WP-Safety

XML Sitemap for Google Security & Risk Analysis

wordpress.org/plugins/xml-sitemap-for-google

Generate XML sitemap to enhance SEO and expedite website indexing.

100 active installs v1.1.7 PHP 7.4+ WP 6.3+ Updated Sep 8, 2025
google-search-consolegoogle-sitemapsseositemapxml-sitemap
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is XML Sitemap for Google Safe to Use in 2026?

Generally Safe

Score 100/100

XML Sitemap for Google has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8mo ago
Risk Assessment

The "xml-sitemap-for-google" plugin v1.1.7 demonstrates several positive security practices, including the absence of dangerous functions, 100% use of prepared statements for SQL queries, and a very high percentage of properly escaped output. The lack of any recorded historical vulnerabilities or CVEs is also a strong indicator of good security maintenance. However, a significant concern arises from the static analysis, which reveals four AJAX handlers that lack authentication checks, representing a substantial attack surface without proper authorization. While there are nonce checks present for these handlers, their absence of capability checks means any logged-in user, regardless of their role, could potentially trigger these actions.

The taint analysis shows no critical or high-severity vulnerabilities, which is encouraging. The plugin also avoids file operations and external HTTP requests, reducing common attack vectors. Despite the positive aspects, the unprotected AJAX endpoints are a notable weakness. The vulnerability history being clean is a positive trend, suggesting the developers are generally attentive to security, but it does not negate the immediate risks identified in the current code analysis. Overall, while the plugin has a good foundation, the unprotected AJAX endpoints require immediate attention to mitigate potential unauthorized actions.

Key Concerns

  • AJAX handlers without auth checks
  • AJAX handlers without capability checks
Vulnerabilities
None known

XML Sitemap for Google Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

XML Sitemap for Google Release Timeline

v1.1.7Current
v1.1.6
v1.1.5
v1.1.4
v1.1.3
v1.1.2
v1.1.1
v1.1.0
v1.0.9
v1.0.8
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.0.0
Code Analysis
Analyzed Mar 16, 2026

XML Sitemap for Google Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
11
163 escaped
Nonce Checks
4
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

94% escaped174 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

1 flows
<sitemap-admin-settings> (admin\class\sitemap-admin-settings.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

XML Sitemap for Google Attack Surface

Entry Points5
Unprotected4

AJAX Handlers 4

authwp_ajax_xmlsbw_save_sitemap_settingsxml-sitemap-for-google.php:52
authwp_ajax_xmlsbw_save_robots_txt_settingsxml-sitemap-for-google.php:53
authwp_ajax_xmlsbw_search_postsxml-sitemap-for-google.php:54
authwp_ajax_xmlsbw_search_termsxml-sitemap-for-google.php:55

Shortcodes 1

[show_html_sitemap] xml-sitemap-for-google.php:56
WordPress Hooks 16
actionadmin_noticesadmin\class\conflicting-plugins.php:30
actionparse_requestadmin\class\helper-functions.php:8
filterquery_varsadmin\class\register-sitemap-endpoint.php:126
filterthe_contentadmin\class\sitemap\html-sitemap-generation.php:411
filterw3tc_can_cacheadmin\class\sitemap\xml-sitemap-generation.php:354
filteradmin_footer_textadmin\class\sitemap-admin-settings.php:1010
filteradmin_footer_textadmin\class\tools-admin-settings.php:153
actionadmin_menuxml-sitemap-for-google.php:48
actionadmin_enqueue_scriptsxml-sitemap-for-google.php:49
actionadmin_initxml-sitemap-for-google.php:50
actioninitxml-sitemap-for-google.php:51
actiontemplate_redirectxml-sitemap-for-google.php:57
actionwp_loadedxml-sitemap-for-google.php:59
filterrobots_txtxml-sitemap-for-google.php:62
actioninitxml-sitemap-for-google.php:64
actionwidgets_initxml-sitemap-for-google.php:65
Maintenance & Trust

XML Sitemap for Google Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedSep 8, 2025
PHP min version7.4
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs100
Alternatives

XML Sitemap for Google Alternatives

All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic

All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic

all-in-one-seo-pack

B
82

AIOSEO is the most powerful WordPress SEO plugin. Improve SEO rankings and traffic with comprehensive SEO tools and smart AI SEO optimizations!

3.0M 26 CVEs
SureRank SEO – Smart Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema

SureRank SEO – Smart Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema

surerank

A
98

SureRank – SEO Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema

300K 1 CVE
SEOPress – On-site SEO & Analytics

SEOPress – On-site SEO & Analytics

wp-seopress

A
94

SEOPress, a simple, fast and powerful all in one SEO plugin for WordPress. Rank higher in search engines, fully white label. Now with AI.

300K 14 CVEs
SEO Plugin by Squirrly SEO

SEO Plugin by Squirrly SEO

squirrly-seo

A
88

Rank without begging Google. AI-powered SEO that actually helps you win. Trusted by rebels, creators, and pros in 150+ countries.

40K 14 CVEs
Xagio SEO – AI Powered SEO

Xagio SEO – AI Powered SEO

xagio-seo

C
62

Xagio is the only WordPress SEO plugin built with AI to help you rank fast, rank higher, and optimize for SEO using advanced AI for insane SEO results &hellip;

10K 1 unpatched
Developer Profile

XML Sitemap for Google Developer Profile

WeblineIndia

14 plugins · 5K total installs

82
trust score
Avg Security Score
91/100
Avg Patch Time
54 days
View full developer profile
Detection Fingerprints

How We Detect XML Sitemap for Google

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/xml-sitemap-for-google/admin/assets/css/xml-sitemap-for-google.css/wp-content/plugins/xml-sitemap-for-google/admin/assets/js/xml-sitemap-for-google.js/wp-content/plugins/xml-sitemap-for-google/admin/assets/css/jquery-ui.css/wp-content/plugins/xml-sitemap-for-google/admin/assets/js/jquery-ui-timepicker-addon.min.js/wp-content/plugins/xml-sitemap-for-google/admin/assets/css/jquery-ui-timepicker-addon.min.css/wp-content/plugins/xml-sitemap-for-google/admin/assets/js/autocomplete.js/wp-content/plugins/xml-sitemap-for-google/admin/assets/css/jquery-ui-autocomplete.css/wp-content/plugins/xml-sitemap-for-google/admin/assets/js/html-sitemap-block.js
Script Paths
admin/assets/js/xml-sitemap-for-google.jsadmin/assets/js/jquery-ui-timepicker-addon.min.jsadmin/assets/js/autocomplete.jsadmin/assets/js/html-sitemap-block.js
Version Parameters
xml-sitemap-for-google.js?ver=xml-sitemap-for-google.css?ver=jquery-ui.css?ver=jquery-ui-timepicker-addon.min.js?ver=jquery-ui-timepicker-addon.min.css?ver=autocomplete.js?ver=jquery-ui-autocomplete.css?ver=html-sitemap-block.js?ver=

HTML / DOM Fingerprints

JS Globals
xmlsbwVars
FAQ

Frequently Asked Questions about XML Sitemap for Google