{"vulnerability": "CVE-2024-0757", "sightings": [{"uuid": "041f06fa-388a-46b5-bbcf-03bf2b77019b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-0757", "type": "published-proof-of-concept", "source": "https://t.me/Securi3yTalent/180", "content": "Exploit  CVE-2024-0757\nPoC Exploit for CVE-2024-0757 - Insert or Embed Articulate Content into WordPress Remote Code Execution (RCE)\n\nCheck out (@Securi3yTalent): https://x.com/Securi3yTalent\nhttps://t.me/Securi3yTalent\nhttps://facebook.com/Securi3yTalent\n\n\nhttps://github.com/hunThubSpace/CVE-2024-0757-Exploit\n\n#exploit #wordpressRCE #wordoressecploit #wordoressvulnerability #vulnerability #vapt #Bugbounty #securi3ytalent #securityTalent #security_talent", "creation_timestamp": "2024-06-19T11:07:19.000000Z"}, {"uuid": "846cf9bf-da15-4c0a-bc86-6c66ae2e0f36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-0757", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7681", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aA PoC Exploit for CVE-2024-0757 - Insert or Embed Articulate Content into WordPress Remote Code Execution (RCE)\nURL\uff1ahttps://github.com/hunThubSpace/CVE-2024-0757-Exploit\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-06-17T07:50:49.000000Z"}, {"uuid": "0cb693d9-d91a-45dd-8b32-3b607bdd8387", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-0757", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7680", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aExploit of CVE-2024-0757 (Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Authenticated - Upload to RCE)\nURL\uff1ahttps://github.com/hunThubSpace/CVE-2024-0757\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2024-06-17T07:02:42.000000Z"}, {"uuid": "a61b8295-7583-4bbb-822f-e2061e50a8de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-0757", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9227", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-0757\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 is not properly filtering which file extensions are allowed to be imported on the server, allowing the uploading of malicious code within zip files\n\ud83d\udccf Published: 2024-06-04T06:00:02.008Z\n\ud83d\udccf Modified: 2025-03-27T21:04:01.050Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/eccd017c-e442-46b6-b5e6-aec7bbd5f836/", "creation_timestamp": "2025-03-27T21:27:55.000000Z"}, {"uuid": "f9bc4417-037c-4ccf-9f77-ba955b09ad6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-0757", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/1082", "content": "https://github.com/hunThubSpace/CVE-2024-0757-Exploit", "creation_timestamp": "2024-06-18T19:09:45.000000Z"}, {"uuid": "3701b766-d67e-494b-bab5-2197df31db68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-0757", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/1081", "content": "\ud83d\udea8POC RELEASED\ud83d\udea8A PoC Exploit for CVE-2024-0757 - Insert or Embed Articulate Content into WordPress Remote Code Execution (RCE)\n\nThe Insert or Embed Articulate Content into WordPress plugin for WordPress is vulnerable to arbitrary file uploads through insecure file uploads in a zip archive in all versions up to, and including, 4.3000000023. This makes it possible for unauthenticated attackers to upload zip files containing phar files on the affected site's server which may make remote code execution possible.\n\nCVSS: 8.8 (High) [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H]\nSoftware Type: Plugin\nSoftware Slug: insert-or-embed-articulate-content-into-wordpress\nAffected Version: <= 4.3000000023\n\nhttps://x.com/DarkWebInformer/status/1803111898163920900", "creation_timestamp": "2024-06-18T19:09:04.000000Z"}]}