WordPress Plugin Vulnerabilities

WP Simple HTML Sitemap < 2.8 - Missing Authorization

Description

The plugin is vulnerable to unauthorized access due to a missing capability check on an unknown function, allowing unauthenticated attackers to perform an unauthorized action.

Affects Plugins

Plugin icon
wp-simple-html-sitemap
Fixed in 2.8

References

CVE
CVE-2023-49850
URL
https://patchstack.com/database/vulnerability/wp-simple-html-sitemap/wordpress-wp-simple-html-sitemap-plugin-2-4-broken-access-control-vulnerability

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Abdi Pranata
Verified
No
WPVDB ID
a0c3a4dc-597f-4e11-9d69-dc2eb0e4a63f

Timeline

Publicly Published
2023-12-07 (about 2 years ago)
Added
2023-12-10 (about 2 years ago)
Last Updated
2024-03-13 (about 2 years ago)

Other

Published
Title
Published
2025-12-06
Title
WPKoi Templates for Elementor < 3.4.5 - Missing Authorization
Published
2025-05-16
Title
EventON - WordPress Virtual Event Calendar Plugin < 4.9.7 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
Published
2023-11-21
Title
GS Pins for Pinterest Lite < 1.8.1 - Missing Authorization via _update_shortcode
Published
2025-09-26
Title
ListingPro <= 2.9.8 - Missing Authorization
Published
2026-02-18
Title
Aruba HiSpeed Cache < 3.0.3 - Missing Authorization to Unauthenticated Plugin's Settings Modification