What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in Gary Illyes Google XML News Sitemap plugin gn-xml-sitemap allows Stored XSS.This issue affects Google XML News Sitemap plugin: from n/a through <= 0.02.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in Gary Illyes Google XML News Sitemap plugin gn-xml-sitemap allows Stored XSS.This issue affects Google XML News Sitemap plugin: from n/a through <= 0.02.
Explanation of Vulnerability in Simple Terms
The Google XML News Sitemap plugin for WordPress contains a cross-site request forgery (CSRF) vulnerability that allows an attacker to perform unauthorized actions on behalf of a site administrator. An attacker can craft a malicious webpage that, when visited by an authenticated admin, executes unwanted plugin operations without the admin's knowledge or consent. This affects versions 0.02 and earlier.
What an attacker can do
Perform unauthorized plugin actions on behalf of an authenticated site administrator.
Potential impact on your site
An attacker can modify plugin settings or trigger unintended actions without your permission.
Conditions required to exploit
Site admin must visit a malicious webpage while logged into WordPress.
Key dates
External resources