← Back

Hermit

hermit

Vendor: Hermit Project • 4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-29413
1Hermit Project
1Hermit
Jun 17, 2026
Apr 28, 2022
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress via &title parameter.
CVE-2022-29412
1Hermit Project
1Hermit
Jun 17, 2026
Apr 28, 2022
N/A· v4
5.4 MEDIUM· v3
5.8 MEDIUM· v2
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Hermit 音乐播放器 plugin <= 3.1.6 on WordPress allow attackers to delete cache, delete a source, create source.
CVE-2022-29411
1Hermit Project
1Hermit
Jun 17, 2026
Apr 28, 2022
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
SQL Injection (SQLi) vulnerability in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress allows attackers to execute SQLi attack via (&id).
CVE-2022-29410
1Hermit Project
1Hermit
Jun 17, 2026
Apr 28, 2022
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
Authenticated SQL Injection (SQLi) vulnerability in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress allows attackers with Subscriber or higher user roles to execute SQLi attack via (&ids).