59 matches found
CVE-2022-29412
Multiple Cross-Site Request Forgery CSRF vulnerabilities in Hermit 音乐播放器 plugin = 3.1.6 on WordPress allow attackers to delete cache, delete a source, create source...
CVE-2022-29413
Cross-Site Request Forgery CSRF leading to Stored Cross-Site Scripting XSS in Mufeng's Hermit 音乐播放器 plugin = 3.1.6 on WordPress via parameter...
CVE-2022-29411
SQL Injection SQLi vulnerability in Mufeng's Hermit 音乐播放器 plugin = 3.1.6 on WordPress allows attackers to execute SQLi attack via...
CVE-2022-29410
Authenticated SQL Injection SQLi vulnerability in Mufeng's Hermit 音乐播放器 plugin = 3.1.6 on WordPress allows attackers with Subscriber or higher user roles to execute SQLi attack via...
Hermit <= 3.1.6 - Stored Cross-Site Scripting via CSRF
The plugin does not have CSRF check in when creating a source, and does not sanitise as well as escape the title, which could allow attackers to make a logged in user create an arbitrary source with an XSS payload in it...
WordPress Hermit 音乐播放器 plugin <= 3.1.6 - Unauthenticated SQL Injection SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by Lenon Leite Patchstack Alliance in WordPress Hermit 音乐播放器 plugin versions = 3.1.6. Solution Deactivate and delete. This plugin has been closed as of April 25, 2022 and is not available for download. This closure is temporary, pending ...
WordPress Hermit 音乐播放器 plugin <= 3.1.6 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Lenon Leite Patchstack Alliance in WordPress Hermit 音乐播放器 plugin versions = 3.1.6. Solution Deactivate and delete. This plugin has been closed as of April 25, 2022 and is not available for download. This closure is temporary, pending a...
WordPress plugin Hermit SQL注入漏洞
WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress Hermit plugin 3.1.6 and previous versions are vulnerable to SQL injection, which can be exploited by...
PT-2022-19587 · Mufeng · Mufeng'S Hermit 音乐播放器 Plugin
Name of the Vulnerable Software and Affected Versions: Mufeng's Hermit 音乐播放器 plugin versions = 3.1.6 Description: The issue is related to Cross-Site Request Forgery CSRF that leads to Stored Cross-Site Scripting XSS via the title parameter. This allows for malicious script storage and execution...
WordPress plugin Hermit 跨站请求伪造漏洞
WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress Hermit plugin cross-site request forgery vulnerability, which can be exploited by attackers to delet...
WordPress plugin Hermit 跨站脚本漏洞
WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress Hermit plugin cross-site scripting vulnerability, no details of the vulnerability are currently...
WordPress Hermit 音乐播放器 plugin <= 3.1.6 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Ex.Mi Patchstack in WordPress Hermit 音乐播放器 plugin versions = 3.1.6. Solution Deactivate and delete. This plugin has been closed as of April 25, 2022 and is not available for download. This closure is temporary, pending a...
Hermit <= 3.1.6 - Arbitrary Cache/Source Deletion & Source Creation via CSRF
The plugin does not have CSRF checks in multiple actions, which could allow attackers to make logged in users perform them via CSRF attacks...
WordPress Hermit 音乐播放器 plugin <= 3.1.6 - Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) vulnerability
Cross-Site Request Forgery CSRF leading to Stored Cross-Site Scripting XSS vulnerability discovered by Ex.Mi Patchstack in WordPress Hermit 音乐播放器 plugin versions = 3.1.6. Solution Deactivate and delete. This plugin has been closed as of April 25, 2022 and is not available for download. This closu...
PT-2022-19586 · Unknown · Hermit 音乐播放器
Name of the Vulnerable Software and Affected Versions: Hermit 音乐播放器 plugin versions = 3.1.6 Description: The issue concerns multiple Cross-Site Request Forgery CSRF vulnerabilities. These vulnerabilities allow attackers to perform various actions, such as deleting cache, deleting a source, and...
Hermit <= 3.1.6 - Subscriber+ SQLi
The plugin does not sanitise and escape the ids parameter before using it in a SQL statement, leading to a SQL injection...
WordPress plugin Hermit SQL注入漏洞
WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.The WordPress Hermit plugin 3.1.6 and previous versions are vulnerable to SQL injection, which stems from the la...
Hermit <= 3.1.6 - Unauthenticated SQLi
The plugin does not sanitise and escape the id parameter before using it in a SQL statement, leading to a SQL injection...
PT-2022-19584 · Mufeng · Mufeng'S Hermit 音乐播放器
Name of the Vulnerable Software and Affected Versions: Mufeng's Hermit 音乐播放器 plugin versions = 3.1.6 Description: An Authenticated SQL Injection SQLi issue allows attackers with Subscriber or higher user roles to execute SQLi attacks. The attack is executed via the &ids parameter. Recommendations...