Lucene search
+L

4 matches found

redhatcve
redhatcve
added 2026/01/09 10:45 a.m.7 views

CVE-2022-0952

The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such as...

8.8CVSS6.9AI score0.13329EPSS
Exploits2References1
circl
circl
added 2022/05/02 8:28 p.m.35 views

CVE-2022-0952

creationtimestamp| type| source ---|---|--- 2022-05-02 20:28:13+00:00| seen| https://t.me/cibsecurity/41744 2023-08-08 13:26:31+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/8812 2025-01-26 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities -...

8.8CVSS7.3AI score0.13329EPSS
In wildExploits2References5
cve
cve
added 2022/05/02 4:5 p.m.153 views

CVE-2022-0952

CVE-2022-0952 affects the WordPress Sitemap by click5 plugin under versions before 1.0.36. The issue is missing authorization/CSRF checks when updating options via a REST endpoint and the update may not verify that the option belongs to the plugin. This allows unauthenticated attackers to change ...

8.8CVSS8.7AI score0.13329EPSS
In wildExploits2References1Affected Software1
cvelist
cvelist
added 2022/05/02 4:5 p.m.30 views

CVE-2022-0952 Sitemap by click5 < 1.0.36 - Unauthenticated Arbitrary Options Update

The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such as...

8.9AI score0.13329EPSS
Exploits2References1
Rows per page
Query Builder