Vulnerabilities > Hermit Project
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-28 | CVE-2022-29410 | Unspecified vulnerability in Hermit Project Hermit 3.1.6 Authenticated SQL Injection (SQLi) vulnerability in Mufeng's Hermit ????? plugin <= 3.1.6 on WordPress allows attackers with Subscriber or higher user roles to execute SQLi attack via (&ids). | 8.8 |
2022-04-28 | CVE-2022-29411 | Unspecified vulnerability in Hermit Project Hermit 3.1.6 SQL Injection (SQLi) vulnerability in Mufeng's Hermit ????? plugin <= 3.1.6 on WordPress allows attackers to execute SQLi attack via (&id). | 9.8 |
2022-04-28 | CVE-2022-29412 | Unspecified vulnerability in Hermit Project Hermit 3.1.6 Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Hermit ????? plugin <= 3.1.6 on WordPress allow attackers to delete cache, delete a source, create source. | 5.4 |
2022-04-28 | CVE-2022-29413 | Unspecified vulnerability in Hermit Project Hermit 3.1.6 Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in Mufeng's Hermit ????? plugin <= 3.1.6 on WordPress via &title parameter. | 6.1 |