9 matches found
CVE-2024-12339
The Digihood HTML Sitemap plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘channel' parameter in all versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...
CVE-2024-12339
The Digihood HTML Sitemap plugin for WordPress is listed in Wordfence Intelligence as CVE-2024-12339 with a Reflected Cross-Site Scripting (XSS) flaw in the channel parameter. The vulnerability affects all versions up to 3.1.1 and is due to insufficient input sanitization and output escaping, ena...
CVE-2024-7385
The WordPress Simple HTML Sitemap plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...
CVE-2023-46627
CVE-2023-46627 affects WordPress plugin WP Simple HTML Sitemap (wp-simple-html-sitemap) up to version 2.2. The vulnerability is an unauthenticated Cross-Site Scripting (XSS) via the id parameter (Reflected XSS). Patch/mitigation: upgrade to version 2.3 or later. This CVE entry is supported by Pat...
CVE-2023-45067
The CVE-2023-45067 affects WordPress plugin WordPress Simple HTML Sitemap (
Kwayy HTML Sitemap < 4.0 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Click the 'Settings' button of this plugin...
WordPress WP HTML Sitemap plugin cross-site request forgery vulnerability
WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.WP HTML Sitemap plugin is used in one of the by entering a short code in the page to add HTML sitemap plugin. A...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in inc/AdminPage.php in the WP HTML Sitemap plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete the sitemap via a request to the wp-html-sitemap page in wp-admin/options-general.php...
CVE-2014-2675
CVE-2014-2675 concerns the WordPress WP HTML Sitemap plugin (version 1.2) and its file inc/AdminPage.php. The vulnerability is a Cross-Site Request Forgery (CSRF) that allows an attacker to hijack the administrator’s authentication to perform a sensitive action: deleting the sitemap via a request...