{"vulnerability": "cve-2022-4686", "sightings": [{"uuid": "94edc7fc-40cd-4cf6-a955-c0cac361c127", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46867", "type": "seen", "source": "https://t.me/cibsecurity/60261", "content": "\u203c CVE-2022-46867 \u203c\n\nCross-Site Request Forgery (CSRF) vulnerability in Chasil Universal Star Rating plugin &lt;= 2.1.0 version.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-17T19:31:43.000000Z"}, {"uuid": "f0e68fb3-8cbc-4448-b4c7-4517d0a147c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-4686", "type": "seen", "source": "https://t.me/cibsecurity/55235", "content": "\u203c CVE-2022-4686 \u203c\n\nImproper Authentication in GitHub repository usememos/memos prior to 0.9.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-23T14:14:29.000000Z"}, {"uuid": "917ac67c-d2b5-400c-aca0-b81d86d66e6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46861", "type": "seen", "source": "https://t.me/cibsecurity/63732", "content": "\u203c CVE-2022-46861 \u203c\n\nAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Zia Imtiaz Custom Login Page Styler for WordPress plugin &lt;=\u00c2\u00a06.2 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-10T14:14:17.000000Z"}, {"uuid": "b486fe59-87c6-487b-914d-979f9bddb8ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46863", "type": "seen", "source": "https://t.me/cibsecurity/60878", "content": "\u203c CVE-2022-46863 \u203c\n\nAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Event Manager plugin &lt;= 9.6.4 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-28T12:38:59.000000Z"}, {"uuid": "c2d75ad6-ebca-46fb-9937-5b83d95e97f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46862", "type": "seen", "source": "https://t.me/cibsecurity/58073", "content": "\u203c CVE-2022-46862 \u203c\n\nCross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master \u00e2\u20ac\u201c Best Quiz, Exam and Survey Plugin for WordPress plugin &lt;= 8.0.7 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-14T14:35:41.000000Z"}, {"uuid": "1f59ba63-db18-40aa-be74-64f273611508", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-4686", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11171", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-4686\n\ud83d\udd25 CVSS Score: 8.6 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)\n\ud83d\udd39 Description: Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.0.\n\ud83d\udccf Published: 2022-12-23T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-09T20:33:55.317Z\n\ud83d\udd17 References:\n1. https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9\n2. https://huntr.dev/bounties/caa0b22c-501f-44eb-af65-65c315cd1637", "creation_timestamp": "2025-04-09T20:48:40.000000Z"}, {"uuid": "fe0df593-61c1-4513-a298-457c6b3d6f40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46869", "type": "seen", "source": "https://t.me/cibsecurity/69600", "content": "\u203c CVE-2022-46869 \u203c\n\nLocal privilege escalation during installation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-01T00:13:18.000000Z"}, {"uuid": "82628b21-d689-4008-b6f1-8f9f7fa4e601", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46868", "type": "seen", "source": "https://t.me/cibsecurity/69552", "content": "\u203c CVE-2022-46868 \u203c\n\nLocal privilege escalation during recovery due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-31T18:13:12.000000Z"}, {"uuid": "c74b13b3-84e5-4d75-9f58-ceb0c7d7a055", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46864", "type": "seen", "source": "https://t.me/cibsecurity/63603", "content": "\u203c CVE-2022-46864 \u203c\n\nUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Umair Saleem Woocommerce Custom Checkout Fields Editor With Drag &amp; Drop plugin &lt;=\u00c2\u00a00.1 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-09T16:38:42.000000Z"}]}