Vulnerabilities and security researches forsimple-sitemap simple-sitemap

Apr 22, 2025

CVE, Research URL: CVE-2025-39413
Home page URL: Security reports for Simple Sitemap – Create a Responsive HTML Sitemap
Application: Simple Sitemap – Create a Responsive HTML Sitemap
Date: -
Research Description: Simple Sitemap – Create a Responsive HTML Sitemap [simple-sitemap] <= 3.5.14 (unfixed) CVE-2025-39413
Affected versions: Min -, max -.
Status: vulnerable

Nov 15, 2024

CVE, Research URL: CVE-2022-4974
Home page URL: Security reports for Simple Sitemap – Create a Responsive HTML Sitemap
Application: Simple Sitemap – Create a Responsive HTML Sitemap
Date: Oct 16, 2024
Research Description: The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Affected versions: Min -, max -.
Status: vulnerable

Jun 17, 2024

CVE, Research URL: CVE-2023-6492
Home page URL: Security reports for Simple Sitemap – Create a Responsive HTML Sitemap
Application: Simple Sitemap – Create a Responsive HTML Sitemap
Date: Jun 14, 2024
Research Description: The Simple Sitemap – Create a Responsive HTML Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13. This is due to missing or incorrect nonce validation in the 'admin_notices' hook found in class-settings.php. This makes it possible for unauthenticated attackers to reset the plugin options to a default state via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

Jun 06, 2024

CVE, Research URL: 2c7d2a43acb34e5a361aecc7af9ace08eaacf947
Home page URL: Security reports for Simple Sitemap – Create a Responsive HTML Sitemap
Application: Simple Sitemap – Create a Responsive HTML Sitemap
Date: Feb 28, 2022
Research Description: Simple Sitemap – Create a Responsive HTML Sitemap [simple-sitemap] < 3.5.5 WordPress Simple Sitemap – Create a Responsive HTML Sitemap plugin <= 3.5.4 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress Simple Sitemap – Create a Responsive HTML Sitemap plugin (versions <= 3.5.4).
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-4472
Home page URL: Security reports for Simple Sitemap – Create a Responsive HTML Sitemap
Application: Simple Sitemap – Create a Responsive HTML Sitemap
Date: Jan 31, 2023
Research Description: The Simple Sitemap WordPress plugin before 3.5.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
Affected versions: Min -, max -.
Status: vulnerable