Does Native Sitemap Customizer have any unpatched vulnerabilities?

No. All known vulnerabilities in Native Sitemap Customizer have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Native Sitemap Customizer compatible with WordPress 6.9.4?

According to WordPress.org data, Native Sitemap Customizer 1.4.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Native Sitemap Customizer compatible with PHP 7.4+?

Native Sitemap Customizer requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Native Sitemap Customizer updated?

Native Sitemap Customizer was last updated on Jan 7, 2026. Frequent updates are generally a positive security signal.

What is Native Sitemap Customizer's security score?

Native Sitemap Customizer has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Native Sitemap Customizer Security & Risk Analysis

wordpress.org/plugins/native-sitemap-customizer

Native Sitemap Customizer gives you complete control over the native WordPress XML sitemap (wp-sitemap.xml) without requiring a full SEO plugin.

60 active installs v1.4.0 PHP 7.4+ WP 5.5+ Updated Jan 7, 2026

googleseositemapwp-sitemapxml-sitemap

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Native Sitemap Customizer Safe to Use in 2026?

Generally Safe

Score 100/100

Native Sitemap Customizer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The "native-sitemap-customizer" v1.4.0 plugin exhibits a strong security posture based on the provided static analysis. The plugin makes excellent use of prepared statements for all SQL queries and demonstrates a high level of output escaping, with 99% of outputs properly escaped. Furthermore, it incorporates nonce checks and capability checks, which are crucial for protecting against common WordPress vulnerabilities. The absence of dangerous functions, file operations, and external HTTP requests further bolsters its security. The vulnerability history is clean, with no known CVEs, indicating a potentially well-maintained and secure codebase over time.

While the static analysis reveals no critical or high severity issues, and the attack surface is limited and seemingly protected, the taint analysis did not yield any flows. This could be due to the limited complexity of the plugin or simply that no exploitable taint flows were identified by the tools used. The absence of shortcodes, cron events, and REST API routes contributes to a minimal attack surface. Overall, this plugin appears to be developed with security best practices in mind, demonstrating a robust and secure implementation.

Vulnerabilities

None known

Native Sitemap Customizer Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Native Sitemap Customizer Code Analysis

Dangerous Functions

Raw SQL Queries

22 prepared

Unescaped Output

83 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared22 total queries

Output Escaping

99% escaped84 total outputs

Attack Surface

Native Sitemap Customizer Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_ayudawp_nsm_dismiss_noticeincludes\notices.php:36

WordPress Hooks 17

actionadmin_noticesincludes\notices.php:35

actionadmin_enqueue_scriptsincludes\notices.php:37

actionadmin_menuincludes\settings-page.php:32

actionadmin_initincludes\settings-page.php:33

actionadmin_enqueue_scriptsincludes\settings-page.php:34

actionadmin_post_ayudawp_nsm_reset_settingsincludes\settings-page.php:35

actionadmin_noticesincludes\settings-page.php:37

actionshutdownincludes\settings-register.php:113

filterwp_sitemaps_post_typesincludes\sitemap-filters.php:61

filterwp_sitemaps_taxonomiesincludes\sitemap-filters.php:64

filterwp_sitemaps_posts_query_argsincludes\sitemap-filters.php:67

filterwp_sitemaps_taxonomies_query_argsincludes\sitemap-filters.php:70

filterwp_sitemaps_add_providerincludes\sitemap-filters.php:73

filterwp_sitemaps_users_query_argsincludes\sitemap-filters.php:74

filterwp_sitemaps_max_urlsincludes\sitemap-filters.php:77

filterdo_parse_requestincludes\sitemap-redirects.php:39

actionplugins_loadednative-sitemap-customizer.php:51

Maintenance & Trust

Native Sitemap Customizer Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 7, 2026

PHP min version7.4

Downloads710

Community Trust

Rating100/100

Number of ratings3

Active installs60

Alternatives

Native Sitemap Customizer Alternatives

All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic

all-in-one-seo-pack

AIOSEO is the most powerful WordPress SEO plugin. Improve SEO rankings and traffic with comprehensive SEO tools and smart AI SEO optimizations!

3.0M 26 CVEs

SureRank SEO – Smart Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema

surerank

SureRank – SEO Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema

300K 1 CVE

SEOPress – On-site SEO & Analytics

wp-seopress

SEOPress, a simple, fast and powerful all in one SEO plugin for WordPress. Rank higher in search engines, fully white label. Now with AI.

300K 14 CVEs

The SEO Framework – Fast, Automated, Effortless.

autodescription

100

The fastest feature-complete SEO plugin for professional WordPress websites. Secure, fast, unbranded, and automated SEO. Do less; get better results.

200K No CVEs

SEO Plugin by Squirrly SEO

squirrly-seo

Rank without begging Google. AI-powered SEO that actually helps you win. Trusted by rebels, creators, and pros in 150+ countries.

40K 14 CVEs

Developer Profile

Native Sitemap Customizer Developer Profile

Fernando Tellado

21 plugins · 24K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Native Sitemap Customizer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/native-sitemap-customizer/assets/css/admin-notices.css/wp-content/plugins/native-sitemap-customizer/assets/js/admin-notices.js

Script Paths

/wp-content/plugins/native-sitemap-customizer/assets/js/admin-notices.js

Version Parameters

native-sitemap-customizer/assets/css/admin-notices.css?ver=native-sitemap-customizer/assets/js/admin-notices.js?ver=

HTML / DOM Fingerprints

CSS Classes

ayudawp-nsm-noticeayudawp-nsm-dismiss-notice

HTML Comments

Data Attributes

data-notice-typedata-nonce

JS Globals

AyudaWP_NSM_AdminNotices

FAQ