Sitemap by click5 < 1.0.36 - Unauthenticated Arbitrary Options Update
CVE-2022-0952 Sitemap by click5 < 1036 - Unauthenticated Arbitrary Options Update Description The plugin does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin As a result, unauthenticated attackers could change arbitrary blog options, such as the users_can_register