20 matches found
EUVD-2020-4971
Malware in sbrugna...
EUVD-2022-15661
Malicious code in bioql PyPI...
EUVD-2024-33258
Malicious code in bioql PyPI...
EUVD-2025-15240
Malicious code in bioql PyPI...
EUVD-2022-15410
Malicious code in bioql PyPI...
EUVD-2025-11851
Malicious code in bioql PyPI...
CVE-2024-0421
The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts...
CVE-2024-8620 MapPress Maps for WordPress < 2.93 - Admin+ Stored XSS via Map Settings
The MapPress Maps for WordPress plugin before 2.93 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2025-2162 MapPress Maps for WordPress < 2.94.10 - Admin+ Stored XSS
The MapPress Maps for WordPress plugin before 2.94.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress MapPress Maps for WordPress plugin < 2.94.9 - Contributor+ Stored XSS vulnerability
Contributor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin MapPress Maps for WordPress versions 2.94.9...
CVE-2025-2055
The MapPress Maps for WordPress plugin before 2.94.9 does not sanitise and escape some parameters when outputing them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks...
Cross site scripting
The MapPress Maps for WordPress plugin before 2.88.15 does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks...
WordPress MapPress Maps for WordPress Plugin <= 2.88.16 is vulnerable to Cross Site Scripting (XSS)
Software MapPress Maps for WordPress Type Plugin Vulnerable versions = 2.88.16 Fixed in 2.88.17 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-7225 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID fbcdd95991b2 Credits Akbar...
CVE-2023-26015 WordPress MapPress Maps for WordPress Plugin <= 2.85.4 is vulnerable to SQL Injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Chris Richardson MapPress Maps for WordPress mappress-google-maps-for-wordpress allows SQL Injection.This issue affects MapPress Maps for WordPress: from n/a through 2.85.4...
WordPress MapPress Maps for WordPress Plugin <= 2.85.4 is vulnerable to SQL Injection
Software MapPress Maps for WordPress Type Plugin Vulnerable versions = 2.85.4 Fixed in 2.85.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-26015 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID dfda53627d56 Credits Rafie Muhammad Patchstack Required...
CVE-2022-0537
The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOWFILEEDIT and DISALLOWFILEMODS settings and upload arbitrary files to the site through the "ajaxsave" function. The file is written relative to the current 's stylesheet directory, and a .php...
WordPress 跨站脚本漏洞
WordPress is the WordPress Wordpress Foundation's set of blogging platforms developed using the PHP language. A cross-site scripting vulnerability exists in versions of the WordPress MapPress Maps plugin prior to 2.73.4. The vulnerability stems from the fact that the MapPress Maps plugin does not...
Design/Logic Flaw
The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPress does not correctly implement capability checks for AJAX functions related to creation/retrieval/deletion of PHP template files, leading to Remote Code Execution. NOTE: this issue exists because of an incomplete fix for...
Remote code execution
The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPress does not correctly implement AJAX functions with nonces or capability checks, leading to remote code execution...
CVE-2020-12077
The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPress does not correctly implement AJAX functions with nonces or capability checks, leading to remote code execution...