{"vulnerability": "cve-2022-4207", "sightings": [{"uuid": "dcc8a435-0085-4798-b72c-a2cbf21bbc22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4207", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2839", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-4207\n\ud83d\udd39 Description: The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several values that can be added to an Image Hover in versions 9.8.1 to 9.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin's features available to lower privileged users through the 'Who Can Edit?' setting then this can be exploited by those users.\n\ud83d\udccf Published: 2022-12-13T20:18:36.516Z\n\ud83d\udccf Modified: 2025-01-23T20:32:21.022Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/f00cdef3-d733-4e85-8099-204ef76096b4\n2. https://github.com/MrOxizen/image-hover-effects-ultimate/commit/4ba784e1a2a0cf02e8b8cbe3db7323735d7dedc9\n3. https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2830197%40image-hover-effects-ultimate&new=2830197%40image-hover-effects-ultimate&sfp_email=&sfph_mail=", "creation_timestamp": "2025-01-23T21:03:51.000000Z"}, {"uuid": "5cf6ef50-810f-438a-863c-24d332bdbfe7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42071", "type": "seen", "source": "https://t.me/cibsecurity/51430", "content": "\u203c CVE-2022-42071 \u203c\n\nOnline Birth Certificate Management System version 1.0 suffers from a Cross Site Scripting (XSS) Vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-14T18:29:04.000000Z"}, {"uuid": "f09cc147-1083-465c-ae6c-e66569952e85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42071", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16309", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-42071\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Online Birth Certificate Management System version 1.0 suffers from a Cross Site Scripting (XSS) Vulnerability.\n\ud83d\udccf Published: 2022-10-14T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-14T14:27:58.214Z\n\ud83d\udd17 References:\n1. https://www.sourcecodester.com/php/15683/online-birth-certificate-management-system-php-free-download.html\n2. https://packetstormsecurity.com/files/168533/Online-Birth-Certificate-Management-System-1.0-Cross-Site-Scripting.html", "creation_timestamp": "2025-05-14T14:31:54.000000Z"}, {"uuid": "4333d4b3-46b5-4744-a819-9743ff7984b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4207", "type": "seen", "source": "https://t.me/cibsecurity/54481", "content": "\u203c CVE-2022-4207 \u203c\n\nThe Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several values that can be added to an Image Hover in versions 9.8.1 to 9.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin's features available to lower privileged users through the 'Who Can Edit?' setting then this can be exploited by those users.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-14T00:22:16.000000Z"}, {"uuid": "22d7f0d9-3973-4ebd-83be-3ab850a1cf5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42075", "type": "seen", "source": "https://t.me/cibsecurity/51015", "content": "\u203c CVE-2022-42075 \u203c\n\nWedding Planner v1.0 is vulnerable to has arbitrary code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-07T22:17:49.000000Z"}, {"uuid": "aed0b0b6-bdb6-4706-b796-121bbf7f460d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42074", "type": "seen", "source": "https://t.me/cibsecurity/51023", "content": "\u203c CVE-2022-42074 \u203c\n\nOnline Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editcategory.php?id=.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-07T22:23:37.000000Z"}, {"uuid": "5c62568c-a39d-4ad8-9a5a-c7c3dd789723", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42070", "type": "seen", "source": "https://t.me/cibsecurity/51438", "content": "\u203c CVE-2022-42070 \u203c\n\nOnline Birth Certificate Management System version 1.0 is vulnerable to Cross Site Request Forgery (CSRF).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-14T18:29:13.000000Z"}, {"uuid": "5865e77d-c930-49ee-b999-48cf6e4683d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42078", "type": "seen", "source": "https://t.me/cibsecurity/51285", "content": "\u203c CVE-2022-42078 \u203c\n\nTenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-12T22:27:06.000000Z"}, {"uuid": "9392c482-ac7a-408a-a184-1cdba4a4ab88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42079", "type": "seen", "source": "https://t.me/cibsecurity/51284", "content": "\u203c CVE-2022-42079 \u203c\n\nTenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via the function formWifiBasicSet.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-12T22:27:05.000000Z"}, {"uuid": "1d71cae1-51a5-4948-a6af-ff2d859855c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42077", "type": "seen", "source": "https://t.me/cibsecurity/51281", "content": "\u203c CVE-2022-42077 \u203c\n\nTenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-12T22:26:59.000000Z"}]}