{"vulnerability": "CVE-2024-1071", "sightings": [{"uuid": "ab5745cb-929f-4ed0-b2cb-89589e129111", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10715", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113435691499842185", "content": "", "creation_timestamp": "2024-11-06T11:08:09.253669Z"}, {"uuid": "f1a38fa5-4e33-4e48-b9ef-5d8c666a0047", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10717", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113473259336230179", "content": "", "creation_timestamp": "2024-11-13T02:22:09.033685Z"}, {"uuid": "5a3c255b-0168-4dea-a11c-e791e3eb0cd9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10716", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113600938585631481", "content": "", "creation_timestamp": "2024-12-05T15:32:39.624275Z"}, {"uuid": "f28e6665-da56-42c3-8993-43512b38b103", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10710", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113542072741792560", "content": "", "creation_timestamp": "2024-11-25T06:02:18.257772Z"}, {"uuid": "58ce20e8-218b-4cdb-97e3-083111f3b1fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1071", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8414", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aProof of concept : CVE-2024-1071: WordPress Vulnerability Exploited\nURL\uff1ahttps://github.com/fa-rrel/CVE-2024-1071-SQL-Injection\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-08-30T04:27:22.000000Z"}, {"uuid": "d0c2b92e-77d8-4ffb-a1aa-34841eddaafe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1071", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:02.000000Z"}, {"uuid": "a3e4114f-794b-4a5e-9569-e684849e9ef3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1071", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/wp_ultimate_member_sorting_sqli.rb", "content": "", "creation_timestamp": "2024-10-30T13:43:24.000000Z"}, {"uuid": "8e116a29-9166-4b0b-a573-74036eb39644", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1071", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:46.000000Z"}, {"uuid": "b1326b22-43ed-4304-9252-2100d9b123fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1071", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:59.000000Z"}, {"uuid": "c7dae977-d26c-4d17-9167-083cdac64e15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1071", "type": "published-proof-of-concept", "source": "Telegram/P054ImMwjqD_rl7lBAm-hCz5MlTq06QbnDeiIVFMTFFsHy4", "content": "", "creation_timestamp": "2025-05-04T05:11:16.000000Z"}, {"uuid": "1a9f4b8c-42fa-488a-95e1-e65df5f0f0ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1071", "type": "published-proof-of-concept", "source": "Telegram/7Ml4_lMheQFWoLP8HS6G4y2kPw4O-CbsZ96PEHQtUpuC3WA", "content": "", "creation_timestamp": "2025-05-04T05:10:20.000000Z"}, {"uuid": "ae875a22-f957-4990-b793-4c97dac69ee2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10713", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8271", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10713\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: A vulnerability in szad670401/hyperlpr v3.0 allows for a Denial of Service (DoS) attack. The server fails to handle excessive characters appended to the end of multipart boundaries, regardless of the character used. This flaw can be exploited by sending malformed multipart requests with arbitrary characters at the end of the boundary, leading to excessive resource consumption and a complete denial of service for all users. The vulnerability is unauthenticated, meaning no user login or interaction is required for an attacker to exploit this issue.\n\ud83d\udccf Published: 2025-03-20T10:08:47.112Z\n\ud83d\udccf Modified: 2025-03-20T19:03:54.276Z\n\ud83d\udd17 References:\n1. https://huntr.com/bounties/d5404069-95b3-40e0-a7a4-c3a183d861b0", "creation_timestamp": "2025-03-20T19:18:37.000000Z"}, {"uuid": "57750cea-97af-4e22-9e7d-a8a03461c542", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1071", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6720", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-1071 with Docker\nURL\uff1ahttps://github.com/Trackflaw/CVE-2024-1071-Docker\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-03-04T18:34:06.000000Z"}, {"uuid": "0b27a49b-af4a-4e14-8cea-4621007d7903", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1071", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6812", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-1071\nURL\uff1ahttps://github.com/Matrexdz/CVE-2024-1071\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-03-18T17:01:59.000000Z"}, {"uuid": "25e6d228-fddc-446c-9e56-e8488c103917", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1071", "type": "seen", "source": "https://t.me/ArabGathering/4042", "content": "\ud83d\udccd\u062a\u0646\u0628\u064a\u0647 \u0645\u0643\u0648\u0646 WordPress \u0627\u0644\u0625\u0636\u0627\u0641\u064a - \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u062e\u0637\u064a\u0631\u0629 \u0641\u064a SQLi \u062a\u0647\u062f\u062f \u0623\u0643\u062b\u0631 \u0645\u0646 200 \u0623\u0644\u0641 \u0645\u0648\u0642\u0639 \u0648\u064a\u0628\n\n\u062a\u0645 \u0627\u0644\u0643\u0634\u0641 \u0639\u0646 \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u062e\u0637\u064a\u0631\u0629 \u0641\u064a \u0645\u0643\u0648\u0646 WordPress \u0627\u0644\u0625\u0636\u0627\u0641\u064a \u0627\u0644\u0634\u0647\u064a\u0631 \u0627\u0644\u0645\u0633\u0645\u0649 Ultimate Member \u0648\u0627\u0644\u0630\u064a \u064a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u0623\u0643\u062b\u0631 \u0645\u0646 200000 \u0639\u0645\u0644\u064a\u0629 \u062a\u062b\u0628\u064a\u062a \u0646\u0634\u0637\u0629\n\n\u062a\u062d\u0645\u0644 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629\u060c \u0627\u0644\u062a\u064a \u062a\u0645 \u062a\u062a\u0628\u0639\u0647\u0627 \u0628\u0627\u0633\u0645 CVE-2024-1071\u060c \u062f\u0631\u062c\u0629 CVSS \u062a\u0628\u0644\u063a 9.8 \u0645\u0646 \u0623\u0635\u0644 10 \u0643\u062d\u062f \u0623\u0642\u0635\u0649. \u0648\u064a\u064f\u0646\u0633\u0628 \u0625\u0644\u0649 \u0627\u0644\u0628\u0627\u062d\u062b \u0627\u0644\u0623\u0645\u0646\u064a \u0643\u0631\u064a\u0633\u062a\u064a\u0627\u0646 \u0633\u0648\u064a\u0631\u0632 \u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u062e\u0644\u0644 \u0648\u0627\u0644\u0625\u0628\u0644\u0627\u063a \u0639\u0646\u0647\n\n@ArabGathering", "creation_timestamp": "2024-03-18T15:13:49.000000Z"}, {"uuid": "695640d8-2984-42a5-b95e-eaea4b45ce57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10715", "type": "seen", "source": "https://t.me/cvedetector/10001", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10715 - \"MapPress Maps for WordPress Stored Cross-Site Scripting Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-10715 \nPublished : Nov. 6, 2024, 11:15 a.m. | 41\u00a0minutes ago \nDescription : The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Map block in all versions up to, and including, 2.94.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-06T13:19:24.000000Z"}, {"uuid": "caa89c99-517a-43c2-83ae-bba6b7994848", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1071", "type": "seen", "source": "Telegram/k_awQcIVtdG26XH73SgVx2qmo93XU0q58wLTjRhTWKhcjw", "content": "", "creation_timestamp": "2024-02-27T09:38:02.000000Z"}, {"uuid": "f6d603ba-bee6-42d3-9aa8-964e971a6466", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10716", "type": "seen", "source": "https://t.me/cvedetector/12122", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10716 - Pega Platform versions 8.1 to Infinity 24.2.0 are\", \n  \"Content\": \"CVE ID : CVE-2024-10716 \nPublished : Dec. 5, 2024, 4:15 p.m. | 35\u00a0minutes ago \nDescription : Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an XSS issue with search. \nSeverity: 5.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-05T17:52:24.000000Z"}, {"uuid": "d56b7a03-d0d2-4a9b-938d-715b8fabcf1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10711", "type": "seen", "source": "https://t.me/cvedetector/9836", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10711 - WooCommerce Report CSRF Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10711 \nPublished : Nov. 5, 2024, 9:15 a.m. | 38\u00a0minutes ago \nDescription : The WooCommerce Report plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.1. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update arbitrary options that can be leveraged for privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-05T11:21:09.000000Z"}, {"uuid": "7937f041-2fdb-4c51-a652-21cda4439cfa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1071", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/17096", "content": "\ud83d\udea8CVE-2024-1071: The Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection\n\nCVSS: 9.8\n\nCredit: youtube.com/@ghost_sec\nGitHub: https://github.com/gh-ost00/CVE-2024-1071-SQL-Injection", "creation_timestamp": "2025-05-09T20:26:33.000000Z"}, {"uuid": "97d3bc8a-7c96-4671-84bd-8a0d1b3b52f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1071", "type": "published-proof-of-concept", "source": "Telegram/YXx5aBBvPgdMRDR7I-6RXrOMvuEp4WhM6A-XwqMBYiaUjg", "content": "", "creation_timestamp": "2024-09-06T12:54:59.000000Z"}, {"uuid": "ac64c5fb-66d0-4fcc-93a8-b84002fedcc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1071", "type": "published-proof-of-concept", "source": "https://t.me/LockBitChannels/119126", "content": "#exploit\nCVE-2024-20328:\nClamAV Command Injection Bug\nhttps://amitschendel.github.io/vulnerabilites/CVE-2024-20328\n\nCVE-2024-24816:\nCKEditor XSS vulnerability\nhttps://github.com/afine-com/CVE-2024-24816\n\nCVE-2023-35080:\nIvanti/Pulse VPN Client Exploit\nhttps://github.com/HopHouse/Ivanti-Pulse_VPN-Client_Exploit-CVE-2023-35080_Privilege-escalation\n\nCVE-2024-0811:\nChrome pageCapture.saveAsMHTML() Extension API Blocked Origin Bypass\nhttps://packetstormsecurity.com/files/177172/Chrome-chrome.pageCapture.saveAsMHTML-Extension-API-Blocked-Origin-Bypass.html\n\nCVE-2023-50387:\nKeyTrap in DNS/DNSSEC\nhttps://github.com/knqyf263/CVE-2023-50387\n\nCVE-2024-22369:\nApache Camel Unsafe Deserialization\nhttps://github.com/oscerd/CVE-2024-22369\n\nCVE-2024-1708/CVE-2024-1709:\nScreenConnect Authentication Bypass\nhttps://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass\n\nCCE-2024-21413:\nMicrosoft Outlook RCE\nhttps://github.com/Mdusmandasthaheer/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability\n\nCVE-2024-24401:\nNagios Authenticated SQL Injection\nhttps://github.com/MAWK0235/CVE-2024-24401\n\nCVE-2024-1071:\nWordPress Ultimate Member Unauthorized Database Access/SQLi\nhttps://github.com/gbrsh/CVE-2024-1071\n\nCVE-2024-1651:\nTorrentpier RCE Exploit\nhttps://github.com/sharpicx/CVE-2024-1651-PoC\n\nCVE-2023-50386:\nApache Solr Backup/Restore APIs RCE\nhttps://github.com/vvmdx/Apache-Solr-RCE_CVE-2023-50386_POC\n\nCVE-2024-21762:\nFortiOS 6.0 - 7.4 - OoB/RCE\nhttps://github.com/c0d3b3af/CVE-2024-21762-POC\n\nCVE-2024-26521:\nCE Phoenix v1.0.x Html Injection\nhttps://github.com/hackervegas001/CVE-2024-26521\n\nCVE-2024-21672:\nConfluence Data Center/ Server RCE\nhttps://github.com/swagcrafted/CVE-2024-21672-POC\n\nCVE-2023-49109:\nRCE in Apache Dolphinscheduler\nhttps://xz.aliyun.com/t/13913?time__1311=mqmxnQ0%3D3eqQqGNDQiFbFD9Q7fCKAKx\n\nCVE-2024-21410:\nMS Exchange Privilege Escalation\nhttps://github.com/FreakyM0ndy/CVE-2024-21410-poc", "creation_timestamp": "2024-10-04T00:51:53.000000Z"}, {"uuid": "74ce6e46-4100-4abc-b9fb-a3780c70b625", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1071", "type": "published-proof-of-concept", "source": "https://t.me/LockBitChannels/56148", "content": "#exploit\nCVE-2024-20328:\nClamAV Command Injection Bug\nhttps://amitschendel.github.io/vulnerabilites/CVE-2024-20328\n\nCVE-2024-24816:\nCKEditor XSS vulnerability\nhttps://github.com/afine-com/CVE-2024-24816\n\nCVE-2023-35080:\nIvanti/Pulse VPN Client Exploit\nhttps://github.com/HopHouse/Ivanti-Pulse_VPN-Client_Exploit-CVE-2023-35080_Privilege-escalation\n\nCVE-2024-0811:\nChrome pageCapture.saveAsMHTML() Extension API Blocked Origin Bypass\nhttps://packetstormsecurity.com/files/177172/Chrome-chrome.pageCapture.saveAsMHTML-Extension-API-Blocked-Origin-Bypass.html\n\nCVE-2023-50387:\nKeyTrap in DNS/DNSSEC\nhttps://github.com/knqyf263/CVE-2023-50387\n\nCVE-2024-22369:\nApache Camel Unsafe Deserialization\nhttps://github.com/oscerd/CVE-2024-22369\n\nCVE-2024-1708/CVE-2024-1709:\nScreenConnect Authentication Bypass\nhttps://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass\n\nCCE-2024-21413:\nMicrosoft Outlook RCE\nhttps://github.com/Mdusmandasthaheer/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability\n\nCVE-2024-24401:\nNagios Authenticated SQL Injection\nhttps://github.com/MAWK0235/CVE-2024-24401\n\nCVE-2024-1071:\nWordPress Ultimate Member Unauthorized Database Access/SQLi\nhttps://github.com/gbrsh/CVE-2024-1071\n\nCVE-2024-1651:\nTorrentpier RCE Exploit\nhttps://github.com/sharpicx/CVE-2024-1651-PoC\n\nCVE-2023-50386:\nApache Solr Backup/Restore APIs RCE\nhttps://github.com/vvmdx/Apache-Solr-RCE_CVE-2023-50386_POC\n\nCVE-2024-21762:\nFortiOS 6.0 - 7.4 - OoB/RCE\nhttps://github.com/c0d3b3af/CVE-2024-21762-POC\n\nCVE-2024-26521:\nCE Phoenix v1.0.x Html Injection\nhttps://github.com/hackervegas001/CVE-2024-26521\n\nCVE-2024-21672:\nConfluence Data Center/ Server RCE\nhttps://github.com/swagcrafted/CVE-2024-21672-POC\n\nCVE-2023-49109:\nRCE in Apache Dolphinscheduler\nhttps://xz.aliyun.com/t/13913?time__1311=mqmxnQ0%3D3eqQqGNDQiFbFD9Q7fCKAKx\n\nCVE-2024-21410:\nMS Exchange Privilege Escalation\nhttps://github.com/FreakyM0ndy/CVE-2024-21410-poc", "creation_timestamp": "2024-10-04T00:51:54.000000Z"}, {"uuid": "0ab6057b-0ed1-484f-a546-bdf3de9aa922", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1071", "type": "published-proof-of-concept", "source": "https://t.me/sentrylz/5034", "content": "", "creation_timestamp": "2024-09-06T12:54:58.000000Z"}, {"uuid": "682f28d3-e727-4259-94af-6648f5e27b00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1071", "type": "published-proof-of-concept", "source": "Telegram/m_uXFR_n3tw3cdqXp4eNTFp75GNkXoZP5JCdghj_BLdvWjAh", "content": "", "creation_timestamp": "2025-01-19T10:54:11.000000Z"}, {"uuid": "8c75a5ad-3ade-444c-a66f-e4bfcb9fa205", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1071", "type": "published-proof-of-concept", "source": "Telegram/sSOYy9sa0Jc9yTev23pVTCXx5ZwCCV54W3-F49CmFMjcWAGd", "content": "", "creation_timestamp": "2025-01-19T10:45:19.000000Z"}, {"uuid": "796927c7-5a28-43ee-bd94-6539f6ecf3cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1071", "type": "published-proof-of-concept", "source": "https://t.me/sentrylz/5033", "content": "\ud83c\udd94 CVE ID: CVE-2024-1071\n\ud83d\udcdc M\u00f4 t\u1ea3: The Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'sorting' parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n\n=====================================\n\npython CVE-2024-1071.py -f list_web.txt\n\n=> \ud83e\udd16 Free ShodanSearch Bot: @bugsfinderbot", "creation_timestamp": "2024-09-06T12:56:47.000000Z"}, {"uuid": "d635f174-8b2f-4f63-914c-d0d09fb874a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1071", "type": "published-proof-of-concept", "source": "Telegram/1o3RyjbxkBAdqVV1IakPcUVDj3AIfLmG662gmZzR_AzpiWSm", "content": "", "creation_timestamp": "2025-01-20T11:03:21.000000Z"}, {"uuid": "e3fe9437-f68f-44e5-97d8-765864c1af41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1071", "type": "published-proof-of-concept", "source": "Telegram/CRo72oop6ZwQnESqwzNS9o-UvXAtRRZBbTaMpkpQIbIEQGCv", "content": "", "creation_timestamp": "2025-01-19T09:05:11.000000Z"}, {"uuid": "d47b32b6-d848-4da5-a512-6c38edd8f45c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1071", "type": "published-proof-of-concept", "source": "Telegram/V1VUnV7rs7gBAtSdtSG9YU8DOLHIzu1kUZjtLh94w5_yW5C9", "content": "", "creation_timestamp": "2024-12-22T22:15:30.000000Z"}, {"uuid": "ff762237-38a7-4b62-9930-bdbd22397e5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1071", "type": "published-proof-of-concept", "source": "Telegram/UrNq84zyBC1oMAufBesPTpXAbedIsqXaSNJFq3mfmDUScAM", "content": "", "creation_timestamp": "2024-10-04T00:51:11.000000Z"}, {"uuid": "2f62c99a-2352-4526-ac5b-a2577067a704", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1071", "type": "seen", "source": "https://t.me/arpsyndicate/4215", "content": "#ExploitObserverAlert\n\nCVE-2024-1071\n\nDESCRIPTION: Exploit Observer has 12 entries in 7 file formats related to CVE-2024-1071. The Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'sorting' parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n\nFIRST-EPSS: 0.000630000", "creation_timestamp": "2024-03-15T04:16:37.000000Z"}, {"uuid": "67ec83b8-ca06-4273-a596-f1573f6390ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1071", "type": "published-proof-of-concept", "source": "Telegram/MI65lLGsaGTIv40PK1J154YyMiL63QZNJWuw9XlT_YRsFb40", "content": "", "creation_timestamp": "2025-01-19T09:05:12.000000Z"}, {"uuid": "90659d6e-0860-41e8-9de6-312e416e641c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1071", "type": "published-proof-of-concept", "source": "Telegram/1yNdYtjM167PWJ8z4QCuhWfayRW6CDLYSnp7378ajV5EDt8", "content": "", "creation_timestamp": "2024-10-04T00:51:08.000000Z"}, {"uuid": "d1d0712a-a360-4224-afc2-580f807681f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1071", "type": "published-proof-of-concept", "source": "Telegram/PfifvZz7tMW-Pq-u9dIIWpX49EGHHaNBJSKvwqdUIESB65tP", "content": "", "creation_timestamp": "2025-01-19T10:54:13.000000Z"}, {"uuid": "29c4091a-0c42-43fc-a1a4-581ddd6dbfc6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1071", "type": "published-proof-of-concept", "source": "Telegram/OIy-vi5ELr4cctl8ownkSK8SkQmdcofc4nGKbyP-zK6wBJzg", "content": "", "creation_timestamp": "2025-01-19T10:45:24.000000Z"}, {"uuid": "cfb3a7d2-9324-47a7-9bf6-def5e1ab581a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1071", "type": "published-proof-of-concept", "source": "Telegram/1Z5p7xYqKVRAHiS5stM6LcQjCrKKZtV6q5K3lriQD01vETjY", "content": "", "creation_timestamp": "2025-01-20T11:03:16.000000Z"}, {"uuid": "cae9308f-cec8-4297-abae-f309b0b3771d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1071", "type": "published-proof-of-concept", "source": "Telegram/7b0KDMH2WfquipCst9Tv71iesbtnEU4bQJg16OEgDf9nbvsj", "content": "", "creation_timestamp": "2024-12-22T22:15:27.000000Z"}, {"uuid": "9cc122bf-badf-4f50-a1c2-fcca64e508b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1071", "type": "seen", "source": "https://t.me/LiberationofAlAqsa/1646", "content": "\ud83d\udccd\u062a\u0646\u0628\u064a\u0647 \u0645\u0643\u0648\u0646 WordPress \u0627\u0644\u0625\u0636\u0627\u0641\u064a - \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u062e\u0637\u064a\u0631\u0629 \u0641\u064a SQLi \u062a\u0647\u062f\u062f \u0623\u0643\u062b\u0631 \u0645\u0646 200 \u0623\u0644\u0641 \u0645\u0648\u0642\u0639 \u0648\u064a\u0628\n\n\u062a\u0645 \u0627\u0644\u0643\u0634\u0641 \u0639\u0646 \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u062e\u0637\u064a\u0631\u0629 \u0641\u064a \u0645\u0643\u0648\u0646 WordPress \u0627\u0644\u0625\u0636\u0627\u0641\u064a \u0627\u0644\u0634\u0647\u064a\u0631 \u0627\u0644\u0645\u0633\u0645\u0649 Ultimate Member \u0648\u0627\u0644\u0630\u064a \u064a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u0623\u0643\u062b\u0631 \u0645\u0646 200000 \u0639\u0645\u0644\u064a\u0629 \u062a\u062b\u0628\u064a\u062a \u0646\u0634\u0637\u0629\n\n\u062a\u062d\u0645\u0644 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629\u060c \u0627\u0644\u062a\u064a \u062a\u0645 \u062a\u062a\u0628\u0639\u0647\u0627 \u0628\u0627\u0633\u0645 CVE-2024-1071\u060c \u062f\u0631\u062c\u0629 CVSS \u062a\u0628\u0644\u063a 9.8 \u0645\u0646 \u0623\u0635\u0644 10 \u0643\u062d\u062f \u0623\u0642\u0635\u0649. \u0648\u064a\u064f\u0646\u0633\u0628 \u0625\u0644\u0649 \u0627\u0644\u0628\u0627\u062d\u062b \u0627\u0644\u0623\u0645\u0646\u064a \u0643\u0631\u064a\u0633\u062a\u064a\u0627\u0646 \u0633\u0648\u064a\u0631\u0632 \u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u062e\u0644\u0644 \u0648\u0627\u0644\u0625\u0628\u0644\u0627\u063a \u0639\u0646\u0647\n\n@ArabGathering", "creation_timestamp": "2024-03-18T16:14:56.000000Z"}, {"uuid": "efebb6a0-1f1a-478d-adfd-4858054ba980", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1071", "type": "published-proof-of-concept", "source": "Telegram/oUVEUqdL5OMBlDBVeR0Zfuwm2SrJKqWCEK-BgHxBeDkUlQ", "content": "", "creation_timestamp": "2024-02-27T09:12:32.000000Z"}, {"uuid": "498263f5-ff08-4a3b-af5e-824b76ab88cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1071", "type": "published-proof-of-concept", "source": "https://t.me/sentrylz/788", "content": "", "creation_timestamp": "2024-09-06T12:54:58.000000Z"}, {"uuid": "c6272026-de3c-4fec-9c96-57b54af2e0ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1071", "type": "seen", "source": "https://t.me/KomunitiSiber/1550", "content": "WordPress Plugin Alert - Critical SQLi Vulnerability Threatens 200K+ Websites\nhttps://thehackernews.com/2024/02/wordpress-plugin-alert-critical-sqli.html\n\nA critical security flaw has been disclosed in a popular WordPress plugin called\u00a0Ultimate Member\u00a0that has more than 200,000 active installations.\nThe vulnerability, tracked as CVE-2024-1071, carries a CVSS score of 9.8 out of a maximum of 10. Security researcher Christiaan Swiers has been credited with discovering and reporting the flaw.\nIn an advisory published last week, WordPress", "creation_timestamp": "2024-02-27T08:12:34.000000Z"}, {"uuid": "231d0991-cb90-45fd-881f-228f2d32370e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1071", "type": "published-proof-of-concept", "source": "https://t.me/sentrylz/787", "content": "\ud83c\udd94 CVE ID: CVE-2024-1071\n\ud83d\udcdc M\u00f4 t\u1ea3: The Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'sorting' parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n\n=====================================\n\npython CVE-2024-1071.py -f list_web.txt\n\n=> \ud83e\udd16 Free ShodanSearch Bot: @bugsfinderbot", "creation_timestamp": "2024-09-06T12:56:47.000000Z"}, {"uuid": "baaca54c-76b8-49b1-aebd-4f62a1a724c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1071", "type": "seen", "source": "https://t.me/ctinow/203116", "content": "https://ift.tt/ah8g3QC\nCVE-2024-1071 Exploit", "creation_timestamp": "2024-03-08T08:16:51.000000Z"}, {"uuid": "5334a596-5898-498e-9e51-9ebf8bbf1d4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1071", "type": "exploited", "source": "https://t.me/true_secator/5457", "content": "Wordfence \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u044e\u0442 \u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0438 \u0441 CVSS 9,8 \u0438\u0437 10 \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 WordPress Ultimate Member, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0438\u043c\u0435\u0435\u0442 \u0431\u043e\u043b\u0435\u0435 200 000 \u0430\u043a\u0442\u0438\u0432\u043d\u044b\u0445 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043e\u043a.\n\n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u0444\u043e\u0440\u043c\u0443\u043b\u0438\u0440\u043e\u0432\u043a\u0435 Defiant, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u0430\u044f \u043a\u0430\u043a CVE-2024-1071, \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0434\u043b\u044f \u0438\u0437\u0432\u043b\u0435\u0447\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0438\u0437 \u0431\u0430\u0437 \u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Defiant, \u043e\u0448\u0438\u0431\u043a\u0430 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0438\u0437-\u0437\u0430 \u043d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0444\u0443\u043d\u043a\u0446\u0438\u0439 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0447\u0435\u0433\u043e \u0444\u0443\u043d\u043a\u0446\u0438\u044f \u043e\u0447\u0438\u0441\u0442\u043a\u0438 \u0442\u0435\u043a\u0441\u0442\u0430 \u043d\u0435 \u043c\u043e\u0436\u0435\u0442 \u0437\u0430\u0449\u0438\u0442\u0438\u0442\u044c \u043e\u0442 \u0430\u0442\u0430\u043a SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0439.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u0442\u0430\u043a\u0436\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438, \u0447\u0442\u043e \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430 \u0437\u0430\u043f\u0440\u043e\u0441\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0442\u043e\u043b\u044c\u043a\u043e \u0441\u043b\u0435\u043f\u043e\u0439 \u043f\u043e\u0434\u0445\u043e\u0434, \u043e\u0441\u043d\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u043d\u0430 \u0432\u0440\u0435\u043c\u0435\u043d\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f SQL CASE \u0438 \u043a\u043e\u043c\u0430\u043d\u0434\u0443 \u0441\u043d\u0430, \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u044f \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u0432\u0440\u0435\u043c\u044f \u043e\u0442\u0432\u0435\u0442\u0430 \u043d\u0430 \u0437\u0430\u043f\u0440\u043e\u0441\u044b \u043e \u043a\u0440\u0430\u0436\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438.\n\n\u0425\u043e\u0442\u044f \u044d\u0442\u043e \u0438 \u0441\u043b\u043e\u0436\u043d\u044b\u0439, \u043d\u043e \u0437\u0430\u0447\u0430\u0441\u0442\u0443\u044e \u0443\u0441\u043f\u0435\u0448\u043d\u044b\u0439 \u043c\u0435\u0442\u043e\u0434 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0438\u0437 \u0431\u0430\u0437\u044b \u0434\u0430\u043d\u043d\u044b\u0445 \u043f\u0440\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0439.\n\n\u041e\u0434\u043d\u0430\u043a\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0442\u043e\u043b\u044c\u043a\u043e \u0432 \u0442\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435, \u0435\u0441\u043b\u0438 \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u0430 \u043e\u043f\u0446\u0438\u044f \u00ab\u0412\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0443\u044e \u0442\u0430\u0431\u043b\u0438\u0446\u0443 \u0434\u043b\u044f \u043c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u00bb.\n\n\u0412 \u0441\u0432\u044f\u0437\u0438 \u0441 \u0447\u0435\u043c, \u043d\u0435 \u0432\u0441\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043f\u043b\u0430\u0433\u0438\u043d\u0430 \u0431\u0443\u0434\u0443\u0442 \u043f\u043e \u0441\u0432\u043e\u0435\u0439 \u0441\u0443\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u044b, \u043d\u043e \u043d\u0435 \u0441\u0442\u043e\u0438\u0442 \u0437\u0430\u0431\u044b\u0432\u0430\u0442\u044c, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043f\u0440\u043e\u0434\u0432\u0438\u043d\u0443\u0442\u044b \u0438 \u043c\u043e\u0433\u0443\u0442 \u043e\u0431\u044a\u0435\u0434\u0438\u043d\u0438\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u043b\u0430\u0433\u0438\u043d\u0430\u0445 \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0438\u0436\u0435\u043d\u0438\u044f \u043f\u043e\u043b\u043d\u043e\u0433\u043e \u0437\u0430\u0445\u0432\u0430\u0442\u0430 \u0441\u0430\u0439\u0442\u0430.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u0431\u044b\u043b\u0430 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 19 \u0444\u0435\u0432\u0440\u0430\u043b\u044f \u0432 \u043d\u043e\u0432\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 Ultimate Member 2.8.3.\u00a0\u0417\u0430 \u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0435 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u043f\u043e\u043b\u0443\u0447\u0438\u043b \u0432\u043e\u0437\u043d\u0430\u0433\u0440\u0430\u0436\u0434\u0435\u043d\u0438\u0435 \u0432 \u0440\u0430\u0437\u043c\u0435\u0440\u0435 2063 \u0434\u043e\u043b\u043b\u0430\u0440\u043e\u0432 \u0421\u0428\u0410.\n\n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c Ultimate Member \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 Defiant \u0437\u0430\u044f\u0432\u043b\u044f\u0435\u0442, \u0447\u0442\u043e \u0443\u0436\u0435 \u0444\u0438\u043a\u0441\u0438\u0440\u0443\u0435\u0442 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u044d\u0442\u0443 \u043e\u0448\u0438\u0431\u043a\u0443.", "creation_timestamp": "2024-02-27T13:20:30.000000Z"}, {"uuid": "2005a450-c6e4-420a-a9ae-a76daee41024", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1071", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10055", "content": "#exploit\n1. CVE-2024-24401:\nNagios Authenticated SQL Injection\nhttps://github.com/MAWK0235/CVE-2024-24401\n\n2. CVE-2024-1071:\nWordPress Ultimate Member Unauthorized Database Access/SQLi\nhttps://github.com/gbrsh/CVE-2024-1071\n\n3. CVE-2024-1651:\nTorrentpier RCE Exploit\nhttps://github.com/sharpicx/CVE-2024-1651-PoC", "creation_timestamp": "2024-02-28T16:47:17.000000Z"}, {"uuid": "7772dcb0-3d16-4cb8-be4a-c629ecda4641", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1071", "type": "seen", "source": "https://t.me/thehackernews/4603", "content": "\u26a0\ufe0f Alert \u2014 Critical security flaw (CVE-2024-1071) found in Ultimate Member WordPress plugin used by 200k sites. \n \nRead more: https://thehackernews.com/2024/02/wordpress-plugin-alert-critical-sqli.html \n \nUpdate to version 2.8.3 to fix SQL injection vulnerability and prevent data breaches.", "creation_timestamp": "2024-02-27T06:46:34.000000Z"}]}