WordPress Plugin Vulnerabilities

Simple SEO < 1.8.13 - Sitemap Creation/Deletion via CSRF

Description

The plugin does not have CSRF checks when creating and deleting sitemaps, which could allow attackers to make logged admins create and delete arbitrary sitemaps via CSRF attacks

Affects Plugins

Plugin icon
cds-simple-seo
Fixed in 1.8.13

References

CVE
CVE-2022-44627

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
70237586-181d-47c9-a233-68fb6e23aa5f

Timeline

Publicly Published
2022-10-20 (about 3 years ago)
Added
2022-11-03 (about 3 years ago)
Last Updated
2022-11-03 (about 3 years ago)

Other

Published
Title
Published
2025-05-07
Title
Supertext Translation and Proofreading <= 4.26 - Stored XSS via CSRF
Published
2023-10-06
Title
GoodBarber < 1.0.24 - Settings Update via CSRF
Published
2023-01-13
Title
eExamhall <= 4.0 - CSRF
Published
2025-04-17
Title
WP Twitter Button <= 1.4.1 - Cross-Site Request Forgery
Published
2025-01-24
Title
Radius Blocks < 2.2.0 - Cross-Site Request Forgery