Description
WordPress Plugin Simple Sitemap-Create a Responsive HTML Sitemap is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently make unauthorized AJAX calls and access the debug logs. WordPress Plugin Simple Sitemap-Create a Responsive HTML Sitemap version 3.5.4 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.5.5 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:6DAE6DCA-7474-4008-9FE5-4C62B9F12D0A
https://plugins.svn.wordpress.org/simple-sitemap/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin Simple:Press-WordPress Forum Arbitrary File Upload (6.6.0)
WordPress Plugin Church Admin 'id' Parameter Cross-Site Scripting (0.33.4.5)
Drupal Core 4.7.x HTTP Response Splitting (4.7.0 - 4.7.7)
MySQL Other Vulnerability (CVE-2000-0148)
WordPress Plugin WordPress Calls to Action Unspecified Vulnerability (2.3.1)