Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2025/02/21 8:38 a.m.5 views

CVE-2024-12339

The Digihood HTML Sitemap plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘channel' parameter in all versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...

6.1CVSS6.2AI score0.00411EPSS
Exploits0References1
CVE
CVE
added 2025/02/19 7:32 a.m.36 views

CVE-2024-12339

The Digihood HTML Sitemap plugin for WordPress is listed in Wordfence Intelligence as CVE-2024-12339 with a Reflected Cross-Site Scripting (XSS) flaw in the channel parameter. The vulnerability affects all versions up to 3.1.1 and is due to insufficient input sanitization and output escaping, ena...

6.1CVSS6AI score0.00411EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/05 12:3 p.m.7 views

CVE-2024-7385

The WordPress Simple HTML Sitemap plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

9.1CVSS7AI score0.01386EPSS
Exploits0References1
CVE
CVE
added 2023/11/08 4:2 p.m.72 views

CVE-2023-46627

CVE-2023-46627 affects WordPress plugin WP Simple HTML Sitemap (wp-simple-html-sitemap) up to version 2.2. The vulnerability is an unauthenticated Cross-Site Scripting (XSS) via the id parameter (Reflected XSS). Patch/mitigation: upgrade to version 2.3 or later. This CVE entry is supported by Pat...

7.1CVSS6AI score0.00412EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/10/18 12:30 p.m.104 views

CVE-2023-45067

The CVE-2023-45067 affects WordPress plugin WordPress Simple HTML Sitemap (

6.5CVSS5.5AI score0.0031EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/05 12:0 a.m.28 views

Kwayy HTML Sitemap < 4.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Click the 'Settings' button of this plugin...

4.8CVSS0.6AI score0.00532EPSS
Exploits2Affected Software1
CNVD
CNVD
added 2018/03/21 12:0 a.m.2 views

WordPress WP HTML Sitemap plugin cross-site request forgery vulnerability

WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.WP HTML Sitemap plugin is used in one of the by entering a short code in the page to add HTML sitemap plugin. A...

6.5CVSS6.9AI score0.00781EPSS
Exploits1References1
Prion
Prion
added 2018/03/19 9:29 p.m.14 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in inc/AdminPage.php in the WP HTML Sitemap plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete the sitemap via a request to the wp-html-sitemap page in wp-admin/options-general.php...

5.8CVSS7.5AI score0.00781EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/03/19 9:0 p.m.39 views

CVE-2014-2675

CVE-2014-2675 concerns the WordPress WP HTML Sitemap plugin (version 1.2) and its file inc/AdminPage.php. The vulnerability is a Cross-Site Request Forgery (CSRF) that allows an attacker to hijack the administrator’s authentication to perform a sensitive action: deleting the sitemap via a request...

6.5CVSS6.7AI score0.00781EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder