CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2569 matches found

WordPress Responsive Vector Maps < 6.4.2 - Arbitrary File Read

WordPress Responsive Vector Maps 6.4.2 contains an arbitrary file read vulnerability because the plugin does not have proper authorization and validation of the rvmuploadregionsfilepath parameter in the rvmimportregions AJAX action, allowing any authenticated user to read arbitrary files on the w...

6.5CVSS6.8AI score0.03005EPSS

Exploits2References5

Nuclei•added yesterday•26 views

WordPress Supsystic Ultimate Maps <1.2.5 - Cross-Site Scripting

WordPress Supsystic Ultimate Maps plugin before 1.2.5 contains an unauthenticated reflected cross-site scripting vulnerability due to improper sanitization of the tab parameter on the options page before outputting it in an attribute. id: CVE-2021-24274 info: name: WordPress Supsystic Ultimate Ma...

6.1CVSS6.2AI score0.17638EPSS

Exploits5References5

Nuclei•added yesterday•11 views

WP Google Maps < 9.0.48 - Cross-Site Scripting

WP Google Maps WordPress plugin 9.0.48 contains a stored XSS vulnerability caused by unsanitized user input in AJAX actions, letting unauthenticated attackers execute scripts via stored payloads. id: CVE-2025-11307 info: name: WP Google Maps 9.0.48 - Cross-Site Scripting author: 0xAkoko severity:...

8.8CVSS5.8AI score0.01897EPSS

Exploits0References2

Nuclei•added yesterday•18 views

WP Google Maps < 7.10.43 - Cross-Site Scripting

The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATHINFO. id: CVE-2019-9912 info: name: WP Google Maps 7.10.43 - Cross-Site Scripting author: ritikchaddha severity: medium description: | The wp-google-maps plugin before 7.10.43 for WordPress has XSS via t...

6.1CVSS6.4AI score0.03028EPSS

Exploits1References3

Nuclei•added yesterday•21 views

WP Go Maps (formerly WP Google Maps) < 9.0.29 - Cross-Site Scripting

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the map id parameter in all versions up to, and including, 9.0.28 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS7AI score0.0104EPSS

Exploits0References2

Nuclei•added yesterday•43 views

WordPress Hero Maps Premium <=2.2.1 - Cross-Site Scripting

WordPress Hero Maps Premium plugin 2.2.1 and prior contains an unauthenticated reflected cross-site scripting vulnerability via the views/dashboard/index.php p parameter. id: CVE-2019-19134 info: name: WordPress Hero Maps Premium =2.2.2 or apply the vendor-provided patch to fix the XSS...

6.1CVSS6.2AI score0.05651EPSS

Exploits2References5

Nuclei•added yesterday•22 views

WordPress Hero Maps Pro 2.1.0 - Cross-Site Scripting

WordPress Hero Maps Pro 2.1.0 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials...

6.1CVSS6.5AI score0.04448EPSS

Exploits2References5

Nuclei•added yesterday•14 views

WP Go Maps <= 9.0.29 - Cross-Site Scripting

WP Go Maps formerly WP Google Maps plugin for WordPress versions before 9.0.30 is vulnerable to Reflected Cross-Site Scripting via the 'mapid' parameter in the admin map edit page. id: CVE-2024-29931 info: name: WP Go Maps = 9.0.29 - Cross-Site Scripting author: Shivam Kamboj severity: medium...

7.1CVSS7.3AI score0.00753EPSS

Exploits0References3

Nuclei•added yesterday•7 views

WordPress MapPress Maps <= 2.96.6 - Unauthenticated IDOR

MapPress Maps for WordPress = 2.96.6 contains an authorization bypass caused by missing ownership verification in REST API routes, letting unauthenticated attackers read any map data and authenticated contributors modify any map, exploit requires crafted API requests id: CVE-2026-8839 info: name:...

5.3CVSS5.8AI score0.00813EPSS

Exploits0References3

Nuclei•added yesterday•9 views

WordPress 10Web Map Builder < 1.0.73 - Unauthenticated SQL Injection

The 10Web Map Builder for Google Maps WordPress plugin before 1.0.73 does not properly sanitise and escape some parameters before using them in an SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection id: CVE-2023-0037 info: name: WordPress 10Web Map...

9.8CVSS7.3AI score0.03911EPSS

Exploits2References3

Nuclei•added yesterday•25 views

Google Maps by BestWebSoft < 1.3.6 - Cross-Site Scripting

The bws-google-maps plugin before 1.3.6 for WordPress has multiple XSS issues. id: CVE-2017-18557 info: name: Google Maps by BestWebSoft 1.3.6 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The bws-google-maps plugin before 1.3.6 for WordPress has multiple XSS issues...

6.1CVSS6.4AI score0.01384EPSS

Exploits1References4

EUVD•added yesterday•6 views

EUVD-2026-39929

The CodePeople Post Map for Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'cpmpoint' Post Meta in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.9AI score0.0021EPSS

Exploits0References8

CVE•added yesterday•10 views

CVE-2026-13335

The CodePeople Post Map for Google Maps WordPress plugin is vulnerable to Stored XSS via the 'cpm_point' Post Meta in all versions up to 1.2.6 due to insufficient input sanitization and output escaping. Authenticated attackers with Contributor-level access or higher can inject arbitrary scripts t...

6.4CVSS5.9AI score0.0021EPSS

Exploits0References8

NVD•added 2 days ago•4 views

CVE-2026-56011

Unauthenticated Cross Site Scripting XSS in MapPress Maps for WordPress = 2.97.3 versions...

7.1CVSS0.00244EPSS

Exploits0References1

Cvelist•added 2 days ago•28 views

CVE-2026-56011 WordPress MapPress Maps for WordPress plugin <= 2.97.3 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in MapPress Maps for WordPress = 2.97.3 versions...

7.1CVSS0.00244EPSS

Exploits0References1

CVE•added 2 days ago•10 views

CVE-2026-56011

CVE-2026-56011 describes an unauthenticated Cross Site Scripting (XSS) vulnerability in the WordPress plugin mapPress Maps for WordPress, affected versions are ≤ 2.97.3. The vulnerability is documented across multiple sources (NVD, CVE databases, and PatchStack) with consistent impact: XSS that c...

7.1CVSS5.8AI score0.00244EPSS

In wildExploits0References1

EUVD•added 2 days ago•2 views

EUVD-2026-39687

Unauthenticated Cross Site Scripting XSS in MapPress Maps for WordPress = 2.97.3 versions...

7.1CVSS5.8AI score0.00244EPSS

Exploits0References1

EUVD•added 3 days ago•8 views

EUVD-2026-38385

MessagePack-CSharp: ExpandoObject formatter can perform quadratic insertion work on untrusted maps...

7.5CVSS5.8AI score0.00231EPSS

Exploits0References2

RedhatCVE•added 3 days ago•4 views

CVE-2026-52954

A flaw was found in the Linux kernel's libceph component. A remote attacker could send a specially crafted CEPHMSGOSDMAP message containing a corrupted CRUSH map. If this map includes two crushchooseargmaps with identical indices, it triggers an assertion failure, leading to a kernel bug and a...

5.5CVSS5.9AI score0.00184EPSS

Exploits0References4

RedHat Linux•added 3 days ago•4 views

golang: archive/tar: Unbounded allocation when parsing GNU sparse map

A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...

4.3CVSS7.1AI score0.00419EPSS

Exploits0References8

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by