{"vulnerability": "cve-2022-2941", "sightings": [{"uuid": "34fadcd5-abaf-4faa-b2ab-81b18138ba5f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2941", "type": "seen", "source": "https://t.me/Dooztoria/22", "content": "\ud83c\udf65 Overview of Vulnerable Endpoints in WordPress Applications\n\n cves path\n \nCVE-2022-2864 includes/settings.php \nCVE-2022-3227 includes/class-searchwp-live-ajax-search.php \nCVE-2022-2941 admin/class-wp-useronline-admin.php \nspecifiNoted includes/class-wpvivid-backup.php \nCVE-2022-2436 includes/class-download-manager.php \nCVE-2022-25148 includes/class-wp-statistics-hits.php \nCVE-2022-1476 lib/model/class-ai1wm-backups.php \nCVE-2022-0236 includes/classes/class-wpie-general.php \nCVE-2022-1119 includes/ee-downloader.php \nCVE-2022-0888 includes/class-ninja-forms-file-uploads.php", "creation_timestamp": "2025-12-19T20:18:03.000000Z"}, {"uuid": "2122d683-f563-4822-a38d-32c0f79ddaf4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29416", "type": "seen", "source": "https://t.me/cibsecurity/57544", "content": "\u203c CVE-2022-29416 \u203c\n\nUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Afterpay Gateway for WooCommerce <= 3.5.0 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-06T16:22:51.000000Z"}, {"uuid": "8cd45b52-4b53-4993-9082-8a7e62b3394a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29415", "type": "seen", "source": "https://t.me/cibsecurity/41590", "content": "\u203c CVE-2022-29415 \u203c\n\nUnauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in Mati Skiba @ Rav Messer's Ravpage plugin <= 2.16 at WordPress.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-28T20:24:23.000000Z"}, {"uuid": "4a91b25e-cfe5-4922-ad9b-a08d276b3a9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29412", "type": "seen", "source": "https://t.me/cibsecurity/41587", "content": "\u203c CVE-2022-29412 \u203c\n\nMultiple Cross-Site Request Forgery (CSRF) vulnerabilities in Hermit ????? plugin <= 3.1.6 on WordPress allow attackers to delete cache, delete a source, create source.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-28T20:24:19.000000Z"}, {"uuid": "97aab72e-7fc6-40ae-93b7-3f1c4c1a3c40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29411", "type": "seen", "source": "https://t.me/cibsecurity/41586", "content": "\u203c CVE-2022-29411 \u203c\n\nSQL Injection (SQLi) vulnerability in Mufeng's Hermit ????? plugin <= 3.1.6 on WordPress allows attackers to execute SQLi attack via (&id).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-28T20:24:18.000000Z"}, {"uuid": "cba2e4e4-56f2-4d10-afe3-bda2af871d11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29410", "type": "seen", "source": "https://t.me/cibsecurity/41595", "content": "\u203c CVE-2022-29410 \u203c\n\nAuthenticated SQL Injection (SQLi) vulnerability in Mufeng's Hermit ????? plugin <= 3.1.6 on WordPress allows attackers with Subscriber or higher user roles to execute SQLi attack via (&ids).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-28T20:24:29.000000Z"}, {"uuid": "f4c3b680-ade3-4611-b6ec-eeb5f702c593", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29413", "type": "seen", "source": "https://t.me/cibsecurity/41594", "content": "\u203c CVE-2022-29413 \u203c\n\nCross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in Mufeng's Hermit ????? plugin <= 3.1.6 on WordPress via &title parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-28T20:24:28.000000Z"}, {"uuid": "6a628ea4-5efd-4195-868d-ceba8d020b4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29417", "type": "seen", "source": "https://t.me/cibsecurity/41399", "content": "\u203c CVE-2022-29417 \u203c\n\nPlugin Settings Update vulnerability in ShortPixel's ShortPixel Adaptive Images plugin <= 3.3.1 at WordPress allows an attacker with a low user role like a subscriber or higher to change the plugin settings.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-25T20:36:27.000000Z"}, {"uuid": "7dcd3bc4-33d6-4f1b-a8fc-45b6615a4c80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29419", "type": "seen", "source": "https://t.me/cibsecurity/41411", "content": "\u203c CVE-2022-29419 \u203c\n\nSQL Injection (SQLi) vulnerability in Don Crowther's 3xSocializer plugin <= 0.98.22 at WordPress possible for users with a low role like a subscriber or higher.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-25T20:42:19.000000Z"}, {"uuid": "88e60be3-dfcc-458b-ba35-db6d429a8557", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2941", "type": "exploited", "source": "https://www.exploit-db.com/exploits/51020", "content": "", "creation_timestamp": "2022-09-23T00:00:00.000000Z"}]}