CVE-2022-0952

by Fred · 02/05/2022

The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such as the users_can_register and default_role, allowing them to create a new admin account and take over the blog.

Date published : 2022-05-02

https://wpscan.com/vulnerability/0f694961-afab-44f9-846c-e80a0f6c768b

CVE-2022-0952

Similar

Recent Posts

Categories

CVE-2022-0952

Share this:

Similar

Recent Posts

Categories

Tags