WP-Safety

Sitemap Configurator Security & Risk Analysis

wordpress.org/plugins/sitemap-configurator

A tiny plugin to configure the WordPress core sitemap.

200 active installs v0.9 PHP 5.6+ WP 5.5+ Updated Apr 15, 2021
core-sitemapsitemap
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Sitemap Configurator Safe to Use in 2026?

Generally Safe

Score 85/100

Sitemap Configurator has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The sitemap-configurator plugin v0.9 exhibits a generally positive security posture based on the provided static analysis and vulnerability history. The plugin has no recorded vulnerabilities (CVEs) and no apparent taint flows, suggesting a history of secure coding or that vulnerabilities have been promptly addressed. The plugin also demonstrates good practices by not using dangerous functions, file operations, or external HTTP requests, and its SQL queries are all prepared. The limited attack surface, consisting of only one AJAX handler, is a positive sign.

However, there are significant concerns regarding output escaping. The static analysis shows that 100% of outputs are not properly escaped. This is a critical weakness that could lead to Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the website through the plugin's output. While the plugin has a capability check, the lack of nonce checks on its sole AJAX handler presents a potential risk for Cross-Site Request Forgery (CSRF) attacks, especially if this handler performs sensitive actions. The bundled Select2 library, while not explicitly stated as outdated, could also represent a risk if it's not kept up-to-date with security patches.

In conclusion, while the plugin has a clean vulnerability history and avoids several common pitfalls, the complete lack of output escaping is a major concern that drastically elevates its risk profile. The potential for CSRF on the AJAX handler also warrants attention. Addressing these specific issues would significantly improve the plugin's security.

Key Concerns

  • No output escaping on any output
  • No nonce checks on AJAX handler
  • Bundled library (Select2) - potential risk
Vulnerabilities
None known

Sitemap Configurator Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Sitemap Configurator Release Timeline

No version history available.
Code Analysis
Analyzed Mar 16, 2026

Sitemap Configurator Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
0 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select2

Output Escaping

0% escaped1 total outputs
Attack Surface

Sitemap Configurator Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_osc_update_optionsclasses\class-osc-admin.php:10
WordPress Hooks 6
actionadmin_menuclasses\class-osc-admin.php:8
actionadmin_enqueue_scriptsclasses\class-osc-admin.php:9
filteradmin_body_classclasses\class-osc-admin.php:13
filterwp_sitemaps_post_typesclasses\class-osc-configurator.php:7
filterwp_sitemaps_taxonomiesclasses\class-osc-configurator.php:8
filterwp_sitemaps_add_providerclasses\class-osc-configurator.php:9
Maintenance & Trust

Sitemap Configurator Maintenance & Trust

Maintenance Signals

WordPress version tested5.7.15
Last updatedApr 15, 2021
PHP min version5.6
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs200
Alternatives

Sitemap Configurator Alternatives

Disable Sitemap

Disable Sitemap

disable-sitemap

A
85

Disable wordpress 5.5 default sitemap completely.

10 No CVEs
Yoast SEO – Advanced SEO with real-time guidance and built-in AI

Yoast SEO – Advanced SEO with real-time guidance and built-in AI

wordpress-seo

A
89

Improve your SEO with real-time feedback, schema, and clear guidance. Upgrade for AI tools, Google Docs integration, and 24/7 support, no hidden fees.

10.0M 18 CVEs
All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic

All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic

all-in-one-seo-pack

B
82

AIOSEO is the most powerful WordPress SEO plugin. Improve SEO rankings and traffic with comprehensive SEO tools and smart AI SEO optimizations!

3.0M 26 CVEs
XML Sitemap Generator for Google

XML Sitemap Generator for Google

google-sitemap-generator

A
97

Generate multiple types of sitemaps to improve SEO and get your website indexed quickly.

1.0M 3 CVEs
SiteSEO – SEO Simplified

SiteSEO – SEO Simplified

siteseo

A
95

SiteSEO is an easy, fast and powerful SEO plugin for WordPress. Unlock your Website's potential and Maximize your online visibility with our SiteSEO!

500K 4 CVEs
Developer Profile

Sitemap Configurator Developer Profile

Optimocha

3 plugins · 20K total installs

75
trust score
Avg Security Score
94/100
Avg Patch Time
881 days
View full developer profile
Detection Fingerprints

How We Detect Sitemap Configurator

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/sitemap-configurator/assets/shared-ui/css/shared-ui.min.css/wp-content/plugins/sitemap-configurator/assets/shared-ui/css/sui-wp-editor.min.css/wp-content/plugins/sitemap-configurator/assets/css/osc-admin.css/wp-content/plugins/sitemap-configurator/assets/shared-ui/js/shared-ui.js/wp-content/plugins/sitemap-configurator/assets/js/osc-admin.js
Script Paths
/wp-content/plugins/sitemap-configurator/assets/shared-ui/js/shared-ui.js/wp-content/plugins/sitemap-configurator/assets/js/osc-admin.js
Version Parameters
sitemap-configurator/assets/css/osc-admin.css?ver=0.9.0sitemap-configurator/assets/js/osc-admin.js?ver=0.9.0

HTML / DOM Fingerprints

CSS Classes
sui-2-10-6
FAQ

Frequently Asked Questions about Sitemap Configurator