Lucene search
K

7 matches found

EUVD
EUVD
added 2026/06/15 6:0 a.m.8 views

EUVD-2026-36697

The WP Go Maps WordPress plugin before 10.0.10 does not properly enforce the marker approval filter on the admin-ajax fallback for its datatables route, allowing unauthenticated visitors to retrieve marker records that the site owner has not approved for public display, including their title,...

5.3CVSS5.3AI score0.00192EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/26 6:36 a.m.8 views

CVE-2025-8588

The Gutenberg Blocks – PublishPress Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Marker Title' and 'Marker Description' parameters for the Maps block in versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping. This makes...

6.4CVSS5AI score0.00211EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/26 12:0 a.m.5 views

WordPress plugin PublishPress Blocks 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site...

6.4CVSS5.7AI score0.00211EPSS
Exploits0References4
OSV
OSV
added 2025/10/25 6:15 a.m.3 views

CVE-2025-8588

The Gutenberg Blocks – PublishPress Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Marker Title' and 'Marker Description' parameters for the Maps block in versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping. This makes...

6.4CVSS5.9AI score0.00211EPSS
Exploits0References3
NVD
NVD
added 2025/10/25 6:15 a.m.5 views

CVE-2025-8588

The Gutenberg Blocks – PublishPress Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Marker Title' and 'Marker Description' parameters for the Maps block in versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping. This makes...

6.4CVSS0.00211EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/25 5:31 a.m.9 views

CVE-2025-8588 Gutenberg Blocks – PublishPress Blocks Controls, Visibility, Reusable Blocks <= 3.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Gutenberg Blocks – PublishPress Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Marker Title' and 'Marker Description' parameters for the Maps block in versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping. This makes...

6.4CVSS0.00211EPSS
Exploits0References3
CVE
CVE
added 2025/10/25 5:31 a.m.18 views

CVE-2025-8588

CVE-2025-8588 affects the Gutenberg-based PublishPress Blocks (Maps block) in WordPress, allowing Stored XSS via Marker Title/Marker Description in versions up to 3.3.4. Exploitation requires authenticated access at contributor level or higher; CVSS v3.1 base score 6.4 (Medium). Wordfence reports...

6.4CVSS4.7AI score0.00211EPSS
Exploits0References3
Rows per page
Query Builder