cbcvebase.
CVE-2022-0952
published 2022-05-02

CVE-2022-0952: The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure…

PriorityP181high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
13.33%
95.9th percentile
The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such as the users_can_register and default_role, allowing them to create a new admin account and take over the blog.

Affected

1 ranges
VendorProductVersion rangeFixed in
sitemap_projectsitemap< 1.0.361.0.36

Detection & IOCsextracted from sources · hover to see the quote

url/wp-json/click5_sitemap/API/update_html_option_AJAX
command{"users_can_register":"1"}
command{"default_role":"administrator"}
  • Monitor for unauthenticated POST requests to /wp-json/click5_sitemap/API/update_html_option_AJAX with JSON bodies setting users_can_register=1 and default_role=administrator — the two-step sequence is the canonical admin account takeover pattern for this CVE.
  • ·The exploit requires no authentication and no CSRF token; any unauthenticated HTTP client can trigger it, so network-layer controls (e.g., WAF rules requiring auth headers) are the primary mitigation until patching.
  • ·The vulnerable endpoint does not restrict which WordPress option can be updated, meaning attackers are not limited to users_can_register/default_role — any arbitrary blog option can be modified via the same endpoint.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vulncheck8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.