WP-Safety

Lana Sitemap Security & Risk Analysis

wordpress.org/plugins/lana-sitemap

XML and Google News Sitemaps

70 active installs v1.0.3 PHP + WP 4.0+ Updated Sep 15, 2017
google-newsgoogle-news-sitemapsitemapsitemap-xmlxml-sitemap
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Lana Sitemap Safe to Use in 2026?

Generally Safe

Score 85/100

Lana Sitemap has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The "lana-sitemap" plugin v1.0.3 presents a generally good security posture, with no known vulnerabilities or CVEs recorded. The static analysis shows a very small attack surface, with zero entry points identified in AJAX handlers, REST API routes, shortcodes, or cron events. This lack of direct interaction points significantly reduces the likelihood of external exploitation. However, there are a few areas that warrant attention. The presence of the "create_function" dangerous function is a notable concern, as it can be a vector for code injection if not handled with extreme care, although the lack of taint flows suggests this is not currently being exploited. Furthermore, the output escaping is only 66% proper, indicating a potential risk of Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is directly outputted without adequate sanitization. While the plugin demonstrates good practices like nonce and capability checks, these areas could be strengthened to further mitigate risks.

Key Concerns

  • Uses "create_function", a dangerous PHP function
  • Only 66% of output is properly escaped
  • 40% of SQL queries do not use prepared statements
Vulnerabilities
None known

Lana Sitemap Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Lana Sitemap Code Analysis

Dangerous Functions
1
Raw SQL Queries
3
2 prepared
Unescaped Output
54
103 escaped
Nonce Checks
1
Capability Checks
1
File Operations
1
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

create_function$callback = create_function( '$a', 'return filter_var($a,FILTER_VALIDATE_URL) || is_numeric($a);' )includes\class-lana-sitemap-admin.php:1364

SQL Query Safety

40% prepared5 total queries

Output Escaping

66% escaped157 total outputs
Attack Surface

Lana Sitemap Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 27
actionadmin_enqueue_scriptsincludes\class-lana-sitemap-admin.php:14
actionadd_meta_boxesincludes\class-lana-sitemap-admin.php:76
actionadd_meta_boxesincludes\class-lana-sitemap-admin.php:128
actionsave_postincludes\class-lana-sitemap-admin.php:139
filterthe_title_xml_sitemapincludes\class-lana-sitemap.php:85
filterthe_title_xml_sitemapincludes\class-lana-sitemap.php:86
filterthe_title_xml_sitemapincludes\class-lana-sitemap.php:87
filterbloginfo_xml_sitemapincludes\class-lana-sitemap.php:88
filterrequestincludes\class-lana-sitemap.php:91
actionplugins_loadedincludes\class-lana-sitemap.php:94
actiongenerate_rewrite_rulesincludes\class-lana-sitemap.php:97
filteruser_trailingslashitincludes\class-lana-sitemap.php:98
actioninitincludes\class-lana-sitemap.php:101
actionadmin_initincludes\class-lana-sitemap.php:104
actiondo_robotstxtincludes\class-lana-sitemap.php:107
filterrobots_txtincludes\class-lana-sitemap.php:108
actiontransition_post_statusincludes\class-lana-sitemap.php:111
actiontransition_post_statusincludes\class-lana-sitemap.php:114
actionthe_postincludes\class-lana-sitemap.php:1240
filterpost_limitsincludes\class-lana-sitemap.php:1262
filterposts_whereincludes\class-lana-sitemap.php:1263
filterpost_limitsincludes\class-lana-sitemap.php:1265
filterpost_limitsincludes\class-lana-sitemap.php:1284
actiondo_feed_sitemapincludes\class-lana-sitemap.php:1581
actiondo_feed_sitemap-homeincludes\class-lana-sitemap.php:1582
actiondo_feed_sitemap-customincludes\class-lana-sitemap.php:1583
actiondo_feed_sitemap-newsincludes\class-lana-sitemap.php:1595
Maintenance & Trust

Lana Sitemap Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28
Last updatedSep 15, 2017
PHP min version
Downloads6K

Community Trust

Rating100/100
Number of ratings2
Active installs70
Alternatives

Lana Sitemap Alternatives

XML News Sitemap

XML News Sitemap

xml-news-sitemap

A
85

This plugin provides a highly-configurable Google News XML Sitemap for WordPress.

70 No CVEs
Dynamic XML Sitemaps Generator for Google

Dynamic XML Sitemaps Generator for Google

xml-sitemap-generator-for-google

A
100

Boost SEO 🚀 with powerful XML, HTML, Image, Video & Google News sitemaps for better search engine indexing.

20K 1 CVE
XML Sitemaps Manager

XML Sitemaps Manager

xml-sitemaps-manager

A
100

Options to manage the WordPress core XML Sitemaps, optimize and fix some bugs.

300 No CVEs
Google News Sitemap Feed With Multisite Support

Google News Sitemap Feed With Multisite Support

google-news-sitemap-feed-with-multisite-support

A
85

Dynamically generates a Google News Sitemap. Multisite compatible.

100 No CVEs
Lightweight Newscast XML Sitemap For Google News

Lightweight Newscast XML Sitemap For Google News

lightweight-newscast-xml-sitemap-for-google-news

A
100

Generates a Google News compatible XML sitemap for WordPress sites to be submitted to Google Search Console for better news content indexing.

40 No CVEs
Developer Profile

Lana Sitemap Developer Profile

Lana Codes

13 plugins · 4K total installs

73
trust score
Avg Security Score
92/100
Avg Patch Time
400 days
View full developer profile
Detection Fingerprints

How We Detect Lana Sitemap

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/lana-sitemap/assets/js/lana-sitemap-admin.js
Script Paths
/wp-content/plugins/lana-sitemap/assets/js/lana-sitemap-admin.js
Version Parameters
lana-sitemap/assets/js/lana-sitemap-admin.js?ver=

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Lana Sitemap