Does Simple Sitemap – Create a Responsive HTML Sitemap have any unpatched vulnerabilities?

No. All known vulnerabilities in Simple Sitemap – Create a Responsive HTML Sitemap have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Simple Sitemap – Create a Responsive HTML Sitemap compatible with WordPress 6.8.5?

According to WordPress.org data, Simple Sitemap – Create a Responsive HTML Sitemap 3.6.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

What is Simple Sitemap – Create a Responsive HTML Sitemap's security score?

Simple Sitemap – Create a Responsive HTML Sitemap has a WP-Safety security score of 97/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Simple Sitemap – Create a Responsive HTML Sitemap Security & Risk Analysis

wordpress.org/plugins/simple-sitemap

Create a HTML sitemap and preview directly inside the editor! No more complicated shortcodes. Boost the SEO performance of your WordPress site.

70K active installs v3.6.1 PHP + WP 6.0+ Updated May 20, 2025

htmlhtml-sitemapresponsive-sitemapseo-sitemapsitemap

A · Safe

CVEs total3

Unpatched0

Last CVEApr 17, 2025

Plugin page Download

Safety Verdict

Is Simple Sitemap – Create a Responsive HTML Sitemap Safe to Use in 2026?

Generally Safe

Score 97/100

Simple Sitemap – Create a Responsive HTML Sitemap has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Apr 17, 2025Updated 10mo ago

Risk Assessment

The static analysis of simple-sitemap v3.6.1 reveals a generally good security posture with no identified attack surface points, dangerous functions, or critical/high severity taint flows. The plugin demonstrates strong practices in SQL query handling, with 100% prepared statements, and includes a good number of capability checks. However, the output escaping is only 65% properly escaped, indicating a potential risk for cross-site scripting (XSS) vulnerabilities, even if none were flagged by the static analysis.

The vulnerability history is a significant concern. The plugin has a history of 3 medium severity CVEs, including missing authorization, CSRF, and XSS. While there are no currently unpatched vulnerabilities, the pattern of past issues suggests a recurring tendency for these types of weaknesses. The last vulnerability being in 2025 is also peculiar and might indicate an error in the data provided or a prediction.

Overall, simple-sitemap v3.6.1 shows strengths in its lack of direct attack vectors and secure database interactions. Nonetheless, the moderate output escaping and the documented history of medium-severity vulnerabilities necessitate caution. Continued vigilance and regular updates are crucial to mitigate the risks associated with its past security record.

Key Concerns

Medium severity vulnerabilities in history
Insufficient output escaping
Bundled outdated library (Freemius v1.0)

Vulnerabilities

Simple Sitemap – Create a Responsive HTML Sitemap Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

1 CVE in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2025-39413medium · 4.3Missing Authorization

Simple Sitemap – Create a Responsive HTML Sitemap <= 3.6.0 - Missing Authorization

Apr 17, 2025 Patched in 3.6.1 (35d)

CVE-2023-6492medium · 4.3Cross-Site Request Forgery (CSRF)

Simple Sitemap <= 3.5.13 - Cross-Site Request Forgery via admin_notices

Jun 13, 2024 Patched in 3.5.14 (47d)

CVE-2022-4472medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Simple Sitemap <= 3.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Jan 3, 2023 Patched in 3.5.8 (385d)

Code Analysis

Analyzed Mar 16, 2026

Simple Sitemap – Create a Responsive HTML Sitemap Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

22 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0

Output Escaping

65% escaped34 total outputs

Attack Surface

Simple Sitemap – Create a Responsive HTML Sitemap Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 11

actionadd_meta_boxesapi\classes\compatibility.php:21

actionadmin_enqueue_scriptsapi\classes\enqueue-scripts.php:65

filterplugin_action_linksapi\classes\links.php:19

actionwp_before_admin_bar_renderapi\classes\modules\create-duplicate-post.php:24

actionadmin_action_add_duplicate_as_new_postapi\classes\modules\create-duplicate-post.php:25

filterpost_row_actionsapi\classes\modules\create-duplicate-post.php:26

actionplugins_loadedapi\classes\upgrade.php:20

filterplugin_row_metashared\links.php:26

filterplugin_action_linksshared\links.php:27

actioninitshared\localize.php:26

actionrest_api_initshared\rest-api-endpoints.php:29

Maintenance & Trust

Simple Sitemap – Create a Responsive HTML Sitemap Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMay 20, 2025

PHP min version

Downloads1.7M

Community Trust

Rating78/100

Number of ratings72

Active installs70K

Alternatives

Simple Sitemap – Create a Responsive HTML Sitemap Alternatives

Main Menu HTML Sitemap

main-menu-html-site-map

Your site need html sitemap for SEO enhance. This plugin will make it easy.

100 No CVEs

Easy Sitemap Page

easy-sitemap-page

Add responsive sitemap in page using simple shortcode. No any extra setup required. Easy to customize.

10 No CVEs

XML Sitemap Generator for Google

google-sitemap-generator

Generate multiple types of sitemaps to improve SEO and get your website indexed quickly.

1.0M 3 CVEs

WP Sitemap Page

wp-sitemap-page

100

Add a sitemap on any of your page using the simple shortcode [wp_sitemap_page]. Improve the SEO and navigation of your website.

300K 1 CVE

HTML Page Sitemap

html-sitemap

100

Adds an HTML (Not XML) sitemap of your pages (not posts) by entering the shortcode [html_sitemap], perfect for those who use WordPress as a CMS.

10K No CVEs

Developer Profile

Simple Sitemap – Create a Responsive HTML Sitemap Developer Profile

David Gwyer

11 plugins · 109K total installs

trust score

Avg Security Score

86/100

Avg Patch Time

156 days

View full developer profile

Detection Fingerprints

How We Detect Simple Sitemap – Create a Responsive HTML Sitemap

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/simple-sitemap/api/assets/css/admin-settings-fw.css/wp-content/plugins/simple-sitemap/api/assets/js/admin-settings-fw.js

Script Paths

/wp-content/plugins/simple-sitemap/api/assets/js/admin-settings-fw.js

Version Parameters

simple-sitemap/api/assets/css/admin-settings-fw.css?ver=simple-sitemap/api/assets/js/admin-settings-fw.js?ver=

HTML / DOM Fingerprints

FAQ