2 matches found
CVE-2018-16204
CVE-2018-16204 affects the WordPress Google XML Sitemaps plugin (versions 4.0.9 and earlier). The vulnerability is a cross-site scripting (XSS) flaw that can be triggered by an authenticated attacker to inject arbitrary script/HTML, with the stored-XSS variant emphasized by multiple sources. Impa...
CVE-2021-25088
CVE-2021-25088 affects the WordPress Google XML Sitemaps plugin prior to 4.1.3. The root cause is failure to sanitize/escape settings before outputting them on the Debug page, enabling Cross-Site Scripting by high-privilege users (e.g., in multisite). Impact is XSS; CVE details indicate the issue...