CVE-2025-48304

Summary

Cross-Site Request Forgery (CSRF) vulnerability in Gary Illyes Google XML News Sitemap plugin gn-xml-sitemap allows Stored XSS.This issue affects Google XML News Sitemap plugin: from n/a through <= 0.02.

Affected Software

VendorProductVersion RangeStatus
Gary IllyesGoogle XML News Sitemap plugin0 <= 0.02affected

Weaknesses

  • CWE-352: Cross-Site Request Forgery (CSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References