Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

CVE-2025-31733: Boot Div WP Sitemap allows hackers to inject malicious code into websites

CVE-2025-31733

Summary

A security weakness in Boot Div WP Sitemap allows hackers to inject malicious code into websites, which can lead to unauthorized access and data theft. If left unpatched, this vulnerability can put your website and its users at risk. We recommend updating to the latest version of Boot Div WP Sitemap to fix this issue.

Original title

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Boot Div WP Sitemap allows Stored XSS. This issue affects WP Sitemap: from n/a through 1.0.0.

Original description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Boot Div WP Sitemap allows Stored XSS. This issue affects WP Sitemap: from n/a through 1.0.0.

nvd CVSS3.1 6.5

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://patchstack.com/database/wordpress/plugin/wpsitemap/vulnerability/wordpre...

Published: 1 Apr 2025 · Updated: 15 Jun 2026 · First seen: 7 Mar 2026