Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sitemap project sitemap vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-6291
Cross-site scripting (XSS) vulnerability in the Alphabetic Sitemap (alpha_sitemap) extension 0.0.3 and previous versions for TYPO3 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Alphabetic Sitemap Project Alphabetic Sitemap
Alphabetic Sitemap Project Alphabetic Sitemap 0.0.2
Alphabetic Sitemap Project Alphabetic Sitemap 0.0.1
8.8
CVSSv3
CVE-2021-24192
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Tree Sitemap WordPress plugin prior to 2.9, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then b...
Sitemap Project Sitemap
5.4
CVSSv3
CVE-2022-4545
The Sitemap WordPress plugin prior to 4.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against hi...
Sitemap Project Sitemap
8.8
CVSSv3
CVE-2022-0952
The Sitemap by click5 WordPress plugin prior to 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blo...
Sitemap Project Sitemap
1 Github repository
4.8
CVSSv3
CVE-2023-23816
Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Twardes Sitemap Index plugin <= 1.2.3 versions.
Sitemap Index Project Sitemap Index
5.4
CVSSv3
CVE-2022-4472
The Simple Sitemap WordPress plugin prior to 3.5.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used a...
Simple Sitemap Project Simple Sitemap
NA
CVE-2014-6240
Cross-site scripting (XSS) vulnerability in the Google Sitemap (weeaar_googlesitemap) extension 0.4.3 and previous versions for TYPO3 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Google Sitemap Project Google Sitemap 0.4.3
4.8
CVSSv3
CVE-2021-24715
The WP Sitemap Page WordPress plugin prior to 1.7.0 does not properly sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Wp Sitemap Page Project Wp Sitemap Page
6.1
CVSSv3
CVE-2022-1216
The Advanced Image Sitemap WordPress plugin up to and including 1.2 does not sanitise and escape the PHP_SELF PHP variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting.
Advanced Image Sitemap Project Advanced Image Sitemap
5.4
CVSSv3
CVE-2021-36912
Stored Cross-Site Scripting (XSS) vulnerability in Andrea Pernici News Sitemap for Google plugin <= 1.0.16 on WordPress, attackers must have contributor or higher user role.
Google-news-sitemap Project Google-news-sitemap
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »