158 matches found
PT-2025-22450 · WordPress · Mapsvg
Name of the Vulnerable Software and Affected Versions: MapSVG plugin for WordPress versions up to, and including, 8.6.4 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticated...
CVE-2025-47560
Missing Authorization vulnerability in RomanCode MapSVG mapsvg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MapSVG: from n/a through 8.6.13...
CVE-2025-47562
Improper Control of Generation of Code 'Code Injection' vulnerability in RomanCode MapSVG mapsvg allows Code Injection.This issue affects MapSVG: from n/a through = 8.5.34...
CVE-2025-47557
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RomanCode MapSVG mapsvg allows Stored XSS.This issue affects MapSVG: from n/a through = 8.5.31...
CVE-2025-48120
Improper Control of Generation of Code 'Code Injection' vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows Code Injection.This issue affects MapSVG: from n/a through = 8.6.9...
CVE-2025-48120
Improper Control of Generation of Code 'Code Injection' vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows Code Injection.This issue affects MapSVG: from n/a through = 8.6.9...
CVE-2025-47562
Improper Control of Generation of Code 'Code Injection' vulnerability in RomanCode MapSVG mapsvg allows Code Injection.This issue affects MapSVG: from n/a through = 8.5.34...
CVE-2025-47560
Missing Authorization vulnerability in RomanCode MapSVG mapsvg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MapSVG: from n/a through 8.6.13...
CVE-2025-47557
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RomanCode MapSVG mapsvg allows Stored XSS.This issue affects MapSVG: from n/a through = 8.5.31...
CVE-2025-47557
MapSVG WordPress plugin
CVE-2025-47557 WordPress MapSVG plugin <= 8.5.31 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RomanCode MapSVG mapsvg allows Stored XSS.This issue affects MapSVG: from n/a through = 8.5.31...
CVE-2025-47560
MapSVG WordPress plugin CVE-2025-47560: A Missing Authorization / Broken Access Control vulnerability affects MapSVG versions before 8.6.13 (up to 8.5.32 noted by Patchstack/Wordfence context). Exploitation could occur due to incorrectly configured access control security levels, enabling unautho...
CVE-2025-47557 WordPress MapSVG plugin <= 8.5.31 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RomanCode MapSVG allows Stored XSS. This issue affects MapSVG: from n/a through 8.5.31...
CVE-2025-47560 WordPress MapSVG plugin < 8.6.13 - Broken Access Control Vulnerability
Missing Authorization vulnerability in RomanCode MapSVG mapsvg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MapSVG: from n/a through 8.6.13...
CVE-2025-47562
CVE-2025-47562 : WordPress MapSVG up to version 8.5.34 is affected by an Improper Control of Generation of Code (Code Injection) vulnerability. The root cause is described as code-generation control weaknesses in MapSVG, enabling code injection. Affected product: MapSVG (WordPress plugin). Public...
CVE-2025-47562 WordPress MapSVG plugin <= 8.5.34 - Content Injection Vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in RomanCode MapSVG mapsvg allows Code Injection.This issue affects MapSVG: from n/a through = 8.5.34...
CVE-2025-47562 WordPress MapSVG <= 8.5.34 - Content Injection Vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in RomanCode MapSVG allows Code Injection. This issue affects MapSVG: from n/a through 8.5.34...
CVE-2025-48120 WordPress MapSVG Lite plugin <= 8.6.4 - Arbitrary Shortcode Execution vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in RomanCode MapSVG Lite allows Code Injection. This issue affects MapSVG Lite: from n/a through 8.6.4...
CVE-2025-48120
CVE-2025-48120 (MapSVG Lite) is an improper generation of code vulnerability in the WordPress MapSVG Lite plugin, enabling arbitrary shortcode execution (code injection). Affected: MapSVG Lite versions up to 8.6.4. Public docs indicate a vendor-provided fix was released: MapSVG Lite 8.6.9 and lat...
CVE-2025-48120 WordPress MapSVG Lite plugin <= 8.6.9 - Arbitrary Shortcode Execution vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows Code Injection.This issue affects MapSVG: from n/a through = 8.6.9...