Title: Broken Access Control vulnerability Last modified: December 16, 2025 --- # Broken Access Control vulnerability * Resolved [Ken Gagne](https://wordpress.org/support/users/kgagne/) * (@kgagne) * [4 months ago](https://wordpress.org/support/topic/broken-access-control-vulnerability-17/) * Patchstack recently reported a low-priority/low-severity security vulnerability with WordPress Google XML Sitemaps plugin <= 4.1.21. Details here: * [https://patchstack.com/database/wordpress/plugin/google-sitemap-generator/vulnerability/wordpress-google-xml-sitemaps-plugin-4-1-21-broken-access-control-vulnerability](https://patchstack.com/database/wordpress/plugin/google-sitemap-generator/vulnerability/wordpress-google-xml-sitemaps-plugin-4-1-21-broken-access-control-vulnerability) * [https://www.cve.org/CVERecord?id=CVE-2025-64632](https://www.cve.org/CVERecord?id=CVE-2025-64632) * Though a minor issue, will a fix be made available? Viewing 5 replies - 1 through 5 (of 5 total) * [Tobias Sörensson](https://wordpress.org/support/users/weconnecttobias/) * (@weconnecttobias) * [3 months, 3 weeks ago](https://wordpress.org/support/topic/broken-access-control-vulnerability-17/#post-18764285) * i have posted [https://wordpress.org/support/topic/security-risk-34/#post-18764281](https://wordpress.org/support/topic/security-risk-34/#post-18764281) a patch for this issue hope it helps. on my server it works. * [seaghanmoriarty](https://wordpress.org/support/users/seaghanmoriarty/) * (@seaghanmoriarty) * [3 months, 3 weeks ago](https://wordpress.org/support/topic/broken-access-control-vulnerability-17/#post-18764691) * Thank you Tobias!! * Plugin Author [Frederick Townes](https://wordpress.org/support/users/fredericktownes/) * (@fredericktownes) * [3 months, 3 weeks ago](https://wordpress.org/support/topic/broken-access-control-vulnerability-17/#post-18766127) * Thank you [@weconnecttobias](https://wordpress.org/support/users/weconnecttobias/) and all who have alerted us! An updated version has been released to resolve the security issue, and an upgrade notice has been added as well. * [leedxw](https://wordpress.org/support/users/leedxw/) * (@leedxw) * [3 months, 2 weeks ago](https://wordpress.org/support/topic/broken-access-control-vulnerability-17/#post-18772658) * As of 2026-01-02 Patchstack claims 4.1.22 is still vulnerable. * “WordPress Google XML Sitemaps Plugin <= 4.1.22 is vulnerable to Broken Access Control” * [https://patchstack.com/database/wordpress/plugin/google-sitemap-generator/vulnerability/wordpress-google-xml-sitemaps-plugin-4-1-21-broken-access-control-vulnerability](https://patchstack.com/database/wordpress/plugin/google-sitemap-generator/vulnerability/wordpress-google-xml-sitemaps-plugin-4-1-21-broken-access-control-vulnerability) * Plugin Author [Frederick Townes](https://wordpress.org/support/users/fredericktownes/) * (@fredericktownes) * [3 months, 2 weeks ago](https://wordpress.org/support/topic/broken-access-control-vulnerability-17/#post-18773157) * They haven’t yet reviewed our submitted patch. Like any project, their review is not required for us to know that the vulnerability is addressed. Viewing 5 replies - 1 through 5 (of 5 total) You must be [logged in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fbroken-access-control-vulnerability-17%2F%3Foutput_format%3Dmd&locale=en_US) to reply to this topic. * ![](https://ps.w.org/google-sitemap-generator/assets/icon-256x256.png?rev=2713572) * [XML Sitemap Generator for Google](https://wordpress.org/plugins/google-sitemap-generator/) * [Frequently Asked Questions](https://wordpress.org/plugins/google-sitemap-generator/#faq) * [Support Threads](https://wordpress.org/support/plugin/google-sitemap-generator/) * [Active Topics](https://wordpress.org/support/plugin/google-sitemap-generator/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/google-sitemap-generator/unresolved/) * [Reviews](https://wordpress.org/support/plugin/google-sitemap-generator/reviews/) * 7 replies * 5 participants * Last reply from: [Frederick Townes](https://wordpress.org/support/users/fredericktownes/) * Last activity: [3 months, 2 weeks ago](https://wordpress.org/support/topic/broken-access-control-vulnerability-17/#post-18773157) * Status: resolved