3 matches found
WordPress Hero Maps Premium <=2.2.1 - Cross-Site Scripting
WordPress Hero Maps Premium plugin 2.2.1 and prior contains an unauthenticated reflected cross-site scripting vulnerability via the views/dashboard/index.php p parameter. id: CVE-2019-19134 info: name: WordPress Hero Maps Premium =2.2.2 or apply the vendor-provided patch to fix the XSS...
CVE-2019-19134
The Hero Maps Premium plugin 2.2.1 and prior for WordPress is prone to unauthenticated XSS via the views/dashboard/index.php p parameter because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to inject HTML or arbitrary JavaScript within the browser of ...
CVE-2019-19134
The CVE-2019-19134 entry concerns WordPress Hero Maps Premium plugin (versions ≤ 2.2.1) with an unauthenticated XSS via views/dashboard/index.php p parameter. The issue arises from insufficient input sanitization, enabling injection of HTML/JavaScript in a user’s browser and potentially cookie th...