My website has just recovered from an attack. I see that my XML sitemap still contains spam content:
http://xn--qucu-hr5aza.com/7pwclknq****hux0rx.so 2020-04-13 daily http://xn--qucu-hr5aza.com/a0***u 2020-04-13 daily http://xn--qucu-hr5aza.com/mp412******msm2ayay 2020-04-13 daily
However, my HTML sitemap is clean.
I am using the Google Sitemap Generator (XML) for WordPress, but there is no "refresh" or "reindex" button.
Is there a way to handle this? And why can the attacker modify my sitemap? Assuming they don't have my FTP password.