{"vulnerability": "CVE-2022-2387", "sightings": [{"uuid": "01543119-6199-486d-957d-8dd166e88c6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2387", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15003", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-2387\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack\n\ud83d\udccf Published: 2022-11-07T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-05T20:26:52.592Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/db3c3c78-1724-4791-9ab6-ebb2e8a4c8b8", "creation_timestamp": "2025-05-05T21:20:20.000000Z"}, {"uuid": "2afc6742-d9fd-4547-9265-e1fb2b314669", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23871", "type": "seen", "source": "https://t.me/cibsecurity/36749", "content": "\u203c CVE-2022-23871 \u203c\n\nMultiple cross-site scripting (XSS) vulnerabilities in the component outcomes_addProcess.php of Gibbon CMS v22.0.01 allow attackers to execute arbitrary web scripts or HTML via a crafted payload insterted into the name, category, description parameters.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-03T07:29:48.000000Z"}, {"uuid": "9f250b6b-d60a-4360-9dcd-78a224eee66c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2387", "type": "seen", "source": "https://t.me/cibsecurity/52583", "content": "\u203c CVE-2022-2387 \u203c\n\nThe Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-07T12:34:12.000000Z"}, {"uuid": "c8bec520-e495-4a49-8710-9ef248c07f2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23878", "type": "seen", "source": "https://t.me/cibsecurity/38320", "content": "\u203c CVE-2022-23878 \u203c\n\nseacms V11.5 is affected by an arbitrary code execution vulnerability in admin_config.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-02T22:25:14.000000Z"}, {"uuid": "dc2b06cc-51e0-4bbd-bc7b-391a677cbd72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23873", "type": "seen", "source": "https://t.me/cibsecurity/36743", "content": "\u203c CVE-2022-23873 \u203c\n\nVictor CMS v1.0 was discovered to contain a SQL injection vulnerability that allows attackers to inject arbitrary commands via 'user_firstname' parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-03T07:29:40.000000Z"}, {"uuid": "5ff81c8d-c05d-4bf3-bdab-280fd73ac403", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23872", "type": "seen", "source": "https://t.me/cibsecurity/36606", "content": "\u203c CVE-2022-23872 \u203c\n\nEmlog pro v1.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /admin/configure.php via the parameter footer_info.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-01T00:25:41.000000Z"}]}