CVE-2025-39413
WordPress Simple Sitemap – Create a Responsive HTML Sitemap plugin <= 3.5.14 - Broken Access Control vulnerabilityMissing Authorization vulnerability in David Gwyer Simple Sitemap – Create a Responsive HTML Sitemap.This issue affects Simple Sitemap – Create a Responsive HTML Sitemap: from n/a through 3.5.14.
We have discovered 728 live websites that are affected by CVE-2025-39413.
Affected Software
| Product |  Simple Sitemap |
| Category | Wordpress Plugins |
| Vulnerable Domains | 728 live websites (100% of Simple Sitemap install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 0 versions ( less than 0.1% of all versions) |
Common Weakness Enumeration
CWE-862 Missing AuthorizationDetails
- Published - Apr 30, 2025
- Updated - Apr 30, 2025
Credits
- Ananda Dhakal (Patchstack) (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-39413 United States | 249 websites |
 Poland | 89 websites |
 Russia | 59 websites |
 France | 53 websites |
 GB | 45 websites |
 Germany | 37 websites |
 Australia | 17 websites |
 Netherlands | 17 websites |
 Israel | 15 websites |
 Japan | 15 websites |
Website Distribution by TLD
Number of websites using CVE-2025-39413| .com | 286 websites |
| .pl | 68 websites |
| .ru | 52 websites |
| .co.uk | 31 websites |
| .org | 29 websites |
| .fr | 26 websites |
| .de | 20 websites |
| .net | 16 websites |
| .nl | 14 websites |
| .com.au | 14 websites |
Websites affected by CVE-2025-39413
Top websites that are affected by CVE-2025-39413. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| **************.be | Netherlands | **,*** | |
| **********************.com | United States | **,*** | |
| ************.com | France | **,*** | |
| *******************.org | United States | ***,*** | |
| *********.com | United States | ***,*** | |
| ***************.**.uk | GB | ***,*** | |
| ***.*********.fr | France | ***,*** | |
| ***********.ca |  Canada | ***,*** | |
| ********.com | United States | ***,*** | |
| *************.dk |  Denmark | ***,*** |
FAQ
CVE-2025-39413 is Missing Authorization in Simple Sitemap
A total of 728 websites have been identified as vulnerable to CVE-2025-39413, based on global website indexing conducted by WebTechSurvey.
The Simple Sitemap is affected by the CVE-2025-39413 vulnerability.
Simple Sitemap versions up to and including 3.5.14 are vulnerable to CVE-2025-39413.