CVE-2022-36404

Name of the Vulnerable Software and Affected Versions David Cole Simple SEO plugin versions prior to 1.8.13

Description The issue concerns a Missing Authorization and Cross-Site Request Forgery (CSRF) vulnerability, as well as a Broken Access Control vulnerability. This allows attackers to potentially create or delete sitemaps.

Recommendations For versions prior to 1.8.13, update to version 1.8.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the sitemap creation and deletion functionality until a patch is available.