{"vulnerability": "cve-2024-50498", "sightings": [{"uuid": "60863348-d05e-4139-a036-7891a4950fb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50498", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-50498.yaml", "content": "", "creation_timestamp": "2024-11-28T01:33:43.000000Z"}, {"uuid": "81b83c6f-c1fe-4b82-8aa0-d6252b450524", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50498", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lrbs3rr7yp2v", "content": "", "creation_timestamp": "2025-06-10T21:02:34.770124Z"}, {"uuid": "2d95e14e-f020-42f5-98d6-e24c577fbba6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50498", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-30)", "content": "", "creation_timestamp": "2025-07-30T00:00:00.000000Z"}, {"uuid": "98c5c2b4-5a01-42f1-99a3-2e905855037f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50498", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-06-26)", "content": "", "creation_timestamp": "2025-06-26T00:00:00.000000Z"}, {"uuid": "84b13d79-5fba-42bd-9ed3-1ac9c3523626", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50498", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-11-10)", "content": "", "creation_timestamp": "2025-11-10T00:00:00.000000Z"}, {"uuid": "857bac10-f08d-4ab8-8a63-063bd3ea891e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50498", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-02-27)", "content": "", "creation_timestamp": "2026-02-27T00:00:00.000000Z"}, {"uuid": "c3864ed3-6047-49f2-b59c-84f2bcca79e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50498", "type": "seen", "source": "MISP/1c5c38d6-3401-41ac-be0e-4cf361fa6f51", "content": "", "creation_timestamp": "2025-09-25T00:36:29.000000Z"}, {"uuid": "01d882cb-fbfa-4f37-8de2-60f24a943c7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50498", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/9305", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aThis is a exploit for CVE-2024-50498\nURL\uff1ahttps://github.com/p0et08/CVE-2024-50498\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-12-04T01:33:39.000000Z"}, {"uuid": "da64a1ab-4a01-4a75-b814-0f9f4e30a3e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50498", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-02-14)", "content": "", "creation_timestamp": "2026-02-14T00:00:00.000000Z"}, {"uuid": "be40d418-9d62-4a5f-b55b-b61f6ce215b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-50498", "type": "seen", "source": "https://bsky.app/profile/securitycipher.bsky.social/post/3mdioksowcn27", "content": "", "creation_timestamp": "2026-01-28T16:21:23.836339Z"}, {"uuid": "3e0b1923-291d-4a9d-b925-2a4954ab8c8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50498", "type": "seen", "source": "https://t.me/cvedetector/9094", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50498 - LUBUS WP Query Console Code Injection\", \n  \"Content\": \"CVE ID : CVE-2024-50498 \nPublished : Oct. 28, 2024, 12:15 p.m. | 19\u00a0minutes ago \nDescription : Improper Control of Generation of Code ('Code Injection') vulnerability in LUBUS WP Query Console allows Code Injection.This issue affects WP Query Console: from n/a through 1.0. \nSeverity: 10.0 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-28T13:38:54.000000Z"}, {"uuid": "a6dd14e7-ccc7-4d89-acee-2f9bd619b5ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50498", "type": "published-proof-of-concept", "source": "https://t.me/haj3imad/27", "content": "", "creation_timestamp": "2024-12-11T16:32:12.000000Z"}, {"uuid": "d4e067ab-52e9-44a9-9ab4-be2d979ae505", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50498", "type": "exploited", "source": "https://t.me/true_secator/6534", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0430\u0445 Hunk Companion \u0438 WP Query Console \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0445\u0430\u043a\u0435\u0440\u0430\u043c\u0438 \u0434\u043b\u044f \u0432\u0437\u043b\u043e\u043c\u0430 \u0441\u0430\u0439\u0442\u043e\u0432 WordPress.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c WPScan, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043b\u0438 \u0434\u0432\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0430\u0445, \u0447\u0442\u043e\u0431\u044b \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u0442\u044c \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u044b\u0439 \u0431\u044d\u043a\u0434\u043e\u0440-\u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u0430\u043c.\n\nHunk Companion, \u043f\u043b\u0430\u0433\u0438\u043d \u0434\u043b\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0441\u0430\u0439\u0442\u043e\u0432, \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u044e\u0449\u0438\u0439 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c WordPress ThemeHunk, \u0443\u044f\u0437\u0432\u0438\u043c \u043a CVE\u20112024\u20119707, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 9,8 \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u0438 \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043f\u043b\u0430\u0433\u0438\u043d\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f RCE, \u0435\u0441\u043b\u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d \u0438 \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u043d \u0434\u0440\u0443\u0433\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0439 \u043f\u043b\u0430\u0433\u0438\u043d.\n\n\u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u044b\u043b\u0438 \u0438\u0437\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u044b \u0432 \u0432\u0435\u0440\u0441\u0438\u044e Hunk Companion 1.8.5, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u0443\u044e \u0432 \u043e\u043a\u0442\u044f\u0431\u0440\u0435, \u043e\u0434\u043d\u0430\u043a\u043e, \u043a\u0430\u043a \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442 WPScan, \u043e\u043d\u043e \u043e\u043a\u0430\u0437\u0430\u043b\u043e\u0441\u044c \u043d\u0435\u044d\u0444\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u044b\u043c, \u0432 \u0441\u0432\u044f\u0437\u0438 \u0441 \u0447\u0435\u043c \u0432\u0435\u0440\u0441\u0438\u044f 1.8.7 \u0442\u0430\u043a\u0436\u0435 \u043e\u043a\u0430\u0437\u0430\u043b\u0430\u0441\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439.\n\n\u041d\u043e\u0432\u044b\u0439 \u043f\u0430\u0442\u0447 \u0431\u044b\u043b \u0432\u044b\u043f\u0443\u0449\u0435\u043d 10 \u0434\u0435\u043a\u0430\u0431\u0440\u044f \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 Hunk Companion 1.9.0. \u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e\u00a0\u0434\u0430\u043d\u043d\u044b\u043c\u00a0WordPress, \u043f\u0440\u0438\u043c\u0435\u0440\u043d\u043e 90% \u0438\u0437 10 000 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043e\u043a \u043f\u043b\u0430\u0433\u0438\u043d\u0430, \u043f\u043e \u0432\u0441\u0435\u0439 \u0432\u0438\u0434\u0438\u043c\u043e\u0441\u0442\u0438, \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0442 \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u043d\u0430 \u043d\u0435\u043f\u0430\u0442\u0447\u0435\u043d\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438.\n\n\u0422\u0430\u043a \u0447\u0442\u043e \u0442\u043e\u043b\u044c\u043a\u043e \u0437\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u0441\u0443\u0442\u043a\u0438 Defiance, \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u0431\u043e\u043b\u0435\u0435 56 000 \u0430\u0442\u0430\u043a, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Hunk Companion.\n\nWPScan \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u044b Hunk Companion \u0434\u043b\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0438 \u0430\u043a\u0442\u0438\u0432\u0430\u0446\u0438\u0438 WP Query Console - \u043f\u043b\u0430\u0433\u0438\u043d\u0430 \u0434\u043b\u044f \u0442\u0435\u0441\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 WordPress, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043d\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u043b\u0441\u044f \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u0441\u0435\u043c\u044c \u043b\u0435\u0442 \u0438 \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.\n\n\u041e\u043d\u0430 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2024-50498 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 9,8) \u0438 \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u0434\u0435\u0444\u0435\u043a\u0442 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0432\u043b\u0438\u044f\u0435\u0442 \u043d\u0430 \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 WP Query Console. \u041f\u043b\u0430\u0433\u0438\u043d \u0431\u044b\u043b \u0437\u0430\u043a\u0440\u044b\u0442 21 \u043e\u043a\u0442\u044f\u0431\u0440\u044f, \u0437\u0430 \u043d\u0435\u0434\u0435\u043b\u044e \u0434\u043e \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0430.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u043d\u0430 \u0446\u0435\u043b\u0435\u0432\u043e\u043c \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u0435, \u0447\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0431\u044d\u043a\u0434\u043e\u0440-\u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0438 \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0433\u043e \u043f\u043e\u043b\u043d\u043e\u0433\u043e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u043d\u0430\u0434 \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u043e\u043c.\n\n\u0421\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u043a\u0430 WordPress\u00a0\u043f\u043e\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442, \u0447\u0442\u043e, \u0445\u043e\u0442\u044f \u043f\u043b\u0430\u0433\u0438\u043d \u0431\u044b\u043b \u0437\u0430\u043a\u0440\u044b\u0442 \u0432 \u043e\u043a\u0442\u044f\u0431\u0440\u0435, \u0441 \u043a\u043e\u043d\u0446\u0430 \u043d\u043e\u044f\u0431\u0440\u044f \u0435\u0433\u043e \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u043b\u0438 \u0441\u043e\u0442\u043d\u0438 \u0440\u0430\u0437, \u0447\u0442\u043e \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442 \u043d\u0430 \u0435\u0433\u043e \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0435 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043d\u0438\u0435 \u0432 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 \u043f\u043e \u043c\u0430\u0441\u0441\u043e\u0432\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438.\n\n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c Hunk Companion \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.9.0 \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435. \u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0442\u044c \u0441\u0430\u0439\u0442\u044b \u043d\u0430 \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u043f\u0440\u0438\u0437\u043d\u0430\u043a\u043e\u0432 \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u0439, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0443 WP Query Console \u0438\u043b\u0438 \u0434\u0440\u0443\u0433\u0438\u0445 \u043f\u043b\u0430\u0433\u0438\u043d\u043e\u0432.", "creation_timestamp": "2024-12-12T13:34:48.000000Z"}]}