CVE-2022-0346

Google XML Sitemap Generator < 2.0.4 - Reflected Cross-Site Scripting

Basic Information

CVE State: PUBLISHED
Reserved Date: January 24, 2022
Published Date: May 23, 2022
Last Updated: August 02, 2024
Vendor: Unknown
Product: XML Sitemap Generator for Google
Description: The XML Sitemap Generator for Google WordPress plugin before 2.0.4 does not validate a parameter which can be set to an arbitrary value, thus causing XSS via error message or RCE if allow_url_include is turned on.
Tags

CVSS Scores

CVSS v3.1

6.1 - MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2.0

4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploit Status

Exploited in the Wild: Yes (2026-03-26 00:00:00 UTC) Source

References

https://wpscan.com/vulnerability/4b339390-d71a-44e0-8682-51a12bd2bfe6

Known Exploited Vulnerability Information

Source	Added Date
The Shadowserver (via CIRCL)	2026-03-26 00:00:00 UTC

Scanner Integrations

Scanner	URL	Date Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-0346.yaml	2025-04-25 00:00:00 UTC

Timeline

CVE ID Reserved

January 24, 2022
CVE Published to Public

May 23, 2022
Detected by Nuclei

April 25, 2025
Added to KEVIntel

March 26, 2026