{"vulnerability": "CVE-2023-26326", "sightings": [{"uuid": "f2321211-ce97-43f5-a62f-ee77e0a880b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26326", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3ljitws43a52v", "content": "", "creation_timestamp": "2025-03-03T21:02:33.697490Z"}, {"uuid": "35252cd4-9cb5-4ac3-b9ca-9230fd8d9d18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26326", "type": "published-proof-of-concept", "source": "https://t.me/YAH_Channel/806", "content": "CVE-2023-26326\n\u041c\u043e\u0449\u043d\u044e\u0447\u0438\u0439 \u0440\u0435\u0441\u0435\u0447 \u043d\u0430 RCE \u0447\u0435\u0440\u0435\u0437 \u043b\u044e\u0431\u043e\u0439 SSRF \u0432 PHP:\n\nhttps://www.ambionics.io/blog/iconv-cve-2024-2961-p1", "creation_timestamp": "2024-05-31T08:48:29.000000Z"}, {"uuid": "11989d24-3dad-4879-9e36-603c80db197a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26326", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7310", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-26326\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. An unauthenticated attacker could leverage this issue to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present.\n\ud83d\udccf Published: 2023-02-23T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-12T14:21:39.655Z\n\ud83d\udd17 References:\n1. https://www.tenable.com/security/research/tra-2023-7", "creation_timestamp": "2025-03-12T14:40:46.000000Z"}, {"uuid": "a31be273-f11a-4d03-af4b-8505dfdc3582", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26326", "type": "published-proof-of-concept", "source": "Telegram/Jcz8p22MvmwAhBG5Fy50RK8-sXwLhyt48n06uP5R6U-giBw", "content": "", "creation_timestamp": "2025-02-02T10:00:06.000000Z"}, {"uuid": "b3126505-bcc6-49de-9491-ddafc24f8330", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26326", "type": "seen", "source": "https://t.me/cibsecurity/58821", "content": "\u203c CVE-2023-26326 \u203c\n\nThe BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. An unauthenticated attacker could leverage this issue to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-23T22:18:47.000000Z"}]}