Lucene search
K

67 matches found

Nuclei
Nuclei
added 5 hours ago22 views

WP Go Maps (formerly WP Google Maps) < 9.0.29 - Cross-Site Scripting

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the map id parameter in all versions up to, and including, 9.0.28 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS7AI score0.0104EPSS
Exploits0References2
Nuclei
Nuclei
added 5 hours ago15 views

WP Go Maps <= 9.0.29 - Cross-Site Scripting

WP Go Maps formerly WP Google Maps plugin for WordPress versions before 9.0.30 is vulnerable to Reflected Cross-Site Scripting via the 'mapid' parameter in the admin map edit page. id: CVE-2024-29931 info: name: WP Go Maps = 9.0.29 - Cross-Site Scripting author: Shivam Kamboj severity: medium...

7.1CVSS7.3AI score0.00753EPSS
Exploits0References3
CVE
CVE
added 2026/06/19 6:32 p.m.20 views

CVE-2026-12238

The WP Go Maps WordPress plugin (up to version 10.1.01) is vulnerable to an authorization bypass that allows unauthenticated attackers to create arbitrary records in plugin tables (maps, markers, circles, polygons, polylines, rectangles, and point labels) by supplying a WPGMZA-namespaced CRUD-bac...

5.3CVSS6AI score0.00205EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 8:16 a.m.13 views

CVE-2026-8386

The WP Go Maps WordPress plugin before 10.0.10 does not perform any approval-state filtering on its public single-marker REST endpoint, allowing unauthenticated users to retrieve marker records that an administrator has not yet approved for public display, including any PII placed in the address...

5.3CVSS0.00225EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 6:0 a.m.6 views

CVE-2026-8386 WP Go Maps < 10.0.10 - Unauthenticated Sensitive Information Disclosure via Marker ID

The WP Go Maps WordPress plugin before 10.0.10 does not perform any approval-state filtering on its public single-marker REST endpoint, allowing unauthenticated users to retrieve marker records that an administrator has not yet approved for public display, including any PII placed in the address...

5.3AI score0.00225EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 6:0 a.m.17 views

CVE-2026-8385

The CVE-2026-8385 entry concerns the WP Go Maps WordPress plugin, specifically versions prior to 10.0.10. The vulnerability arises from improper enforcement of the marker approval filter on the admin-ajax fallback for the plugin’s datatables route, allowing unauthenticated visitors to access mark...

5.3CVSS5.2AI score0.00192EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/18 1:24 a.m.3 views

CVE-2026-4268 WP Go Maps (formerly WP Google Maps) <= 10.0.05 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via admin_post_wpgmza_save_settings

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpgmzacustomjs’ parameter in all versions up to, and including, 10.0.05 due to insufficient input sanitization and output escaping and missing capability check in the...

6.4CVSS5.9AI score0.00156EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/18 1:24 a.m.4 views

CVE-2026-4268

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpgmzacustomjs’ parameter in all versions up to, and including, 10.0.05 due to insufficient input sanitization and output escaping and missing capability check in the...

6.4CVSS5.9AI score0.00156EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/18 1:24 a.m.27 views

CVE-2026-4268 WP Go Maps (formerly WP Google Maps) <= 10.0.05 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via admin_post_wpgmza_save_settings

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpgmzacustomjs’ parameter in all versions up to, and including, 10.0.05 due to insufficient input sanitization and output escaping and missing capability check in the...

6.4CVSS0.00156EPSS
Exploits0References2
NVD
NVD
added 2026/01/24 5:15 p.m.7 views

CVE-2026-0593

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the processBackgroundAction function in all versions up to, and including, 10.0.04. This makes it possible for authenticated attackers, with...

5.3CVSS0.00234EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/24 4:25 p.m.5 views

CVE-2026-0593

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the processBackgroundAction function in all versions up to, and including, 10.0.04. This makes it possible for authenticated attackers, with...

5.3CVSS5.9AI score0.00234EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/24 4:25 p.m.28 views

CVE-2026-0593 WP Go Maps (formerly WP Google Maps) <= 10.0.04 - Missing Authorization to Authenticated (Subscriber+) Map Engine Setting Modification

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the processBackgroundAction function in all versions up to, and including, 10.0.04. This makes it possible for authenticated attackers, with...

5.3CVSS0.00234EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/18 6:42 a.m.9 views

CVE-2025-11703 WP Go Maps (formerly WP Google Maps) <= 9.0.48 - Unauthenticated Cache Poisoning

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and including, 9.0.48. This is due to the plugin not serving cached data from server-side responses and instead relying on user-input. This makes it possible for unauthenticated...

5.3CVSS0.00214EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/18 6:42 a.m.3 views

CVE-2025-11703 WP Go Maps (formerly WP Google Maps) <= 9.0.48 - Unauthenticated Cache Poisoning

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and including, 9.0.48. This is due to the plugin not serving cached data from server-side responses and instead relying on user-input. This makes it possible for unauthenticated...

5.3CVSS5.6AI score0.00214EPSS
Exploits0References4
NVD
NVD
added 2025/10/09 2:15 a.m.4 views

CVE-2025-11166

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF in all versions up to, and including, 9.0.46. This is due to the plugin exposing state-changing REST actions through an AJAX bridge without proper CSRF token validation, and having...

5.4CVSS0.00181EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/10/09 1:48 a.m.2 views

CVE-2025-11166 WP Go Maps (formerly WP Google Maps) <= 9.0.46 - Cross-Site Request Forgery to Plugin Settings Update

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF in all versions up to, and including, 9.0.46. This is due to the plugin exposing state-changing REST actions through an AJAX bridge without proper CSRF token validation, and having...

5.4CVSS5.5AI score0.00181EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/10/09 12:0 a.m.5 views

WordPress plugin WP Go Maps 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress...

5.4CVSS6.5AI score0.00181EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-47110

Malicious code in bioql PyPI...

6.4CVSS6.5AI score0.00367EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-17326

Malicious code in bioql PyPI...

6.4CVSS7.2AI score0.0032EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-3932

Malicious code in bioql PyPI...

8.8CVSS8.9AI score0.00179EPSS
Exploits0References1
Rows per page
Query Builder