VYPR

Hermit

by WordPress

CVEs (4)

  • CVE-2022-29411HigApr 28, 2022
    risk 0.54cvss 8.3epss 0.01

    SQL Injection (SQLi) vulnerability in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress allows attackers to execute SQLi attack via (&id).

  • CVE-2022-29410HigApr 28, 2022
    risk 0.48cvss 7.4epss 0.01

    Authenticated SQL Injection (SQLi) vulnerability in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress allows attackers with Subscriber or higher user roles to execute SQLi attack via (&ids).

  • CVE-2022-29412MedApr 28, 2022
    risk 0.35cvss 5.4epss 0.00

    Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Hermit 音乐播放器 plugin <= 3.1.6 on WordPress allow attackers to delete cache, delete a source, create source.

  • CVE-2022-29413MedApr 28, 2022
    risk 0.31cvss 4.7epss 0.00

    Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress via &title parameter.