Lucene search
K

4 matches found

CVE
CVE
added 2022/04/18 5:10 p.m.90 views

CVE-2022-0994

CVE-2022-0994 : The WordPress Hummingbird plugin (versions Configs. Remediation: upgrade to version 3.3.2 or later. If upgrading isn’t possible, applying vendor-provided patches or mitigations per advisories is advised.

4.8CVSS4.8AI score0.0275EPSS
Exploits4References1Affected Software1
Cvelist
Cvelist
added 2022/04/18 5:10 p.m.42 views

CVE-2022-0994 Hummingbird < 3.3.2 - Admin+ Stored Cross-Site Scripting

The Hummingbird WordPress plugin before 3.3.2 does not sanitise and escape the Config Name, which could allow high privilege users, such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

5.2AI score0.0275EPSS
Exploits4References1
0day.today
0day.today
added 2022/04/07 12:0 a.m.273 views

WordPress Hummingbird Plugin < 3.3.2 - Stored Cross-Site Scripting Vulnerability

Tittle: WordPress Plugin Hummingbird Configs edit the "Name and Description" and put the following payload in the Name field: Save and Click 'Apply' to trigger the XSS Go to Hummingbird's Settings Configs and Upload the following config "id": 1, "name": "", "description": "Xss", "config":...

4.8CVSS5.2AI score0.0275EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/04/07 12:0 a.m.286 views

WordPress Hummingbird Cross Site Scripting

Tittle: WordPress Plugin Hummingbird Configs edit the "Name and Description" and put the following payload in the Name field: Save and Click 'Apply' to trigger the XSS Go to Hummingbird's Settings Configs and Upload the following config "id": 1, "name": "", "description": "Xss", "config":...

5.2AI score0.0275EPSS
Exploits4
Rows per page
Query Builder