{"vulnerability": "cve-2024-5049", "sightings": [{"uuid": "f7ffecf4-c140-4b6b-bb5f-697c97c5ae7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2024-50495", "type": "seen", "source": null, "content": "", "creation_timestamp": "2024-10-28T20:59:27.297289Z"}, {"uuid": "8b4cda31-2563-4eac-9371-8ec43559312f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2024-50496", "type": "seen", "source": null, "content": "", "creation_timestamp": "2024-10-28T20:59:27.516820Z"}, {"uuid": "60863348-d05e-4139-a036-7891a4950fb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50498", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-50498.yaml", "content": "", "creation_timestamp": "2024-11-28T01:33:43.000000Z"}, {"uuid": "81b83c6f-c1fe-4b82-8aa0-d6252b450524", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50498", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lrbs3rr7yp2v", "content": "", "creation_timestamp": "2025-06-10T21:02:34.770124Z"}, {"uuid": "98c5c2b4-5a01-42f1-99a3-2e905855037f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50498", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-06-26)", "content": "", "creation_timestamp": "2025-06-26T00:00:00.000000Z"}, {"uuid": "50be4953-2237-4272-b53e-343e0fb70d75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50497", "type": "seen", "source": "MISP/af790da0-9e28-4cb7-bd4e-46ad005115c6", "content": "", "creation_timestamp": "2025-10-08T21:59:30.000000Z"}, {"uuid": "2d95e14e-f020-42f5-98d6-e24c577fbba6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50498", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-30)", "content": "", "creation_timestamp": "2025-07-30T00:00:00.000000Z"}, {"uuid": "84b13d79-5fba-42bd-9ed3-1ac9c3523626", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50498", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-11-10)", "content": "", "creation_timestamp": "2025-11-10T00:00:00.000000Z"}, {"uuid": "c3864ed3-6047-49f2-b59c-84f2bcca79e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50498", "type": "seen", "source": "MISP/1c5c38d6-3401-41ac-be0e-4cf361fa6f51", "content": "", "creation_timestamp": "2025-09-25T00:36:29.000000Z"}, {"uuid": "6245c2b0-4d7f-4af8-9e6a-2683932f810f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50497", "type": "seen", "source": "MISP/af790da0-9e28-4cb7-bd4e-46ad005115c6", "content": "", "creation_timestamp": "2025-10-01T18:11:57.000000Z"}, {"uuid": "857bac10-f08d-4ab8-8a63-063bd3ea891e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50498", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-02-27)", "content": "", "creation_timestamp": "2026-02-27T00:00:00.000000Z"}, {"uuid": "da64a1ab-4a01-4a75-b814-0f9f4e30a3e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50498", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-02-14)", "content": "", "creation_timestamp": "2026-02-14T00:00:00.000000Z"}, {"uuid": "be40d418-9d62-4a5f-b55b-b61f6ce215b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-50498", "type": "seen", "source": "https://bsky.app/profile/securitycipher.bsky.social/post/3mdioksowcn27", "content": "", "creation_timestamp": "2026-01-28T16:21:23.836339Z"}, {"uuid": "3af7f88d-73e5-4b39-a81d-96484c20bf0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50496", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mih64bqyq52w", "content": "", "creation_timestamp": "2026-04-01T17:00:14.951522Z"}, {"uuid": "f65517c4-d3f6-4fdd-aaf5-41ca00112fd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50496", "type": "seen", "source": "https://bsky.app/profile/potato.software/post/3mih7shgfz22e", "content": "", "creation_timestamp": "2026-04-01T17:30:32.778111Z"}, {"uuid": "ab5087f7-25d3-4ced-9181-c8de8b6d2134", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50495", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mihs7yiv3c2v", "content": "", "creation_timestamp": "2026-04-01T23:00:14.065139Z"}, {"uuid": "a52d77d3-f51a-4b6c-8af8-d041d63b8d53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50491", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mihvlcbnu327", "content": "", "creation_timestamp": "2026-04-02T00:00:15.926529Z"}, {"uuid": "01d882cb-fbfa-4f37-8de2-60f24a943c7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50498", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9305", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aThis is a exploit for CVE-2024-50498\nURL\uff1ahttps://github.com/p0et08/CVE-2024-50498\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-12-04T01:33:39.000000Z"}, {"uuid": "bfddf105-c374-4a2c-9a7d-33bc18f91522", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50493", "type": "seen", "source": "https://t.me/cvedetector/9247", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50493 - Automatic Translation Unrestricted File Upload Web Shell Upload\", \n  \"Content\": \"CVE ID : CVE-2024-50493 \nPublished : Oct. 29, 2024, 8:15 a.m. | 20\u00a0minutes ago \nDescription : Unrestricted Upload of File with Dangerous Type vulnerability in masterhomepage Automatic Translation allows Upload a Web Shell to a Web Server.This issue affects Automatic Translation: from n/a through 1.0.4. \nSeverity: 10.0 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-29T09:44:48.000000Z"}, {"uuid": "ecc84e6a-7b2e-4621-af4d-948502c32c9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50494", "type": "seen", "source": "https://t.me/cvedetector/9249", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50494 - Amin Omer Sudan Payment Gateway for WooCommerce Unrestricted File Upload Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-50494 \nPublished : Oct. 29, 2024, 8:15 a.m. | 20\u00a0minutes ago \nDescription : Unrestricted Upload of File with Dangerous Type vulnerability in Amin Omer Sudan Payment Gateway for WooCommerce allows Upload a Web Shell to a Web Server.This issue affects Sudan Payment Gateway for WooCommerce: from n/a through 1.2.2. \nSeverity: 10.0 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-29T09:44:50.000000Z"}, {"uuid": "cbb94ecb-0b36-4a1f-8c6e-7b1be5696f1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50490", "type": "seen", "source": "https://t.me/cvedetector/9255", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50490 - PegaPoll Missing Authorization vulnerabilit\", \n  \"Content\": \"CVE ID : CVE-2024-50490 \nPublished : Oct. 29, 2024, 9:15 a.m. | 19\u00a0minutes ago \nDescription : Missing Authorization vulnerability in Szabolcs Szecsenyi PegaPoll allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects PegaPoll: from n/a through 1.0.2. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-29T10:34:59.000000Z"}, {"uuid": "f32ab642-691b-42c1-ba2e-b37ebf2618fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50497", "type": "seen", "source": "https://t.me/cvedetector/9118", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50497 - BuyNowDepot Advanced Online Ordering and Delivery Platform PHP Remote Code Execution\", \n  \"Content\": \"CVE ID : CVE-2024-50497 \nPublished : Oct. 28, 2024, 1:15 p.m. | 42\u00a0minutes ago \nDescription : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BuyNowDepot Advanced Online Ordering and Delivery Platform allows PHP Local File Inclusion.This issue affects Advanced Online Ordering and Delivery Platform: from n/a through 2.0.0. \nSeverity: 8.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-28T15:19:32.000000Z"}, {"uuid": "bd09861f-cc7f-4695-bfe7-3787e8110db8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50492", "type": "seen", "source": "https://t.me/cvedetector/9099", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50492 - ScottCart Code Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-50492 \nPublished : Oct. 28, 2024, 12:15 p.m. | 19\u00a0minutes ago \nDescription : Improper Control of Generation of Code ('Code Injection') vulnerability in Scott Paterson ScottCart allows Code Injection.This issue affects ScottCart: from n/a through 1.1. \nSeverity: 8.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-28T13:39:01.000000Z"}, {"uuid": "914de45c-8cdc-4ba3-8fec-497f492d1459", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50495", "type": "seen", "source": "https://t.me/cvedetector/9184", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50495 - WidgiLabs Plugin Propagator Unrestricted File Upload Web Shell RCE\", \n  \"Content\": \"CVE ID : CVE-2024-50495 \nPublished : Oct. 28, 2024, 9:15 p.m. | 32\u00a0minutes ago \nDescription : Unrestricted Upload of File with Dangerous Type vulnerability in WidgiLabs Plugin Propagator allows Upload a Web Shell to a Web Server.This issue affects Plugin Propagator: from n/a through 0.1. \nSeverity: 10.0 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-28T22:51:43.000000Z"}, {"uuid": "4f43a1ee-0ed3-4b45-8b37-aca45cdb6ee9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50496", "type": "seen", "source": "https://t.me/cvedetector/9183", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50496 - AR For WordPress Unrestricted File Upload Web Shell Injury\", \n  \"Content\": \"CVE ID : CVE-2024-50496 \nPublished : Oct. 28, 2024, 9:15 p.m. | 32\u00a0minutes ago \nDescription : Unrestricted Upload of File with Dangerous Type vulnerability in Web and Print Design AR For WordPress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n/a through 6.2. \nSeverity: 10.0 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-28T22:51:43.000000Z"}, {"uuid": "c6957f54-e7ab-4e72-ab44-8480447ae96a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50491", "type": "seen", "source": "https://t.me/cvedetector/9123", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50491 - Micah Blu RSVP ME SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-50491 \nPublished : Oct. 28, 2024, 1:15 p.m. | 42\u00a0minutes ago \nDescription : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Micah Blu RSVP ME allows SQL Injection.This issue affects RSVP ME: from n/a through 1.9.9. \nSeverity: 9.3 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-28T15:19:40.000000Z"}, {"uuid": "3e0b1923-291d-4a9d-b925-2a4954ab8c8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50498", "type": "seen", "source": "https://t.me/cvedetector/9094", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50498 - LUBUS WP Query Console Code Injection\", \n  \"Content\": \"CVE ID : CVE-2024-50498 \nPublished : Oct. 28, 2024, 12:15 p.m. | 19\u00a0minutes ago \nDescription : Improper Control of Generation of Code ('Code Injection') vulnerability in LUBUS WP Query Console allows Code Injection.This issue affects WP Query Console: from n/a through 1.0. \nSeverity: 10.0 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-28T13:38:54.000000Z"}, {"uuid": "ff4f93e3-9d45-4128-bae5-69732389446c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50492", "type": "published-proof-of-concept", "source": "Telegram/yRj3rvTPwwJJrmgfCfqzU7qpeXOxuv70IH7oKMdEI3GidpE", "content": "", "creation_timestamp": "2025-03-26T10:00:06.000000Z"}, {"uuid": "d4e067ab-52e9-44a9-9ab4-be2d979ae505", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50498", "type": "exploited", "source": "https://t.me/true_secator/6534", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0430\u0445 Hunk Companion \u0438 WP Query Console \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0445\u0430\u043a\u0435\u0440\u0430\u043c\u0438 \u0434\u043b\u044f \u0432\u0437\u043b\u043e\u043c\u0430 \u0441\u0430\u0439\u0442\u043e\u0432 WordPress.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c WPScan, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043b\u0438 \u0434\u0432\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0430\u0445, \u0447\u0442\u043e\u0431\u044b \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u0442\u044c \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u044b\u0439 \u0431\u044d\u043a\u0434\u043e\u0440-\u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u0430\u043c.\n\nHunk Companion, \u043f\u043b\u0430\u0433\u0438\u043d \u0434\u043b\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0441\u0430\u0439\u0442\u043e\u0432, \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u044e\u0449\u0438\u0439 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c WordPress ThemeHunk, \u0443\u044f\u0437\u0432\u0438\u043c \u043a CVE\u20112024\u20119707, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 9,8 \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u0438 \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043f\u043b\u0430\u0433\u0438\u043d\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f RCE, \u0435\u0441\u043b\u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d \u0438 \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u043d \u0434\u0440\u0443\u0433\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0439 \u043f\u043b\u0430\u0433\u0438\u043d.\n\n\u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u044b\u043b\u0438 \u0438\u0437\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u044b \u0432 \u0432\u0435\u0440\u0441\u0438\u044e Hunk Companion 1.8.5, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u0443\u044e \u0432 \u043e\u043a\u0442\u044f\u0431\u0440\u0435, \u043e\u0434\u043d\u0430\u043a\u043e, \u043a\u0430\u043a \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442 WPScan, \u043e\u043d\u043e \u043e\u043a\u0430\u0437\u0430\u043b\u043e\u0441\u044c \u043d\u0435\u044d\u0444\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u044b\u043c, \u0432 \u0441\u0432\u044f\u0437\u0438 \u0441 \u0447\u0435\u043c \u0432\u0435\u0440\u0441\u0438\u044f 1.8.7 \u0442\u0430\u043a\u0436\u0435 \u043e\u043a\u0430\u0437\u0430\u043b\u0430\u0441\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439.\n\n\u041d\u043e\u0432\u044b\u0439 \u043f\u0430\u0442\u0447 \u0431\u044b\u043b \u0432\u044b\u043f\u0443\u0449\u0435\u043d 10 \u0434\u0435\u043a\u0430\u0431\u0440\u044f \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 Hunk Companion 1.9.0. \u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e\u00a0\u0434\u0430\u043d\u043d\u044b\u043c\u00a0WordPress, \u043f\u0440\u0438\u043c\u0435\u0440\u043d\u043e 90% \u0438\u0437 10 000 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043e\u043a \u043f\u043b\u0430\u0433\u0438\u043d\u0430, \u043f\u043e \u0432\u0441\u0435\u0439 \u0432\u0438\u0434\u0438\u043c\u043e\u0441\u0442\u0438, \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0442 \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u043d\u0430 \u043d\u0435\u043f\u0430\u0442\u0447\u0435\u043d\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438.\n\n\u0422\u0430\u043a \u0447\u0442\u043e \u0442\u043e\u043b\u044c\u043a\u043e \u0437\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u0441\u0443\u0442\u043a\u0438 Defiance, \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u0431\u043e\u043b\u0435\u0435 56 000 \u0430\u0442\u0430\u043a, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Hunk Companion.\n\nWPScan \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u044b Hunk Companion \u0434\u043b\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0438 \u0430\u043a\u0442\u0438\u0432\u0430\u0446\u0438\u0438 WP Query Console - \u043f\u043b\u0430\u0433\u0438\u043d\u0430 \u0434\u043b\u044f \u0442\u0435\u0441\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 WordPress, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043d\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u043b\u0441\u044f \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u0441\u0435\u043c\u044c \u043b\u0435\u0442 \u0438 \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.\n\n\u041e\u043d\u0430 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2024-50498 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 9,8) \u0438 \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u0434\u0435\u0444\u0435\u043a\u0442 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0432\u043b\u0438\u044f\u0435\u0442 \u043d\u0430 \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 WP Query Console. \u041f\u043b\u0430\u0433\u0438\u043d \u0431\u044b\u043b \u0437\u0430\u043a\u0440\u044b\u0442 21 \u043e\u043a\u0442\u044f\u0431\u0440\u044f, \u0437\u0430 \u043d\u0435\u0434\u0435\u043b\u044e \u0434\u043e \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0430.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u043d\u0430 \u0446\u0435\u043b\u0435\u0432\u043e\u043c \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u0435, \u0447\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0431\u044d\u043a\u0434\u043e\u0440-\u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0438 \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0433\u043e \u043f\u043e\u043b\u043d\u043e\u0433\u043e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u043d\u0430\u0434 \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u043e\u043c.\n\n\u0421\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u043a\u0430 WordPress\u00a0\u043f\u043e\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442, \u0447\u0442\u043e, \u0445\u043e\u0442\u044f \u043f\u043b\u0430\u0433\u0438\u043d \u0431\u044b\u043b \u0437\u0430\u043a\u0440\u044b\u0442 \u0432 \u043e\u043a\u0442\u044f\u0431\u0440\u0435, \u0441 \u043a\u043e\u043d\u0446\u0430 \u043d\u043e\u044f\u0431\u0440\u044f \u0435\u0433\u043e \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u043b\u0438 \u0441\u043e\u0442\u043d\u0438 \u0440\u0430\u0437, \u0447\u0442\u043e \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442 \u043d\u0430 \u0435\u0433\u043e \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0435 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043d\u0438\u0435 \u0432 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 \u043f\u043e \u043c\u0430\u0441\u0441\u043e\u0432\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438.\n\n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c Hunk Companion \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.9.0 \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435. \u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0442\u044c \u0441\u0430\u0439\u0442\u044b \u043d\u0430 \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u043f\u0440\u0438\u0437\u043d\u0430\u043a\u043e\u0432 \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u0439, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0443 WP Query Console \u0438\u043b\u0438 \u0434\u0440\u0443\u0433\u0438\u0445 \u043f\u043b\u0430\u0433\u0438\u043d\u043e\u0432.", "creation_timestamp": "2024-12-12T13:34:48.000000Z"}, {"uuid": "a6dd14e7-ccc7-4d89-acee-2f9bd619b5ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50498", "type": "published-proof-of-concept", "source": "https://t.me/haj3imad/27", "content": "", "creation_timestamp": "2024-12-11T16:32:12.000000Z"}]}