CVE-2022-4545
- EPSS 0.18%
- Veröffentlicht 23.01.2023 15:15:15
- Zuletzt bearbeitet 03.04.2025 20:15:18
The Sitemap WordPress plugin before 4.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks wh...
CVE-2022-0952
- EPSS 89.19%
- Veröffentlicht 02.05.2022 16:15:08
- Zuletzt bearbeitet 21.11.2024 06:39:43
The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attacker...
CVE-2021-24192
- EPSS 0.6%
- Veröffentlicht 14.05.2021 12:15:08
- Zuletzt bearbeitet 21.11.2024 05:52:33
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Tree Sitemap WordPress plugin before 2.9, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary ...