4 matches found
CVE-2025-2279
The Maps WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WordPress Maps - Google Maps plugin <= 1.0.6 - Contributor+ Stored XSS vulnerability
WordPress Maps - Google Maps plugin = 1.0.6 - Contributor+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Maps versions = 1.0.6...
CVE-2025-2279
The Maps WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2025-2279
The CVE-2025-2279 entry concerns the Maps WordPress plugin (versions up to 1.0.6). The issue is that the plugin does not validate and escape certain shortcode attributes before output, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting (XSS) via the...