Generates errors during normal operation. No SQL escaping. Updating settings seems to require a nonce, but Update Sitemap and Delete Sitemap buttons are vulnerable to CSRF. Incompatible with some setups as it attempts to request HTML files via HTTP from the plugin directory.
Reason for the 'Potentially unsafe' result
The plugin contains or is likely to contain a vulnerability which could be exploited by an end user and which would compromise the site’s confidentiality, integrity or availability:
CSRF allowing creating and deleting sitemaps.