{"vulnerability": "CVE-2022-4501", "sightings": [{"uuid": "a454f78c-5065-4245-9d26-07093477a3c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-45017", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13812", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45017\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A cross-site scripting (XSS) vulnerability in the Overview Page settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Loop field.\n\ud83d\udccf Published: 2022-11-21T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-29T13:59:07.792Z\n\ud83d\udd17 References:\n1. https://github.com/WBCE/WBCE_CMS\n2. https://github.com/gozan10\n3. https://github.com/WBCE/WBCE_CMS/issues/525", "creation_timestamp": "2025-04-29T14:11:40.000000Z"}, {"uuid": "6c039880-8c9b-4d30-a58c-823645551c5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-45015", "type": "seen", "source": "https://t.me/cibsecurity/53249", "content": "\u203c CVE-2022-45015 \u203c\n\nA cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Footer field.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-21T18:37:22.000000Z"}, {"uuid": "0290797d-44b2-4293-8045-3a9e9a7ba13d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-45017", "type": "seen", "source": "https://t.me/cibsecurity/53241", "content": "\u203c CVE-2022-45017 \u203c\n\nA cross-site scripting (XSS) vulnerability in the Overview Page settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Loop field.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-21T18:37:12.000000Z"}, {"uuid": "d9a4bd37-ad1e-4ea9-b2df-78077fe0b351", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-45013", "type": "seen", "source": "https://t.me/cibsecurity/53254", "content": "\u203c CVE-2022-45013 \u203c\n\nA cross-site scripting (XSS) vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Section Header field.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-21T18:37:30.000000Z"}, {"uuid": "8ff60ecd-b535-427d-b635-d2704700dd99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-45016", "type": "seen", "source": "https://t.me/cibsecurity/53244", "content": "\u203c CVE-2022-45016 \u203c\n\nA cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Footer field.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-21T18:37:15.000000Z"}, {"uuid": "a42a3728-7e15-41ca-b630-35156eb145d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-45012", "type": "seen", "source": "https://t.me/cibsecurity/53242", "content": "\u203c CVE-2022-45012 \u203c\n\nA cross-site scripting (XSS) vulnerability in the Modify Page module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Source field.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-22T00:38:38.000000Z"}, {"uuid": "598d70ad-4001-4c14-a402-b39702af483c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-45016", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13810", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45016\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Footer field.\n\ud83d\udccf Published: 2022-11-21T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-29T14:00:48.432Z\n\ud83d\udd17 References:\n1. https://github.com/WBCE/WBCE_CMS\n2. https://github.com/gozan10\n3. https://github.com/gozan10/cve/issues/5", "creation_timestamp": "2025-04-29T14:11:35.000000Z"}, {"uuid": "0ddfd244-a3ff-477c-bdde-9cb80769decb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-4501", "type": "seen", "source": "https://t.me/cibsecurity/54562", "content": "\u203c CVE-2022-4501 \u203c\n\nThe Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the vc_saving_data function in versions up to, and including, 4.2.7. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin's settings.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-15T00:22:56.000000Z"}]}