WP-Safety

XML Sitemap Generator for Google Security & Risk Analysis

wordpress.org/plugins/google-sitemap-generator

Generate multiple types of sitemaps to improve SEO and get your website indexed quickly.

1.0M active installs v4.1.23 PHP 5.0+ WP 4.6+ Updated Feb 7, 2026
html-sitemapnews-sitemapseovideo-sitemapxml-sitemap
96
A · Safe
CVEs total3
Unpatched0
Last CVEOct 31, 2025
Plugin page Download
Safety Verdict

Is XML Sitemap Generator for Google Safe to Use in 2026?

Generally Safe

Score 96/100

XML Sitemap Generator for Google has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Oct 31, 2025Updated 1mo ago
Risk Assessment

The "google-sitemap-generator" plugin version 4.1.23 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for a significant majority of its SQL queries and properly escaping most of its output. The presence of numerous nonce and capability checks suggests an effort to secure its entry points, and the limited attack surface with no unprotected entry points is a strong indicator of a well-secured design at first glance. However, the static analysis reveals potential areas of concern. The use of the `unserialize` function is a known risk, as it can lead to remote code execution if used with untrusted input. While the taint analysis did not flag critical or high severity flows with unsanitized paths, the presence of two such flows warrants attention as they could potentially be exploited under specific circumstances. The vulnerability history, with three medium severity CVEs previously discovered, including Cross-site Scripting and Missing Authorization, indicates a past susceptibility to common web vulnerabilities. Although there are no currently unpatched vulnerabilities and the last one was in 2025, this history suggests a pattern of past security weaknesses that, combined with the `unserialize` function, requires continued vigilance.

Key Concerns

  • Use of 'unserialize' function
  • Taint flows with unsanitized paths (2)
  • Medium severity CVEs in history (3)
Vulnerabilities
3

XML Sitemap Generator for Google Security Vulnerabilities

CVEs by Year

1 CVE in 2018
2018
1 CVE in 2022
2022
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2025-64632medium · 5.3Missing Authorization

Google XML Sitemaps <= 4.1.22 - Missing Authorization

Oct 31, 2025 Patched in 4.1.23 (102d)
CVE-2021-25088medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

XML Sitemaps <= 4.1.1 - Authenticated (Admin+) Cross-Site Scripting

May 30, 2022 Patched in 4.1.2 (603d)
CVE-2018-16204medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

XML Sitemaps <= 4.0.9 - Authenticated Cross-Site Scripting

Dec 25, 2018 Patched in 4.1.0 (1855d)
Code Analysis
Analyzed Mar 16, 2026

XML Sitemap Generator for Google Code Analysis

Dangerous Functions
1
Raw SQL Queries
5
14 prepared
Unescaped Output
28
291 escaped
Nonce Checks
13
Capability Checks
9
File Operations
2
External Requests
4
Bundled Libraries
0

Dangerous Functions Found

unserialize$storedpages = unserialize( $pages_string );sitemap-core.php:1599

SQL Query Safety

74% prepared19 total queries

Output Escaping

91% escaped319 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths
show_ping_result (sitemap-core.php:2537)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

XML Sitemap Generator for Google Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_disable_pluginssitemap.php:552
WordPress Hooks 40
actionadmin_menuclass-googlesitemapgeneratorloader.php:37
actionwp_dashboard_setupclass-googlesitemapgeneratorloader.php:40
filterozh_adminmenu_iconclass-googlesitemapgeneratorloader.php:43
filterplugin_row_metaclass-googlesitemapgeneratorloader.php:46
actionsm_pingclass-googlesitemapgeneratorloader.php:49
actionsm_ping_dailyclass-googlesitemapgeneratorloader.php:52
actiontransition_post_statusclass-googlesitemapgeneratorloader.php:55
actioninitclass-googlesitemapgeneratorloader.php:57
actiondo_robotsclass-googlesitemapgeneratorloader.php:66
actionwp_loadedclass-googlesitemapgeneratorloader.php:78
filterwp_sitemaps_enabledclass-googlesitemapgeneratorloader.php:91
filterrobots_txtclass-googlesitemapgeneratorloader.php:96
filterquery_varsclass-googlesitemapgeneratorloader.php:127
filtertemplate_redirectclass-googlesitemapgeneratorloader.php:129
filterrewrite_rules_arrayclass-googlesitemapgeneratorloader.php:205
filterrewrite_rules_arrayclass-googlesitemapgeneratorloader.php:236
actionadmin_noticesclass-googlesitemapgeneratorloader.php:324
actioninitclass-googlesitemapgeneratorloader.php:1312
actionadmin_noticesclass-googlesitemapgeneratorloader.php:1313
actionsm_build_indexclass-googlesitemapgeneratorstandardbuilder.php:21
actionsm_build_contentclass-googlesitemapgeneratorstandardbuilder.php:22
filtersm_sitemap_for_postclass-googlesitemapgeneratorstandardbuilder.php:24
filterget_terms_fieldsclass-googlesitemapgeneratorstandardbuilder.php:615
filterget_terms_fieldsclass-googlesitemapgeneratorstandardbuilder.php:745
filterget_terms_fieldsclass-googlesitemapgeneratorstandardbuilder.php:785
filtersm_add_prio_providersitemap-core.php:930
filterrewrite_rules_arraysitemap-core.php:1733
filterrewrite_rules_arraysitemap-core.php:1742
filterwp_feed_cache_transient_lifetimesitemap-core.php:2730
actionadmin_initsitemap.php:65
actionadmin_headsitemap.php:66
actionadmin_footersitemap.php:67
actionplugins_loadedsitemap.php:68
actiontransition_post_statussitemap.php:74
actionwpmu_new_blogsitemap.php:76
actionparse_requestsitemap.php:90
actionadmin_noticessitemap.php:308
actionadmin_noticessitemap.php:314
filterwp_sitemaps_enabledsitemap.php:550
actionadmin_noticessitemap.php:554

Scheduled Events 2

sm_ping_daily
sm_ping
Maintenance & Trust

XML Sitemap Generator for Google Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 7, 2026
PHP min version5.0
Downloads42.7M

Community Trust

Rating96/100
Number of ratings2,229
Active installs1.0M
Alternatives

XML Sitemap Generator for Google Alternatives

Sitemap Generator Professional

Sitemap Generator Professional

mb-sitemap-generator

A
85

An easy to use XML sitemap generator with support for image and video sitemaps for WordPress.

4K No CVEs
Image & Video XML Sitemap

Image & Video XML Sitemap

image-video-xml-sitemap

A
100

Create separate XML sitemaps for images and videos with advanced customization. Fully compatible with Yoast SEO.

300 No CVEs
Main Menu HTML Sitemap

Main Menu HTML Sitemap

main-menu-html-site-map

A
92

Your site need html sitemap for SEO enhance. This plugin will make it easy.

100 No CVEs
XMLMap – XML & HTML Sitemap Generator

XMLMap – XML & HTML Sitemap Generator

xmlmap-xml-html-sitemap-generator

A
100

Generates XML and HTML sitemaps for your website to improve SEO and help search engines better understand your site structure.

10 No CVEs
Yoast SEO – Advanced SEO with real-time guidance and built-in AI

Yoast SEO – Advanced SEO with real-time guidance and built-in AI

wordpress-seo

A
89

Improve your SEO with real-time feedback, schema, and clear guidance. Upgrade for AI tools, Google Docs integration, and 24/7 support, no hidden fees.

10.0M 17 CVEs
Developer Profile

XML Sitemap Generator for Google Developer Profile

Auctollo

1 plugin · 1.0M total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
853 days
View full developer profile
Detection Fingerprints

How We Detect XML Sitemap Generator for Google

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/google-sitemap-generator/css/sitemap.css/wp-content/plugins/google-sitemap-generator/js/sitemap.js/wp-content/plugins/google-sitemap-generator/js/google.js/wp-content/plugins/google-sitemap-generator/js/sitemap-admin.js
Generator Patterns
XML Sitemap Generator for Google
Script Paths
/wp-content/plugins/google-sitemap-generator/js/sitemap.js/wp-content/plugins/google-sitemap-generator/js/google.js/wp-content/plugins/google-sitemap-generator/js/sitemap-admin.js
Version Parameters
google-sitemap-generator/css/sitemap.css?ver=google-sitemap-generator/js/sitemap.js?ver=google-sitemap-generator/js/google.js?ver=google-sitemap-generator/js/sitemap-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
conflict_plugin
HTML Comments
<!-- * $Id: sitemap.php 3426561 2025-12-24 00:45:27Z auctollo $ --><!-- * * XML Sitemap Generator for Google * ============================================================================== --><!-- * * This generator will create a sitemaps.org compliant sitemap of your WordPress site. --><!-- * * For additional details like installation instructions, please check the readme.txt and documentation.txt files. -->+8 more
Data Attributes
id="discard_content"id="user-consent-f
JS Globals
GoogleSitemapGeneratorLoadersm_optionsenable_updatesdo_not_enable_updatesconflict_pluginmore_info_button+2 more
FAQ

Frequently Asked Questions about XML Sitemap Generator for Google