{"vulnerability": "CVE-2023-3839", "sightings": [{"uuid": "e75a5318-5f4a-44ca-97d3-b657ed8bd1f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38393", "type": "seen", "source": "Telegram/TVzNbCj39jddHJ0wyo_RxjoN5ENQMo13tFhhm0Se71_sQw", "content": "", "creation_timestamp": "2023-07-31T10:36:25.000000Z"}, {"uuid": "39258112-472e-4cd9-8d79-58b2855ed943", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38393", "type": "seen", "source": "https://t.me/KomunitiSiber/572", "content": "Multiple Flaws Found in Ninja Forms Plugin Leave 800,000 Sites Vulnerable\nhttps://thehackernews.com/2023/07/multiple-flaws-found-in-ninja-forms.html\n\nMultiple security vulnerabilities have been disclosed in the Ninja Forms plugin for WordPress that could be exploited by threat actors to escalate privileges and steal sensitive data.\nThe flaws, tracked as CVE-2023-37979, CVE-2023-38386, and CVE-2023-38393, impact versions 3.6.25 and below, Patchstack\u00a0said\u00a0in a report last week. Ninja Forms is installed on over 800,000 sites.\nA brief description", "creation_timestamp": "2023-07-31T10:49:30.000000Z"}, {"uuid": "aaecc20b-f35e-4391-a5cb-4f7d9cd418fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38393", "type": "seen", "source": "https://t.me/thehackernews/3671", "content": "\ud83d\udd13 Urgent: Protect your WordPress site now! Critical security update required for Ninja Forms plugin. Over 800,000 sites at risk from vulnerabilities CVE-2023-37979, CVE-2023-38386, and CVE-2023-38393. \n \nGet the full scoop here: https://thehackernews.com/2023/07/multiple-flaws-found-in-ninja-forms.html", "creation_timestamp": "2023-07-31T09:13:42.000000Z"}, {"uuid": "96a6cee9-0c72-4d87-b7c2-c2007e7913d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38392", "type": "seen", "source": "https://t.me/cibsecurity/67868", "content": "\u203c CVE-2023-38392 \u203c\n\nUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Hiroaki Miyashita Custom Field Template plugin <=\u00c2\u00a02.5.9 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-07T16:18:16.000000Z"}, {"uuid": "2806d7bc-2642-4cbd-9fd9-c3bd52e92eb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3839", "type": "seen", "source": "https://t.me/cibsecurity/67127", "content": "\u203c CVE-2023-3839 \u203c\n\nA vulnerability, which was classified as problematic, has been found in DedeBIZ 6.2.10. Affected by this issue is some unknown functionality of the file /admin/sys_sql_query.php. The manipulation of the argument sqlquery leads to sql injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-235190 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-23T07:25:02.000000Z"}, {"uuid": "c3ca71a2-d169-44fc-b18a-e4015e3a5c9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38397", "type": "seen", "source": "https://t.me/cibsecurity/68227", "content": "\u203c CVE-2023-38397 \u203c\n\nAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eggemplo Gestion-Pymes plugin <=\u00c2\u00a01.5.6 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-10T18:16:10.000000Z"}]}