WP HTML Sitemap 1.2 – wp-html-sitemap.html Sitemap Deletion CSRF | CVE 2014-2675

Affects Plugins

wp-html-sitemap

No known fix

References

CVE

CVE-2014-2675

URL

https://packetstormsecurity.com/files/#125933/

URL

https://seclists.org/fulldisclosure/2014/Mar/400

URL

https://advisories.dxw.com/advisories/csrf-vulnerability-in-wp-html-sitemap-1-2/

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

CVSS

6.5 (medium)

Miscellaneous

Verified

No

WPVDB ID

0bb80397-07c0-441a-8fef-ee0f43926f99

Timeline

Publicly Published

2014-08-01 (about 11 years ago)

Added

2014-08-01 (about 11 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2025-11-10

Title

WP-Walla <= 0.5.3.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Published

2026-01-13

Title

Sosh Share Buttons <= 1.1.0 - Cross-Site Request Forgery

Published

2023-12-28

Title

Icegram < 3.1.19 - Cross-Site Request Forgery via save_campaign_preview

Published

2024-06-21

Title

ContentLock < 1.0.4 - Email Adding via CSRF

Published

2025-04-09

Title

Script Compressor <= 1.7.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting