Lucene search
K

59 matches found

ATTACKERKB
ATTACKERKB
added 2022/04/28 1:11 p.m.6 views

CVE-2022-29412

Multiple Cross-Site Request Forgery CSRF vulnerabilities in Hermit 音乐播放器 plugin = 3.1.6 on WordPress allow attackers to delete cache, delete a source, create source...

5.8CVSS5.7AI score0.00393EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/04/28 12:49 p.m.7 views

CVE-2022-29413

Cross-Site Request Forgery CSRF leading to Stored Cross-Site Scripting XSS in Mufeng's Hermit 音乐播放器 plugin = 3.1.6 on WordPress via parameter...

6.1CVSS6.1AI score0.00366EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/04/28 12:22 p.m.5 views

CVE-2022-29411

SQL Injection SQLi vulnerability in Mufeng's Hermit 音乐播放器 plugin = 3.1.6 on WordPress allows attackers to execute SQLi attack via...

9.8CVSS9.2AI score0.01045EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/04/28 12:1 p.m.4 views

CVE-2022-29410

Authenticated SQL Injection SQLi vulnerability in Mufeng's Hermit 音乐播放器 plugin = 3.1.6 on WordPress allows attackers with Subscriber or higher user roles to execute SQLi attack via...

8.8CVSS8.6AI score0.00862EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/28 12:0 a.m.16 views

Hermit <= 3.1.6 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check in when creating a source, and does not sanitise as well as escape the title, which could allow attackers to make a logged in user create an arbitrary source with an XSS payload in it...

6.1CVSS3AI score0.00366EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/04/28 12:0 a.m.26 views

WordPress Hermit 音乐播放器 plugin <= 3.1.6 - Unauthenticated SQL Injection SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by Lenon Leite Patchstack Alliance in WordPress Hermit 音乐播放器 plugin versions = 3.1.6. Solution Deactivate and delete. This plugin has been closed as of April 25, 2022 and is not available for download. This closure is temporary, pending ...

9.8CVSS2.9AI score0.01045EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/04/28 12:0 a.m.25 views

WordPress Hermit 音乐播放器 plugin <= 3.1.6 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Lenon Leite Patchstack Alliance in WordPress Hermit 音乐播放器 plugin versions = 3.1.6. Solution Deactivate and delete. This plugin has been closed as of April 25, 2022 and is not available for download. This closure is temporary, pending a...

8.8CVSS2.9AI score0.00862EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/04/28 12:0 a.m.5 views

WordPress plugin Hermit SQL注入漏洞

WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress Hermit plugin 3.1.6 and previous versions are vulnerable to SQL injection, which can be exploited by...

9.8CVSS5.9AI score0.01045EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/04/28 12:0 a.m.7 views

PT-2022-19587 · Mufeng · Mufeng'S Hermit 音乐播放器 Plugin

Name of the Vulnerable Software and Affected Versions: Mufeng's Hermit 音乐播放器 plugin versions = 3.1.6 Description: The issue is related to Cross-Site Request Forgery CSRF that leads to Stored Cross-Site Scripting XSS via the title parameter. This allows for malicious script storage and execution...

6.1CVSS6AI score0.00366EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/04/28 12:0 a.m.8 views

WordPress plugin Hermit 跨站请求伪造漏洞

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress Hermit plugin cross-site request forgery vulnerability, which can be exploited by attackers to delet...

5.8CVSS5.4AI score0.00393EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/04/28 12:0 a.m.6 views

WordPress plugin Hermit 跨站脚本漏洞

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress Hermit plugin cross-site scripting vulnerability, no details of the vulnerability are currently...

6.1CVSS5.2AI score0.00366EPSS
Exploits0References4
Patchstack
Patchstack
added 2022/04/28 12:0 a.m.32 views

WordPress Hermit 音乐播放器 plugin <= 3.1.6 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Ex.Mi Patchstack in WordPress Hermit 音乐播放器 plugin versions = 3.1.6. Solution Deactivate and delete. This plugin has been closed as of April 25, 2022 and is not available for download. This closure is temporary, pending a...

5.8CVSS2AI score0.00393EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/28 12:0 a.m.17 views

Hermit <= 3.1.6 - Arbitrary Cache/Source Deletion & Source Creation via CSRF

The plugin does not have CSRF checks in multiple actions, which could allow attackers to make logged in users perform them via CSRF attacks...

5.8CVSS4.4AI score0.00393EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/04/28 12:0 a.m.29 views

WordPress Hermit 音乐播放器 plugin <= 3.1.6 - Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) vulnerability

Cross-Site Request Forgery CSRF leading to Stored Cross-Site Scripting XSS vulnerability discovered by Ex.Mi Patchstack in WordPress Hermit 音乐播放器 plugin versions = 3.1.6. Solution Deactivate and delete. This plugin has been closed as of April 25, 2022 and is not available for download. This closu...

6.1CVSS1.2AI score0.00366EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/04/28 12:0 a.m.4 views

PT-2022-19586 · Unknown · Hermit 音乐播放器

Name of the Vulnerable Software and Affected Versions: Hermit 音乐播放器 plugin versions = 3.1.6 Description: The issue concerns multiple Cross-Site Request Forgery CSRF vulnerabilities. These vulnerabilities allow attackers to perform various actions, such as deleting cache, deleting a source, and...

5.8CVSS5.8AI score0.00393EPSS
Exploits0References5
WPVulnDB
WPVulnDB
added 2022/04/28 12:0 a.m.21 views

Hermit <= 3.1.6 - Subscriber+ SQLi

The plugin does not sanitise and escape the ids parameter before using it in a SQL statement, leading to a SQL injection...

8.8CVSS1.6AI score0.00862EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2022/04/28 12:0 a.m.5 views

WordPress plugin Hermit SQL注入漏洞

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.The WordPress Hermit plugin 3.1.6 and previous versions are vulnerable to SQL injection, which stems from the la...

8.8CVSS6.1AI score0.00862EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2022/04/28 12:0 a.m.23 views

Hermit <= 3.1.6 - Unauthenticated SQLi

The plugin does not sanitise and escape the id parameter before using it in a SQL statement, leading to a SQL injection...

9.8CVSS1.6AI score0.01045EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2022/04/28 12:0 a.m.5 views

PT-2022-19584 · Mufeng · Mufeng'S Hermit 音乐播放器

Name of the Vulnerable Software and Affected Versions: Mufeng's Hermit 音乐播放器 plugin versions = 3.1.6 Description: An Authenticated SQL Injection SQLi issue allows attackers with Subscriber or higher user roles to execute SQLi attacks. The attack is executed via the &ids parameter. Recommendations...

8.8CVSS9AI score0.00862EPSS
Exploits0References5
Rows per page
Query Builder