Vulnerabilities (CVE)

Filtered by vendor Hermit Project Subscribe
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-29413 1 Hermit Project 1 Hermit 2022-05-16 4.3 MEDIUM 6.1 MEDIUM
Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in Mufeng's Hermit ????? plugin <= 3.1.6 on WordPress via &title parameter.
CVE-2022-29410 1 Hermit Project 1 Hermit 2022-05-16 6.5 MEDIUM 8.8 HIGH
Authenticated SQL Injection (SQLi) vulnerability in Mufeng's Hermit ????? plugin <= 3.1.6 on WordPress allows attackers with Subscriber or higher user roles to execute SQLi attack via (&ids).
CVE-2022-29412 1 Hermit Project 1 Hermit 2022-05-16 5.8 MEDIUM 5.4 MEDIUM
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Hermit ????? plugin <= 3.1.6 on WordPress allow attackers to delete cache, delete a source, create source.
CVE-2022-29411 1 Hermit Project 1 Hermit 2022-05-16 7.5 HIGH 9.8 CRITICAL
SQL Injection (SQLi) vulnerability in Mufeng's Hermit ????? plugin <= 3.1.6 on WordPress allows attackers to execute SQLi attack via (&id).