{"vulnerability": "cve-2023-2397", "sightings": [{"uuid": "318cd024-16f7-4ce5-80b5-2964a147d2d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23970", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13245", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-23970\n\ud83d\udd25 CVSS Score: 9.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: Unrestricted Upload of File with Dangerous Type vulnerability in WooRockets Corsa.This issue affects Corsa: from n/a through 1.5.\n\n\n\ud83d\udccf Published: 2023-12-20T19:24:29.785Z\n\ud83d\udccf Modified: 2025-04-24T14:54:36.551Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/vulnerability/corsa/wordpress-corsa-theme-1-5-arbitrary-file-upload?_s_id=cve", "creation_timestamp": "2025-04-24T15:06:33.000000Z"}, {"uuid": "7c8738b7-67a6-4ba5-883d-6b48d843183f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23970", "type": "seen", "source": "https://t.me/ctinow/167945", "content": "https://ift.tt/kS39L1U\nCVE-2023-23970 | WooRockets Corsa Plugin up to 1.5 on WordPress unrestricted upload", "creation_timestamp": "2024-01-14T07:11:57.000000Z"}, {"uuid": "c70d96b5-34d5-40d7-8f13-6b6616aef33d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23970", "type": "seen", "source": "https://t.me/ctinow/157313", "content": "https://ift.tt/Ca9x7gr\nCVE-2023-23970", "creation_timestamp": "2023-12-20T21:23:54.000000Z"}, {"uuid": "51711379-3ed5-471c-a9a5-71b587528a04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23979", "type": "seen", "source": "https://t.me/cibsecurity/61534", "content": "\u203c CVE-2023-23979 \u203c\n\nUnauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Event Manager plugin &lt;= 9.7.4 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-18T22:45:16.000000Z"}, {"uuid": "397519d2-fbdb-44a1-aada-33893da71767", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23971", "type": "seen", "source": "https://t.me/cibsecurity/61539", "content": "\u203c CVE-2023-23971 \u203c\n\nAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CodePeople WP Time Slots Booking Form plugin &lt;= 1.1.81 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-06T12:27:14.000000Z"}, {"uuid": "507aae93-f3b3-4383-b75d-81019bb80063", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23977", "type": "seen", "source": "https://t.me/cibsecurity/61389", "content": "\u203c CVE-2023-23977 \u203c\n\nAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Team Heateor WordPress Social Comments Plugin for Vkontakte Comments and Disqus Comments plugin &lt;= 1.6.1 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-04T16:30:43.000000Z"}, {"uuid": "b572a319-8b22-4bd2-a74a-9740b56bc6e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23973", "type": "seen", "source": "https://t.me/cibsecurity/59227", "content": "\u203c CVE-2023-23973 \u203c\n\nCross-Site Request Forgery (CSRF) vulnerability in a3rev Software Contact Us Page \u00e2\u20ac\u201c Contact People plugin &lt;= 3.7.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-01T16:33:32.000000Z"}, {"uuid": "398edbe6-88c1-40af-b795-cd579083a8a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23974", "type": "seen", "source": "https://t.me/cibsecurity/59223", "content": "\u203c CVE-2023-23974 \u203c\n\nCross-Site Request Forgery (CSRF) vulnerability in Fullworks Quick Event Manager plugin &lt;= 9.7.4 affecting all registration actions (delete, delete all, edit, update).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-01T16:33:25.000000Z"}]}