{"vulnerability": "CVE-2022-4715", "sightings": [{"uuid": "9603959a-08ce-4c37-aaaa-65d1daa643ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-47152", "type": "seen", "source": "https://t.me/cibsecurity/64697", "content": "\u203c CVE-2022-47152 \u203c\n\nCross-Site Request Forgery (CSRF) vulnerability in Etison, LLC ClickFunnels plugin <=\u00c2\u00a03.1.1 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-24T20:27:18.000000Z"}, {"uuid": "1e7bdd57-a6fb-4776-a3ab-998d8c300c7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-47157", "type": "seen", "source": "https://t.me/cibsecurity/64384", "content": "\u203c CVE-2022-47157 \u203c\n\nAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Don Benjamin WP Custom Fields Search plugin <=\u00c2\u00a01.2.34 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-18T14:32:09.000000Z"}, {"uuid": "629a5083-0c97-4d33-8637-711937fb4d87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-4715", "type": "seen", "source": "https://t.me/cibsecurity/56855", "content": "\u203c CVE-2022-4715 \u203c\n\nThe Structured Content WordPress plugin before 1.5.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-23T18:31:13.000000Z"}, {"uuid": "e81d3f93-7f5a-41a6-bcf3-501cf357cbab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-4715", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10336", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-4715\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Structured Content WordPress plugin before 1.5.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.\n\ud83d\udccf Published: 2023-01-23T14:31:56.331Z\n\ud83d\udccf Modified: 2025-04-03T19:20:22.459Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/4394fe86-4240-4454-b724-81464b04123a", "creation_timestamp": "2025-04-03T19:35:47.000000Z"}, {"uuid": "d10f941b-a387-4249-a618-325936984bfa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-47158", "type": "seen", "source": "https://t.me/cibsecurity/62712", "content": "\u203c CVE-2022-47158 \u203c\n\nAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pakpobox alfred24 Click & Collect plugin <=\u00c2\u00a01.1.7 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-24T18:14:39.000000Z"}]}