6 matches found
CVE-2024-13306
The Maps Plugin using Google Maps for WordPress WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
CVE-2024-13306
The Maps Plugin using Google Maps for WordPress WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
CVE-2024-13306
creationtimestamp| type| source ---|---|--- 2025-02-15 06:05:44+00:00| seen| https://infosec.exchange/users/cve/statuses/114006395694000942 2025-02-15 06:16:01+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3li72wtuyhf2t 2025-02-15 07:11:12+00:00| seen|...
CVE-2024-13306 WP Google Map < 1.9.4 - Admin+ Stored XSS
The Maps Plugin using Google Maps for WordPress WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
CVE-2024-13306
CVE-2024-13306 affects the Maps Plugin using Google Maps for WordPress (WP Google Map) prior to version 1.9.4. The vulnerability arises from insufficient sanitisation/escaping of certain plugin settings, enabling stored XSS by high-privilege users (e.g., admins), including scenarios where unfilte...
CVE-2024-13306 WP Google Map < 1.9.4 - Admin+ Stored XSS
The Maps Plugin using Google Maps for WordPress WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...