CVE-2023-6492
Simple Sitemap <= 3.5.13 - Cross-Site Request Forgery via admin_noticesThe Simple Sitemap – Create a Responsive HTML Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13. This is due to missing or incorrect nonce validation in the 'admin_notices' hook found in class-settings.php. This makes it possible for unauthenticated attackers to reset the plugin options to a default state via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
We have discovered 684 live websites that are affected by CVE-2023-6492.
Affected Software
| Product |  Simple Sitemap |
| Category | Wordpress Plugins |
| Vulnerable Domains | 684 live websites (100% of Simple Sitemap install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 0 versions ( less than 0.1% of all versions) |
Details
- Published - Jun 14, 2024
- Updated - Aug 2, 2024
Credits
- Rafshanzani Suhada (finder)
CVE References
Website Distribution by Country
Number of websites using CVE-2023-6492 United States | 234 websites |
 Poland | 87 websites |
 Russia | 57 websites |
 France | 50 websites |
 GB | 44 websites |
 Germany | 33 websites |
 Australia | 16 websites |
 Netherlands | 14 websites |
 Israel | 14 websites |
 Italy | 13 websites |
Website Distribution by TLD
Number of websites using CVE-2023-6492| .com | 265 websites |
| .pl | 68 websites |
| .ru | 50 websites |
| .co.uk | 31 websites |
| .org | 26 websites |
| .fr | 25 websites |
| .de | 17 websites |
| .net | 16 websites |
| .com.au | 13 websites |
| .nl | 11 websites |
Websites affected by CVE-2023-6492
Top websites that are affected by CVE-2023-6492. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| **************.be | Netherlands | **,*** | |
| **********************.com | United States | **,*** | |
| ************.com | France | **,*** | |
| *******************.org | United States | ***,*** | |
| *********.com | United States | ***,*** | |
| ***************.**.uk | GB | ***,*** | |
| ***.*********.fr | France | ***,*** | |
| ***********.ca |  Canada | ***,*** | |
| ********.com | United States | ***,*** | |
| *************.dk |  Denmark | ***,*** |
FAQ
A total of 684 websites have been identified as vulnerable to CVE-2023-6492, based on global website indexing conducted by WebTechSurvey.
The Simple Sitemap is affected by the CVE-2023-6492 vulnerability.
Simple Sitemap versions up to and including 3.5.13 are vulnerable to CVE-2023-6492.