cleantalk
Vulnerabilities and Security Researches

Simple Sitemap – Create a Responsive HTML Sitemap, CVE-2023-6492

CVE, Research URL

CVE-2023-6492

Home page URL

Security reports for Simple Sitemap – Create a Responsive HTML Sitemap

Application

Simple Sitemap – Create a Responsive HTML Sitemap

Published on
Jun 14, 2024
Research Description
The Simple Sitemap – Create a Responsive HTML Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13. This is due to missing or incorrect nonce validation in the 'admin_notices' hook found in class-settings.php. This makes it possible for unauthenticated attackers to reset the plugin options to a default state via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
Min -, max 3.5.14.
Status
vulnerable
Previous vulnerability researches
WP Simple Sitemap (CVE-2025-22342) , Jan 07, 2025
Simple Sitemap – Create a Responsive HTML Sitemap (2c7d2a43acb34e5a361aecc7af9ace08eaacf947) , Jun 06, 2024
Simple Sitemap – Create a Responsive HTML Sitemap (CVE-2022-4472) , Jun 06, 2024
Simple Sitemap – Create a Responsive HTML Sitemap (CVE-2022-4974) , Nov 15, 2024
Simple Sitemap – Create a Responsive HTML Sitemap (CVE-2025-39413) , Apr 22, 2025
New vulnerability
WP-Syntax (CVE-2024-13926) , Apr 22, 2025
Simple Sitemap – Create a Responsive HTML Sitemap (CVE-2025-39413) , Apr 22, 2025
WooCommerce Shipping & Tax , Apr 21, 2025
Name Directory (CVE-2025-39454) , Apr 21, 2025
SB Chart block (CVE-2025-3661) , Apr 20, 2025