Does Simple HTML Sitemap have any unpatched vulnerabilities?

No. All known vulnerabilities in Simple HTML Sitemap have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Simple HTML Sitemap compatible with WordPress 5.4.19?

According to WordPress.org data, Simple HTML Sitemap 1.0.5 has been tested up to WordPress 5.4.19. Check the plugin's changelog for the latest compatibility information.

How often is Simple HTML Sitemap updated?

Simple HTML Sitemap was last updated on Jun 23, 2020. Frequent updates are generally a positive security signal.

What is Simple HTML Sitemap's security score?

Simple HTML Sitemap has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Simple HTML Sitemap Security & Risk Analysis

wordpress.org/plugins/display-html-sitemap

Simple HTML Sitemap creates beautiful sitemap for you website with it's dedicated shortcode.

1K active installs v1.0.5 PHP + WP 4.0+ Updated Jun 23, 2020

custom-post-typehtml-sitemappost-typesettingssitemap

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Simple HTML Sitemap Safe to Use in 2026?

Generally Safe

Score 85/100

Simple HTML Sitemap has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The 'display-html-sitemap' plugin v1.0.5 exhibits a generally good security posture, with no known CVEs or recorded vulnerabilities. The static analysis indicates a small attack surface, primarily consisting of a single shortcode. The code also demonstrates good practices by using prepared statements for all SQL queries, performing nonce checks, and implementing capability checks. There are no external HTTP requests or file operations, further reducing potential risks.

However, a significant concern arises from the output escaping. With 19 total outputs and only 11% properly escaped, there is a high likelihood of cross-site scripting (XSS) vulnerabilities. While the taint analysis shows no unsanitized paths or critical/high severity flows, this is likely due to the limited scope of the analysis or the absence of specific malicious inputs designed to trigger them. The lack of proper output escaping is a fundamental security weakness that can be exploited by attackers to inject malicious scripts into the sitemap output, potentially affecting users who view it.

In conclusion, while the plugin benefits from a clean vulnerability history and good data handling practices, the pervasive issue with output escaping presents a tangible and significant security risk. Addressing this would be paramount to ensuring a more secure implementation.

Key Concerns

Low percentage of properly escaped output

Vulnerabilities

None known

Simple HTML Sitemap Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Simple HTML Sitemap Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

11% escaped19 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

dhswp_save_options (display-html-sitemap.php:159)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Simple HTML Sitemap Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[display-html-sitemap] display-html-sitemap.php:62

WordPress Hooks 5

actionplugins_loadeddisplay-html-sitemap.php:52

actionadmin_menudisplay-html-sitemap.php:53

actionadmin_initdisplay-html-sitemap.php:54

actionadmin_enqueue_scriptsdisplay-html-sitemap.php:55

actionwp_loadeddisplay-html-sitemap.php:59

Maintenance & Trust

Simple HTML Sitemap Maintenance & Trust

Maintenance Signals

WordPress version tested5.4.19

Last updatedJun 23, 2020

PHP min version

Downloads12K

Community Trust

Rating74/100

Number of ratings3

Active installs1K

Alternatives

Simple HTML Sitemap Alternatives

Custom Post Type UI

custom-post-type-ui

Admin UI for creating custom content types like post types and taxonomies

1.0M 4 CVEs

XML Sitemap Generator for Google

google-sitemap-generator

Generate multiple types of sitemaps to improve SEO and get your website indexed quickly.

1.0M 3 CVEs

Meta Box

meta-box

Meta Box plugin is a powerful, professional developer toolkit to create custom meta boxes and custom fields for your custom post types in WordPress.

500K 6 CVEs

Intuitive Custom Post Order

intuitive-custom-post-order

Intuitively reorder Posts, Pages, Custom Post Types, Taxonomies, and Sites with a simple drag-and-drop interface.

400K 4 CVEs

WP Sitemap Page

wp-sitemap-page

100

Add a sitemap on any of your page using the simple shortcode [wp_sitemap_page]. Improve the SEO and navigation of your website.

300K 1 CVE

Developer Profile

Simple HTML Sitemap Developer Profile

Dipak Kumar Pusti

2 plugins · 1K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Simple HTML Sitemap

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/display-html-sitemap/assets/css/display-html-sitemap.css/wp-content/plugins/display-html-sitemap/assets/js/display-html-sitemap.js

Script Paths

/wp-content/plugins/display-html-sitemap/assets/js/display-html-sitemap.js

Version Parameters

display-html-sitemap/style.css?ver=display-html-sitemap.js?ver=

HTML / DOM Fingerprints

CSS Classes

dhswp-ui-state-defaultdhswp-cptdhswp-dragable-handlerdhswp-dragable-checkboxdhswp-cpt-namedhswp-cpt-name-titledhswp_changenamedhswp-newname+2 more

Data Attributes

dhswp_active_dhswp_newname_

Shortcode Output

[display-html-sitemap]

FAQ