cve/CVE-2022-0952.md at main

admin/cve

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

1.2 KiB

Raw Permalink Blame History

CVE-2022-0952

Description

The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such as the users_can_register and default_role, allowing them to create a new admin account and take over the blog.

POC

Reference

https://wpscan.com/vulnerability/0f694961-afab-44f9-846c-e80a0f6c768b

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/ARPSyndicate/kenzer-templates
https://github.com/RandomRobbieBF/CVE-2022-0952
https://github.com/cyllective/CVEs
https://github.com/nomi-sec/PoC-in-GitHub

1.2 KiB Raw Permalink Blame History

CVE-2022-0952

Description

POC

Reference

Github

1.2 KiB

Raw Permalink Blame History