Missing Authorization Vulnerability in Simple Sitemap Plugin by David Gwyer
CVE-2025-39413

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Simple Sitemap – Create A Responsive Html Sitemap
Vendor: CVE Published:; 30 April 2025

What is CVE-2025-39413?

The Simple Sitemap – Create a Responsive HTML Sitemap plugin by David Gwyer is affected by a missing authorization vulnerability. This vulnerability allows unauthorized users to potentially access restricted areas or features of the plugin, which can lead to data exposure or other security risks. Versions from n/a through 3.5.14 are vulnerable, emphasizing the need for users to assess their installations and apply necessary updates. For more detailed information, refer to the Patchstack reference.

Affected Version(s)

Simple Sitemap – Create a Responsive HTML Sitemap 0 <= 3.6.0

References

https://patchstack.com/database/Wordpress/Plugin/simple-s...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2025

CVE-2025-39413 Data

JSON

WordPress

What is CVE-2025-39413?

Affected Version(s)

References

CVSS V3.1

Timeline