{"vulnerability": "cve-2023-2744", "sightings": [{"uuid": "d6347c5f-729a-40d2-a2dc-cbffdcb98c21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2744", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6345", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aMass CVE-2023-2744\nURL\uff1ahttps://github.com/pashayogi/CVE-2023-2744\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-12-31T07:29:21.000000Z"}, {"uuid": "6bd09de3-83bb-48fb-b53a-1a0f5accc39e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2744", "type": "seen", "source": "https://t.me/arpsyndicate/2301", "content": "#ExploitObserverAlert\n\nCVE-2023-2744\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2744. The ERP WordPress plugin before 1.12.4 does not properly sanitise and escape the `type` parameter in the `erp/v1/accounting/v1/people` REST API endpoint before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.\n\nFIRST-EPSS: 0.000790000\nNVD-IS: 5.9\nNVD-ES: 1.2", "creation_timestamp": "2024-01-01T05:59:02.000000Z"}, {"uuid": "41dc131a-3cd6-4d67-bd84-cd3d436afcac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27448", "type": "seen", "source": "https://t.me/cibsecurity/71707", "content": "\u203c CVE-2023-27448 \u203c\n\nCross-Site Request Forgery (CSRF) vulnerability in MakeStories Team MakeStories (for Google Web Stories) plugin <=\u00c2\u00a02.8.0 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-06T16:26:32.000000Z"}, {"uuid": "7161e2be-08e6-49de-9920-1278a29de9f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27447", "type": "seen", "source": "https://t.me/ctinow/160009", "content": "https://ift.tt/AeNOREz\nCVE-2023-27447", "creation_timestamp": "2023-12-28T12:26:39.000000Z"}, {"uuid": "6061d491-6653-42e4-9ed7-ee591138919b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27443", "type": "seen", "source": "https://t.me/cibsecurity/65384", "content": "\u203c CVE-2023-27443 \u203c\n\nAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Grant Kimball Simple Vimeo Shortcode plugin <=\u00c2\u00a02.9.1 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-21T16:26:17.000000Z"}, {"uuid": "68957dda-98b6-4974-aba6-c738b8800ed0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2744", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9698", "content": "#exploit\n1. CVE-2023-2744:\nWP Plugins WP ERP <=1.12.2 - SQL Injection\nhttps://github.com/pashayogi/CVE-2023-2744\n\n2. CVE-2023-35813:\nRCE in Multiple Sitecore products\nhttps://github.com/lexy-1/CVE-2023-35813", "creation_timestamp": "2024-01-01T18:14:00.000000Z"}, {"uuid": "aff189c5-f01e-49f8-b107-b5833cd9d10f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2744", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/2389", "content": "#exploit\n1. CVE-2023-2744:\nWP Plugins WP ERP <=1.12.2 - SQL Injection\nhttps://github.com/pashayogi/CVE-2023-2744\n\n2. CVE-2023-35813:\nRCE in Multiple Sitecore products\nhttps://github.com/lexy-1/CVE-2023-35813", "creation_timestamp": "2024-08-16T08:59:48.000000Z"}]}