Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sitemap project sitemap vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2014-6291
Cross-site scripting (XSS) vulnerability in the Alphabetic Sitemap (alpha_sitemap) extension 0.0.3 and previous versions for TYPO3 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Alphabetic Sitemap Project Alphabetic Sitemap
Alphabetic Sitemap Project Alphabetic Sitemap 0.0.2
Alphabetic Sitemap Project Alphabetic Sitemap 0.0.1
605
VMScore
CVE-2022-0952
The Sitemap by click5 WordPress plugin prior to 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blo...
Sitemap Project Sitemap
1 Github repository
578
VMScore
CVE-2021-24192
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Tree Sitemap WordPress plugin prior to 2.9, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then b...
Sitemap Project Sitemap
NA
CVE-2022-4545
The Sitemap WordPress plugin prior to 4.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against hi...
Sitemap Project Sitemap
NA
CVE-2023-23816
Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Twardes Sitemap Index plugin <= 1.2.3 versions.
Sitemap Index Project Sitemap Index
NA
CVE-2022-4472
The Simple Sitemap WordPress plugin prior to 3.5.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used a...
Simple Sitemap Project Simple Sitemap
383
VMScore
CVE-2014-6240
Cross-site scripting (XSS) vulnerability in the Google Sitemap (weeaar_googlesitemap) extension 0.4.3 and previous versions for TYPO3 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Google Sitemap Project Google Sitemap 0.4.3
312
VMScore
CVE-2021-24715
The WP Sitemap Page WordPress plugin prior to 1.7.0 does not properly sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Wp Sitemap Page Project Wp Sitemap Page
383
VMScore
CVE-2022-1216
The Advanced Image Sitemap WordPress plugin up to and including 1.2 does not sanitise and escape the PHP_SELF PHP variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting.
Advanced Image Sitemap Project Advanced Image Sitemap
312
VMScore
CVE-2021-36912
Stored Cross-Site Scripting (XSS) vulnerability in Andrea Pernici News Sitemap for Google plugin <= 1.0.16 on WordPress, attackers must have contributor or higher user role.
Google-news-sitemap Project Google-news-sitemap
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »