{"vulnerability": "cve-2022-4669", "sightings": [{"uuid": "1246ddbe-1bdf-4dae-beb8-615e45e4dbaa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4669", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7335", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-4669\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Page Builder: Live Composer WordPress plugin before 1.5.23 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.\n\ud83d\udccf Published: 2023-02-21T08:50:39.682Z\n\ud83d\udccf Modified: 2025-03-12T16:16:52.245Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/79f011e4-3422-4307-8736-f27048796aae", "creation_timestamp": "2025-03-12T16:41:14.000000Z"}, {"uuid": "2dc908f2-2272-49da-9c1d-e9116f2ab759", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46691", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12682", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-46691\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A memory consumption issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.\n\ud83d\udccf Published: 2022-12-15T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-21T14:29:07.611Z\n\ud83d\udd17 References:\n1. https://support.apple.com/en-us/HT213535\n2. https://support.apple.com/en-us/HT213532\n3. https://support.apple.com/en-us/HT213530\n4. https://support.apple.com/en-us/HT213531\n5. https://support.apple.com/en-us/HT213536\n6. https://support.apple.com/en-us/HT213537\n7. http://seclists.org/fulldisclosure/2022/Dec/20\n8. http://seclists.org/fulldisclosure/2022/Dec/21\n9. http://seclists.org/fulldisclosure/2022/Dec/23\n10. http://seclists.org/fulldisclosure/2022/Dec/26\n11. http://seclists.org/fulldisclosure/2022/Dec/28\n12. http://seclists.org/fulldisclosure/2022/Dec/27\n13. https://security.gentoo.org/glsa/202305-32", "creation_timestamp": "2025-04-21T15:03:07.000000Z"}, {"uuid": "cfe4c9f2-e550-4544-824b-1063a6f0e9e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46697", "type": "seen", "source": "Telegram/wXJFleV8vEaWRjyjght-R7V6rgaHTWmrrJG5mADAecKVQmw", "content": "", "creation_timestamp": "2023-04-09T15:26:50.000000Z"}, {"uuid": "6f007195-3aa6-4202-a2b3-a63fa3f2ed36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46697", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2874", "content": "25 Tools - Hackers Factory\n\n\u200b\u200bOctopus\n\nA security analysis framework for WebAssembly module and Blockchain Smart Contract.\n\nhttps://github.com/FuzzingLabs/octopus\n\n#cybersecurity #infosec\n\n\u200b\u200bPenetration-Testing-Cheat-Sheet\n\nA guide to help people who are new to penetration testing and are looking to gain an overview of the penetration testing process. This guide will help anyone hoping to take the CREST CRT or Offensive Security's OSCP exam and will aim to cover each stage of compromising a host.\n\nhttps://github.com/curtishoughton/Penetration-Testing-Cheat-Sheet\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bViDeZZo\n\nA virtual device fuzzing framework considering both intra- and inter-message dependencies to balance fuzzing scalability and efficiency.\n\nhttps://github.com/HexHive/ViDeZZo\n\n#cybersecurity #infosec\n\n\u200b\u200bBug Bounty Beginner's Roadmap\n\nThis is a resource factory for anyone looking forward to starting bug hunting and would require guidance as a beginner.\n\nhttps://github.com/bittentech/Bug-Bounty-Beginner-Roadmap\n\n#bugbounty #pentesting #infosec\n\n\u200b\u200bImHex\n\n\ud83d\udd0d A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.\n\nhttps://github.com/WerWolv/ImHex\n\n#cybersecurity #infosec #reverse\n\n\u200b\u200bAndroid Penetration Testing Cheat Sheet\n\nThis is more of a checklist for myself. May contain useful tips and tricks.\n\nhttps://github.com/ivan-sincek/android-penetration-testing-cheat-sheet\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bZenLdr\n\nBasic implementation of Cobalt Strikes - User Defined Reflective Loader feature.\n\nhttps://github.com/Mav3rick33/ZenLdr\n\nDetails:\nhttps://mav3rick33.gitbook.io/the-lab/cobalt-strike-user-defined-reflective-loader-studies\n\n#infosec #redteam #pentesting\n\n\u200b\u200bScoper\n\nThis is a #BurpSuite extension that allows users to easily add web addresses to the Burp Suite scope.\n\nhttps://github.com/haticeerturk/scoper\n\n#infosec #bugbounty #pentesting\n\n\u200b\u200bspotify-gdpr-dump-analysis\n\nLocal analysis of complete spotify streaming dataset (endsong_*.json). Made in 3 hours alongside with chatGPT, fixing bugs as they appeared.\n\nhttps://github.com/pldubouilh/spotify-gdpr-dump-analysis\n\n#cybersecurity #infosec\n\n\u200b\u200bCVE-2022-46697\n\nOut-of-bounds access in IOMobileFrameBuffer\n\nhttps://github.com/antoniozekic/Proof-of-concepts/tree/main/CVE-2022-46697\n\n#exploit #cybersecurity #infosec #cve\n\n\u200b\u200bVulnerable WordPress\n\nIn this repository, we collect vulnerable WordPress plugins monthly and provide them to researchers. The output is a vulnerable WordPress that is easily installed. Researchers can use this version for Nuclei template development, exploit development, practice, training, etc.\n\nhttps://github.com/onhexgroup/Vulnerable-WordPress\n\n#infosec #bugbounty #pentesting\n\n\u200b\u200bOffensiveCpp\n\nThis repo contains C/C++ snippets that can be handy in specific offensive scenarios.\n\nhttps://github.com/lsecqt/OffensiveCpp\n\n#infosec #pentesting #redteam\n\n\u200b\u200bHades-C2\n\nHades is a basic Command & Control framework built using Python. It is currently extremely bare bones, but I plan to add more features soon.\n\nhttps://github.com/Lavender-exe/Hades-C2\n\n#infosec #pentesting #redteam\n\n\u200b\u200bRed Team Ops: Havoc 101\n\nLearn how to compromise an Active Directory Infrastructure by simulating adversarial Tactics, Techniques and Procedures (TTPs) using Havoc Framework.\n\nhttps://github.com/WesleyWong420/RedTeamOps-Havoc-101\n\n#infosec #cybersecurity #pentesting #redteam\n\n\u200b\u200bAzureGoat\n\nA Damn Vulnerable Azure Infrastructure.\n\nhttps://github.com/ine-labs/AzureGoat\n\n#cybersecurity #infosec\n\n\u200b\u200bDamn Vulnerable GraphQL Application\n\nDamn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.\n\nhttps://github.com/dolevf/Damn-Vulnerable-GraphQL-Application\n\n#cybersecurity #infosec", "creation_timestamp": "2023-04-13T10:41:15.000000Z"}, {"uuid": "37c290c2-2c55-432a-82f1-a8ae89b8cae1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46697", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/8083", "content": "#exploit\n1. CVE-2022-46697:\nOut-of-bounds access in IOMobileFrameBuffer\nhttps://github.com/antoniozekic/Proof-of-concepts/tree/main/CVE-2022-46697\n\n2. CVE-2022-38053, CVE-2023-21742, CVE-2023-21717:\nSharePoint Webpart Property Traversal\nhttps://testbnull.medium.com/ph%C3%A2n-t%C3%ADch-l%E1%BB%97-h%E1%BB%95ng-sharepoint-webpart-property-traversal-cve-2022-38053-cve-2023-21742-bc6931698a5f\n\n3. CVE-2023-23398:\nMicrosoft Excel Spoofing\nhttps://packetstormsecurity.com/files/171752/Microsoft-Excel-Spoofing.html", "creation_timestamp": "2023-04-09T13:17:01.000000Z"}, {"uuid": "93c5fe3d-fed9-44be-95d7-b5ed6978b212", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46697", "type": "seen", "source": "https://t.me/RespaldoHackingTeam/657", "content": "#exploit\n1. CVE-2022-46697:\nOut-of-bounds access in IOMobileFrameBuffer\nhttps://github.com/antoniozekic/Proof-of-concepts/tree/main/CVE-2022-46697\n\n2. CVE-2022-38053, CVE-2023-21742, CVE-2023-21717:\nSharePoint Webpart Property Traversal\nhttps://testbnull.medium.com/ph%C3%A2n-t%C3%ADch-l%E1%BB%97-h%E1%BB%95ng-sharepoint-webpart-property-traversal-cve-2022-38053-cve-2023-21742-bc6931698a5f\n\n3. CVE-2023-23398:\nMicrosoft Excel Spoofing\nhttps://packetstormsecurity.com/files/171752/Microsoft-Excel-Spoofing.html", "creation_timestamp": "2023-04-13T07:13:01.000000Z"}, {"uuid": "d0f8d076-179d-4f72-aaf3-e1ab1bed22fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46697", "type": "seen", "source": "Telegram/YrcJwFF7LRTjg7mgQwAEoX7-6-7JVVBbOdwyqXnUuY7Sxg", "content": "", "creation_timestamp": "2023-04-17T11:58:07.000000Z"}, {"uuid": "30375be6-7ffd-459b-84ce-7395b4eec2c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4669", "type": "seen", "source": "https://t.me/cibsecurity/58567", "content": "\u203c CVE-2022-4669 \u203c\n\nThe Page Builder: Live Composer WordPress plugin through 1.5.22 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-21T12:16:39.000000Z"}, {"uuid": "d6265f21-1e77-4c0a-9a2f-6e4ca2a14874", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46698", "type": "seen", "source": "https://t.me/cibsecurity/54625", "content": "\u203c CVE-2022-46698 \u203c\n\nA logic issue was addressed with improved checks. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may disclose sensitive user information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-15T22:29:47.000000Z"}, {"uuid": "3b18e1e4-77aa-4921-917f-989b4e44d74b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46691", "type": "seen", "source": "https://t.me/cibsecurity/54634", "content": "\u203c CVE-2022-46691 \u203c\n\nA memory consumption issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-15T22:29:57.000000Z"}, {"uuid": "dde88178-b41b-4bd4-89e3-c10455f4de03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46694", "type": "seen", "source": "https://t.me/cibsecurity/54633", "content": "\u203c CVE-2022-46694 \u203c\n\nAn out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2, tvOS 16.2, watchOS 9.2. Parsing a maliciously crafted video file may lead to kernel code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-15T22:29:56.000000Z"}, {"uuid": "9be8e4a2-2bdb-48e4-848e-1a2edbf36502", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46692", "type": "seen", "source": "https://t.me/cibsecurity/54631", "content": "\u203c CVE-2022-46692 \u203c\n\nA logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-15T22:29:54.000000Z"}]}