3 matches found
CVE-2019-15113
CVE-2019-15113 affects the WordPress plugin companion-sitemap-generator (before 3.7.0). Multiple sources confirm a CSRF vulnerability in this plugin, enabling unauthorized actions from forged requests. The NVD entry lists CVSS v3 base score 8.8 (HIGH) with network attack vector, low attack comple...
CVE-2023-0066
The CVE-2023-0066 entry refers to the Companion Sitemap Generator WordPress plugin (versions up to 4.5.1.1). The root cause is failure to validate and escape certain shortcode attributes, which can enable Stored XSS when the shortcode is embedded in a page/post by users with contributor+ privileg...
CVE-2023-1780
The CVE-2023-1780 affects the Companion Sitemap Generator WordPress plugin (versions before 4.5.3). It stems from not sanitising/escaping certain parameters before echoing them in pages, causing a Reflected Cross‑Site Scripting (XSS) vulnerability that could affect high‑privilege users (e.g., adm...