{"vulnerability": "CVE-2022-3679", "sightings": [{"uuid": "06be82f3-a42e-4ab8-a94f-ab0510e55e32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3679", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11131", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-3679\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.\n\ud83d\udccf Published: 2023-01-09T22:13:44.163Z\n\ud83d\udccf Modified: 2025-04-09T18:37:34.154Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/ec4b9bf7-71d6-4528-9dd1-cc7779624760", "creation_timestamp": "2025-04-09T18:48:02.000000Z"}, {"uuid": "f8b2b6ce-7d5d-41fc-bdf0-55d0a34f4f99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36791", "type": "seen", "source": "https://t.me/cibsecurity/50325", "content": "\u203c CVE-2022-36791 \u203c\n\nAuthenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Awesome UG Torro Forms plugin &lt;= 1.0.16 at WordPress.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-23T18:13:38.000000Z"}, {"uuid": "25fa26f8-7ede-43d7-903b-de3f22af6be1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3679", "type": "seen", "source": "https://t.me/cibsecurity/56206", "content": "\u203c CVE-2022-3679 \u203c\n\nThe Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-10T02:28:22.000000Z"}, {"uuid": "bcb522c3-d748-48bd-9a54-121caafc7873", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36795", "type": "seen", "source": "https://t.me/cibsecurity/51853", "content": "\u203c CVE-2022-36795 \u203c\n\nIn BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, and 14.1.x before 14.1.5.1, when an LTM TCP profile with Auto Receive Window Enabled is configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client connections.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-20T02:20:54.000000Z"}, {"uuid": "513c7b62-736b-49b5-b518-a773ebab7151", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36798", "type": "seen", "source": "https://t.me/cibsecurity/50341", "content": "\u203c CVE-2022-36798 \u203c\n\nCross-Site Request Forgery (CSRF) vulnerability in Topdigitaltrends Mega Addons For WPBakery Page Builder plugin &lt;= 4.2.7 at WordPress.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-23T18:19:34.000000Z"}, {"uuid": "eb0f08aa-21e2-462f-a2d5-71873145bdda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36793", "type": "seen", "source": "https://t.me/cibsecurity/49495", "content": "\u203c CVE-2022-36793 \u203c\n\nUnauthenticated Plugin Settings Change &amp; Data Deletion vulnerabilities in WP Shop plugin &lt;= 3.9.6 at WordPress.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-09T18:26:24.000000Z"}, {"uuid": "dc7e7963-b363-4ddc-a4ba-4a4f79eeac6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36796", "type": "seen", "source": "https://t.me/cibsecurity/49173", "content": "\u203c CVE-2022-36796 \u203c\n\nCross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in CallRail, Inc. CallRail Phone Call Tracking plugin &lt;= 0.4.9 at WordPress.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-01T20:38:14.000000Z"}]}