Does XML Sitemap for Google have any unpatched vulnerabilities?

No. All known vulnerabilities in XML Sitemap for Google have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is XML Sitemap for Google compatible with WordPress 6.8.5?

According to WordPress.org data, XML Sitemap for Google 1.1.7 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is XML Sitemap for Google compatible with PHP 7.4+?

XML Sitemap for Google requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is XML Sitemap for Google updated?

XML Sitemap for Google was last updated on Sep 8, 2025. Frequent updates are generally a positive security signal.

What is XML Sitemap for Google's security score?

XML Sitemap for Google has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

XML Sitemap for Google Security & Risk Analysis

wordpress.org/plugins/xml-sitemap-for-google

Generate XML sitemap to enhance SEO and expedite website indexing.

90 active installs v1.1.7 PHP 7.4+ WP 6.3+ Updated Sep 8, 2025

google-search-consolegoogle-sitemapsseositemapxml-sitemap

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is XML Sitemap for Google Safe to Use in 2026?

Generally Safe

Score 100/100

XML Sitemap for Google has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6mo ago

Risk Assessment

The "xml-sitemap-for-google" plugin v1.1.7 demonstrates several positive security practices, including the absence of dangerous functions, 100% use of prepared statements for SQL queries, and a very high percentage of properly escaped output. The lack of any recorded historical vulnerabilities or CVEs is also a strong indicator of good security maintenance. However, a significant concern arises from the static analysis, which reveals four AJAX handlers that lack authentication checks, representing a substantial attack surface without proper authorization. While there are nonce checks present for these handlers, their absence of capability checks means any logged-in user, regardless of their role, could potentially trigger these actions.

The taint analysis shows no critical or high-severity vulnerabilities, which is encouraging. The plugin also avoids file operations and external HTTP requests, reducing common attack vectors. Despite the positive aspects, the unprotected AJAX endpoints are a notable weakness. The vulnerability history being clean is a positive trend, suggesting the developers are generally attentive to security, but it does not negate the immediate risks identified in the current code analysis. Overall, while the plugin has a good foundation, the unprotected AJAX endpoints require immediate attention to mitigate potential unauthorized actions.

Key Concerns

AJAX handlers without auth checks
AJAX handlers without capability checks

Vulnerabilities

None known

XML Sitemap for Google Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

XML Sitemap for Google Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

163 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

94% escaped174 total outputs

Data Flows

All sanitized

Data Flow Analysis

1 flows

<sitemap-admin-settings> (admin\class\sitemap-admin-settings.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

XML Sitemap for Google Attack Surface

Entry Points5

Unprotected4

AJAX Handlers 4

authwp_ajax_xmlsbw_save_sitemap_settingsxml-sitemap-for-google.php:52

authwp_ajax_xmlsbw_save_robots_txt_settingsxml-sitemap-for-google.php:53

authwp_ajax_xmlsbw_search_postsxml-sitemap-for-google.php:54

authwp_ajax_xmlsbw_search_termsxml-sitemap-for-google.php:55

Shortcodes 1

[show_html_sitemap] xml-sitemap-for-google.php:56

WordPress Hooks 16

actionadmin_noticesadmin\class\conflicting-plugins.php:30

actionparse_requestadmin\class\helper-functions.php:8

filterquery_varsadmin\class\register-sitemap-endpoint.php:126

filterthe_contentadmin\class\sitemap\html-sitemap-generation.php:411

filterw3tc_can_cacheadmin\class\sitemap\xml-sitemap-generation.php:354

filteradmin_footer_textadmin\class\sitemap-admin-settings.php:1010

filteradmin_footer_textadmin\class\tools-admin-settings.php:153

actionadmin_menuxml-sitemap-for-google.php:48

actionadmin_enqueue_scriptsxml-sitemap-for-google.php:49

actionadmin_initxml-sitemap-for-google.php:50

actioninitxml-sitemap-for-google.php:51

actiontemplate_redirectxml-sitemap-for-google.php:57

actionwp_loadedxml-sitemap-for-google.php:59

filterrobots_txtxml-sitemap-for-google.php:62

actioninitxml-sitemap-for-google.php:64

actionwidgets_initxml-sitemap-for-google.php:65

Maintenance & Trust

XML Sitemap for Google Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedSep 8, 2025

PHP min version7.4

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs90

Alternatives

XML Sitemap for Google Alternatives

All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic

all-in-one-seo-pack

AIOSEO is the most powerful WordPress SEO plugin. Improve SEO rankings and traffic with comprehensive SEO tools and smart AI SEO optimizations!

3.0M 26 CVEs

SureRank SEO – Smart Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema

surerank

SureRank – SEO Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema

300K 1 CVE

SEOPress – On-site SEO & Analytics

wp-seopress

SEOPress, a simple, fast and powerful all in one SEO plugin for WordPress. Rank higher in search engines, fully white label. Now with AI.

300K 14 CVEs

SEO Plugin by Squirrly SEO

squirrly-seo

Rank without begging Google. AI-powered SEO that actually helps you win. Trusted by rebels, creators, and pros in 150+ countries.

40K 14 CVEs

Xagio SEO – AI Powered SEO

xagio-seo

Xagio is the only WordPress SEO plugin built with AI to help you rank fast, rank higher, and optimize for SEO using advanced AI for insane SEO results …

10K 1 unpatched

Developer Profile

XML Sitemap for Google Developer Profile

WeblineIndia

13 plugins · 5K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

54 days

View full developer profile

Detection Fingerprints

How We Detect XML Sitemap for Google

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/xml-sitemap-for-google/admin/assets/css/xml-sitemap-for-google.css/wp-content/plugins/xml-sitemap-for-google/admin/assets/js/xml-sitemap-for-google.js/wp-content/plugins/xml-sitemap-for-google/admin/assets/css/jquery-ui.css/wp-content/plugins/xml-sitemap-for-google/admin/assets/js/jquery-ui-timepicker-addon.min.js/wp-content/plugins/xml-sitemap-for-google/admin/assets/css/jquery-ui-timepicker-addon.min.css/wp-content/plugins/xml-sitemap-for-google/admin/assets/js/autocomplete.js/wp-content/plugins/xml-sitemap-for-google/admin/assets/css/jquery-ui-autocomplete.css/wp-content/plugins/xml-sitemap-for-google/admin/assets/js/html-sitemap-block.js

Script Paths

admin/assets/js/xml-sitemap-for-google.jsadmin/assets/js/jquery-ui-timepicker-addon.min.jsadmin/assets/js/autocomplete.jsadmin/assets/js/html-sitemap-block.js

Version Parameters

xml-sitemap-for-google.js?ver=xml-sitemap-for-google.css?ver=jquery-ui.css?ver=jquery-ui-timepicker-addon.min.js?ver=jquery-ui-timepicker-addon.min.css?ver=autocomplete.js?ver=jquery-ui-autocomplete.css?ver=html-sitemap-block.js?ver=

HTML / DOM Fingerprints

JS Globals

xmlsbwVars

FAQ