ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Google XML Sitemaps plugin <= 4.0.9 - Authenticated Cross-Site Scripting (XSS) vulnerability

Product
Google XML Sitemaps
Description
Authenticated Cross-Site Scripting (XSS) vulnerability found by takagisan in WordPress Google XML Sitemaps plugin (version <= 4.0.9).
Solution
Update the WordPress Google XML Sitemaps plugin to the latest available version (at least 4.1.0).
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Plugin changelog
CVE
Name CVE-2018-16204
Versions
Affected In <= 4.0.9
Fixed In 4.1.0
Disclosure date
2019-01-08
Credits
takagisan
Submitter
ThreatPress