VYPR

Sitemap by click5

by WordPress

CVEs (1)

  • CVE-2022-0952HigMay 2, 2022
    risk 0.58cvss 8.8epss 0.13

    The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog…