CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-29410

Authenticated SQL Injection (SQLi) vulnerability in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress allows attackers with Subscriber or higher user roles to execute SQLi attack via (&ids).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 55.9%

CVSS Severity

CVSS v3 Score 7.4

CVSS v2 Score 6.5

References

https://patchstack.com/database/vulnerability/hermit/wordpress-hermit-plugin-3-1-6-authenticated-sql-injection-sqli-vulnerability
https://wordpress.org/plugins/hermit/
https://patchstack.com/database/vulnerability/hermit/wordpress-hermit-plugin-3-1-6-authenticated-sql-injection-sqli-vulnerability
https://wordpress.org/plugins/hermit/

Products affected by CVE-2022-29410

Hermit Project » Hermit » Version: N/A

cpe:2.3:a:hermit_project:hermit:-
Hermit Project » Hermit » Version: 3.1.6

cpe:2.3:a:hermit_project:hermit:3.1.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-29410

Products

Pricing

Contact Us