4 matches found
CVE-2022-0952
The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such as...
CVE-2022-0952
creationtimestamp| type| source ---|---|--- 2022-05-02 20:28:13+00:00| seen| https://t.me/cibsecurity/41744 2023-08-08 13:26:31+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/8812 2025-01-26 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities -...
CVE-2022-0952
CVE-2022-0952 affects the WordPress Sitemap by click5 plugin under versions before 1.0.36. The issue is missing authorization/CSRF checks when updating options via a REST endpoint and the update may not verify that the option belongs to the plugin. This allows unauthenticated attackers to change ...
CVE-2022-0952 Sitemap by click5 < 1.0.36 - Unauthenticated Arbitrary Options Update
The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such as...