What is CVE-2022-0952?

CVE-2022-0952 is a vulnerability in Sitemap By Click5, classified under CWE-862 MISSING AUTHORIZATION. Published 2022-05-02.

Is CVE-2022-0952 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Sitemap By Click5

CVE-2022-0952

The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticat…

EPSS: 0.882 (99.5th percentile) — read the EPSS interpretation.

Affected products

Unknown Sitemap By Click5 — versions 0

Public proof-of-concept exploits

RandomRobbieBF/CVE-2022-0952
20142995/nuclei-templates
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
cyllective/CVEs
nomi-sec/PoC-in-GitHub

References

wpscan.com/vulnerability/0f694961-afab-44f9-846c-e80a0f6c768b (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2022-0952?: CVE-2022-0952 is a vulnerability in Sitemap By Click5, classified under CWE-862 MISSING AUTHORIZATION. Published 2022-05-02.
Is CVE-2022-0952 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.