{"vulnerability": "cve-2023-4006", "sightings": [{"uuid": "e5a3f8e1-eaca-43ba-b93a-5b92d828ebb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-40069", "type": "seen", "source": "https://jvn.jp/en/vu/JVNVU91630351", "content": "", "creation_timestamp": "2026-05-11T22:15:00.000000Z"}, {"uuid": "d33f991c-6b49-4aa4-82a3-0a51e95263c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40061", "type": "seen", "source": "https://t.me/cibsecurity/73356", "content": "\u203c CVE-2023-40061 \u203c\n\n\u00c2\u00a0Insecurejob execution mechanism vulnerability. Thisvulnerability can lead to other attacks as a result.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-11-01T19:22:29.000000Z"}, {"uuid": "1b4dc103-ff35-40ec-b268-536a1cea3b30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40062", "type": "seen", "source": "https://t.me/cibsecurity/73354", "content": "\u203c CVE-2023-40062 \u203c\n\nSolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. If executed, this vulnerability would allow a low-privileged user to execute commands with SYSTEM privileges.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-11-01T19:22:23.000000Z"}, {"uuid": "c785a53a-4a63-4330-bff0-b4fc3e083a72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40068", "type": "published-proof-of-concept", "source": "https://t.me/hunter4good/248", "content": "https://twitter.com/HunterMapping/status/1693971279680790676\n\ud83d\udea8Alert\ud83d\udea8 CVE-2023-40068 #WordPress custom field(ACF) plugin #XSS vulnerability\n\n\ud83e\uddf7 https://hunter.how/list?searchValue=web.body%3D%22%2Fwp-content%2Fplugins%2Fadvanced-custom-fields-pro%22%20%7C%7Cweb.body%3D%22%2Fwp-content%2Fplugins%2Fadvanced-custom-fields%22%7C%7Cweb.body%3D%22%2Fwp-content%2Fplugins%2Facf-frontend-form-element%2F%22\n\nDork \ud83d\udc47\ud83d\udc47\ud83d\udc47\n\"/plugins/acf-frontend-form-element/\"\n\"/plugins/advanced-custom-fields-pro/\"\n\nRefer to \ud83d\udcf0\nhttps://securityonline.info/wordpress-custom-field-plugin-bug-cve-2023-40068-exposes-1m-sites-to-xss-attacks/\n#infosec #infosys #infosecurity", "creation_timestamp": "2023-08-22T15:14:26.000000Z"}, {"uuid": "05a6a705-75fc-4b39-8ed1-9e54bfc23b39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40060", "type": "seen", "source": "https://t.me/cibsecurity/70099", "content": "\u203c CVE-2023-40060 \u203c\n\nA vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 15.4.\u00c2\u00a0 SolarWinds found that the issue was not completely fixed in 15.4 Hotfix 1.\u00c2\u00a0\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-07T20:18:47.000000Z"}, {"uuid": "8be1fcd8-4297-457a-9076-92714c614c7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40068", "type": "seen", "source": "https://t.me/cibsecurity/68875", "content": "\u203c CVE-2023-40068 \u203c\n\nCross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with the administrative privilege.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-21T12:40:53.000000Z"}, {"uuid": "dffe617c-c4dd-4d0c-bdb6-33e2d4537c3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40069", "type": "seen", "source": "https://t.me/cibsecurity/68816", "content": "\u203c CVE-2023-40069 \u203c\n\nOS command injection vulnerability in ELECOM wireless LAN routers allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-F1167ACF all versions, WRC-1750GHBK all versions, WRC-1167GHBK2 all versions, WRC-1750GHBK2-I all versions, and WRC-1750GHBK-E all versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-20T16:13:56.000000Z"}]}