{"vulnerability": "cve-2023-3797", "sightings": [{"uuid": "9353160b-9db5-4997-8b08-058857c67edd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37979", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/807", "content": "https://github.com/Fire-Null/CVE-2023-37979\ncve-2023-37979  poc\n#github", "creation_timestamp": "2023-08-03T05:03:56.000000Z"}, {"uuid": "4ad34778-2024-4364-8f5e-80d1313db539", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37979", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/812", "content": "https://github.com/d0rb/CVE-2023-37979\npoc\n#github", "creation_timestamp": "2023-08-04T13:37:23.000000Z"}, {"uuid": "c4a1195a-0e52-4c3b-9f65-a39004dfb75a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37979", "type": "seen", "source": "https://t.me/KomunitiSiber/572", "content": "Multiple Flaws Found in Ninja Forms Plugin Leave 800,000 Sites Vulnerable\nhttps://thehackernews.com/2023/07/multiple-flaws-found-in-ninja-forms.html\n\nMultiple security vulnerabilities have been disclosed in the Ninja Forms plugin for WordPress that could be exploited by threat actors to escalate privileges and steal sensitive data.\nThe flaws, tracked as CVE-2023-37979, CVE-2023-38386, and CVE-2023-38393, impact versions 3.6.25 and below, Patchstack\u00a0said\u00a0in a report last week. Ninja Forms is installed on over 800,000 sites.\nA brief description", "creation_timestamp": "2023-07-31T10:49:30.000000Z"}, {"uuid": "4160b461-1ed7-41a1-9d12-03d5b8ed4cee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37979", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3153", "content": "Hackers Factory \n\nBlack Hat USA 2023\nDefender-Pretender: When Windows Defender Updates Become a Security Risk\n\nhttps://github.com/SafeBreach-Labs/wd-pretender\n\n#BlackHat #blackhat23 #Infosec #Windows #Security #cyberattacks\n\nRCE exploit for CVE-2023-3519\n\nhttps://github.com/BishopFox/CVE-2023-3519\n\nCVE-2023-37979\n\nhttps://github.com/Fire-Null/CVE-2023-37979\n\nGolang client for querying SecurityTrails API data\n\nhttps://github.com/hakluke/haktrails\n\nExtract URLs, paths, secrets, and other interesting bits from JavaScript\n\nhttps://github.com/BishopFox/jsluice\n\nCVE-2023-35078 Remote Unauthenticated API Access Vulnerability Exploit POC\n\nhttps://github.com/vchan-in/CVE-2023-35078-Exploit-POC\n\nSub-Domain TakeOver Vulnerability Scanner\n\nhttps://github.com/m4ll0k/takeover\n\nCloudpanel 0-day Exploit\n\nhttps://github.com/datackmy/FallingSkies-CVE-2023-35885\n\nnse script to identify server vulnerable to CVE-2023-3519\n\nhttps://github.com/dorkerdevil/CitrixFall\n\nCVE-2023-34960 Chamilo PoC\n\nhttps://github.com/Aituglo/CVE-2023-34960/blob/master/poc.py\n\nVMWare vRealize Network Insight pre-authenticated RCE CVE-2023-20887\n\nhttps://github.com/projectdiscovery/nuclei-templates/pull/7405\n\nKeyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.\n\nhttps://github.com/streaak/keyhacks\n\n#Infosec #cybersec #hackersfactory \n\nhttps://t.me/dilagrafie", "creation_timestamp": "2023-08-14T01:40:46.000000Z"}, {"uuid": "bfa68f84-7226-4b4f-a3b6-0a657dc9f3d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37979", "type": "seen", "source": "https://t.me/cibsecurity/67325", "content": "\u203c CVE-2023-37979 \u203c\n\nUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Saturday Drive Ninja Forms Contact Form plugin &lt;=\u00c2\u00a03.6.25 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-27T18:28:50.000000Z"}, {"uuid": "1a4f5e12-e8ab-4df4-80e1-bbe289b7b863", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37977", "type": "seen", "source": "https://t.me/cibsecurity/67335", "content": "\u203c CVE-2023-37977 \u203c\n\nUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFunnels Team Drag &amp; Drop Sales Funnel Builder for WordPress \u00e2\u20ac\u201c WPFunnels plugin &lt;=\u00c2\u00a02.7.16 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-27T18:29:05.000000Z"}, {"uuid": "7269a5de-daa5-4bbb-9d7d-f93df14d3299", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37975", "type": "seen", "source": "https://t.me/cibsecurity/67328", "content": "\u203c CVE-2023-37975 \u203c\n\nUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in RadiusTheme Variation Swatches for WooCommerce plugin &lt;=\u00c2\u00a02.3.7 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-27T18:28:53.000000Z"}, {"uuid": "9559b9f7-93b5-434e-a0c7-7aa9dcd9f87c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37971", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113646991490830884", "content": "", "creation_timestamp": "2024-12-13T18:44:31.445216Z"}, {"uuid": "6dc7632e-8922-4d8a-8834-8d05ef4c946a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37979", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4935", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-37979 - WordPress Authenticated XSS in Ninja-forms Plugin\nURL\uff1ahttps://github.com/codeb0ss/CVE-2023-37979\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-08-17T02:29:50.000000Z"}, {"uuid": "f9d2b134-234b-42e0-9c8b-5e156e0cd337", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37979", "type": "published-proof-of-concept", "source": "Telegram/FPjteHPPefkZ-BBiKfxliVBknEhs1Yye2XNt5djwPX5QNQ", "content": "", "creation_timestamp": "2023-08-03T12:33:08.000000Z"}, {"uuid": "c2d692bf-03bc-4b59-8fcc-a60f32428a81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37979", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/3987", "content": "\ud83d\udccc\ud83d\udcdfCVE-2023-37979 Ninja-Forms Exploit : https://system32.ink/cve-2023-37979-ninja-forms-exploit/\n\n\ud83e\uddeeLFI FINDER TOOL : https://system32.ink/lfi-finder-tool/\n\n\ud83d\udccd\ud83e\ude85Gamigo Data Leak : https://system32.ink/gamigo-data-leak/\n\n@Crackcodes | System32.ink | Crackcodes.in", "creation_timestamp": "2023-08-03T12:32:17.000000Z"}, {"uuid": "528605d6-3fef-4f5a-95a5-0ec250a06e47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37973", "type": "seen", "source": "https://t.me/cibsecurity/66888", "content": "\u203c CVE-2023-37973 \u203c\n\nCross-Site Request Forgery (CSRF) vulnerability in David Pokorny Replace Word plugin &lt;=\u00c2\u00a02.1 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-18T16:30:57.000000Z"}, {"uuid": "04436889-a229-419b-8cbe-1c1cc30fc7c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37976", "type": "seen", "source": "https://t.me/cibsecurity/67322", "content": "\u203c CVE-2023-37976 \u203c\n\nUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Radio Forge Muses Player with Skins plugin &lt;=\u00c2\u00a02.5 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-27T18:28:45.000000Z"}, {"uuid": "6fa8c54d-e18f-4586-8d99-ed0e770916dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37979", "type": "seen", "source": "https://t.me/thehackernews/3671", "content": "\ud83d\udd13 Urgent: Protect your WordPress site now! Critical security update required for Ninja Forms plugin. Over 800,000 sites at risk from vulnerabilities CVE-2023-37979, CVE-2023-38386, and CVE-2023-38393. \n \nGet the full scoop here: https://thehackernews.com/2023/07/multiple-flaws-found-in-ninja-forms.html", "creation_timestamp": "2023-07-31T09:13:42.000000Z"}, {"uuid": "c66b32ff-c495-4f6e-9144-fe3ca3715f2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37979", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8780", "content": "#exploit\n1. CVE-2023-37979:\nXSS in Ninja Forms wordpress plugin\nhttps://github.com/Fire-Null/CVE-2023-37979\n]-&gt; https://github.com/Mehran-Seifalinia/CVE-2023-37979\n\n2. CVE-2023-39147:\nUvdesk v1.1.3 - File Upload RCE (Authenticated)\nhttps://www.exploit-db.com/exploits/51639", "creation_timestamp": "2023-08-02T13:18:29.000000Z"}, {"uuid": "f0a8c033-70db-48ca-a4d5-596c366d9abf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37979", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4864", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-37979 PoC and Checker\nURL\uff1ahttps://github.com/d0rb/CVE-2023-37979\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-08-04T10:40:04.000000Z"}, {"uuid": "85ee3821-4470-4f04-965c-1b9351680e63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37979", "type": "seen", "source": "Telegram/TVzNbCj39jddHJ0wyo_RxjoN5ENQMo13tFhhm0Se71_sQw", "content": "", "creation_timestamp": "2023-07-31T10:36:25.000000Z"}, {"uuid": "ef13a8cb-3d20-47b0-8627-3831dac9c9f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37979", "type": "published-proof-of-concept", "source": "https://t.me/codeb0ss/1036", "content": "CVE-2023-37979 - WordPress Authenticated XSS in Ninja-forms Plugin + Upload File", "creation_timestamp": "2024-09-17T21:31:17.000000Z"}, {"uuid": "56c2ce31-e13f-44e9-bc98-c1d3f216008d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37974", "type": "seen", "source": "https://t.me/cibsecurity/66835", "content": "\u203c CVE-2023-37974 \u203c\n\nCross-Site Request Forgery (CSRF) vulnerability in Justin Klein WP Social AutoConnect plugin &lt;=\u00c2\u00a04.6.1 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-17T20:40:15.000000Z"}, {"uuid": "c2f793cc-71b7-4225-8e1f-6216f90a710b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-37970", "type": "seen", "source": "https://t.me/cibsecurity/67333", "content": "\u203c CVE-2023-37970 \u203c\n\nAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Matthew Fries MF Gig Calendar plugin &lt;=\u00c2\u00a01.2 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-27T18:29:00.000000Z"}]}