5 matches found
CVE-2024-13208
The Maps Plugin using Google Maps for WordPress WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
CVE-2024-13208
creationtimestamp| type| source ---|---|--- 2025-02-15 06:05:43+00:00| seen| https://infosec.exchange/users/cve/statuses/114006395679188174 2025-02-15 06:15:59+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3li72wrpebe2o 2025-02-15 07:11:13+00:00| seen|...
CVE-2024-13208
The CVE-2024-13208 entry refers to the Maps Plugin using Google Maps for WordPress that, prior to version 1.9.4, does not sanitize and escape certain settings. This could allow stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is not allowed (such as in multisite). The v...
CVE-2024-13208 WP Google Map < 1.9.4 - Admin+ Stored XSS
The Maps Plugin using Google Maps for WordPress WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
CVE-2024-13208 WP Google Map < 1.9.4 - Admin+ Stored XSS
The Maps Plugin using Google Maps for WordPress WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...