CVE-2022-4472
Simple Sitemap < 3.5.8 - Contributor+ Stored XSSThe Simple Sitemap WordPress plugin before 3.5.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
We have discovered 636 live websites that are affected by CVE-2022-4472.
Affected Software
| Product |  Simple Sitemap |
| Category | Wordpress Plugins |
| Vulnerable Domains | 636 live websites (100% of Simple Sitemap install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 0 versions ( less than 0.1% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Jan 30, 2023
- Updated - Mar 28, 2025
Credits
- Lana Codes (finder)
- WPScan (coordinator)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2022-4472 United States | 216 websites |
 Poland | 87 websites |
 Russia | 56 websites |
 GB | 41 websites |
 France | 38 websites |
 Germany | 29 websites |
 Australia | 16 websites |
 Israel | 14 websites |
 Netherlands | 13 websites |
 Italy | 12 websites |
Website Distribution by TLD
Number of websites using CVE-2022-4472| .com | 238 websites |
| .pl | 68 websites |
| .ru | 49 websites |
| .co.uk | 31 websites |
| .org | 23 websites |
| .fr | 20 websites |
| .net | 15 websites |
| .de | 15 websites |
| .com.au | 12 websites |
| .nl | 10 websites |
Websites affected by CVE-2022-4472
Top websites that are affected by CVE-2022-4472. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| **************.be | Netherlands | **,*** | |
| **********************.com | United States | **,*** | |
| ************.com | France | **,*** | |
| *******************.org | United States | ***,*** | |
| *********.com | United States | ***,*** | |
| ***************.**.uk | GB | ***,*** | |
| ***.*********.fr | France | ***,*** | |
| ***********.ca |  Canada | ***,*** | |
| ********.com | United States | ***,*** | |
| *************.dk |  Denmark | ***,*** |
FAQ
CVE-2022-4472 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Simple Sitemap
A total of 636 websites have been identified as vulnerable to CVE-2022-4472, based on global website indexing conducted by WebTechSurvey.
The Simple Sitemap is affected by the CVE-2022-4472 vulnerability.
Simple Sitemap versions up to 3.5.8 are vulnerable to CVE-2022-4472.
CVE-2022-4472 is resolved in version 3.5.8 of Simple Sitemap.