Does WP Sitemap have any unpatched vulnerabilities?

Yes — WP Sitemap currently has 1 published unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is WP Sitemap compatible with WordPress 4.1.42?

According to WordPress.org data, WP Sitemap 1.0.0 has been tested up to WordPress 4.1.42. Check the plugin's changelog for the latest compatibility information.

How often is WP Sitemap updated?

WP Sitemap was last updated on Jan 21, 2015. Frequent updates are generally a positive security signal.

What is WP Sitemap's security score?

WP Sitemap has a WP-Safety security score of 64/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Sitemap Security & Risk Analysis

wordpress.org/plugins/wpsitemap

Simple use shortcode [sitemap type="post"] or [sitemap type="page"]

100 active installs v1.0.0 PHP + WP 3.0.1+ Updated Jan 21, 2015

pagepage-listpostsite-mapsitemap

C · Use Caution

CVEs total1

Unpatched1

Last CVEApr 1, 2025

Plugin page Download

Safety Verdict

Is WP Sitemap Safe to Use in 2026?

Use With Caution

Score 64/100

WP Sitemap has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Apr 1, 2025Updated 11yr ago

Risk Assessment

The WPSitemap plugin v1.0.0 exhibits a mixed security posture. On the positive side, the static analysis reveals excellent coding practices regarding SQL queries and output escaping, with 100% of queries using prepared statements and all outputs being properly escaped. There are no identified dangerous functions or file operations. However, a significant concern arises from the absence of nonce checks and capability checks. While the attack surface is currently small (one shortcode), the lack of these critical security measures leaves it vulnerable to various attacks if not properly handled within the shortcode's implementation. Furthermore, the plugin has a known vulnerability history, with one unpatched medium severity CVE related to Cross-Site Scripting (XSS). This indicates a recurring weakness that needs immediate attention.

Key Concerns

Unpatched CVE (Medium Severity)
Missing Nonce Checks
Missing Capability Checks

Vulnerabilities

1 published

WP Sitemap Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-31733medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Sitemap <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 1, 2025Unpatched

Version History

WP Sitemap Release Timeline

No version history available.

Code Analysis

Analyzed Apr 16, 2026

WP Sitemap Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Attack Surface

WP Sitemap Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[sitemap] wpsitemap.php:84

WordPress Hooks 3

actionwp_headwpsitemap.php:36

filterwidget_textwpsitemap.php:39

filterwidget_textwpsitemap.php:40

Maintenance & Trust

WP Sitemap Maintenance & Trust

Maintenance Signals

WordPress version tested4.1.42

Last updatedJan 21, 2015

PHP min version

Downloads3K

Community Trust

Rating100/100

Number of ratings1

Active installs100

Alternatives

WP Sitemap Alternatives

WP Sitemap Page

wp-sitemap-page

Add a sitemap on any of your page using the simple shortcode [wp_sitemap_page]. Improve the SEO and navigation of your website.

300K 1 CVE

WP Sitemap Pages and Posts

wp-sitemap-pages-and-posts

An easy way to add a sitemap on one of your pages becomes reality thanks to this WordPress plugin. Just use the shortcode [wpspap_sitemap] on any of y …

1K No CVEs

VK All in One Expansion Unit

vk-all-in-one-expansion-unit

This plug-in is an integrated plug-in with a variety of features that make it powerful your web site.

100K 11 CVEs

Page-list

page-list

[pagelist], [subpages], [siblings] and [pagelist_ext] shortcodes

40K 3 CVEs

Sitemap by BestWebSoft – WordPress XML Site Map Page Generator Plugin

google-sitemap-plugin

100

Generate and add XML sitemap to WordPress website. Help search engines index your blog.

20K 1 CVE

Developer Profile

WP Sitemap Developer Profile

Boot Div

5 plugins · 630 total installs

trust score

Avg Security Score

84/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Sitemap

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wpsitemap/css/wp-sitemap.css

HTML / DOM Fingerprints

CSS Classes

wp_sitemapwp_sitemap_itemwpsstyle-1wpsstyle-2wpsstyle-3

Shortcode Output

<div id="wp_sitemap"><ul id="wp_sitemap_item" class="wpsstyle-"><li><a href="

FAQ