Lucene search
WpvulndbWPVDB-ID:2BBF9350-A119-4905-A79A-35892BF9B145HistoryOct 20, 2022 - 12:00 a.m.
Simple SEO < 1.8.13 - Subscriber+ Sitemap Creation/Deletion
2022-10-2000:00:00
wpscan.com
4
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
0.001 Low
EPSS
Percentile
18.9%
The plugin does not have authorisation check when creating and deleting sitemaps, which could allow any authenticated users, such as subscriber to create and delete them
| CPE | Name | Operator | Version |
|---|---|---|---|
| cds-simple-seo | lt | 1.8.13 |
Related
prion
prion
Cross site request forgery (csrf)
2022-11-03 20:15:00
patchstack
patchstack
WordPress Simple SEO plugin <= 1.8.12 - Broken Access Control vulnerability
2022-10-20 00:00:00
nvd
nvd
CVE-2022-36404
2022-11-03 20:15:29
cve
cve
CVE-2022-36404
2022-11-03 20:15:29
cvelist
cvelist
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
0.001 Low
EPSS
Percentile
18.9%
Related for WPVDB-ID:2BBF9350-A119-4905-A79A-35892BF9B145