{"vulnerability": "cve-2022-4532", "sightings": [{"uuid": "e02357c8-2c28-497e-8634-76eb43823a34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45320", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4140", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45320\n\ud83d\udd25 CVSS Score: 6.2 (CVSS_V3)\n\ud83d\udd39 Description: Liferay Portal before 7.4.3.16 and Liferay DXP before 7.2 fix pack 19, 7.3 before update 6, and 7.4 before update 16 allow remote authenticated users to become the owner of a wiki page by editing the wiki page.\n\ud83d\udccf Published: 2024-02-20T06:30:29Z\n\ud83d\udccf Modified: 2025-02-12T21:58:35Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2022-45320\n2. https://github.com/liferay/liferay-portal\n3. https://github.com/liferay/liferay-portal/releases/tag/7.4.3.16-ga16\n4. https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-45320", "creation_timestamp": "2025-02-12T22:10:31.000000Z"}, {"uuid": "65f04fb8-f068-43bd-8f1d-15762a4a6308", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45320", "type": "seen", "source": "https://t.me/arpsyndicate/3714", "content": "#ExploitObserverAlert\n\nCVE-2022-45320\n\nDESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2022-45320. Liferay Portal before 7.4.3.16 and Liferay DXP before 7.2 fix pack 19, 7.3 before update 6, and 7.4 before update 16 allow remote authenticated users to become the owner of a wiki page by editing the wiki page.\n\nFIRST-EPSS: 0.000430000", "creation_timestamp": "2024-02-21T07:10:43.000000Z"}, {"uuid": "885899cc-e0ee-44e8-9b8b-5fe39aaa0595", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45320", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4119", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45320\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2024-02-20T05:15:07.613\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-45320\n2. https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-45320", "creation_timestamp": "2025-02-12T19:08:21.000000Z"}, {"uuid": "273062df-efde-44a5-b045-fe1aec772ce7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45320", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9475", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45320\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Liferay Portal before 7.4.3.16 and Liferay DXP before 7.2 fix pack 19, 7.3 before update 6, and 7.4 before update 16 allow remote authenticated users to become the owner of a wiki page by editing the wiki page.\n\ud83d\udccf Published: 2024-02-20T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-28T20:43:01.175Z\n\ud83d\udd17 References:\n1. https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-45320", "creation_timestamp": "2025-03-28T21:29:10.000000Z"}, {"uuid": "d88ecf52-371d-4ea8-af20-fed26ca598a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4532", "type": "seen", "source": "https://t.me/CveExploits/12", "content": "\ud83d\udea8 CVE-2022-4532\nThe LOGIN AND REGISTRATION ATTEMPTS LIMIT plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.1. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address from logging in.", "creation_timestamp": "2024-08-17T14:00:50.000000Z"}, {"uuid": "8c8c2c30-e1f4-4bac-82df-d8d1ba3a4aa3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45320", "type": "seen", "source": "Telegram/G41z6Nk2aGkHOlvLZm2Sy3Bw2FmppX2fpfyVL2qX-7bl29np", "content": "", "creation_timestamp": "2025-02-14T10:05:09.000000Z"}, {"uuid": "807dfe21-6984-464b-b172-56658c593bd9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4532", "type": "seen", "source": "https://t.me/cvedetector/3386", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-4532 - WordPress LOGIN AND REGISTRATION ATTEMPTS LIMIT IP Address Spoofing\", \n  \"Content\": \"CVE ID : CVE-2022-4532 \nPublished : Aug. 17, 2024, 8:15 a.m. | 21\u00a0minutes ago \nDescription : The LOGIN AND REGISTRATION ATTEMPTS LIMIT plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.1. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address from logging in. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-17T10:37:30.000000Z"}, {"uuid": "264a203a-4965-4302-ba90-bebe67f9a7f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45329", "type": "seen", "source": "https://t.me/cibsecurity/53623", "content": "\u203c CVE-2022-45329 \u203c\n\nAeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Search parameter. This vulnerability allows attackers to access database information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-29T07:28:36.000000Z"}, {"uuid": "a989c6b7-2dcb-47af-9731-082e335888a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45320", "type": "seen", "source": "https://t.me/ctinow/188142", "content": "https://ift.tt/Gsa8SEi\nCVE-2022-45320", "creation_timestamp": "2024-02-20T06:26:55.000000Z"}, {"uuid": "f85fccb4-3b7c-4064-93b7-f51857a74a7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45320", "type": "seen", "source": "https://t.me/ctinow/188140", "content": "https://ift.tt/Gsa8SEi\nCVE-2022-45320", "creation_timestamp": "2024-02-20T06:21:40.000000Z"}, {"uuid": "001c9255-3e03-4138-9fa0-8ea2f2d77dac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45328", "type": "seen", "source": "https://t.me/cibsecurity/53697", "content": "\u203c CVE-2022-45328 \u203c\n\nChurch Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_members.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-30T07:29:25.000000Z"}, {"uuid": "e8e586cb-99d5-47b9-aa40-96c28f9b9fd5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45326", "type": "seen", "source": "https://t.me/cibsecurity/54084", "content": "\u203c CVE-2022-45326 \u203c\n\nAn XML external entity (XXE) injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-06T20:41:03.000000Z"}]}