CVE-2026-22355
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-22

Last updated on: 2026-01-27

Assigner: Patchstack

Description
Cross-Site Request Forgery (CSRF) vulnerability in gregmolnar Simple XML Sitemap simple-xml-sitemap allows Stored XSS.This issue affects Simple XML Sitemap: from n/a through <= 1.3.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-22
Last Modified
2026-01-27
Generated
2026-06-16
AI Q&A
2026-01-22
EPSS Evaluated
2026-06-15
NVD
CVE-2026-22355
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gregmolnar simple_xml_sitemap From 1.0 (inc) to 1.3 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-22355 is a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Simple XML Sitemap Plugin (versions up to and including 1.3). It allows an attacker to trick authenticated users with higher privileges into performing unwanted actions by having them click a malicious link, visit a crafted page, or submit a form. This can lead to Stored Cross-Site Scripting (XSS) attacks. Exploitation requires user interaction but no authentication is needed to initiate the attack. [1]

Impact Analysis

This vulnerability can impact you by allowing attackers to execute malicious scripts in the context of an authenticated user's session, potentially leading to unauthorized actions or data compromise. However, the overall impact is considered low priority and unlikely to be exploited. It requires user interaction and targets users with higher privileges, which could lead to security breaches if successfully exploited. [1]

Mitigation Strategies

Since no official fix or patched version is currently available, immediate mitigation involves minimizing user interaction with untrusted links or pages that could exploit the CSRF vulnerability. Administrators should educate users, especially those with higher privileges, to avoid clicking suspicious links or submitting forms from untrusted sources. Additionally, monitoring and restricting access to the Simple XML Sitemap plugin or disabling it temporarily may reduce risk. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22355. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart