WordPress Plugin Vulnerabilities

Google XML Sitemaps < 4.1.0 - Authenticated Cross-Site Scripting (XSS)

Description

According to the changelog:

4.1.0 (2018-12-18)
- Fixed security issue related to escaping external URLs
- Fixed security issue related to option tags in forms

Affects Plugins

Plugin icon
google-sitemap-generator
Fixed in 4.1.0

References

CVE
CVE-2018-16204
URL
https://jvn.jp/en/jp/JVN27052429/index.html

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.8 (medium)

Miscellaneous

Original Researcher
takagisan
Submitter
Javier Casares
Submitter website
https://www.javiercasares.com/
Submitter twitter
JavierCasares
Verified
No
WPVDB ID
0e13cb3e-27b4-4d56-b841-43e79a5e4e25

Timeline

Publicly Published
2018-12-18 (about 7 years ago)
Added
2019-01-07 (about 7 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2023-04-19
Title
WCP Contact Form <= 3.1.0 - Reflected XSS
Published
2025-02-24
Title
Local Search SEO Contact Page <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-09-05
Title
Ultimate Client Dash < 4.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2026-03-23
Title
RSFirewall! < 1.1.46 - Unauthenticated Stored Cross-Site Scripting
Published
2025-01-16
Title
Powie's pLinks PagePeeker <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting