Lucene search

Hermit Security Vulnerabilities

cve

CVE-2022-29410

Authenticated SQL Injection (SQLi) vulnerability in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress allows attackers with Subscriber or higher user roles to execute SQLi attack via (&ids).

8.8CVSS

9.1AI Score

0.001EPSS

2022-04-28 05:15 PM

cve

CVE-2022-29411

SQL Injection (SQLi) vulnerability in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress allows attackers to execute SQLi attack via (&id).

9.8CVSS

9.8AI Score

0.002EPSS

2022-04-28 05:15 PM

cve

CVE-2022-29412

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Hermit 音乐播放器 plugin <= 3.1.6 on WordPress allow attackers to delete cache, delete a source, create source.

5.4CVSS

5.7AI Score

0.001EPSS

2022-04-28 05:15 PM

cve

CVE-2022-29413

Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress via &title parameter.

6.1CVSS

6.1AI Score

0.001EPSS

2022-04-28 05:15 PM