Lucene search

WPScanCVE-2022-0952

HistoryMay 02, 2022 - 4:15 p.m.

CVE-2022-0952

2022-05-0216:15:08

CWE-352

CWE-862

WPScan

web.nvd.nist.gov

cve-2022-0952

sitemap plugin

wordpress plugin

authorization bypass

csrf

rest endpoint

unauthorized access

admin account takeover

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.48

Percentile

97.5%

JSON

The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such as the users_can_register and default_role, allowing them to create a new admin account and take over the blog.

Affected configurations

Nvd

Vulners

Node

sitemap_projectsitemapRange<1.0.36wordpress

VendorProductVersionCPE
sitemap_projectsitemap*cpe:2.3:a:sitemap_project:sitemap:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
sitemap_project	sitemap	*	cpe:2.3:a:sitemap_project:sitemap::::::wordpress::*

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Sitemap by click5",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.0.36"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]