16 matches found
EUVD-2026-23180
The Basic Google Maps Placemarks plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.10.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to modify...
CVE-2026-3581
The Basic Google Maps Placemarks plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.10.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to modify...
CVE-2026-3581
The Basic Google Maps Placemarks plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.10.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to modify...
CVE-2026-3581 Basic Google Maps Placemarks <= 1.10.7 - Missing Authorization to Unauthenticated Default Map Coordinate Update
The Basic Google Maps Placemarks plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.10.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to modify...
CVE-2026-3581 Basic Google Maps Placemarks <= 1.10.7 - Missing Authorization to Unauthenticated Default Map Coordinate Update
The Basic Google Maps Placemarks plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.10.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to modify...
CVE-2026-3581
The CVE-2026-3581 entry concerns the Basic Google Maps Placemarks plugin for WordPress. Affected component: the plugin itself (WordPress plugin for map placemarks). Root cause: authorization bypass due to improper verification of user permissions, leading to unauthenticated users being able to mo...
WordPress Basic Google Maps Placemarks plugin <= 1.10.7 - Missing Authorization to Unauthenticated Default Map Coordinate Update vulnerability
Missing Authorization to Unauthenticated Default Map Coordinate Update vulnerability discovered by Chawabhon Netisingha JNX03 in WordPress Plugin Basic Google Maps Placemarks versions = 1.10.7...
PT-2026-33263
The Basic Google Maps Placemarks plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.10.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to modify...
WordPress plugin Basic Google Maps Placemarks 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
WordPress Placemarks 2.0.0 Cross Site Scripting Vulnerability
WordPress Placemarks plugin version 2.0.0 suffers from a persistent cross site scripting vulnerability. Credit Ricardo Sanchez Vulnerable Placemarks 2.0.0 Placemarks is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker m...
WordPress Placemarks 2.0.0 Cross Site Scripting
Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Placemarks 2.0.0 Placemarks is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the...
Ian Dunn: [Not just a server configuration issue] Full Path Disclosure
Hey, I've just found a 'full path disclosure' in basic-google-maps-placemarks, so it's not just a server configuration issue! I've tested it on different servers including windows, ubuntu, CentOS etc.. PoC So, if we visit wp-content/plugins/basic-google-maps-placemarks/unit-tests.php it is clearl...
Ian Dunn: CSRF in changing settings of Basic Google Maps Placemarks
Hey, this is Ahsan Tahir! I was just pentesting Basic Google Maps Placemarks in Wordpress, I found a CSRF Cross-Site Request Forgery So, by exploiting this CSRF issue, an attacker can edit the settings e.g Map Width, Map Height, Map Center Address etc.. PoC There is not CSRF token/Authentication...
Basic Google Maps Placemarks 1.10.2 - settings.php Multiple Fields Stored XSS Weakness
The Basic Google Maps Placemarks WordPress plugin was affected by a settings.php Multiple Fields Stored XSS Weakness security vulnerability...
WordPress Basic Google Maps Placemarks Plugin <= 1.10.2 - XSS
This plugin is prone to a settings.php multiple fields stored XSS weakness. Solution Upgrade this plugin...
Ian Dunn: Stored XSS in all fields in Basic Google Maps Placemarks Settings
I am reporting this in general to all fields in Basic Google Maps Placemarks Settings plugin settings. The plugin settings page input fields: http://www.site.com/wp-admin/options-general.php?page=bgmpsettings are subject to XSS. Kindly check sir. Thank yoiu very much. Clifford Tirog...