{"vulnerability": "cve-2023-2349", "sightings": [{"uuid": "99b42e41-6eae-4e84-a92a-f6e3fec5abd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-23490", "type": "seen", "source": "https://t.me/true_secator/3945", "content": "\u041f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0435 \u043f\u043b\u0430\u0433\u0438\u043d\u044b WordPress \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u0434\u043b\u044f \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u0438\u043b\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0439, \u0434\u043b\u044f \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u044b PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b. \n\n\u041e\u0448\u0438\u0431\u043a\u0438 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0440\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u043e\u043c \u0414\u0436\u043e\u0448\u0443\u0430 \u041c\u0430\u0440\u0442\u0438\u043d\u0435\u043b\u043b\u043e\u043c \u0438\u0437 Tenable, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0441\u043e\u043e\u0431\u0449\u0438\u043b \u043e \u043d\u0438\u0445 WordPress 19 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430 \u0432\u043c\u0435\u0441\u0442\u0435 \u0441 PoC.\n\n\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u043f\u043b\u0430\u0433\u0438\u043d\u043e\u0432 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0440\u0435\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u0432 \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u0434\u043d\u0438, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0432\u0441\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0432 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b.\n\n\u0412\u0447\u0435\u0440\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0440\u0430\u0441\u043a\u0440\u044b\u043b \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b PoC \u0434\u043b\u044f \u043a\u0430\u0436\u0434\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.\n\n\u041f\u0435\u0440\u0432\u044b\u0439 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u0435\u043c\u044b\u0439 \u043c\u043e\u0434\u0443\u043b\u044c - \u044d\u0442\u043e\u00a0Paid Memberships Pro, \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0447\u043b\u0435\u043d\u0441\u0442\u0432\u043e\u043c \u0438 \u043f\u043e\u0434\u043f\u0438\u0441\u043a\u0430\u043c\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0431\u043e\u043b\u0435\u0435 \u0447\u0435\u043c \u043d\u0430 100 000 \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u0430\u0445.\n\n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e Tenable, \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u043c \u00ab\u043a\u043e\u0434\u00bb \u0432 REST-\u0440\u043e\u0443\u0442\u0435 /pmpro/v1/order \u043f\u0435\u0440\u0435\u0434 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0435\u0433\u043e \u0432 \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u0435 SQL.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441 CVSSv3 9,8 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2023-23488 \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u043f\u043b\u0430\u0433\u0438\u043d\u0430 \u0441\u0442\u0430\u0440\u0448\u0435 2.9.8, \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 27 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2022 \u0433.\n\n\u0412\u0442\u043e\u0440\u0430\u044f \u043d\u0430\u0434\u0441\u0442\u0440\u043e\u0439\u043a\u0430 WordPress, \u0443\u044f\u0437\u0432\u0438\u043c\u0430\u044f \u0434\u043b\u044f SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0439, -\u00a0Easy Digital Downloads, \u0440\u0435\u0448\u0435\u043d\u0438\u0435 \u0432 \u043e\u0431\u043b\u0430\u0441\u0442\u0438 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043a\u043e\u043c\u043c\u0435\u0440\u0446\u0438\u0438, \u0438\u043c\u0435\u0435\u0442 \u0431\u043e\u043b\u0435\u0435 \u0447\u0435\u043c 50 000 \u0430\u043a\u0442\u0438\u0432\u043d\u044b\u0445 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043e\u043a.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u043c \u00abs\u00bb \u0432 \u00abedd_download_search\u00bb \u043f\u0435\u0440\u0435\u0434 \u0435\u0433\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0432 \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u0435 SQL.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2023-23489 \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u0440\u0435\u0439\u0442\u0438\u043d\u0433 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 CVSSv3 9,8.\u00a0\u041e\u043d\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u043d\u0438\u0436\u0435 3.1.0.4, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u0435 5 \u044f\u043d\u0432\u0430\u0440\u044f 2023 \u0433\u043e\u0434\u0430.\n\n\u041d\u0430\u043a\u043e\u043d\u0435\u0446, Tenable \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e CVE-2023-23490 \u0432\u00a0Survey Marker, \u043f\u043b\u0430\u0433\u0438\u043d\u0435 WordPress, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u043c \u043d\u0430 3000 \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u0430\u0445 \u0434\u043b\u044f \u043e\u043f\u0440\u043e\u0441\u043e\u0432 \u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0439 \u0440\u044b\u043d\u043a\u0430.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 8,8, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430 \u043a\u0430\u043a \u043c\u0438\u043d\u0438\u043c\u0443\u043c \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043f\u043e\u0434\u043f\u0438\u0441\u0447\u0438\u043a\u0430. \u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e \u0441 21 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2022 \u0433. \u0441 \u0432\u0435\u0440\u0441\u0438\u0435\u0439 3.1.2.\n\nTenable \u043d\u0435 \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442, \u043a\u0430\u043a\u043e\u0435 \u0432\u043b\u0438\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0433\u0443\u0442 \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u0438\u0445 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445.\n\n\u041e\u0434\u043d\u0430\u043a\u043e, \u0443\u0447\u0438\u0442\u044b\u0432\u0430\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0441\u0442\u044c \u043e\u0448\u0438\u0431\u043e\u043a, \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043f\u043b\u0430\u0433\u0438\u043d\u043e\u0432 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438.", "creation_timestamp": "2023-01-16T17:30:07.000000Z"}, {"uuid": "b358dba5-bbd0-4dff-960e-d6bec1887257", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-23494", "type": "seen", "source": "https://t.me/cibsecurity/63510", "content": "\u203c CVE-2023-23494 \u203c\n\nA buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 16.4 and iPadOS 16.4. A user in a privileged network position may be able to cause a denial-of-service\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-09T00:50:54.000000Z"}, {"uuid": "5aebfb21-3f47-419c-b182-0c343e6e018f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-23491", "type": "published-proof-of-concept", "source": "https://t.me/codeb0ss/966", "content": "", "creation_timestamp": "2023-07-27T02:12:20.000000Z"}, {"uuid": "ee931000-e2ba-411e-a036-550929563785", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-23490", "type": "seen", "source": "MISP/033e378c-e6e5-45a3-af33-bd45a5d15271", "content": "", "creation_timestamp": "2023-01-23T14:13:24.000000Z"}, {"uuid": "eda87d14-59ef-45cf-8ce4-9896a416dd91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-2349", "type": "seen", "source": "https://t.me/cibsecurity/62995", "content": "\u203c CVE-2023-2349 \u203c\n\nA vulnerability classified as problematic has been found in SourceCodester Service Provider Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227592.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-27T20:26:41.000000Z"}, {"uuid": "03594ddc-eef1-4eab-b496-c0a81e171259", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-23499", "type": "seen", "source": "https://t.me/cibsecurity/59056", "content": "\u203c CVE-2023-23499 \u203c\n\nThis issue was addressed by enabling hardened runtime. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3, tvOS 16.3, watchOS 9.3, iOS 16.3 and iPadOS 16.3, macOS Big Sur 11.7.3. An app may be able to access user-sensitive data.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-27T22:28:12.000000Z"}]}