CVE-2026-39654

The CVE-2026-39654 entry documents a DOM- Based XSS in the WordPress plugin WP Simple HTML Sitemap (plugin version

CVE-2026-39654

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ashish Ajani WP Simple HTML Sitemap wp-simple-html-sitemap allows DOM-Based XSS.This issue affects WP Simple HTML Sitemap: from n/a through = 3.8...

PT-2026-20611

The iXML – Google XML sitemap generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'iXML email' parameter in all versions up to, and including, 0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2022-0952

The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such as...

WordPress Simple XML Sitemap plugin <= 1.3 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Skalucy in WordPress Plugin Simple XML Sitemap versions = 1.3...

CVE-2025-64632 WordPress Google XML Sitemaps plugin <= 4.1.22 - Broken Access Control vulnerability

Missing Authorization vulnerability in Auctollo Google XML Sitemaps google-sitemap-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google XML Sitemaps: from n/a through = 4.1.22...

EUVD-2022-51816

Malicious code in bioql PyPI...

EUVD-2024-33805

Malicious code in bioql PyPI...

CVE-2025-48304 WordPress Google XML News Sitemap plugin plugin <= 0.02 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Gary Illyes Google XML News Sitemap plugin gn-xml-sitemap allows Stored XSS.This issue affects Google XML News Sitemap plugin: from n/a through = 0.02...

PT-2025-34993

Name of the Vulnerable Software and Affected Versions: Google XML News Sitemap plugin versions not specified Description: The Google XML News Sitemap plugin contains a Cross-Site Request Forgery CSRF vulnerability that also allows Stored Cross-Site Scripting XSS. Recommendations: At the moment,...

CVE-2024-11424

The Slick Sitemap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slick-sitemap' shortcode in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

CVE-2023-6492

The Simple Sitemap – Create a Responsive HTML Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13. This is due to missing or incorrect nonce validation in the 'adminnotices' hook found in class-settings.php. This makes it possible...

CVE-2022-4472

The Simple Sitemap WordPress plugin before 3.5.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privile...

CVE-2025-39413

Missing Authorization vulnerability in David Gwyer Simple Sitemap – Create a Responsive HTML Sitemap.This issue affects Simple Sitemap – Create a Responsive HTML Sitemap: from n/a through 3.5.14...

CVE-2025-31733

CVE-2025-31733 is a stored XSS vulnerability in the WP Sitemap WordPress plugin. Connected sources confirm the affected product as WP Sitemap, with version scope “

CVE-2025-31733 WordPress WP Sitemap Plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Boot Div WP Sitemap wpsitemap allows Stored XSS.This issue affects WP Sitemap: from n/a through = 1.0.0...

WordPress WP Sitemap plugin <= 1.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by theviper17 in WordPress Plugin WP Sitemap versions = 1.0...

CVE-2024-12339

The Digihood HTML Sitemap plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘channel' parameter in all versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...

CVE-2024-12339

The Digihood HTML Sitemap plugin for WordPress is listed in Wordfence Intelligence as CVE-2024-12339 with a Reflected Cross-Site Scripting (XSS) flaw in the channel parameter. The vulnerability affects all versions up to 3.1.1 and is due to insufficient input sanitization and output escaping, ena...

CVE-2024-7385

The WordPress Simple HTML Sitemap plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...