{"vulnerability": "cve-2023-5877", "sightings": [{"uuid": "c3c779cf-8c3f-4f57-8e1a-b612edac90ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-5877", "type": "seen", "source": "https://t.me/cibsecurity/74086", "content": "\u203c\ufe0fCVE-2023-5877\u203c\ufe0f\n\nThe affiliatetoolkit WordPress plugin before 3.4.3 lacks authorization and authentication for requests to it's affiliatetoolkitstartertoolsatkpimagereceiver.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URL's, including RFC1918 private addresses, leading to a Server Side Request Forgery SSRF issue.\n\n\ud83d\udcd6 Read more\n\nVia \"National Vulnerability Database\"", "creation_timestamp": "2024-01-02T01:30:45.000000Z"}, {"uuid": "384971df-1cbd-48c1-8a19-cee710cc8422", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-5877", "type": "seen", "source": "https://t.me/ctinow/161359", "content": "https://ift.tt/68yviLk\nCVE-2023-5877", "creation_timestamp": "2024-01-01T16:26:18.000000Z"}, {"uuid": "9327fcbd-1350-40ac-8b96-d86d5e45ed58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-5877", "type": "seen", "source": "https://t.me/ctinow/171121", "content": "https://ift.tt/WfX1gus\nCVE-2023-5877 | WP-FeedStats affiliate-toolkit Plugin up to 3.4.2 on WordPress atkp_imagereceiver.php server-side request forgery", "creation_timestamp": "2024-01-22T12:36:59.000000Z"}]}