93 matches found
CVE-2026-57380
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hupe13 Extensions for Leaflet Map extensions-leaflet-map allows DOM-Based XSS.This issue affects Extensions for Leaflet Map: from n/a through = 5.1...
CVE-2026-57380 WordPress Extensions for Leaflet Map plugin <= 5.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hupe13 Extensions for Leaflet Map extensions-leaflet-map allows DOM-Based XSS.This issue affects Extensions for Leaflet Map: from n/a through = 5.1...
CVE-2026-57380
The CVE-2026-57380 entry concerns WordPress Extensions for Leaflet Map (extensions-leaflet-map) with versions up to and including 5.1. It describes an improper neutralization of user input during web page generation, enabling DOM-based cross-site scripting (XSS). Affected component: the Extension...
WordPress Extensions for Leaflet Map plugin <= 5.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by manop55555 in WordPress Plugin Extensions for Leaflet Map versions = 5.1...
CVE-2026-5451
The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'elevation-track' shortcode in all versions up to, and including, 4.14. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...
CVE-2025-69993
Leaflet versions up to and including 1.9.4 are vulnerable to Cross-Site Scripting XSS via the bindPopup method. This method renders user-supplied input as raw HTML without sanitization, allowing attackers to inject arbitrary JavaScript code through event handler attributes e.g., . When a victim...
WordPress Extensions for Leaflet Map plugin <= 4.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'elevation-track' Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'elevation-track' Shortcode vulnerability discovered by zaim in WordPress Plugin Extensions for Leaflet Map versions = 4.14...
CVE-2026-39646
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bozdoz Leaflet Map leaflet-map allows Stored XSS.This issue affects Leaflet Map: from n/a through = 3.4.4...
EUVD-2026-20645
The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'elevation-track' shortcode in all versions up to, and including, 4.14. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...
CVE-2026-5451
The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'elevation-track' shortcode in all versions up to, and including, 4.14. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...
CVE-2026-5451
CVE-2026-5451 affects the WordPress plugin Extensions for Leaflet Map . The vulnerability is a stored XSS via the elevation-track shortcode in all versions up to and including 4.14, caused by insufficient input sanitization and output escaping on user-supplied attributes. An attacker with Contrib...
CVE-2026-5451 Extensions for Leaflet Map <= 4.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'elevation-track' Shortcode
The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'elevation-track' shortcode in all versions up to, and including, 4.14. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...
CVE-2026-5451 Extensions for Leaflet Map <= 4.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'elevation-track' Shortcode
The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'elevation-track' shortcode in all versions up to, and including, 4.14. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...
CVE-2026-5451
The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'elevation-track' shortcode in all versions up to, and including, 4.14. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...
EUVD-2026-20307
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bozdoz Leaflet Map leaflet-map allows Stored XSS.This issue affects Leaflet Map: from n/a through = 3.4.4...
CVE-2026-39646
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bozdoz Leaflet Map leaflet-map allows Stored XSS.This issue affects Leaflet Map: from n/a through = 3.4.4...
CVE-2026-39646 WordPress Leaflet Map plugin <= 3.4.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bozdoz Leaflet Map leaflet-map allows Stored XSS.This issue affects Leaflet Map: from n/a through = 3.4.4...
CVE-2026-39646
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bozdoz Leaflet Map leaflet-map allows Stored XSS.This issue affects Leaflet Map: from n/a through = 3.4.4...
CVE-2026-39646 WordPress Leaflet Map plugin <= 3.4.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bozdoz Leaflet Map leaflet-map allows Stored XSS.This issue affects Leaflet Map: from n/a through = 3.4.4...
CVE-2026-39646
CVE-2026-39646 affects the WordPress Leaflet Map plugin (leaflet-map)