{"vulnerability": "cve-2022-3911", "sightings": [{"uuid": "f7470168-9993-4018-bf76-119d46867500", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3911", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11317", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-3911\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The iubenda WordPress plugin before 3.3.3 does does not have authorisation and CSRF in an AJAX action, and does not ensure that the options to be updated belong to the plugin as long as they are arrays. As a result, any authenticated users, such as subscriber can grant themselves any privileges, such as edit_plugins etc\n\ud83d\udccf Published: 2023-01-02T21:49:36.753Z\n\ud83d\udccf Modified: 2025-04-10T18:34:25.760Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/c47fdca8-74ac-48a4-9780-556927fb4e52", "creation_timestamp": "2025-04-10T18:49:36.000000Z"}, {"uuid": "88f42fb8-f97c-4718-95ac-418cf36d8e6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39118", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11229", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-39118\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In sprd_sysdump driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.\n\ud83d\udccf Published: 2023-01-04T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-10T14:46:51.781Z\n\ud83d\udd17 References:\n1. https://www.unisoc.com/en_us/secy/announcementDetail/1610118225591336001", "creation_timestamp": "2025-04-10T14:50:07.000000Z"}, {"uuid": "a5223804-3de4-4196-b2e1-b2cd5a1767d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39113", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16511", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-39113\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed.\n\ud83d\udccf Published: 2022-10-14T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-15T14:24:55.358Z\n\ud83d\udd17 References:\n1. https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738", "creation_timestamp": "2025-05-15T14:35:12.000000Z"}, {"uuid": "7498a182-e3f8-422a-9503-100c6000ef4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39111", "type": "seen", "source": "https://t.me/cibsecurity/51490", "content": "\u203c CVE-2022-39111 \u203c\n\nIn Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-14T22:29:11.000000Z"}, {"uuid": "88315d07-ab61-416c-ab6e-b91de80b3b0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3911", "type": "seen", "source": "https://t.me/cibsecurity/55770", "content": "\u203c CVE-2022-3911 \u203c\n\nThe iubenda | All-in-one Compliance for GDPR / CCPA Cookie Consent + more WordPress plugin before 3.3.3 does does not have authorisation and CSRF in an AJAX action, and does not ensure that the options to be updated belong to the plugin as long as they are arrays. As a result, any authenticated users, such as subscriber can grant themselves any privileges, such as edit_plugins etc\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-03T00:29:44.000000Z"}, {"uuid": "4ea46102-616a-4851-897f-4736dbcd8209", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39112", "type": "seen", "source": "https://t.me/cibsecurity/51491", "content": "\u203c CVE-2022-39112 \u203c\n\nIn Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-14T22:29:15.000000Z"}, {"uuid": "b6254a5c-5a27-4dc0-bedd-a1e7d69209f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39117", "type": "seen", "source": "https://t.me/cibsecurity/51497", "content": "\u203c CVE-2022-39117 \u203c\n\nIn messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-14T22:29:21.000000Z"}, {"uuid": "df2a004f-7b93-4663-8a18-82e4ce2a6b13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39110", "type": "seen", "source": "https://t.me/cibsecurity/51495", "content": "\u203c CVE-2022-39110 \u203c\n\nIn Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-14T22:29:19.000000Z"}, {"uuid": "1ae3540c-cb4a-4e09-bdef-b7f3bbed73b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39115", "type": "seen", "source": "https://t.me/cibsecurity/51481", "content": "\u203c CVE-2022-39115 \u203c\n\nIn Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-14T22:28:59.000000Z"}]}