Does Sitemap by BestWebSoft – WordPress XML Site Map Page Generator Plugin have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Sitemap by BestWebSoft – WordPress XML Site Map Page Generator Plugin compatible with WordPress 6.9.4?

According to WordPress.org data, Sitemap by BestWebSoft – WordPress XML Site Map Page Generator Plugin 3.3.5 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Sitemap by BestWebSoft – WordPress XML Site Map Page Generator Plugin Security & Risk Analysis

wordpress.org/plugins/google-sitemap-plugin

Generate and add XML sitemap to WordPress website. Help search engines index your blog.

20K active installs v3.3.5 PHP + WP 6.2+ Updated Dec 3, 2025

add-pages-to-sitemapadd-posts-to-sitemapadd-sitemapgooglegoogle-sitemap

A · Safe

CVEs total1

Unpatched0

Last CVEApr 12, 2017

Plugin page Download

Safety Verdict

Is Sitemap by BestWebSoft – WordPress XML Site Map Page Generator Plugin Safe to Use in 2026?

Generally Safe

Score 100/100

Sitemap by BestWebSoft – WordPress XML Site Map Page Generator Plugin has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Apr 12, 2017Updated 5mo ago

Risk Assessment

The "google-sitemap-plugin" v3.3.5 exhibits a generally good security posture with strong adherence to secure coding practices. The plugin demonstrates a high percentage of properly escaped outputs and a significant portion of SQL queries utilizing prepared statements. Furthermore, the presence of numerous nonce and capability checks suggests a conscious effort to protect against common WordPress attack vectors. The absence of any critical or high-severity taint flows and no currently unpatched CVEs are positive indicators.

Key Concerns

Use of unserialize() function
SQL queries not always using prepared statements
Known medium severity vulnerability in history

Vulnerabilities

1 published

Sitemap by BestWebSoft – WordPress XML Site Map Page Generator Plugin Security Vulnerabilities

CVEs by Year

1 CVE in 2017

2017

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

WF-e409a4af-9998-4b77-8f6b-50ae1b70da2d-google-sitemap-pluginmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Sitemap by BestWebSoft – WordPress XML Site Map Page Generator Plugin < 3.0.8 - Reflected Cross-Site Scripting

Apr 12, 2017 Patched in 3.0.8 (2477d)

Version History

Sitemap by BestWebSoft – WordPress XML Site Map Page Generator Plugin Release Timeline

v3.3.5Current

v3.3.3

v3.3.2

v3.3.1

v3.3.0

v3.2.9

v3.2.8

v3.2.7

v3.2.6

v3.2.5

v3.2.4

v3.2.3

v3.2.2

v3.2.1

v3.2.0

v3.1.9

v3.1.8

v3.1.7

v3.1.6

v3.1.5

Code Analysis

Analyzed Mar 16, 2026

Sitemap by BestWebSoft – WordPress XML Site Map Page Generator Plugin Code Analysis

Dangerous Functions

Raw SQL Queries

10 prepared

Unescaped Output

574 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$data = unserialize($data);google_api\Cache\File.php:75

SQL Query Safety

63% prepared16 total queries

Output Escaping

97% escaped593 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

6 flows

bws_add_menu_render (bws_menu\bws_menu.php:18)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Sitemap by BestWebSoft – WordPress XML Site Map Page Generator Plugin Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

authwp_ajax_bws_submit_request_feature_actionbws_menu\class-bws-settings.php:1466

authwp_ajax_bws_submit_uninstall_reason_actionbws_menu\deactivation-form.php:433

WordPress Hooks 43

filterload_textdomain_mofilebws_menu\bws_functions.php:43

filtermce_external_pluginsbws_menu\bws_functions.php:1146

filtermce_buttonsbws_menu\bws_functions.php:1147

actionadmin_initbws_menu\bws_functions.php:1433

actionadmin_enqueue_scriptsbws_menu\bws_functions.php:1434

actionadmin_headbws_menu\bws_functions.php:1435

actionadmin_footerbws_menu\bws_functions.php:1436

actionadmin_noticesbws_menu\bws_functions.php:1438

actionwp_enqueue_scriptsbws_menu\bws_functions.php:1440

filterrobots_txtgoogle-sitemap-plugin.php:125

actionwp_headgoogle-sitemap-plugin.php:184

actionembed_headgoogle-sitemap-plugin.php:185

actionadmin_menugoogle-sitemap-plugin.php:2777

actioninitgoogle-sitemap-plugin.php:2779

actionadmin_initgoogle-sitemap-plugin.php:2780

actionplugins_loadedgoogle-sitemap-plugin.php:2783

actionadmin_enqueue_scriptsgoogle-sitemap-plugin.php:2785

actiontransition_post_statusgoogle-sitemap-plugin.php:2787

actionsave_postgoogle-sitemap-plugin.php:2788

actiontrashed_postgoogle-sitemap-plugin.php:2789

actiongglstmp_sitemap_crongoogle-sitemap-plugin.php:2791

actiongglstmp_schedule_news_sitemapgoogle-sitemap-plugin.php:2792

actionpermalink_structure_changedgoogle-sitemap-plugin.php:2795

actioncreated_termgoogle-sitemap-plugin.php:2796

actionedited_termgoogle-sitemap-plugin.php:2797

actiondelete_termgoogle-sitemap-plugin.php:2798

filterrewrite_rules_arraygoogle-sitemap-plugin.php:2800

actionwp_headgoogle-sitemap-plugin.php:2802

filterplugin_action_linksgoogle-sitemap-plugin.php:2804

filterplugin_row_metagoogle-sitemap-plugin.php:2805

actionadmin_noticesgoogle-sitemap-plugin.php:2807

actionwpmu_new_bloggoogle-sitemap-plugin.php:2809

actionactivate_bloggoogle-sitemap-plugin.php:2810

actionmake_undelete_bloggoogle-sitemap-plugin.php:2811

actionunarchive_bloggoogle-sitemap-plugin.php:2812

actionmake_ham_bloggoogle-sitemap-plugin.php:2813

actiondelete_bloggoogle-sitemap-plugin.php:2815

actiondeactivate_bloggoogle-sitemap-plugin.php:2816

actionmake_delete_bloggoogle-sitemap-plugin.php:2817

actionarchive_bloggoogle-sitemap-plugin.php:2818

actionmake_spam_bloggoogle-sitemap-plugin.php:2819

actionadd_meta_boxesgoogle-sitemap-plugin.php:2822

actionsave_postgoogle-sitemap-plugin.php:2824

Scheduled Events 3

gglstmp_schedule_news_sitemap

gglstmp_sitemap_cron

Maintenance & Trust

Sitemap by BestWebSoft – WordPress XML Site Map Page Generator Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 3, 2025

PHP min version

Downloads2.2M

Community Trust

Rating86/100

Number of ratings114

Active installs20K

Alternatives

Sitemap by BestWebSoft – WordPress XML Site Map Page Generator Plugin Alternatives

Sitemap by click5

sitemap-by-click5

Best WordPress Sitemap plugin to generate and customize HTML & XML sitemaps for your website.

6K 1 CVE

WP SEO HTML Sitemap

wp-seo-html-sitemap

A responsive HTML sitemap that uses all of the settings for your XML sitemap in the WordPress SEO by Yoast Plugin.

6K No CVEs

XML Sitemaps

xml-sitemaps

Automatically generates XML Sitemaps for your site and notifies search engines when they're updated.

2K No CVEs

Youtube Video Sitemap generator

youtube-video-sitemap-generator

Scan your site for youtube links in both post content and meta tags and create a xml video sitemap file on the fly.

300 No CVEs

XML Sitemap for Google

xml-sitemap-for-google

100

Generate XML sitemap to enhance SEO and expedite website indexing.

100 No CVEs

Developer Profile

Sitemap by BestWebSoft – WordPress XML Site Map Page Generator Plugin Developer Profile

bestwebsoft

18 plugins · 207K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

1695 days

View full developer profile

Detection Fingerprints

How We Detect Sitemap by BestWebSoft – WordPress XML Site Map Page Generator Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/google-sitemap-plugin/bws_menu/css/bws_menu.css/wp-content/plugins/google-sitemap-plugin/css/gglstmp_admin.css/wp-content/plugins/google-sitemap-plugin/js/gglstmp_admin.js

Script Paths

/wp-content/plugins/google-sitemap-plugin/js/gglstmp_admin.js

Version Parameters

google-sitemap-plugin/css/gglstmp_admin.css?ver=google-sitemap-plugin/js/gglstmp_admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

gglstmp_robots_optionsgglstmp_options_tabs

Data Attributes

data-bws-custom-input

JS Globals

gglstmp_auth

FAQ