{"vulnerability": "CVE-2022-4230", "sightings": [{"uuid": "e00282ee-e31e-4d4f-a65b-fc314ff6157c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4230", "type": "seen", "source": "https://t.me/cibsecurity/56840", "content": "\u203c CVE-2022-4230 \u203c\n\nThe WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manage_options capability (admin+), however the plugin has a settings to allow low privilege users to access it as well.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-23T18:25:10.000000Z"}, {"uuid": "05dd3daf-c57d-48ac-ac12-28f269700dd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42309", "type": "seen", "source": "https://t.me/cibsecurity/52362", "content": "\u203c CVE-2022-42309 \u203c\n\nXenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the error path can be controlled by the guest e.g. by exceeding the quota value of maximum nodes per domain.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-01T15:14:03.000000Z"}]}