{"vulnerability": "CVE-2022-1617", "sightings": [{"uuid": "0692b54a-32ba-48c1-8097-cc06b76f1a51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-1617", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18092", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-1617\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing attacker to make a logged in admin change them and add XSS payload in them\n\ud83d\udccf Published: 2024-01-16T15:52:49.812Z\n\ud83d\udccf Modified: 2025-06-11T17:14:19.258Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/7e40e506-ad02-44ca-9d21-3634f3907aad/", "creation_timestamp": "2025-06-11T17:34:16.000000Z"}, {"uuid": "6dd9c8de-72f6-4189-b1f4-9d39ee57e721", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-1617", "type": "seen", "source": "https://t.me/ctinow/179895", "content": "https://ift.tt/7YKz1aC\nCVE-2022-1617 | WP-Invoice Plugin up to 4.3.1 on WordPress Setting cross-site request forgery", "creation_timestamp": "2024-02-06T11:11:13.000000Z"}, {"uuid": "791ead0f-1b0d-4271-a561-a97d23f197d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-1617", "type": "seen", "source": "https://t.me/ctinow/172303", "content": "https://ift.tt/7iNeAX6\nCVE-2022-1617 Exploit", "creation_timestamp": "2024-01-23T21:16:36.000000Z"}]}