CVE-2022-0346

CVE-2022-0346: Google XML Sitemap Generator < 2.0.4 - Reflected Cross-Site Scripting

Vendor Unknown

Product XML Sitemap Generator for Google

Weakness CWE-79 · XSS

Published May 23, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The XML Sitemap Generator for Google WordPress plugin before 2.0.4 does not validate a parameter which can be set to an arbitrary value, thus causing XSS via error message or RCE if allow_url_include is turned on.

Key dates

02Disclosure timeline

May 23, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-0346 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-46262 WordPress Mad Mimi for WordPress plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability CVE-2024-57783 CVE-2018-8911 CVE-2021-24590 Cookie Notice & Consent Banner for GDPR & CCPA Compliance < 1.7.2 - Authenticated Stored XSS CVE-2024-5088 Happy Addons for Elementor <= 3.10.8 - Authenticated (Contributor+) Stored Cross-Site Scripting