VYPR

Wp HTML Sitemap

by WordPress

CVEs (2)

  • CVE-2014-2675MedMar 19, 2018
    risk 0.42cvss 6.5epss 0.01

    Cross-site request forgery (CSRF) vulnerability in inc/AdminPage.php in the WP HTML Sitemap plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete the sitemap via a request to the wp-html-sitemap page in…

  • CVE-2022-3835MedDec 26, 2022
    risk 0.31cvss 4.8epss 0.01

    The Kwayy HTML Sitemap WordPress plugin before 4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in…