Vulnerabilities > Hermit Project

DATE CVE VULNERABILITY TITLE RISK
2022-04-28 CVE-2022-29410 Unspecified vulnerability in Hermit Project Hermit 3.1.6
Authenticated SQL Injection (SQLi) vulnerability in Mufeng's Hermit ????? plugin <= 3.1.6 on WordPress allows attackers with Subscriber or higher user roles to execute SQLi attack via (&ids).
network
low complexity
hermit-project
8.8
2022-04-28 CVE-2022-29411 Unspecified vulnerability in Hermit Project Hermit 3.1.6
SQL Injection (SQLi) vulnerability in Mufeng's Hermit ????? plugin <= 3.1.6 on WordPress allows attackers to execute SQLi attack via (&id).
network
low complexity
hermit-project
critical
9.8
2022-04-28 CVE-2022-29412 Unspecified vulnerability in Hermit Project Hermit 3.1.6
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Hermit ????? plugin <= 3.1.6 on WordPress allow attackers to delete cache, delete a source, create source.
network
low complexity
hermit-project
5.4
2022-04-28 CVE-2022-29413 Unspecified vulnerability in Hermit Project Hermit 3.1.6
Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in Mufeng's Hermit ????? plugin <= 3.1.6 on WordPress via &title parameter.
network
low complexity
hermit-project
6.1