CVE-2022-4545

Name of the Vulnerable Software and Affected Versions Sitemap WordPress plugin versions prior to 4.4

Description The issue concerns the Sitemap WordPress plugin, where it fails to validate and escape certain shortcode attributes before outputting them, potentially allowing Stored Cross-Site Scripting attacks. Users with a role as low as contributor could exploit this, targeting high-privilege users like admins.

Recommendations For versions prior to 4.4, update to version 4.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of shortcode attributes to minimize the risk of exploitation.