CVE-2022-0346

Name of the Vulnerable Software and Affected Versions XML Sitemap Generator for Google WordPress plugin versions prior to 2.0.4

Description The issue arises from the plugin's failure to validate a parameter, which can be set to an arbitrary value. This can lead to cross-site scripting (XSS) via error messages or remote code execution (RCE) if allow url include is enabled. The vulnerability can be exploited by a remote attacker to conduct an XSS attack.

Recommendations For versions prior to 2.0.4, update to version 2.0.4 or later to resolve the issue. As a temporary workaround, consider disabling the plugin until a patch is available. Restrict access to the plugin's functionality to minimize the risk of exploitation. Avoid using the vulnerable parameter in the plugin's settings until the issue is resolved.