{"vulnerability": "cve-2016-1095", "sightings": [{"uuid": "bbf91b3e-0849-400b-b470-e09492e62119", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-10958", "type": "seen", "source": "https://t.me/cibsecurity/6784", "content": "ATENTION\u203c New - CVE-2016-10958\n\nThe estatik plugin before 2.3.0 for WordPress has unauthenticated arbitrary file upload via es_media_images[] to wp-admin/admin-ajax.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2019-09-16T16:33:01.000000Z"}, {"uuid": "33396c53-c872-411a-b72f-e835fd0b5f41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-10957", "type": "seen", "source": "https://t.me/cibsecurity/6785", "content": "ATENTION\u203c New - CVE-2016-10957\n\nThe Akal theme through 2016-08-22 for WordPress has XSS via the framework/brad-shortcodes/tinymce/preview.php sc parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2019-09-16T16:33:02.000000Z"}, {"uuid": "a8997c76-f3b7-4b7a-97ee-a5a4ae0c9134", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-10956", "type": "seen", "source": "https://t.me/cibsecurity/6786", "content": "ATENTION\u203c New - CVE-2016-10956\n\nThe mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2019-09-16T16:33:03.000000Z"}, {"uuid": "d72f5beb-9c2b-4c68-aa1d-8be6df94812a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-10955", "type": "seen", "source": "https://t.me/cibsecurity/6735", "content": "ATENTION\u203c New - CVE-2016-10955\n\nThe cysteme-finder plugin before 1.4 for WordPress has unrestricted file upload because of incorrect session tracking.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2019-09-13T16:28:15.000000Z"}, {"uuid": "637fe263-5efa-4571-9fe2-453a22d93261", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-10954", "type": "seen", "source": "https://t.me/cibsecurity/6736", "content": "ATENTION\u203c New - CVE-2016-10954\n\nThe Neosense theme before 1.8 for WordPress has qquploader unrestricted file upload.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2019-09-13T16:28:16.000000Z"}, {"uuid": "d5698d46-b754-42c2-bcf1-ac7e185e5fdc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-10953", "type": "seen", "source": "https://t.me/cibsecurity/6737", "content": "ATENTION\u203c New - CVE-2016-10953\n\nThe Headway theme before 3.8.9 for WordPress has XSS via the license key field.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2019-09-13T16:28:17.000000Z"}, {"uuid": "9363674e-fd5c-4cd5-a17c-17eeddb2d360", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-10952", "type": "seen", "source": "https://t.me/cibsecurity/6738", "content": "ATENTION\u203c New - CVE-2016-10952\n\nThe quotes-collection plugin before 2.0.6 for WordPress has XSS via the wp-admin/admin.php?page=quotes-collection page parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2019-09-13T16:28:18.000000Z"}, {"uuid": "11616b43-29e5-4e93-a37d-897de232e274", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-10951", "type": "seen", "source": "https://t.me/cibsecurity/6739", "content": "ATENTION\u203c New - CVE-2016-10951\n\nThe fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2019-09-13T16:28:19.000000Z"}, {"uuid": "60cf9016-f973-4f6c-8991-6c5c02b1a586", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-10950", "type": "seen", "source": "https://t.me/cibsecurity/6740", "content": "ATENTION\u203c New - CVE-2016-10950\n\nThe sirv plugin before 1.3.2 for WordPress has SQL injection via the id parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2019-09-13T16:28:23.000000Z"}, {"uuid": "879938e5-458a-44d8-93cc-1e5a71566809", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-10959", "type": "seen", "source": "https://t.me/cibsecurity/6783", "content": "ATENTION\u203c New - CVE-2016-10959\n\nThe estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload (exploitable with CSRF) via es_media_images[] to wp-admin/admin-ajax.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2019-09-16T16:33:00.000000Z"}]}