Exploit for CVE-2022-0952

  1. Home
  2. Uncategorized
  3. Exploit for CVE-2022-0952

Exploit for CVE-2022-0952

The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such as the users_can_register and default_role, allowing them to create a new admin account and take over the blog.

Published: 2022-05-02

CVSS: 8.8

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Download Exploit for CVE-2022-0952 here:

Use Tor Browser to access .onion links.

Check our team here:

https://wednesfieldacademy.com/exploit-350-cve-2025-11669/

https://wednesfieldacademy.com/exploit-760-cve-2017-0263/

https://wednesfieldacademy.com/exploit-401-cve-2024-3596/

https://wednesfieldacademy.com/exploit-1039-cve-2025-48539/

https://wednesfieldacademy.com/exploit-166-cve-2024-23666/

Latest News

Follow us on Social Media

Popular Pages

Contact Info

Wednesfield Academy
Lichfield Road
Wednesfield, Wolverhampton
West Midlands
WV11 3ES

T: 01902 558 222

postbox@wednesfieldacademy.co.uk

Monday - Thursday: 8:00 am - 4:00 pm
Friday: 8:00 am - 3:30 pm

Copyright 2026 © All Rights Reserved

 Privacy Notice

CEOP-1

Loading