51.989933Z"}, {"uuid": "154dc9ae-a883-4efd-8230-7ed05b3358ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-54350", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnqvxf4enc2d", "content": "CVE-2023-54350 - WordPress Augmented-Reality Plugin Remote Code Execution Unauthenticated\nCVE ID : CVE-2023-54350\n \n Published : June 8, 2026, 2:16 a.m. | 58\u00a0minutes ago\n \n Description : WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the e...", "creation_timestamp": "2026-06-08T05:06:56.073939Z"}, {"uuid": "3fef82f3-5c19-4c6f-8675-7c1af680b447", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-54352", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnqwopxp2k2v", "content": "CVE-2023-54352 - WordPress Seotheme Remote Code Execution Unauthenticated\nCVE ID : CVE-2023-54352\n \n Published : June 8, 2026, 2:16 a.m. | 58\u00a0minutes ago\n \n Description : WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to...", "creation_timestamp": "2026-06-08T05:19:59.279710Z"}, {"uuid": "b2e81443-bc09-4d5c-8d05-ac2c77f9eeb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-54352", "type": "seen", "source": "https://bsky.app/profile/cyberowi.pl/post/3mo6d53sx2c2y", "content": "\ud83d\udea8 Krytyczna luka RCE w motywie WordPress Seotheme (CVE-2023-54352)\n\nLuka w popularnym motywie WordPress Seotheme otrzyma\u0142a wysok\u0105 ocen\u0119 9.8/10. Pozwala na zdalne wykonanie kodu bez\n\nhttps://cyberowi.pl/krytyczna-luka-rce-w-motywie-wordpress-seotheme-cve-2023/\n\n#cyberbezpieczenstwo", "creation_timestamp": "2026-06-13T13:07:22.822341Z"}, {"uuid": "d8e94266-32cc-460a-8262-c8b8d01a9d82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-54350", "type": "seen", "source": "https://bsky.app/profile/cyberowi.pl/post/3mocpx7gdzy2v", "content": "\ud83d\udea8 Luka RCE we wtyczce WordPress Augmented-Reality (CVE-2023-54350)\n\nLuka CVE-2023-54350 z ocen\u0105 CVSS 7.5 pozwala na zdalne wykonanie kodu we wtyczce Augmented-Reality dla WordPress.\n\nhttps://cyberowi.pl/luka-rce-we-wtyczce-wordpress-augmented-reality-cve-2023/\n\n#cyberbezpieczenstwo", "creation_timestamp": "2026-06-15T07:07:22.818259Z"}, {"uuid": "96593c8a-6679-4314-a03f-e64e62f6d6b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-54353", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3monodtrlcm2g", "content": "CVE-2023-54353 - Chromacam 4.0.3.0 Unquoted Service Path Privilege Escalation\nCVE ID : CVE-2023-54353\n \n Published : June 19, 2026, 2:16 p.m. | 52\u00a0minutes ago\n \n Description : Chromacam 4.0.3.0 contains an unquoted service path vulnerability in the PsyFrameGrabberService that ...", "creation_timestamp": "2026-06-19T15:37:56.522499Z"}, {"uuid": "a552b8fd-8118-420c-9bc6-b1d83326f4af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-54357", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moo44kbjyj2m", "content": "CVE-2023-54357 - Joomla com_booking 2.4.9 Information Disclosure via Account Enumeration\nCVE ID : CVE-2023-54357\n \n Published : June 19, 2026, 5:52 p.m. | 1\u00a0hour, 17\u00a0minutes ago\n \n Description : Joomla com_booking component 2.4.9 contains an information disclosure vulnerabilit...", "creation_timestamp": "2026-06-19T19:44:24.093374Z"}]}