CVE-2022-0952 Scanner
Detects 'Cross-Site Request Forgery (CSRF)' vulnerability in Sitemap by click5 plugin for WordPress affects v. before 1.0.36.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month 3 days
Scan only one
Domain, IPv4
Toolbox
-
The Sitemap by click5 plugin for WordPress is a tool utilized by website owners to generate sitemaps for their website. It is commonly used to aid search engine crawlers in navigating and indexing website content. With over thousands of active installations, the plugin provides an easy way to create and submit a sitemap to Google. This plugin lets its users set up a custom sitemap for specific website content, such as blog posts, products, or categories. The Sitemap by click5 plugin is an essential tool for website owners, both small and large, looking to optimize their online presence.
The CVE-2022-0952 vulnerability detected in the Sitemap by click5 plugin for WordPress is a major security risk. The plugin was lacking in basic security protocols, such as authorization and Cross-Site Request Forgery (CSRF) checks, when updating options via a REST endpoint. This vulnerability could allow an unauthenticated attacker to change arbitrary blog options, including users_can_register and default_role. These options could enable the attacker to create a new admin account and gain control over the blog. Therefore, the Sitemap by click5 plugin could be exploited for malicious purposes leading to severe consequences.
The exploitation of the CVE-2022-0952 vulnerability in the Sitemap by click5 plugin for WordPress could have disastrous results. A malicious attacker could potentially gain unauthorized access to the website and manipulate its contents. As a result, they could delete, deface, or change website content to spread misinformation or launch phishing attacks on unsuspecting users. In the hands of a skilled attacker, this vulnerability could lead to the complete takeover of a website's control panel.
At S4E, we believe that the security of digital assets is of paramount importance. Users can utilize our platform's pro features to quickly and easily learn about vulnerabilities in their digital assets. Through our security scans, users can identify software vulnerabilities, including the CVE-2022-0952 vulnerability detected in the Sitemap by click5 plugin for WordPress. Take proactive steps to safeguard your website through our platform and show vulnerability the door.
REFERENCES