{"vulnerability": "CVE-2022-4458", "sightings": [{"uuid": "13609c50-a0c3-4ce0-b1fc-666f91f40d0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2022-44588", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3mfpld7sajp2h", "content": "", "creation_timestamp": "2026-02-25T21:02:30.028887Z"}, {"uuid": "e75717b1-f53e-46e4-bc69-b15d6d69e1bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-44589", "type": "seen", "source": "https://t.me/ctinow/160423", "content": "https://ift.tt/rl0IbSE\nCVE-2022-44589", "creation_timestamp": "2023-12-29T11:26:18.000000Z"}, {"uuid": "28859cef-c597-4a29-8cab-ea8537f0ea26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-44585", "type": "seen", "source": "https://t.me/cibsecurity/57429", "content": "\u203c CVE-2022-44585 \u203c\n\nCross-Site Request Forgery (CSRF) vulnerability in Magneticlab S\u00c3\u00a0rl Homepage Pop-up plugin <= 1.2.5 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T00:15:22.000000Z"}, {"uuid": "e235d528-3556-429b-bf7b-59a0886565cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-44588", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2022/CVE-2022-44588.yaml", "content": "", "creation_timestamp": "2026-02-21T18:54:48.000000Z"}, {"uuid": "3a59bf1b-c42a-496a-b134-284954c26052", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-4458", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8371", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-4458\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The amr shortcode any widget WordPress plugin through 4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.\n\ud83d\udccf Published: 2023-02-13T14:32:11.163Z\n\ud83d\udccf Modified: 2025-03-21T15:45:02.123Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/c85ceab3-7e79-402d-ad48-a028f1ee070c", "creation_timestamp": "2025-03-21T16:19:32.000000Z"}, {"uuid": "31d4202b-0a32-450e-922c-20e0eb8b34d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-44582", "type": "seen", "source": "https://t.me/cibsecurity/62666", "content": "\u203c CVE-2022-44582 \u203c\n\nAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Apptivo Apptivo Business Site CRM plugin <=\u00c2\u00a03.0.12 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-23T12:33:17.000000Z"}, {"uuid": "2b3c4e4a-ea36-40d1-a2ac-838d008d7f2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-44580", "type": "seen", "source": "https://t.me/cibsecurity/60056", "content": "\u203c CVE-2022-44580 \u203c\n\nSQL Injection (SQLi) vulnerability in RichPlugins Plugin for Google Reviews plugin <= 2.2.3 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-15T17:24:55.000000Z"}, {"uuid": "576c3c20-fdc4-4552-b57d-b01a4519ef8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-44584", "type": "seen", "source": "https://t.me/cibsecurity/53194", "content": "\u203c CVE-2022-44584 \u203c\n\nUnauth. Arbitrary File Deletion vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-19T02:40:41.000000Z"}, {"uuid": "ee4f9c78-75de-481d-b6af-63b025415878", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-44589", "type": "seen", "source": "https://t.me/arpsyndicate/2281", "content": "#ExploitObserverAlert\n\nCVE-2022-44589\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-44589. Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange's Google Authenticator \u2013 WordPress Two Factor Authentication \u2013 2FA , Two Factor, OTP SMS and Email | Passwordless login.This issue affects miniOrange's Google Authenticator \u2013 WordPress Two Factor Authentication \u2013 2FA , Two Factor, OTP SMS and Email | Passwordless login: from n/a through 5.6.1.", "creation_timestamp": "2023-12-31T02:51:10.000000Z"}, {"uuid": "dcb2db6e-240a-446a-be82-df2e5b3e3e01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-44589", "type": "seen", "source": "https://t.me/cibsecurity/73921", "content": "\u203c\ufe0fCVE-2022-44589\u203c\ufe0f\n\nExposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange's Google Authenticator  WordPress Two Factor Authentication  2FA , Two Factor, OTP SMS and Email  Passwordless login.This issue affects miniOrange's Google Authenticator  WordPress Two Factor Authentication  2FA , Two Factor, OTP SMS and Email  Passwordless login from na through 5.6.1.  \n\n\ud83d\udcd6 Read more\n\nVia \"National Vulnerability Database\"", "creation_timestamp": "2023-12-30T01:36:20.000000Z"}, {"uuid": "d564cb90-4ccf-4f85-9dfa-1ec181d085de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-44589", "type": "seen", "source": "https://t.me/ctinow/170800", "content": "https://ift.tt/cbhONoq\nCVE-2022-44589 | miniOrange Google Authenticator Plugin up to 5.6.1 on WordPress information disclosure", "creation_timestamp": "2024-01-21T10:41:38.000000Z"}, {"uuid": "c4ebcbed-e1b6-4e4d-aa99-2ecf0ff0d006", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-44588", "type": "seen", "source": "https://t.me/cibsecurity/54640", "content": "\u203c CVE-2022-44588 \u203c\n\nUnauth. SQL Injection vulnerability in Cryptocurrency Widgets Pack Plugin <=1.8.1 on WordPress.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-15T22:30:03.000000Z"}, {"uuid": "05013e54-08e3-4d86-a02a-7cbfb4fff010", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-44586", "type": "seen", "source": "https://t.me/cibsecurity/52495", "content": "\u203c CVE-2022-44586 \u203c\n\nAuth. (admin+) Stored Cross-Site Scripting (XSS) in Ayoub Media AM-HiLi plugin <= 1.0 on WordPress.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-03T01:20:02.000000Z"}]}