Does Visual Sitemap have any unpatched vulnerabilities?

No. All known vulnerabilities in Visual Sitemap have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Visual Sitemap compatible with WordPress 4.9.29?

According to WordPress.org data, Visual Sitemap 0.9 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is Visual Sitemap updated?

Visual Sitemap was last updated on Dec 26, 2017. Frequent updates are generally a positive security signal.

What is Visual Sitemap's security score?

Visual Sitemap has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Visual Sitemap Security & Risk Analysis

wordpress.org/plugins/visual-sitemap

Display an interactive visual sitemap of pages, tags, and categories in admin.

400 active installs v0.9 PHP + WP 3.0+ Updated Dec 26, 2017

adminnavigationoverviewsitemaptree

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Visual Sitemap Safe to Use in 2026?

Generally Safe

Score 85/100

Visual Sitemap has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The plugin 'visual-sitemap' v0.9 exhibits a generally strong security posture based on the provided static analysis. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the plugin's attack surface. The code analysis also reveals no dangerous functions, file operations, or external HTTP requests, and all SQL queries are properly prepared. This suggests careful development practices in these areas.

However, a notable concern is the 39% of output that is not properly escaped. This could potentially lead to Cross-Site Scripting (XSS) vulnerabilities if user-controlled data is displayed without adequate sanitization. While the taint analysis shows no unsanitized paths, the presence of unescaped output is a direct indicator of potential XSS risk. The lack of any recorded vulnerabilities in its history is a positive sign, indicating a history of secure development or that it has not been a target. Despite the lack of critical or high-severity issues flagged by the static analysis, the unescaped output represents a tangible risk that requires attention.

Key Concerns

Unescaped output detected

Vulnerabilities

None known

Visual Sitemap Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Visual Sitemap Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

28 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

61% escaped46 total outputs

Attack Surface

Visual Sitemap Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

actioninitvisual-sitemap.php:35

actionadmin_menuvisual-sitemap.php:36

actionadmin_enqueue_scriptsvisual-sitemap.php:37

Maintenance & Trust

Visual Sitemap Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedDec 26, 2017

PHP min version

Downloads14K

Community Trust

Rating98/100

Number of ratings30

Active installs400

Alternatives

Visual Sitemap Alternatives

EasyTree

easytree

Complete dropdown tree navigation that contain pages, categories with posts, tags, authors and own menu.

30 No CVEs

Nested Pages

wp-nested-pages

Nested Pages provides a drag and drop interface for managing pages & posts in the WordPress admin, while maintaining quick edit functionality.

90K 10 CVEs

Admin Menu Tree Page View

admin-menu-tree-page-view

100

Get a tree view of all your pages directly in the admin menu. Search, add, edit, view, re-order – all is just one click away!

10K No CVEs

WP Realtime Sitemap

wp-realtime-sitemap

A sitemap plugin to make it easier for your site to show all your pages, posts, archives, categories and tags in an easy to read format.

10K No CVEs

Auto Subpage Menu

auto-subpage-menu

By default wordpress menu system, wordpress can only automatically add/remove top-level page to/from menus

900 No CVEs

Developer Profile

Visual Sitemap Developer Profile

ThemeBoy

12 plugins · 21K total installs

trust score

Avg Security Score

84/100

Avg Patch Time

360 days

View full developer profile

Detection Fingerprints

How We Detect Visual Sitemap

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/visual-sitemap/css/visual-sitemap.css/wp-content/plugins/visual-sitemap/js/visual-sitemap.js

Version Parameters

visual-sitemap/css/visual-sitemap.css?ver=visual-sitemap/js/visual-sitemap.js?ver=

HTML / DOM Fingerprints

CSS Classes

visual-sitemap-wrapvisual-sitemapvs-utilityvs-primaryvs-home

FAQ