What the vulnerability does
01Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Boot Div WP Sitemap wpsitemap allows Stored XSS.This issue affects WP Sitemap: from n/a through <= 1.0.0.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Boot Div WP Sitemap wpsitemap allows Stored XSS.This issue affects WP Sitemap: from n/a through <= 1.0.0.
Explanation of Vulnerability in Simple Terms
WP Sitemap versions 1.0.0 and earlier contain a cross-site scripting (XSS) vulnerability. An authenticated user with low privileges can inject malicious scripts that execute in other users' browsers, including site administrators. The vulnerability requires user interaction—typically clicking a crafted link. The impact extends beyond the plugin itself to affect the broader site.
What an attacker can do
Inject malicious scripts that run in other users' browsers, potentially stealing session tokens or admin credentials.
Potential impact on your site
Authenticated attackers can compromise admin accounts and modify site content or settings via stored or reflected XSS.
Conditions required to exploit
Attacker must have a low-privilege user account and trick a victim into clicking a malicious link.
Key dates
External resources