Lucene search

K

WP Go Maps (formerly WP Google Maps) Security Vulnerabilities

cve
cve

CVE-2024-5994

The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom JS option in versions up to, and including, 9.0.38. This makes it possible for authenticated attackers that have been explicitly granted permissions by an administrator, with...

6.4CVSS

6AI Score

0.001EPSS

2024-06-14 07:15 AM
13
cve
cve

CVE-2024-3557

The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpgmza shortcode in all versions up to, and including, 9.0.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-05-24 05:15 AM
28
cve
cve

CVE-2023-6777

The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 9.0.34 due to the plugin adding the API key to several plugin files. This makes it possible for unauthenticated attackers to obtain the developer's...

5.3CVSS

9.1AI Score

0.0004EPSS

2024-04-09 07:15 PM
41
cve
cve

CVE-2024-29931

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Go Maps (formerly WP Google Maps) WP Google Maps allows Reflected XSS.This issue affects WP Google Maps: from n/a through...

7.1CVSS

9.3AI Score

0.0004EPSS

2024-03-27 10:15 AM
31
cve
cve

CVE-2024-1582

The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpgmza' shortcode in all versions up to, and including, 9.0.32 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible....

6.4CVSS

6AI Score

0.0004EPSS

2024-03-13 02:15 AM
14
cve
cve

CVE-2023-4839

The WP Go Maps for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 9.0.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to...

4.4CVSS

5AI Score

0.0004EPSS

2024-03-13 02:15 AM
17
cve
cve

CVE-2023-6697

The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the map id parameter in all versions up to, and including, 9.0.28 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS

6.3AI Score

0.001EPSS

2024-01-24 02:15 PM
11
cve
cve

CVE-2023-6627

The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.28 does not properly protect most of its REST API routes, which attackers can abuse to store malicious HTML/Javascript on the...

6.1CVSS

6.4AI Score

0.0005EPSS

2024-01-08 07:15 PM
26
cve
cve

CVE-2022-47595

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Go Maps (formerly WP Google Maps) plugin <= 9.0.15...

6.5CVSS

6.3AI Score

0.001EPSS

2023-03-14 07:15 AM
24