Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total2

Critical0

High2

Medium0

Search Severity Year Type Sort Order

Reset

Showing 1-2 of 2 records

Threat Entry Updated 2025-02-26

CVE-2023-5082 - Sitemap By Click5 Plugin

The History Log by click5 WordPress plugin before 1.0.13 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when using the Smash Balloon Social Photo Feed plugin alongside it.

PLUGIN Sitemap By Click5

CVE-2023-5082

HIGH CVSS 7.2 2023-11-06

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2022-0952 - Sitemap By Click5 Plugin

The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such as the users_can_register and default_role, allowing them to create a new admin account and take over the blog.

PLUGIN Sitemap By Click5

CVE-2022-0952

HIGH CVSS 8.8 2022-05-02

Risk Score

Open Full Technical Breakdown

Blog

"Prevention is cheaper than a breach"

Threat Database

CVE-2023-5082 - Sitemap By Click5 Plugin

CVE-2022-0952 - Sitemap By Click5 Plugin

Company Links

Contact Us