CVE-2025-48304

Publication date

2025-08-28 12:36:47

Family

Patchstack

State

PUBLISHED

Description

Cross-Site Request Forgery (CSRF) vulnerability in Gary Illyes Google XML News Sitemap plugin allows Stored XSS. This issue affects Google XML News Sitemap plugin: from n/a through 0.02.