{"vulnerability": "CVE-2022-4655", "sightings": [{"uuid": "6fb269a4-7dad-4dac-872a-3226fa4ae018", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46552", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8068", "content": "#exploit\n1. CVE-2022-46552:\nD-Link DIR-846 - RCE\nhttps://packetstormsecurity.com/files/171710/D-Link-DIR-846-Remote-Command-Execution.html\n\n2. RCE Vulnerability in Azure Pipelines Can Lead To Software Supply Chain Attack\nhttps://www.legitsecurity.com/blog/remote-code-execution-vulnerability-in-azure-pipelines-can-lead-to-software-supply-chain-attack\n\n3. Citrix 22.2.1/23.1.1 - LPE\nhttps://packetstormsecurity.com/files/171716/Citrix-22.2.1.103-23.1.1.11-Local-Privilege-Escalation.html", "creation_timestamp": "2023-04-06T18:30:03.000000Z"}, {"uuid": "9aa153a7-dd9e-4af3-9872-9900a5d53059", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4655", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10527", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-4655\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Welcart e-Commerce WordPress plugin before 2.8.9 does not validate and escapes one of its shortcode attributes, which could allow users with a role as low as a contributor to perform a Stored Cross-Site Scripting attack.\n\ud83d\udccf Published: 2023-01-16T15:37:55.918Z\n\ud83d\udccf Modified: 2025-04-04T18:10:49.090Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/a1c70c80-e952-4cc7-aca0-c2dde3fa08a9", "creation_timestamp": "2025-04-04T18:36:23.000000Z"}, {"uuid": "908d0cbe-8f07-4ecb-83e1-ac58bfa9f6a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46552", "type": "seen", "source": "https://t.me/cibsecurity/57394", "content": "\u203c CVE-2022-46552 \u203c\n\nD-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted POST request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-02T16:14:50.000000Z"}, {"uuid": "419b00ea-04c4-4ef7-a67e-539d06db2280", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46550", "type": "seen", "source": "https://t.me/cibsecurity/54964", "content": "\u203c CVE-2022-46550 \u203c\n\nTenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the urls parameter at /goform/saveParentControlInfo.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-20T18:12:46.000000Z"}, {"uuid": "7845446b-d1b6-4a91-a8ff-0570e9c0c76f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4655", "type": "seen", "source": "https://t.me/cibsecurity/56557", "content": "\u203c CVE-2022-4655 \u203c\n\nThe Welcart e-Commerce WordPress plugin before 2.8.9 does not validate and escapes one of its shortcode attributes, which could allow users with a role as low as a contributor to perform a Stored Cross-Site Scripting attack.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-16T18:30:12.000000Z"}]}