CVE-2022-0230

moderate-risk
Published 2022-03-14

The Better WordPress Google XML Sitemaps WordPress plugin through 1.4.1 does not sanitise and escape its logs when outputting them in the admin dashboard, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins

Do I need to act?

!
14.8% chance of exploitation in next 30 days
EPSS score — higher than 85% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.1/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Bwp-Google-Xml-Sitemaps Project

References (2)

Exploit https://wpscan.com/vulnerability/c73316d2-ae6a-42db-935b-b8b03a7e4363
Exploit https://wpscan.com/vulnerability/c73316d2-ae6a-42db-935b-b8b03a7e4363
40
/ 100
moderate-risk
Severity 23/34 · High
Exploitability 12/34 · Low
Exposure 5/34 · Minimal