{"vulnerability": "CVE-2022-3434", "sightings": [{"uuid": "eb4afddc-b3d8-4607-805c-77cb62a10489", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34344", "type": "seen", "source": "https://t.me/ctinow/164712", "content": "https://ift.tt/52hODng\nCVE-2022-34344", "creation_timestamp": "2024-01-08T23:27:33.000000Z"}, {"uuid": "79e41ff4-f2aa-4cec-94c0-8f0e105f8c47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34344", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17429", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-34344\n\ud83d\udd25 CVSS Score: 5.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L)\n\ud83d\udd39 Description: Missing Authorization vulnerability in Rymera Web Co Wholesale Suite \u2013 WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More.This issue affects Wholesale Suite \u2013 WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More: from n/a through 2.1.5.\n\n\n\ud83d\udccf Published: 2024-01-08T21:13:45.107Z\n\ud83d\udccf Modified: 2025-05-23T16:02:15.813Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/vulnerability/woocommerce-wholesale-prices/wordpress-wholesale-suite-plugin-2-1-5-auth-plugin-settings-change-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-23T16:46:58.000000Z"}, {"uuid": "6d4f0bbd-29aa-45a9-9d3c-64a1870f4398", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34344", "type": "seen", "source": "https://t.me/ctinow/173748", "content": "https://ift.tt/Ghk8cCS\nCVE-2022-34344 | Rymera Web Wholesale Suite Plugin up to 2.1.5 on WordPress authorization", "creation_timestamp": "2024-01-25T19:51:30.000000Z"}, {"uuid": "88cb6e0a-f0e2-481d-8841-57ed3d81fcc8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3434", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11821", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-3434\n\ud83d\udd25 CVSS Score: 3.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: A vulnerability was found in SourceCodester Web-Based Student Clearance System. It has been rated as problematic. Affected by this issue is the function prepare of the file /Admin/add-student.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210356.\n\ud83d\udccf Published: 2022-10-08T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-15T13:46:15.956Z\n\ud83d\udd17 References:\n1. https://www.jianshu.com/p/489bca847079\n2. https://vuldb.com/?id.210356", "creation_timestamp": "2025-04-15T13:54:47.000000Z"}, {"uuid": "fde2d74a-038f-4276-9805-dffe32f2273d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34348", "type": "seen", "source": "https://t.me/cibsecurity/50401", "content": "\u203c CVE-2022-34348 \u203c\n\nIBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 230017.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-23T22:20:05.000000Z"}, {"uuid": "a12bf73b-e8c8-41d4-a366-b0a980a6f086", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34346", "type": "seen", "source": "https://t.me/cibsecurity/58406", "content": "\u203c CVE-2022-34346 \u203c\n\nOut-of-bounds read in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable escalation of privilege via local access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-17T00:12:56.000000Z"}, {"uuid": "a732e8a1-f87d-483a-b28a-26b8f6f248d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3434", "type": "seen", "source": "https://t.me/cibsecurity/51050", "content": "\u203c CVE-2022-3434 \u203c\n\nA vulnerability was found in SourceCodester Web-Based Student Clearance System. It has been rated as problematic. Affected by this issue is the function prepare of the file /Admin/add-student.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210356.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-08T14:18:03.000000Z"}, {"uuid": "bade87b3-aa9d-4359-a9cd-e70313299d01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34347", "type": "seen", "source": "https://t.me/cibsecurity/48499", "content": "\u203c CVE-2022-34347 \u203c\n\nCross-Site Request Forgery (CSRF) vulnerability in W3 Eden Download Manager plugin <= 3.2.48 at WordPress.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-22T18:26:38.000000Z"}, {"uuid": "dee6de08-40c6-445a-ab8e-49b148275d28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34345", "type": "seen", "source": "https://t.me/cibsecurity/48400", "content": "\u203c CVE-2022-34345 \u203c\n\nImproper input validation in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via physical access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-19T00:22:42.000000Z"}]}