{"vulnerability": "cve-2024-0366", "sightings": [{"uuid": "06a83f54-f0b0-45cb-9dd2-a8add070c5d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-0366", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13273", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-0366\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: The Starbox \u2013 the Author Box for Humans plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.7 via the action function due to missing validation on a user controlled key. This makes it possible for subscribers to view plugin preferences and potentially other user settings.\n\ud83d\udccf Published: 2024-02-05T21:22:01.289Z\n\ud83d\udccf Modified: 2025-04-24T15:52:41.050Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/c47601b4-bf16-4f59-b5f3-584a8eac7c67?source=cve\n2. https://plugins.trac.wordpress.org/browser/starbox/trunk/core/UserSettings.php\n3. https://plugins.trac.wordpress.org/changeset/3028775/starbox/trunk?contextall=1&old=3000701&old_path=%2Fstarbox%2Ftrunk", "creation_timestamp": "2025-04-24T16:06:57.000000Z"}, {"uuid": "f1141d9e-787a-43f0-8d89-cc66a638eb57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-0366", "type": "seen", "source": "https://t.me/ctinow/190576", "content": "https://ift.tt/JUlyjfp\nCVE-2024-0366 | Starbox Plugin up to 3.4.7 on WordPress resource injection (ID 3028775)", "creation_timestamp": "2024-02-22T10:06:35.000000Z"}, {"uuid": "b9112a4a-5405-41c0-87cc-54ec31729fac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-0366", "type": "seen", "source": "https://t.me/ctinow/179592", "content": "https://ift.tt/VZ9PEIu\nCVE-2024-0366", "creation_timestamp": "2024-02-05T23:31:22.000000Z"}]}