{"vulnerability": "CVE-2023-2878", "sightings": [{"uuid": "2a87a0e3-4aef-4c01-b253-2efc671230d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28788", "type": "seen", "source": "https://t.me/ctinow/157237", "content": "https://ift.tt/KEtjPwL\nCVE-2023-28788", "creation_timestamp": "2023-12-20T19:25:37.000000Z"}, {"uuid": "0c2e7c45-2ba9-402a-830e-ab6ddc2f5579", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28782", "type": "seen", "source": "https://t.me/ctinow/157117", "content": "https://ift.tt/s8vXjLA\nCVE-2023-28782", "creation_timestamp": "2023-12-20T16:23:53.000000Z"}, {"uuid": "37584492-51b1-4891-9cf7-288b1ef77309", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28782", "type": "seen", "source": "https://t.me/arpsyndicate/2130", "content": "#ExploitObserverAlert\n\nCVE-2023-28782\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-28782. Deserialization of Untrusted Data vulnerability in Rocketgenius Inc. Gravity Forms.This issue affects Gravity Forms: from n/a through 2.7.3.", "creation_timestamp": "2023-12-23T13:28:37.000000Z"}, {"uuid": "7ac35634-3cfe-4526-9f9a-b709e16ec2b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28786", "type": "seen", "source": "https://t.me/cibsecurity/73922", "content": "\u203c\ufe0fCVE-2023-28786\u203c\ufe0f\n\nURL Redirection to Untrusted Site 'Open Redirect' vulnerability in SolidWP Solid Security  Password, Two Factor Authentication, and Brute Force Protection.This issue affects Solid Security  Password, Two Factor Authentication, and Brute Force Protection from na through 8.1.4.  \n\n\ud83d\udcd6 Read more\n\nVia \"National Vulnerability Database\"", "creation_timestamp": "2023-12-30T01:36:25.000000Z"}, {"uuid": "6187ad1d-5da2-4610-969d-d977b07db286", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28782", "type": "seen", "source": "https://t.me/ctinow/167856", "content": "https://ift.tt/xCJUvnl\nCVE-2023-28782 | Rocketgenius Gravity Forms Plugin up to 2.7.3 on WordPress deserialization", "creation_timestamp": "2024-01-13T15:21:59.000000Z"}, {"uuid": "47b8b320-1884-4bc0-b223-0b2e840971b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28786", "type": "seen", "source": "https://t.me/ctinow/160424", "content": "https://ift.tt/OgtyLRa\nCVE-2023-28786", "creation_timestamp": "2023-12-29T11:26:19.000000Z"}, {"uuid": "56762f73-097f-49e3-b812-5c209f4555b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28783", "type": "seen", "source": "https://t.me/cibsecurity/68761", "content": "\u203c CVE-2023-28783 \u203c\n\nAuth. (shop manager+) Stored Cross-Site Scripting (XSS) vulnerability in PHPRADAR Woocommerce Tip/Donation plugin <=\u00c2\u00a01.2 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-17T18:37:28.000000Z"}, {"uuid": "1a8c3f3a-2de6-47f0-a4fd-1754dbbfa96d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28789", "type": "seen", "source": "https://t.me/cibsecurity/61684", "content": "\u203c CVE-2023-28789 \u203c\n\nUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.5.4 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-07T18:28:52.000000Z"}, {"uuid": "d3058791-69cc-4c06-87bc-26b0427d12eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28782", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/8402", "content": "#exploit\n1. CVE-2023-34152 / CVE-2023-34151:\nShell Command Injection in ImageMagick / \nUndefined behaviors of casting double to size_t in svg, mvg, and other coders\nhttps://github.com/ImageMagick/ImageMagick/issues/6341\n]-> CVE-2023-34153:\u00a0Shell command injection vulnerability\nhttps://github.com/ImageMagick/ImageMagick/issues/6338\n\n2. CVE-2023-28782:\nPHP Object Injection Flaw in WordPress Gravity Forms Plugin\nhttps://securityonline.info/cve-2023-28782-php-object-injection-flaw-in-wordpress-gravity-forms-plugin-with-1-million-active-installations\n\n3. CVE-2023-3009:\nStored XSS on item name - Bypassing CVE-2023-2516 in TeamPass <3.0.9\nhttps://github.com/mnqazi/CVE-2023-3009", "creation_timestamp": "2023-06-01T13:16:22.000000Z"}, {"uuid": "e87a3e4f-058d-47a8-abbd-c51addda97f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-2878", "type": "seen", "source": "https://gist.github.com/xaimix/e41390f78ca376cc00c9de3ad68f26a0", "content": "", "creation_timestamp": "2025-12-18T16:53:47.000000Z"}, {"uuid": "411d52e7-125f-48c8-b174-a31b9629f6e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28787", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3merfr5dd2m2v", "content": "", "creation_timestamp": "2026-02-13T21:03:04.024922Z"}, {"uuid": "ba49d21b-9bad-479f-93ad-b8207066e154", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-2878", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/250", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-2878\n\ud83d\udd39 Description: Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs.\n\n\ud83d\udccf Published: 2023-06-07T14:35:10.295Z\n\ud83d\udccf Modified: 2025-01-06T21:04:31.624Z\n\ud83d\udd17 References:\n1. https://github.com/kubernetes/kubernetes/issues/118419\n2. https://groups.google.com/g/kubernetes-security-announce/c/5K8ghQHBDdQ/m/Udee6YUgAAAJ\n3. https://security.netapp.com/advisory/ntap-20230814-0003/", "creation_timestamp": "2025-01-06T21:37:55.000000Z"}]}