{"vulnerability": "cve-2023-4506", "sightings": [{"uuid": "6a5cda95-196f-4992-bee2-8ef73f2f679b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45061", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ler2jgu2g325", "content": "", "creation_timestamp": "2025-01-02T12:15:40.040048Z"}, {"uuid": "5050b4ec-b2b9-4a12-9fd7-10cf72675691", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45061", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113758737620127103", "content": "", "creation_timestamp": "2025-01-02T12:23:01.919562Z"}, {"uuid": "c748f250-63de-4713-9a16-c9f83cefae4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45061", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/221", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-45061\n\ud83d\udd39 Description: Missing Authorization vulnerability in AWSM Innovations WP Job Openings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Openings: from n/a through 3.4.1.\n\ud83d\udccf Published: 2025-01-02T11:59:48.514Z\n\ud83d\udccf Modified: 2025-01-06T20:22:30.514Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/wp-job-openings/vulnerability/wordpress-wp-job-openings-plugin-3-4-1-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-01-06T20:49:37.000000Z"}, {"uuid": "1b816c5b-1b46-40fe-af81-a68d7fb03e5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45067", "type": "seen", "source": "https://t.me/cibsecurity/72519", "content": "\u203c CVE-2023-45067 \u203c\n\nAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Ashish Ajani WordPress Simple HTML Sitemap plugin <=\u00c2\u00a02.1 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-18T16:33:52.000000Z"}, {"uuid": "545ee438-497a-415a-91d5-9b321242ee50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45069", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5616", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-45069\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Video Gallery by Total-Soft Video Gallery \u2013 Best WordPress YouTube Gallery Plugin allows SQL Injection.This issue affects Video Gallery \u2013 Best WordPress YouTube Gallery Plugin: from n/a through 2.1.3.\n\n\n\ud83d\udccf Published: 2023-11-06T08:42:03.461Z\n\ud83d\udccf Modified: 2025-02-26T21:09:56.947Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/vulnerability/gallery-videos/wordpress-gallery-video-plugin-2-0-2-sql-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-02-26T21:25:31.000000Z"}, {"uuid": "b2fce95c-45af-4208-913b-91ffb6a58bbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45065", "type": "seen", "source": "https://t.me/cibsecurity/72513", "content": "\u203c CVE-2023-45065 \u203c\n\nUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Mad Fish Digital Bulk NoIndex & NoFollow Toolkit plugin <=\u00c2\u00a01.42 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-18T16:33:45.000000Z"}, {"uuid": "bcc0faf8-cba1-49de-ba33-041cc6dad74c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45062", "type": "seen", "source": "https://t.me/cibsecurity/72487", "content": "\u203c CVE-2023-45062 \u203c\n\nUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Thomas Scholl canvasio3D Light plugin <=\u00c2\u00a02.4.6 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-18T12:43:43.000000Z"}, {"uuid": "c01fb5dd-f975-4ba6-bd6b-53597927bb7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45064", "type": "seen", "source": "https://t.me/cibsecurity/72498", "content": "\u203c CVE-2023-45064 \u203c\n\nUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Daisuke Takahashi(Extend Wings) OPcache Dashboard plugin <=\u00c2\u00a00.3.1 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-18T12:49:46.000000Z"}, {"uuid": "682b5c01-c2da-45d5-8430-3e39b1b1381d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45066", "type": "seen", "source": "https://t.me/ctinow/157543", "content": "https://ift.tt/fOKdNUs\nCVE-2023-45066 | Smackcoders Export All Plugin up to 2.4.1 on WordPress information disclosure", "creation_timestamp": "2023-12-21T09:12:01.000000Z"}, {"uuid": "e68d6781-7867-43fa-a01a-268b20802455", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4506", "type": "seen", "source": "https://t.me/cibsecurity/71105", "content": "\u203c CVE-2023-4506 \u203c\n\nThe Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 4.1.10. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative access and above, to change the LDAP server and retrieve the credentials for the original LDAP server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-27T18:46:09.000000Z"}, {"uuid": "5a1eda1d-9ece-4853-854d-0fc2c009227b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45063", "type": "seen", "source": "https://t.me/cibsecurity/72174", "content": "\u203c CVE-2023-45063 \u203c\n\nCross-Site Request Forgery (CSRF) vulnerability in ReCorp AI Content Writing Assistant (Content Writer, GPT 3 & 4, ChatGPT, Image Generator) All in One plugin <=\u00c2\u00a01.1.5 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-12T17:03:11.000000Z"}, {"uuid": "6382ba50-58f0-400c-99bc-9c32ed18d6b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45068", "type": "seen", "source": "https://t.me/cibsecurity/72179", "content": "\u203c CVE-2023-45068 \u203c\n\nCross-Site Request Forgery (CSRF) vulnerability in Supsystic Contact Form by Supsystic plugin <=\u00c2\u00a01.7.27 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-12T16:23:21.000000Z"}, {"uuid": "5d4beb5a-5c9d-4e23-a15c-5c8c4bc87773", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45060", "type": "seen", "source": "https://t.me/cibsecurity/72176", "content": "\u203c CVE-2023-45060 \u203c\n\nCross-Site Request Forgery (CSRF) vulnerability in Fla-shop.Com Interactive World Map plugin <=\u00c2\u00a03.2.0 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-12T16:23:17.000000Z"}]}