Vulnerability Details CVE-2022-29413
Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress via &title parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.9%
CVSS Severity
CVSS v3 Score 4.7
CVSS v2 Score 4.3
References
- https://patchstack.com/database/vulnerability/hermit/wordpress-hermit-plugin-3-1-6-cross-site-request-forgery-csrf-leading-to-stored-cross-site-scripting-xss-vulnerability
- https://wordpress.org/plugins/hermit/
- https://patchstack.com/database/vulnerability/hermit/wordpress-hermit-plugin-3-1-6-cross-site-request-forgery-csrf-leading-to-stored-cross-site-scripting-xss-vulnerability
- https://wordpress.org/plugins/hermit/
Products affected by CVE-2022-29413
-
cpe:2.3:a:hermit_project:hermit:-
-
cpe:2.3:a:hermit_project:hermit:3.1.6