Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29413 | 1 Hermit Project | 1 Hermit | 2024-11-21 | 4.3 MEDIUM | 4.7 MEDIUM |
|
Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress via &title parameter.
|
|||||
| CVE-2022-29412 | 1 Hermit Project | 1 Hermit | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
|
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Hermit 音乐播放器 plugin <= 3.1.6 on WordPress allow attackers to delete cache, delete a source, create source.
|
|||||
| CVE-2022-29411 | 1 Hermit Project | 1 Hermit | 2024-11-21 | 7.5 HIGH | 8.3 HIGH |
|
SQL Injection (SQLi) vulnerability in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress allows attackers to execute SQLi attack via (&id).
|
|||||
| CVE-2022-29410 | 1 Hermit Project | 1 Hermit | 2024-11-21 | 6.5 MEDIUM | 7.4 HIGH |
|
Authenticated SQL Injection (SQLi) vulnerability in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress allows attackers with Subscriber or higher user roles to execute SQLi attack via (&ids).
|
|||||