{"vulnerability": "CVE-2023-37979", "sightings": [{"uuid": "f0a8c033-70db-48ca-a4d5-596c366d9abf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37979", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4864", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-37979 PoC and Checker\nURL\uff1ahttps://github.com/d0rb/CVE-2023-37979\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-08-04T10:40:04.000000Z"}, {"uuid": "c4a1195a-0e52-4c3b-9f65-a39004dfb75a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37979", "type": "seen", "source": "https://t.me/KomunitiSiber/572", "content": "Multiple Flaws Found in Ninja Forms Plugin Leave 800,000 Sites Vulnerable\nhttps://thehackernews.com/2023/07/multiple-flaws-found-in-ninja-forms.html\n\nMultiple security vulnerabilities have been disclosed in the Ninja Forms plugin for WordPress that could be exploited by threat actors to escalate privileges and steal sensitive data.\nThe flaws, tracked as CVE-2023-37979, CVE-2023-38386, and CVE-2023-38393, impact versions 3.6.25 and below, Patchstack\u00a0said\u00a0in a report last week. Ninja Forms is installed on over 800,000 sites.\nA brief description", "creation_timestamp": "2023-07-31T10:49:30.000000Z"}, {"uuid": "6dc7632e-8922-4d8a-8834-8d05ef4c946a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37979", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4935", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-37979 - WordPress Authenticated XSS in Ninja-forms Plugin\nURL\uff1ahttps://github.com/codeb0ss/CVE-2023-37979\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-08-17T02:29:50.000000Z"}, {"uuid": "85ee3821-4470-4f04-965c-1b9351680e63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37979", "type": "seen", "source": "Telegram/TVzNbCj39jddHJ0wyo_RxjoN5ENQMo13tFhhm0Se71_sQw", "content": "", "creation_timestamp": "2023-07-31T10:36:25.000000Z"}, {"uuid": "f9d2b134-234b-42e0-9c8b-5e156e0cd337", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37979", "type": "published-proof-of-concept", "source": "Telegram/FPjteHPPefkZ-BBiKfxliVBknEhs1Yye2XNt5djwPX5QNQ", "content": "", "creation_timestamp": "2023-08-03T12:33:08.000000Z"}, {"uuid": "ef13a8cb-3d20-47b0-8627-3831dac9c9f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37979", "type": "published-proof-of-concept", "source": "https://t.me/codeb0ss/1036", "content": "CVE-2023-37979 - WordPress Authenticated XSS in Ninja-forms Plugin + Upload File", "creation_timestamp": "2024-09-17T21:31:17.000000Z"}, {"uuid": "c2d692bf-03bc-4b59-8fcc-a60f32428a81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37979", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/3987", "content": "\ud83d\udccc\ud83d\udcdfCVE-2023-37979 Ninja-Forms Exploit : https://system32.ink/cve-2023-37979-ninja-forms-exploit/\n\n\ud83e\uddeeLFI FINDER TOOL : https://system32.ink/lfi-finder-tool/\n\n\ud83d\udccd\ud83e\ude85Gamigo Data Leak : https://system32.ink/gamigo-data-leak/\n\n@Crackcodes | System32.ink | Crackcodes.in", "creation_timestamp": "2023-08-03T12:32:17.000000Z"}, {"uuid": "6fa8c54d-e18f-4586-8d99-ed0e770916dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37979", "type": "seen", "source": "https://t.me/thehackernews/3671", "content": "\ud83d\udd13 Urgent: Protect your WordPress site now! Critical security update required for Ninja Forms plugin. Over 800,000 sites at risk from vulnerabilities CVE-2023-37979, CVE-2023-38386, and CVE-2023-38393. \n \nGet the full scoop here: https://thehackernews.com/2023/07/multiple-flaws-found-in-ninja-forms.html", "creation_timestamp": "2023-07-31T09:13:42.000000Z"}, {"uuid": "c66b32ff-c495-4f6e-9144-fe3ca3715f2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37979", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8780", "content": "#exploit\n1. CVE-2023-37979:\nXSS in Ninja Forms wordpress plugin\nhttps://github.com/Fire-Null/CVE-2023-37979\n]-> https://github.com/Mehran-Seifalinia/CVE-2023-37979\n\n2. CVE-2023-39147:\nUvdesk v1.1.3 - File Upload RCE (Authenticated)\nhttps://www.exploit-db.com/exploits/51639", "creation_timestamp": "2023-08-02T13:18:29.000000Z"}, {"uuid": "4160b461-1ed7-41a1-9d12-03d5b8ed4cee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37979", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3153", "content": "Hackers Factory \n\nBlack Hat USA 2023\nDefender-Pretender: When Windows Defender Updates Become a Security Risk\n\nhttps://github.com/SafeBreach-Labs/wd-pretender\n\n#BlackHat #blackhat23 #Infosec #Windows #Security #cyberattacks\n\nRCE exploit for CVE-2023-3519\n\nhttps://github.com/BishopFox/CVE-2023-3519\n\nCVE-2023-37979\n\nhttps://github.com/Fire-Null/CVE-2023-37979\n\nGolang client for querying SecurityTrails API data\n\nhttps://github.com/hakluke/haktrails\n\nExtract URLs, paths, secrets, and other interesting bits from JavaScript\n\nhttps://github.com/BishopFox/jsluice\n\nCVE-2023-35078 Remote Unauthenticated API Access Vulnerability Exploit POC\n\nhttps://github.com/vchan-in/CVE-2023-35078-Exploit-POC\n\nSub-Domain TakeOver Vulnerability Scanner\n\nhttps://github.com/m4ll0k/takeover\n\nCloudpanel 0-day Exploit\n\nhttps://github.com/datackmy/FallingSkies-CVE-2023-35885\n\nnse script to identify server vulnerable to CVE-2023-3519\n\nhttps://github.com/dorkerdevil/CitrixFall\n\nCVE-2023-34960 Chamilo PoC\n\nhttps://github.com/Aituglo/CVE-2023-34960/blob/master/poc.py\n\nVMWare vRealize Network Insight pre-authenticated RCE CVE-2023-20887\n\nhttps://github.com/projectdiscovery/nuclei-templates/pull/7405\n\nKeyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.\n\nhttps://github.com/streaak/keyhacks\n\n#Infosec #cybersec #hackersfactory \n\nhttps://t.me/dilagrafie", "creation_timestamp": "2023-08-14T01:40:46.000000Z"}, {"uuid": "bfa68f84-7226-4b4f-a3b6-0a657dc9f3d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37979", "type": "seen", "source": "https://t.me/cibsecurity/67325", "content": "\u203c CVE-2023-37979 \u203c\n\nUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Saturday Drive Ninja Forms Contact Form plugin <=\u00c2\u00a03.6.25 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-27T18:28:50.000000Z"}, {"uuid": "9353160b-9db5-4997-8b08-058857c67edd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37979", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/807", "content": "https://github.com/Fire-Null/CVE-2023-37979\ncve-2023-37979  poc\n#github", "creation_timestamp": "2023-08-03T05:03:56.000000Z"}, {"uuid": "4ad34778-2024-4364-8f5e-80d1313db539", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37979", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/812", "content": "https://github.com/d0rb/CVE-2023-37979\npoc\n#github", "creation_timestamp": "2023-08-04T13:37:23.000000Z"}]}