CVE-2022-29410

Name of the Vulnerable Software and Affected Versions Mufeng's Hermit 音乐播放器 plugin versions <= 3.1.6

Description An Authenticated SQL Injection (SQLi) issue allows attackers with Subscriber or higher user roles to execute SQLi attacks. The attack is executed via the &ids parameter.

Recommendations For Mufeng's Hermit 音乐播放器 plugin versions <= 3.1.6, consider updating to a version higher than 3.1.6 to resolve the issue. As a temporary workaround, restrict access to the &ids parameter to minimize the risk of exploitation.