The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint,…
WPScan·CWE-352·Published 2022-05-02
The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such as the users_can_register and default_role, allowing them to create a new admin account and take over the blog.
The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such as the users_can_register and default_role, allowing them to create a new admin account and take over the blog.
El plugin Sitemap by click5 de WordPress versiones anteriores a 1.0.36, no dispone de comprobaciones de autorización y de tipo CSRF cuando son actualizadas las opciones por medio de un endpoint REST, y no es asegurado de que la opción que va a actualizarse pertenezca al plugin. Como resultado, atacantes no autenticados podrían cambiar opciones arbitrarias del blog, como users_can_register y default_role, permitiéndoles crear una nueva cuenta de administrador y tomar el control del blog
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 6.8 | 8.6 | 6.4 | AV:N/AC:M/Au:N/C:P/I:P/A:P |
| 3.1 | Primary | NVD | 8.8 | 2.8 | 5.9 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |