WP Go Maps <= 9.0.29 - Cross-Site Scripting

WP Go Maps formerly WP Google Maps plugin for WordPress versions before 9.0.30 is vulnerable to Reflected Cross-Site Scripting via the 'mapid' parameter in the admin map edit page. id: CVE-2024-29931 info: name: WP Go Maps = 9.0.29 - Cross-Site Scripting author: Shivam Kamboj severity: medium...

WP Go Maps (formerly WP Google Maps) < 9.0.29 - Cross-Site Scripting

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the map id parameter in all versions up to, and including, 9.0.28 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2026-4268 WP Go Maps (formerly WP Google Maps) <= 10.0.05 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via admin_post_wpgmza_save_settings

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpgmzacustomjs’ parameter in all versions up to, and including, 10.0.05 due to insufficient input sanitization and output escaping and missing capability check in the...

CVE-2026-4268

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpgmzacustomjs’ parameter in all versions up to, and including, 10.0.05 due to insufficient input sanitization and output escaping and missing capability check in the...

CVE-2026-4268 WP Go Maps (formerly WP Google Maps) <= 10.0.05 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via admin_post_wpgmza_save_settings

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpgmzacustomjs’ parameter in all versions up to, and including, 10.0.05 due to insufficient input sanitization and output escaping and missing capability check in the...

CVE-2026-0593

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the processBackgroundAction function in all versions up to, and including, 10.0.04. This makes it possible for authenticated attackers, with...

CVE-2026-0593 WP Go Maps (formerly WP Google Maps) <= 10.0.04 - Missing Authorization to Authenticated (Subscriber+) Map Engine Setting Modification

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the processBackgroundAction function in all versions up to, and including, 10.0.04. This makes it possible for authenticated attackers, with...

CVE-2026-0593

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the processBackgroundAction function in all versions up to, and including, 10.0.04. This makes it possible for authenticated attackers, with...

CVE-2025-11703 WP Go Maps (formerly WP Google Maps) <= 9.0.48 - Unauthenticated Cache Poisoning

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and including, 9.0.48. This is due to the plugin not serving cached data from server-side responses and instead relying on user-input. This makes it possible for unauthenticated...

CVE-2025-11703 WP Go Maps (formerly WP Google Maps) <= 9.0.48 - Unauthenticated Cache Poisoning

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and including, 9.0.48. This is due to the plugin not serving cached data from server-side responses and instead relying on user-input. This makes it possible for unauthenticated...

CVE-2025-11166

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF in all versions up to, and including, 9.0.46. This is due to the plugin exposing state-changing REST actions through an AJAX bridge without proper CSRF token validation, and having...

CVE-2025-11166 WP Go Maps (formerly WP Google Maps) <= 9.0.46 - Cross-Site Request Forgery to Plugin Settings Update

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF in all versions up to, and including, 9.0.46. This is due to the plugin exposing state-changing REST actions through an AJAX bridge without proper CSRF token validation, and having...

WordPress plugin WP Go Maps 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress...

EUVD-2023-54680

Malicious code in bioql PyPI...

EUVD-2025-3932

Malicious code in bioql PyPI...

EUVD-2023-58989

Malicious code in bioql PyPI...

EUVD-2024-32143

Malicious code in bioql PyPI...

EUVD-2024-17326

Malicious code in bioql PyPI...

EUVD-2024-47110

Malicious code in bioql PyPI...

EUVD-2022-50355

Malicious code in bioql PyPI...