CVE-2025-23753
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in digireturn DN Sitemap Control dn-sitemap-control allows Reflected XSS.This issue affects DN Sitemap Control: from n/a through <= 1.0.6.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Reflected XSS in DN Sitemap Control plugin up to 1.0.6 allows attacker to inject malicious scripts via crafted request.
The DN Sitemap Control plugin for WordPress, version 1.0.6 and earlier, contains a reflected Cross-Site Scripting (XSS) vulnerability. This is caused by improper neutralization of user-supplied input during web page generation [1].
Exploitation of this vulnerability requires user interaction, meaning a privileged user must click a malicious link, visit a crafted page, or submit a specially crafted form. The attacker does not need to be authenticated to initiate the attack, but the victim must perform the action [1].
Successful exploitation allows a malicious actor to inject arbitrary scripts into the website, which are executed in the context of a victim's browser. This can lead to redirects, display of advertisements, or other HTML payloads when guests visit the affected site [1].
As of the publication date, no official patch has been released for this vulnerability. Patchstack provides a mitigation rule to block attacks until an update is available. Updating the plugin is strongly recommended as soon as a patched version is released [1].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=1.0.6
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.