WordPress Plugin Vulnerabilities

Google XML Sitemaps <= 4.0.9 - Authenticated Cross-Site Scripting (XSS)

Description

According to the changelog:

4.1.0 (2018-12-18)
- Fixed security issue related to escaping external URLs
- Fixed security issue related to option tags in forms

Affects Plugins

google-sitemap-generator

Fixed in version 4.1.0

References

CVE

CVE-2018-16204

URL

https://jvn.jp/en/jp/JVN27052429/index.html

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Original Researcher

takagisan

Submitter

Javier Casares

Submitter website

https://www.javiercasares.com/

Submitter twitter

JavierCasares

Verified

WPVDB ID

0e13cb3e-27b4-4d56-b841-43e79a5e4e25

Timeline

Publicly Published

2018-12-18 (about 4 years ago)

Added

2019-01-07 (about 4 years ago)

Last Updated

2020-09-22 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin