CVE-2022-0346

MEDIUM EXPLOITED NUCLEI

XML Sitemap Generator <2.0.4 - XSS/RCE

Title source: llm

Description

The XML Sitemap Generator for Google WordPress plugin before 2.0.4 does not validate a parameter which can be set to an arbitrary value, thus causing XSS via error message or RCE if allow_url_include is turned on.

Nuclei Templates (1)

WordPress XML Sitemap Generator for Google <2.0.4 - Cross-Site Scripting/Remote Code Execution

MEDIUMVERIFIEDby Akincibor,theamanrawat

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/4b339390-d71a-44e0-8682-51a12bd2bfe6

Scores

CVSS v3 6.1

EPSS 0.0305

EPSS Percentile 86.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

VulnCheck KEV 2024-01-02

CWE

CWE-79

Status published

Products (1)

xmlsitemapgenerator/xml_sitemap_generator < 2.0.4

Published May 23, 2022

Tracked Since Feb 18, 2026