{"vulnerability": "CVE-2022-4756", "sightings": [{"uuid": "d59e62ce-8c2c-4052-8509-6eff3c948c4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-4756", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8778", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-4756\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The My YouTube Channel WordPress plugin before 3.23.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.\n\ud83d\udccf Published: 2023-02-06T19:59:14.149Z\n\ud83d\udccf Modified: 2025-03-25T20:44:44.644Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/d67b0f7a-fdb1-4305-9976-c5f77b0e3b61", "creation_timestamp": "2025-03-25T21:25:24.000000Z"}, {"uuid": "2562d071-b042-486c-989b-9fd2f125bd23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-47560", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18745", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-47560\n\ud83d\udd25 CVSS Score: 5.7 (cvssV3_1, Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: The lack of web request control on ekorCCP and ekorRCI devices allows a potential attacker to create custom requests to execute malicious actions when a user is logged in.\n\ud83d\udccf Published: 2023-09-20T07:52:33.173Z\n\ud83d\udccf Modified: 2025-06-18T14:27:40.985Z\n\ud83d\udd17 References:\n1. https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products", "creation_timestamp": "2025-06-18T14:41:46.000000Z"}, {"uuid": "a20209ff-05aa-4d77-ab0e-b9d7e44df6da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-47560", "type": "seen", "source": "https://t.me/cibsecurity/70786", "content": "\u203c CVE-2022-47560 \u203c\n\n** UNSUPPPORTED WHEN ASSIGNED ** The lack of web request control on ekorCCP and ekorRCI devices allows a potential attacker to create custom requests to execute malicious actions when a user is logged in.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-20T12:30:16.000000Z"}, {"uuid": "f01ece42-f0e3-43bd-bfe5-a5beb07bab2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-47562", "type": "seen", "source": "https://t.me/cibsecurity/70780", "content": "\u203c CVE-2022-47562 \u203c\n\n** UNSUPPPORTED WHEN ASSIGNED ** Vulnerability in the RCPbind service running on UDP port (111), allowing a remote attacker to create a denial of service (DoS) condition.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-20T12:30:04.000000Z"}, {"uuid": "756db499-ed9f-46ca-94c7-c7bfb3eddc66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-47561", "type": "seen", "source": "https://t.me/cibsecurity/70784", "content": "\u203c CVE-2022-47561 \u203c\n\n** UNSUPPPORTED WHEN ASSIGNED ** The web application stores credentials in clear text in the \"admin.xml\" file, which can be accessed without logging into the website, which could allow an attacker to obtain credentials related to all users, including admin users, in clear text, and use them to subsequently execute malicious actions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-20T12:30:11.000000Z"}, {"uuid": "d71f95ce-2d7b-4d6b-afef-595b05472cbc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-4756", "type": "seen", "source": "https://t.me/cibsecurity/57583", "content": "\u203c CVE-2022-4756 \u203c\n\nThe My YouTube Channel WordPress plugin before 3.23.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-06T22:23:38.000000Z"}]}