Google Xml Sitemaps Project: >> Google Xml Sitemaps >> 4.0.7 Security Vulnerabilities
The XML Sitemaps WordPress plugin before 4.1.3 does not sanitise and escape a settings before outputting it in the Debug page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVSS Score
4.8
EPSS Score
0.002
Published
2022-06-20
Cross-site scripting vulnerability in Google XML Sitemaps Version 4.0.9 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-01-09