CVE-2026-21725

A time-of-create-to-time-of-use TOCTOU vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so. This requires several very stringent conditions to be met: - The attacker must have admin access to the specific datasource prior to its first deletion...

WordPress Hermit plugin cross-site request forgery vulnerability

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress Hermit plugin cross-site request forgery vulnerability, which can be exploited by attackers to delet...

CVE-2022-29412

Multiple Cross-Site Request Forgery CSRF vulnerabilities in Hermit 音乐播放器 plugin = 3.1.6 on WordPress allow attackers to delete cache, delete a source, create source...

CVE-2022-29412

Multiple Cross-Site Request Forgery CSRF vulnerabilities in Hermit 音乐播放器 plugin = 3.1.6 on WordPress allow attackers to delete cache, delete a source, create source...

PT-2022-19586 · Unknown · Hermit 音乐播放器

Name of the Vulnerable Software and Affected Versions: Hermit 音乐播放器 plugin versions = 3.1.6 Description: The issue concerns multiple Cross-Site Request Forgery CSRF vulnerabilities. These vulnerabilities allow attackers to perform various actions, such as deleting cache, deleting a source, and...

WordPress plugin Hermit 跨站请求伪造漏洞

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress Hermit plugin cross-site request forgery vulnerability, which can be exploited by attackers to delet...