A vulnerability was found in Ashish Ajani WP Simple HTML Sitemap Plugin up to 3.8 on WordPress. It has been classified as problematic . This affects an unknown part. Performing a manipulation results in cross site scripting. This vulnerability was named CVE-2026-39654 . The attack may be initiated remotely. There is no available exploit.