Lucene search
WPScanCVELIST:CVE-2022-0952HistoryMay 02, 2022 - 4:05 p.m.
CVE-2022-0952 Sitemap by click5 < 1.0.36 - Unauthenticated Arbitrary Options Update
2022-05-0216:05:46
WPScan
www.cve.org
1
cve-2022-0952
wordpress plugin
unauthenticated attackers
rest endpoint
arbitrary options_update
The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such as the users_can_register and default_role, allowing them to create a new admin account and take over the blog.
CNA Affected
[
{
"vendor": "Unknown",
"product": "Sitemap by click5",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "1.0.36"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
wpvulndb
wpvulndb
Sitemap by click5 < 1.0.36 - Unauthenticated Arbitrary Options Update
2022-04-11 00:00:00
patchstack
patchstack
prion
prion
Cross site request forgery (csrf)
2022-05-02 16:15:00
nuclei
nuclei
WordPress Sitemap by click5 <1.0.36 - Missing Authorization
2022-04-15 14:45:43
wpexploit
wpexploit
Sitemap by click5 < 1.0.36 - Unauthenticated Arbitrary Options Update
2022-04-11 00:00:00
cnvd
cnvd
WordPress Sitemap by click5 plugin存在未明漏洞
2022-05-07 00:00:00
cve
cve
CVE-2022-0952
2022-05-02 16:15:08
githubexploit
githubexploit
Exploit for Cross-Site Request Forgery (CSRF) in Sitemap Project Sitemap
2023-08-07 14:28:11
nvd
nvd
CVE-2022-0952
2022-05-02 16:15:08