WordPress Plugin Vulnerabilities

Simple SEO < 1.8.13 - Subscriber+ Sitemap Creation/Deletion

Description

The plugin does not have authorisation check when creating and deleting sitemaps, which could allow any authenticated users, such as subscriber to create and delete them

Affects Plugins

Plugin icon
cds-simple-seo
Fixed in 1.8.13

References

CVE
CVE-2022-36404

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
2bbf9350-a119-4905-a79a-35892bf9b145

Timeline

Publicly Published
2022-10-20 (about 3 years ago)
Added
2022-11-03 (about 3 years ago)
Last Updated
2022-11-03 (about 3 years ago)

Other

Published
Title
Published
2026-05-12
Title
ProfileGrid < 5.9.8.5 - Missing Authorization to Authenticated (Subscriber+) Group Settings Modification
Published
2024-12-05
Title
Ultimate Coming Soon & Maintenance < 1.1.0 - Subscriber+ Template Name Update
Published
2025-10-29
Title
AppPresser – Mobile App Framework < 4.5.1 - Missing Authorization to Unauthenticated Limited Sensitive Information Exposure
Published
2024-09-05
Title
Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin < 1.2.3 - Missing Authorization to Authenticated (Subscriber+) Settings Update
Published
2026-03-20
Title
Group Chat & Video Chat by AtomChat < 1.1.8 - Missing Authorization to Authenticated (Subscriber+) Plugin Options Update