CVE-2025-8622

The Flexible Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Flexible Maps shortcode in all versions up to, and including, 1.18.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

PT-2025-33713 · WordPress · Flexible Map

Name of the Vulnerable Software and Affected Versions: Flexible Map plugin for WordPress versions prior to 1.19.0 Description: The Flexible Map plugin for WordPress is susceptible to Stored Cross-Site Scripting through the plugin’s Flexible Maps shortcode. Insufficient input sanitization and outp...

CVE-2025-49441

Missing Authorization vulnerability in WP Map Plugins Interactive Regional Map of Florida interactive-map-of-florida allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Interactive Regional Map of Florida: from n/a through = 1.0...

WordPress plugin Simple Google Static Map 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

WordPress plugin Interactive UK Regional Map 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in...

CVE-2024-9886

The WP Baidu Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'baidumap' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-11866

The BMLT Tabbed Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bmlttabbedmap' shortcode in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2023-45056

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in 100plugins Open User Map plugin = 1.3.26 versions...

CVE-2023-5050

The Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level and above permissions to...

CVE-2023-23815

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Alan Jackson Multi-column Tag Map plugin = 17.0.24 versions...

CVE-2021-24467

The Leaflet Map WordPress plugin before 3.0.0 does not verify the CSRF nonce when saving its settings, which allows attackers to make a logged in admin update the settings via a Cross-Site Request Forgery attack. This could lead to Cross-Site Scripting issues by either changing the URL of the...

CVE-2021-24130

Unvalidated input in the WP Google Map Plugin WordPress plugin, versions before 4.1.5, in the Manage Locations page within the plugin settings was vulnerable to SQL Injection through a high privileged user admin+...

CVE-2015-9308

The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature...

CVE-2015-9307

The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit location feature...

CVE-2015-9309

The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit category feature...

WordPress plugin Basic Interactive World Map 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

CVE-2025-32617 WordPress Multiple Location Google Map plugin <= 1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Ydesignservices Multiple Location Google Map allows Stored XSS. This issue affects Multiple Location Google Map: from n/a through 1.1...

CVE-2025-32661

CVE-2025-32661 describes a Cross-Site Request Forgery to Stored Cross‑Site Scripting flaw in the WordPress Interactive US Map plugin (Interactive US Map). The vulnerability affects the plugin up to version 2.7 and is linked to a CSRF workflow that enables stored XSS. The CVSS metrics shown indica...

CVE-2025-23466 WordPress Site Editor Google Map plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpsiteeditor Site Editor Google Map site-editor-google-map allows Reflected XSS.This issue affects Site Editor Google Map: from n/a through = 1.0.1...

WordPress Responsive Google Map plugin suffers from an unspecified vulnerability (CNVD-2025-05453)

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...