4 matches found
CVE-2025-3503
creationtimestamp| type| source ---|---|--- 2025-05-01 06:13:50+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/14239 2025-05-01 09:55:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lo426aydww2p 2025-05-01 10:39:11+00:00| seen|...
CVE-2025-3503 WP Maps < 4.7.2 - Admin+ Stored XSS
The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2025-3503 WP Maps < 4.7.2 - Admin+ Stored XSS
The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2025-3503
CVE-2025-3503 affects the WP Maps WordPress plugin prior to version 4.7.2. The vulnerability arises because some Map settings are not properly sanitized/escaped, enabling Stored XSS by high-privilege users (e.g., admins), even when unfiltered_html is disallowed (such as in multisite). Public expl...