VYPR

Simple Sitemap

by WordPress

Source repositories

CVEs (3)

  • CVE-2022-4472MedJan 30, 2023
    risk 0.35cvss 5.4epss 0.01

    The Simple Sitemap WordPress plugin before 3.5.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used…

  • CVE-2025-39413MedApr 30, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in David Gwyer Simple Sitemap – Create a Responsive HTML Sitemap simple-sitemap.This issue affects Simple Sitemap – Create a Responsive HTML Sitemap: from n/a through <= 3.6.0.

  • CVE-2023-6492MedJun 14, 2024
    risk 0.21cvss 4.3epss 0.00

    The Simple Sitemap – Create a Responsive HTML Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13. This is due to missing or incorrect nonce validation in the 'admin_notices' hook found in class-settings.php.…