CVE-2024-57947 netfilter: nf_set_pipapo: fix initial map fill

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfsetpipapo: fix initial map fill The initial buffer has to be inited to all-ones, but it must restrict it to the size of the first field, not the total field size. After each round in the map search step, the result a...

CVE-2024-13593

The BMLT Meeting Map plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.0 via the 'bmltmeetingmap' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on th...

CVE-2024-13593

CVE-2024-13593 affects the WordPress plugin “BMLT Meeting Map” (versions ≤ 2.6.0). The vulnerability is a Local File Inclusion via the short code “bmlt_meeting_map.” It permits authenticated users with Contributor-level access or higher to include and execute arbitrary PHP files on the server, en...

CVE-2024-13593 BMLT Meeting Map <= 2.6.0 - Authenticated (Contributor+) Local File Inclusion

The BMLT Meeting Map plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.0 via the 'bmltmeetingmap' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on th...

CVE-2024-13593 BMLT Meeting Map <= 2.6.0 - Authenticated (Contributor+) Local File Inclusion

The BMLT Meeting Map plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.0 via the 'bmltmeetingmap' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on th...

PT-2025-2226 · WordPress · Bmlt Meeting Map

Name of the Vulnerable Software and Affected Versions: BMLT Meeting Map plugin for WordPress versions up to, and including, 2.6.0 Description: The issue allows authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server via the bmlt meeti...

WordPress plugin BMLT Meeting Map 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exis...

WordPress BMLT Meeting Map plugin <= 2.6.0 - Authenticated (Contributor+) Local File Inclusion vulnerability

Authenticated Contributor+ Local File Inclusion vulnerability discovered by Peter Thaleikis in WordPress Plugin BMLT Meeting Map versions = 2.6.0...

kernel: netfilter: nf_set_pipapo: fix initial map fill

A buffer overflow vulnerability exists in the Linux kernel. After each round in the map search step, the result and the fill map are swapped. If a set where f-bsize of the first element is smaller than m-bsizemax, those one-bits are leaked into future rounds result map, resulting in loss of syste...

CVE-2025-23913

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in pankajpragma WordPress Google Map Professional google-map-professional allows SQL Injection.This issue affects WordPress Google Map Professional: from n/a through = 1.0...

CVE-2025-23913 WordPress Google Map Professional Plugin <= 1.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in pankajpragma WordPress Google Map Professional google-map-professional allows SQL Injection.This issue affects WordPress Google Map Professional: from n/a through = 1.0...

CVE-2025-23913

CVE-2025-23913 affects WordPress Google Map Professional (WordPress Google Map Professional: from n/a through 1.0). It is an SQL Injection caused by Improper Neutralization of Special Elements used in an SQL Command. Impact per the CVSS: Confidentiality High, Availability Low, with a base score o...

WordPress Google Map Professional Plugin <= 1.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin WordPress Google Map Professional versions = 1.0...

WordPress RSV GMaps plugin <= 1.5 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO in WordPress Plugin RSV GMaps versions = 1.5...

WordPress Google Map With Fancybox plugin <= 2.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Google Map With Fancybox versions = 2.1.0...

WordPress Pin Locations on Map plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Pin Locations on Map versions = 1.0...

WordPress Google Map on Post/Page plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Google Map on Post/Page versions = 1.1...

Selesta Visual Access Manager Cross-Site Scripting Vulnerability (CNVD-2025-22314)

Selesta Visual Access Manager is a visual access manager from Selesta. A cross-site scripting vulnerability exists in Selesta Visual Access Manager, which stems from the lack of effective filtering and escaping of user-supplied data in smonitormap.php, for which no detailed vulnerability details...

WordPress plugin WordPress Google Map Professional SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin...

CVE-2024-45061

A cross-site scripting xss vulnerability exists in the weather map editor functionality of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An authenticated user would need to click a malicious link provided by the attacker...