CVE-2025-64632

Missing Authorization vulnerability in Auctollo Google XML Sitemaps google-sitemap-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google XML Sitemaps: from n/a through = 4.1.22...

EUVD-2025-203595

Missing Authorization vulnerability in Auctollo Google XML Sitemaps google-sitemap-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google XML Sitemaps: from n/a through = 4.1.21...

CVE-2025-64632

Missing Authorization vulnerability in Auctollo Google XML Sitemaps google-sitemap-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google XML Sitemaps: from n/a through = 4.1.22...

CVE-2025-64632

The CVE-2025-64632 entry concerns the WordPress Google XML Sitemaps plugin with versions up to and including 4.1.21. The root cause is a missing authorization / broken access control, allowing exploitation due to incorrectly configured access levels. Public sources in the connected documents conf...

CVE-2025-64632 WordPress Google XML Sitemaps plugin <= 4.1.22 - Broken Access Control vulnerability

Missing Authorization vulnerability in Auctollo Google XML Sitemaps google-sitemap-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google XML Sitemaps: from n/a through = 4.1.22...

WordPress plugin Google XML Sitemaps 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A security...

WordPress Google XML Sitemaps plugin <= 4.1.22 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by NumeX in WordPress Plugin Google XML Sitemaps versions = 4.1.22...

EUVD-2018-8056

Malware in sbrugna...

CVE-2021-25088 Google XML Sitemaps < 4.1.3 - Admin+ Stored Cross-Site Scripting

The XML Sitemaps WordPress plugin before 4.1.3 does not sanitise and escape a settings before outputting it in the Debug page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Google XML Sitemaps < 4.1.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape a settings before outputting it in the Debug page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the "Try ...

WordPress Google XML Sitemaps plugin <= 4.1.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Google XML Sitemaps plugin versions = 4.1.2. Solution Update the WordPress Google XML Sitemaps plugin to the latest available version at least 4.1.3...

Google XML Sitemaps < 4.1.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape a settings before outputting it in the Debug page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the "Try to...

WordPress Better WordPress Google XML Sitemaps plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is an application plugin for WordPress. WordPress Better WordPress Google XML Sitemaps plugin version 1.4.1 and earlier versions are vulnerable to a cross-site scripting...

CVE-2022-0230

The Better WordPress Google XML Sitemaps WordPress plugin through 1.4.1 does not sanitise and escape its logs when outputting them in the admin dashboard, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins...

CVE-2022-0230

The Better WordPress Google XML Sitemaps WordPress plugin through 1.4.1 does not sanitise and escape its logs when outputting them in the admin dashboard, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins...

CVE-2022-0230

The CVE-2022-0230 entry concerns the WordPress plugin Better WordPress Google XML Sitemaps (

WordPress plugin 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is an application plugin for WordPress. WordPress Better WordPress Google XML Sitemaps plugin version 1.4.1 and earlier versions are vulnerable to a cross-site scripting...

WordPress Better WordPress Google XML Sitemaps plugin <= 1.4.1 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Better WordPress Google XML Sitemaps plugin versions = 1.4.1. Solution Deactivate and delete. This plugin has been closed as of February 14, 2022 and is not available for download. This closur...

CVE-2018-16204

Cross-site scripting vulnerability in Google XML Sitemaps Version 4.0.9 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2018-16204

Cross-site scripting vulnerability in Google XML Sitemaps Version 4.0.9 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors...