CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4 matches found

CVE•added 2026/02/19 4:36 a.m.•15 views

CVE-2025-14851

CVE-2025-14851 concerns YaMaps for WordPress Plugin (YaMaps for WordPress) for WordPress. The vulnerability is a Stored Cross-Site Scripting via the yamap shortcode parameters present in all versions up to and including 0.6.40. The issue stems from insufficient input sanitization and output escap...

6.4CVSS5.7AI score0.00015EPSS

Exploits0References4

Cvelist•added 2026/02/19 4:36 a.m.•25 views

CVE-2025-14851 YaMaps for WordPress <= 0.6.40 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Parameters

The YaMaps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the yamap shortcode parameters in all versions up to, and including, 0.6.40 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

6.4CVSS0.00015EPSS

Exploits0References4

Vulnrichment•added 2026/02/19 4:36 a.m.•2 views

CVE-2025-14851 YaMaps for WordPress <= 0.6.40 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Parameters

6.4CVSS5.6AI score0.00015EPSS

Exploits0References4

ATTACKERKB•added 2024/08/12 10:15 p.m.•3 views

CVE-2024-43224

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Yuri Baranov YaMaps for WordPress allows Stored XSS.This issue affects YaMaps for WordPress: from n/a through 0.6.27...

6.5CVSS5.2AI score0.00251EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by